diff options
| author | lns <matzeton@googlemail.com> | 2022-10-01 22:37:25 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2022-10-01 22:37:25 +0200 |
| commit | 49ea4f847427846e668054704d6e997757805c0b (patch) | |
| tree | 67e2026ee10f9a572d109ebed24fae7744238d83 /test/results/flow-info | |
| parent | b6060b897e629d3bf16a50842cd9da89ea172621 (diff) | |
Small fixes.
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info')
184 files changed, 5044 insertions, 5044 deletions
diff --git a/test/results/flow-info/1kxun.pcap.out b/test/results/flow-info/1kxun.pcap.out index 1d62bb6e7..c77b747de 100644 --- a/test/results/flow-info/1kxun.pcap.out +++ b/test/results/flow-info/1kxun.pcap.out @@ -4,18 +4,18 @@ new: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] detected: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] - detected: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] - detected: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] - detected: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Network][Acceptable] + detected: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Network][Acceptable][] new: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] [MIDSTREAM] new: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] - detected: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] - detected: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][shen] new: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] detected: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Network][Acceptable] new: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] @@ -23,36 +23,36 @@ new: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] detected: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] - detected: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] detected: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] - detected: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun] - detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun] + detected: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun][jp.kankan.1kxun.mobi] + detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun][jp.kankan.1kxun.mobi] new: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] - detected: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] + detected: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun][jp.kankan.1kxun.mobi] new: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] - detected: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun] + detected: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun][kankan.1kxun.com] new: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] [MIDSTREAM] new: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] - detected: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable] + detected: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable][wpad] new: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] detected: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] new: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] detected: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] - detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] new: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976] new: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] - detected: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Streaming][Fun] - detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Streaming][Fun] + detected: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Streaming][Fun][kankan.1kxun.com] + detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Streaming][Fun][kankan.1kxun.com] new: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] - detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun] - detected: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] [HTTP.1kxun][Streaming][Fun] + detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun][kankan.1kxun.com] + detected: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] [HTTP.1kxun][Streaming][Fun][kankan.1kxun.com] new: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] - detected: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun] - detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun] + detected: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun][pic.1kxun.com] + detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun][pic.1kxun.com] new: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] new: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] new: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] @@ -63,12 +63,12 @@ detected: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] new: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] detected: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] - detected: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - detected: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - detected: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - detected: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - detected: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] - detected: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] + detected: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] + detected: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] + detected: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] + detected: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] + detected: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] + detected: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] analyse: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.056| 0.011| 0.020| 413.706| 3.100] @@ -120,12 +120,12 @@ [PKTLENS.....: 52,52,52,40,40,402,402,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300] [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,6.7,7.7,7.8,7.7,7.7,7.7,7.7,7.6,4.1,6.3,4.8,4.8,7.7,7.8,7.7,7.7,7.7,4.8,4.8,7.7,7.7,5.6,3.0] new: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] - detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][System][Dangerous][sanji-lifebook-] RISK: Unsafe Protocol new: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] new: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] - detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] - detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] + detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun][jp.kankan.1kxun.mobi] + detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun][jp.kankan.1kxun.mobi] analyse: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.147| 0.015| 0.033| 1100.854| 2.600] @@ -137,32 +137,32 @@ [PKTLENS.....: 52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300] [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,5.0,4.8,4.8,4.8,5.3,5.2,5.1,4.7,4.7,6.0,5.1,5.2,4.8,4.8,5.8,5.1,4.7,4.7,4.5,4.7,4.7,5.6,5.2] new: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] - detected: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Web][Acceptable] + detected: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Web][Acceptable][218.244.135.170] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] - detected: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Chat][Fun] - detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Chat][Fun] + detected: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Chat][Fun][vv.video.qq.com] + detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Chat][Fun][vv.video.qq.com] new: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] - detected: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] [HTTP.QQ][Chat][Fun] + detected: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] [HTTP.QQ][Chat][Fun][vv.video.qq.com] new: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] new: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] - detected: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Web][Acceptable] + detected: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Web][Acceptable][42.120.51.152] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] detected: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] - detected: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] - detected: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Web][Safe] + detected: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Web][Safe][192.168.115.75] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Web][Safe] + detection-update: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Web][Safe][192.168.115.75] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS new: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] new: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] detected: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] detected: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] - detected: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Web][Acceptable] + detected: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Web][Acceptable][183.131.48.145] RISK: HTTP Numeric IP Address new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Web][Acceptable] @@ -175,22 +175,22 @@ [IATS(ms)....: 0.1,76.5,76.6,0.0,1.1,0.0,62.3,0.1,61.8,0.0,298.9,0.1,399.0,66.5,0.2,166.1,0.0,60.3,0.5,0.1,60.8,0.0,117.1,0.0,178.1,0.5,62.0,0.0,102.3,44.3,349.7] [PKTLENS.....: 52,52,48,40,40,292,292,46,65,485,485,485,485,46,1300,1300,40,40,1300,1300,528,40,40,267,267,46,65,477,477,46,733,40] [ENTROPIES...: 4.6,4.6,5.0,5.0,5.0,5.8,5.8,4.7,5.4,6.1,6.1,6.1,6.1,4.6,5.3,4.7,4.9,4.9,4.7,5.2,4.9,4.9,4.9,5.8,5.8,4.6,5.4,6.1,6.1,4.7,5.7,4.9] - detected: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Web][Acceptable] + detected: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Web][Acceptable][183.131.48.144] RISK: HTTP Numeric IP Address - detection-update: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Media][Acceptable] + detection-update: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Media][Acceptable][183.131.48.144] RISK: HTTP Numeric IP Address new: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] - detected: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] - detected: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] detected: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] new: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] detected: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] - detected: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] - detected: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Network][Acceptable] + detected: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Network][Acceptable][macbook-air] analyse: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Media][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.863| 0.183| 0.253| 63925.490| 3.600] @@ -205,7 +205,7 @@ new: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] [MIDSTREAM] new: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] [MIDSTREAM] new: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] - detected: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable] + detected: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable][api.magicansoft.com] new: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] new: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [MIDSTREAM] new: [....62] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][63659] -> [..............................ff02::1:3][.5355] @@ -213,17 +213,17 @@ new: [....63] [ip4][..udp] [..192.168.3.236][51714] -> [....224.0.0.252][.5355] detected: [....63] [ip4][..udp] [..192.168.3.236][51714] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] - detected: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable] + detected: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable][isatap] new: [....65] [ip4][..udp] [192.168.140.140][62976] -> [255.255.255.255][62976] new: [....66] [ip6][..udp] [.......2001:b020:6::c2a0:bbff:fe73:eb57][62976] -> [................................ff02::1][62976] new: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] - detected: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable] + detected: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable][sanji-lifebook-] new: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] - detected: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable] + detected: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable][gfile] new: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] - detected: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable] + detected: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable][nasfile] new: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] - detected: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][System][Dangerous][macbookair-e1d0] RISK: Unsafe Protocol new: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] new: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] @@ -231,11 +231,11 @@ new: [....73] [ip4][..udp] [...192.168.5.41][54470] -> [....224.0.0.252][.5355] detected: [....73] [ip4][..udp] [...192.168.5.41][54470] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] - detected: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][joanna-pc] new: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] - detected: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] - detected: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_googlecast._tcp.local] new: [....77] [ip4][..udp] [..192.168.2.186][32768] -> [255.255.255.255][.1947] new: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] detected: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] @@ -247,16 +247,16 @@ new: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] detected: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] - detected: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] - detected: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][System][Acceptable] + detected: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][System][Acceptable][[ff02::c]:1900] new: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] detected: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....86] [ip4][..udp] [.59.120.208.212][32768] -> [255.255.255.255][.1947] new: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] - detected: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Web][Safe] + detected: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Web][Safe][192.168.115.75] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Web][Safe] + detection-update: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Web][Safe][192.168.115.75] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS new: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] new: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] @@ -289,21 +289,21 @@ new: [...104] [ip4][..udp] [...192.168.5.49][64568] -> [....224.0.0.252][.5355] detected: [...104] [ip4][..udp] [...192.168.5.49][64568] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] - detected: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][kevin-pc] new: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [MIDSTREAM] detected: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS.Facebook][SocialNetwork][Fun] new: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] - detected: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Web][Safe] + detected: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Web][Safe][192.168.115.75] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Web][Safe] + detection-update: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Web][Safe][192.168.115.75] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS new: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] - detected: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS][Network][Acceptable] + detected: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS][Network][Acceptable][dl-obs.official.line.naver.jp] + detection-update: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS][Network][Acceptable][dl-obs.official.line.naver.jp] new: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80] new: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] - detected: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] [HTTP][Web][Acceptable] - detected: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80] [HTTP][Web][Acceptable] + detected: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] [HTTP][Web][Acceptable][dl-obs.official.line.naver.jp] + detected: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80] [HTTP][Web][Acceptable][dl-obs.official.line.naver.jp] new: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] detected: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [...112] [ip4][..udp] [....192.168.5.9][62822] -> [....224.0.0.252][.5355] @@ -317,9 +317,9 @@ new: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] detected: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Network][Acceptable] new: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] - detected: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Web][Safe] + detected: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Web][Safe][192.168.115.75] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Web][Safe] + detection-update: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Web][Safe][192.168.115.75] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS update: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Streaming][Fun] @@ -350,7 +350,7 @@ [PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1267,40,40,41] [ENTROPIES...: 4.6,4.6,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.9,4.9,4.8] new: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] - detected: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable] + detected: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable][sc.arrancar.org] new: [...119] [ip4][..udp] [...192.168.5.16][..123] -> [..17.253.26.125][..123] detected: [...119] [ip4][..udp] [...192.168.5.16][..123] -> [..17.253.26.125][..123] [NTP][System][Acceptable] new: [...120] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][57148] -> [..............................ff02::1:3][.5355] @@ -397,22 +397,22 @@ DAEMON-EVENT: [Processed: 1439 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 129 / 129|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 38] new: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [MIDSTREAM] - detected: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Streaming][Fun] + detected: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port new: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [MIDSTREAM] - detected: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Streaming][Fun] + detected: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port new: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [MIDSTREAM] - detected: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Streaming][Fun] + detected: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Streaming][Fun][ws.1kxun.mobi] RISK: Known Proto on Non Std Port new: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][kankan.1kxun.mobi] new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM] - detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Chat][Fun] + detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Chat][Fun][cgi.connect.qq.com] new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][kankan.1kxun.com] new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][kankan.1kxun.com] idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] idle: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] idle: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS][Network][Acceptable] @@ -481,10 +481,10 @@ idle: [...102] [ip4][..udp] [...192.168.5.37][54506] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] idle: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] idle: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] [NetBIOS][System][Acceptable] - guessed: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable] + guessed: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable][] end: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] idle: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] - guessed: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable] + guessed: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable][] end: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] not-detected: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] [Unknown][Unrated] idle: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] @@ -493,7 +493,7 @@ idle: [....62] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][63659] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] idle: [...112] [ip4][..udp] [....192.168.5.9][62822] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] idle: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] - guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP.Google][Web][Acceptable] + guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP.Google][Web][Acceptable][] idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] idle: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] idle: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Streaming][Fun] @@ -573,21 +573,21 @@ idle: [...115] [ip4][..udp] [..192.168.3.236][59730] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] idle: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][System][Acceptable] new: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][messages.1kxun.mobi] new: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [MIDSTREAM] - detected: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Chat][Fun] + detected: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Chat][Fun][pingma.qq.com] new: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [MIDSTREAM] - detected: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] new: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [MIDSTREAM] - detected: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Streaming][Fun][android.yingshi.tcclick.1kxun.com] new: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [MIDSTREAM] - detected: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] new: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [MIDSTREAM] - detected: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] new: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [MIDSTREAM] - detected: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] new: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [MIDSTREAM] - detected: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] analyse: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.895| 0.074| 0.190| 35982.832| 2.200] @@ -619,24 +619,24 @@ [PKTLENS.....: 264,372,1492,11572,1492,4372,2932,13012,7252,1492,1492,1492,1492,2932,2932,1492,4591,264,374,21652,2932,10132,11572,17332,7252,18772,5812,20212,1492,10132,11572,21652] [ENTROPIES...: 5.9,5.7,7.4,8.0,7.8,7.9,7.9,8.0,7.9,7.8,7.8,7.8,7.9,7.9,7.9,7.8,7.9,5.9,5.7,7.2,7.8,8.0,8.0,8.0,7.9,8.0,7.9,8.0,7.8,8.0,8.0,8.0] new: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [MIDSTREAM] - detected: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Streaming][Fun][release.bigdata.1kxun.com] new: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Streaming][Acceptable] - detection-update: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Streaming][Acceptable][tcad.wedolook.com] + detection-update: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] - detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][Web][Acceptable] + detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][Web][Acceptable][google.open-js.com] analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.409| 0.085| 0.132| 17528.007| 3.300] @@ -648,24 +648,24 @@ [PKTLENS.....: 817,1492,1253,488,1492,1492,7252,4372,1492,1492,2504,476,2932,8692,1492,2932,8692,2932,1492,1492,7252,1492,1492,2932,1492,1492,2932,1492,1492,2932,1492,1492] [ENTROPIES...: 5.9,7.7,7.8,5.9,7.6,7.9,8.0,8.0,7.9,7.9,7.9,5.9,7.8,8.0,7.9,7.9,8.0,7.9,7.9,7.9,8.0,7.9,7.8,7.9,7.8,7.8,7.9,7.9,7.9,7.9,7.9,7.9] new: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [MIDSTREAM] - detected: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP.Tencent][SocialNetwork][Acceptable] + detected: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP.Tencent][SocialNetwork][Acceptable][qzonestyle.gtimg.cn] new: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [MIDSTREAM] - detected: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Advertisement][Acceptable] - detection-update: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Advertisement][Acceptable] + detected: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Advertisement][Acceptable][pagead2.googlesyndication.com] + detection-update: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Advertisement][Acceptable][pagead2.googlesyndication.com] new: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [MIDSTREAM] - detected: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Advertisement][Acceptable] + detected: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Advertisement][Acceptable][www.google-analytics.com] new: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [MIDSTREAM] - detected: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun][hkbn.content.1kxun.com] new: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [MIDSTREAM] - detected: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun][hkbn.content.1kxun.com] new: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [MIDSTREAM] - detected: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun][hkbn.content.1kxun.com] new: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [MIDSTREAM] - detected: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun][hkbn.content.1kxun.com] new: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [MIDSTREAM] - detected: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun][hkbn.content.1kxun.com] new: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [MIDSTREAM] - detected: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun][hkbn.content.1kxun.com] analyse: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.832| 0.077| 0.179| 32207.956| 2.400] @@ -676,8 +676,8 @@ [IATS(ms)....: 207.0,0.4,1.1,0.7,203.5,0.4,0.5,0.8,0.4,1.2,0.6,204.0,0.5,1.9,0.8,831.8,413.6,1.5,1.6,0.4,0.9,201.6,0.4,0.6,1.0,0.9,0.4] [PKTLENS.....: 578,337,1492,8692,2932,1492,1492,2932,1492,1492,5812,4372,1492,1492,1492,5812,2932,2932,3942,578,337,1492,8692,10132,5812,2932,1492,1492,2932,4372,4372,1492] [ENTROPIES...: 5.8,5.8,7.8,8.0,7.9,7.8,7.9,7.9,7.9,7.9,8.0,8.0,7.9,7.9,7.9,8.0,7.9,7.9,8.0,5.9,5.8,7.8,8.0,8.0,8.0,7.9,7.9,7.9,7.9,8.0,8.0,7.9] - detection-update: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] - detection-update: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] + detection-update: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun][hkbn.content.1kxun.com] + detection-update: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun][hkbn.content.1kxun.com] analyse: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [HTTP.1kxun][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.877| 0.084| 0.182| 33133.681| 2.600] @@ -709,17 +709,17 @@ [PKTLENS.....: 566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772] [ENTROPIES...: 5.9,5.9,7.3,7.9,7.9,7.9,7.8,7.8,7.8,7.9,8.0,7.8,7.8,7.8,7.9,7.9,7.9,7.9,5.9,5.8,8.0,8.0,7.9,7.9,8.0,7.9,8.0,7.7,5.9,5.9,7.9,8.0] new: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [MIDSTREAM] - detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Web][Acceptable] + detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Web][Acceptable][www.googletagservices.com] new: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] new: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [MIDSTREAM] - detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun][mangaweb.1kxun.mobi] analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.045| 1.119| 2.029| 4116996.948| 3.000] @@ -731,11 +731,11 @@ [PKTLENS.....: 486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083] [ENTROPIES...: 5.9,7.8,7.9,8.0,7.9,8.0,7.9,7.9,8.0,7.9,7.9,7.9,8.0,8.0,8.0,5.9,6.4,5.9,7.5,5.9,6.2,5.9,6.5,5.8,6.5,6.8,5.8,6.4,7.8,7.9,5.8,6.9] new: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [MIDSTREAM] - detected: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] new: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [MIDSTREAM] - detected: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] - detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] + detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun][pic.1kxun.com] analyse: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 39.120| 3.011| 10.152| 103072311.280| 1.300] @@ -757,40 +757,40 @@ [PKTLENS.....: 259,374,1492,1492,2932,7252,1492,8692,2932,15892,1492,1492,4372,13012,8692,2932,1492,15892,13186,259,374,1492,5812,15892,11572,10132,4372,14452,2932,2932,13012,4372] [ENTROPIES...: 5.9,5.7,7.5,7.9,7.9,7.9,7.8,8.0,7.9,8.0,7.8,7.8,7.9,7.9,7.9,7.9,7.8,8.0,8.0,5.8,5.7,7.5,7.9,8.0,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9] new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] - detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Web][Acceptable] + detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Web][Acceptable][m.vpon.com] new: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP.AmazonAWS][Cloud][Acceptable][setting.rayjump.com] new: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP.AmazonAWS][Cloud][Acceptable][setting.rayjump.com] new: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP.AmazonAWS][Cloud][Acceptable][setting.rayjump.com] new: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [MIDSTREAM] - detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP.AmazonAWS][Cloud][Acceptable][setting.rayjump.com] new: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP.AmazonAWS][Cloud][Acceptable][net.rayjump.com] new: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [MIDSTREAM] - detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Web][Acceptable] + detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Web][Acceptable][analytics.rayjump.com] new: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [MIDSTREAM] - detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP.AmazonAWS][Cloud][Acceptable][net.rayjump.com] new: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [MIDSTREAM] - detected: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Web][Acceptable] + detected: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Web][Acceptable][tw.api.vpon.com] new: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [MIDSTREAM] - detected: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Web][Acceptable] + detected: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Web][Acceptable][tw.api.vpon.com] new: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP.AmazonAWS][Cloud][Acceptable][cdn.liftoff.io] new: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [MIDSTREAM] - detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][Media][Acceptable] + detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][Media][Acceptable][cdn.liftoff.io] new: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable][hybird.rayjump.com] new: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable][hybird.rayjump.com] new: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] - detection-update: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] - detection-update: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] - detection-update: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable][hybird.rayjump.com] + detection-update: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable][hybird.rayjump.com] + detection-update: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable][hybird.rayjump.com] + detection-update: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable][hybird.rayjump.com] new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] - detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable][hybird.rayjump.com] analyse: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP.AmazonAWS][Cloud][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.015| 0.003| 0.003| 10.814| 3.800] @@ -801,7 +801,7 @@ [IATS(ms)....: 14.9,0.6,0.6,2.5,3.6,0.1,0.9,2.5,9.2,0.0,0.1,6.5,0.1,1.6,3.0,1.6,0.1,1.5,0.1,0.1,2.8,6.5,3.1,2.4,1.8,2.8,0.1] [PKTLENS.....: 235,783,1480,2908,4336,4336,4336,4336,2908,1480,4336,4336,2908,4336,4336,2908,4336,5764,5764,5764,5764,4336,5764,1480,5764,4336,2908,7192,4336,7192,7192,2908] [ENTROPIES...: 6.0,5.8,7.2,7.3,7.2,7.5,7.7,7.9,7.8,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.8,7.9,7.9,7.9,7.8,7.9,7.8,7.8] - detection-update: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detection-update: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable][hybird.rayjump.com] analyse: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP.AmazonAWS][Cloud][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.021| 0.003| 0.005| 24.604| 3.600] @@ -813,26 +813,26 @@ [PKTLENS.....: 549,1480,1480,2908,1480,2908,1480,4336,4336,4336,2908,1480,4336,1480,4336,4336,4336,5764,5764,4336,1480,1480,1480,4336,5764,5764,3200,4188,5576,1524,5764,5764] [ENTROPIES...: 5.8,7.8,7.8,7.9,7.8,7.9,7.9,7.9,8.0,8.0,7.9,7.9,7.9,7.8,7.9,8.0,7.9,8.0,8.0,7.9,7.8,7.8,7.8,7.9,8.0,8.0,7.9,7.9,8.0,7.9,8.0,8.0] new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] - detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP.AmazonAWS][Cloud][Acceptable][] new: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP.AmazonAWS][Cloud][Acceptable][de01.rayjump.com] new: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [MIDSTREAM] - detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP.AmazonAWS][Cloud][Acceptable][] new: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [MIDSTREAM] - detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP.AmazonAWS][Cloud][Acceptable] - detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP.AmazonAWS][Cloud][Acceptable][tknet-cdn.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP.AmazonAWS][Cloud][Acceptable][de01.rayjump.com] new: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [MIDSTREAM] - detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP.AmazonAWS][Cloud][Acceptable][impression-east.liftoff.io] new: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [MIDSTREAM] - detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP.AmazonAWS][Cloud][Acceptable][adexp.liftoff.io] new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] - detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Web][Acceptable] + detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Web][Acceptable][play.google.com] new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] - detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP.AmazonAWS][Cloud][Acceptable][click.liftoff.io] new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] - detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Web][Acceptable] + detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Web][Acceptable][analytics.rayjump.com] new: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [MIDSTREAM] - detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP.AmazonAWS][Cloud][Acceptable][net.rayjump.com] idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] idle: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Streaming][Fun] idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Web][Acceptable] diff --git a/test/results/flow-info/443-curl.pcap.out b/test/results/flow-info/443-curl.pcap.out index c8ce20105..2eb5b0475 100644 --- a/test/results/flow-info/443-curl.pcap.out +++ b/test/results/flow-info/443-curl.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] + detected: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe][www.ntop.org] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.784| 0.063| 0.190| 36203.258| 2.200] diff --git a/test/results/flow-info/443-firefox.pcap.out b/test/results/flow-info/443-firefox.pcap.out index c006bc12b..becfbba58 100644 --- a/test/results/flow-info/443-firefox.pcap.out +++ b/test/results/flow-info/443-firefox.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] + detected: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe][www.ntop.org] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.656| 0.130| 0.404| 163175.268| 2.000] diff --git a/test/results/flow-info/443-git.pcap.out b/test/results/flow-info/443-git.pcap.out index 9857ef1f2..e9363c783 100644 --- a/test/results/flow-info/443-git.pcap.out +++ b/test/results/flow-info/443-git.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] + detected: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable][github.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable][github.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable][github.com] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Collaborative][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.144| 0.033| 0.053| 2832.982| 3.200] diff --git a/test/results/flow-info/443-safari.pcap.out b/test/results/flow-info/443-safari.pcap.out index 4223a04a8..95f2bbeed 100644 --- a/test/results/flow-info/443-safari.pcap.out +++ b/test/results/flow-info/443-safari.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] + detected: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe][www.ntop.org] analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Network][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.696| 0.070| 0.175| 30530.335| 2.600] diff --git a/test/results/flow-info/EAQ.pcap.out b/test/results/flow-info/EAQ.pcap.out index 3c16af9bf..06a622ceb 100644 --- a/test/results/flow-info/EAQ.pcap.out +++ b/test/results/flow-info/EAQ.pcap.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.......10.8.0.1][53497] -> [.173.194.119.48][...80] - detected: [.....1] [ip4][..tcp] [.......10.8.0.1][53497] -> [.173.194.119.48][...80] [HTTP.Google][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [.......10.8.0.1][53497] -> [.173.194.119.48][...80] [HTTP.Google][Web][Acceptable][www.google.com] RISK: HTTP Suspicious User-Agent new: [.....2] [ip4][..tcp] [.......10.8.0.1][40467] -> [.173.194.119.24][...80] - detected: [.....2] [ip4][..tcp] [.......10.8.0.1][40467] -> [.173.194.119.24][...80] [HTTP.Google][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [.......10.8.0.1][40467] -> [.173.194.119.24][...80] [HTTP.Google][Web][Acceptable][www.google.com.br] RISK: HTTP Suspicious User-Agent new: [.....3] [ip4][..udp] [.......10.8.0.1][52257] -> [200.185.138.146][.6000] new: [.....4] [ip4][..udp] [.......10.8.0.1][48890] -> [200.185.125.226][.6000] diff --git a/test/results/flow-info/KakaoTalk_chat.pcap.out b/test/results/flow-info/KakaoTalk_chat.pcap.out index ffe984843..16aefddd1 100644 --- a/test/results/flow-info/KakaoTalk_chat.pcap.out +++ b/test/results/flow-info/KakaoTalk_chat.pcap.out @@ -2,102 +2,102 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] - detected: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][auth.kakao.com] new: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] - detected: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][ac-talk.kakao.com] new: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] - detected: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][katalk.kakao.com] + detection-update: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][ac-talk.kakao.com] + detection-update: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][auth.kakao.com] + detection-update: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][katalk.kakao.com] new: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] - detected: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][booking.loco.kakao.com] new: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] - detected: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-m.talk.kakao.com] new: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] - detected: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][item.kakao.com] + detection-update: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][item.kakao.com] + detection-update: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-m.talk.kakao.com] + detection-update: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][booking.loco.kakao.com] new: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] - detected: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-p.talk.kakao.com] new: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] - detected: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-v.talk.kakao.com] new: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] - detected: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-c.talk.kakao.com] + detection-update: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-p.talk.kakao.com] + detection-update: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-v.talk.kakao.com] + detection-update: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-c.talk.kakao.com] new: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] - detected: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-a.talk.kakao.com] new: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] - detected: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-gp.talk.kakao.com] new: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] - detected: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][dn-l.talk.kakao.com] + detection-update: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-a.talk.kakao.com] + detection-update: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][dn-l.talk.kakao.com] + detection-update: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][up-gp.talk.kakao.com] new: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] new: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] [MIDSTREAM] new: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] - detected: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) new: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] [MIDSTREAM] new: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] - detected: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][plus-talk.kakao.com] new: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] - detected: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - detection-update: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Chat][Acceptable] + detected: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Chat][Acceptable][plus-talk.kakao.com] + detection-update: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable][plus-talk.kakao.com] + detection-update: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Chat][Acceptable][plus-talk.kakao.com] new: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] detected: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Network][Acceptable] new: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] - detected: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS][Web][Safe] + detected: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS][Web][Safe] + detection-update: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS.KakaoTalk][Chat][Acceptable] + detection-update: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS.KakaoTalk][Chat][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....21] [ip4][..tcp] [...10.24.82.188][37553] -> [....31.13.68.84][...80] new: [....22] [ip4][..tcp] [....31.13.68.73][..443] -> [...10.24.82.188][47007] [MIDSTREAM] detected: [....22] [ip4][..tcp] [....31.13.68.73][..443] -> [...10.24.82.188][47007] [TLS.Facebook][SocialNetwork][Fun] - detected: [....21] [ip4][..tcp] [...10.24.82.188][37553] -> [....31.13.68.84][...80] [HTTP.Facebook][SocialNetwork][Fun] + detected: [....21] [ip4][..tcp] [...10.24.82.188][37553] -> [....31.13.68.84][...80] [HTTP.Facebook][SocialNetwork][Fun][www.facebook.com] new: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] - detected: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] - detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun][api.facebook.com] + detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] + detection-update: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun][api.facebook.com] new: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] - detected: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun][api.facebook.com] RISK: TLS (probably) Not Carrying HTTPS new: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] - detected: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] - detection-update: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun][graph.facebook.com] + detection-update: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun][api.facebook.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun][api.facebook.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] + detection-update: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun][graph.facebook.com] new: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] - detected: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][SocialNetwork][Fun][graph.facebook.com] RISK: TLS (probably) Not Carrying HTTPS new: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] - detected: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] - detection-update: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun][developers.facebook.com] + detection-update: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][SocialNetwork][Fun][graph.facebook.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][SocialNetwork][Fun][graph.facebook.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] + detection-update: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun][developers.facebook.com] new: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] - detected: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Network][Acceptable] + detected: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Network][Acceptable][2.97.252.173.in-addr.arpa] new: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] - detection-update: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Network][Acceptable] - detected: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Network][Acceptable][2.97.252.173.in-addr.arpa] + detected: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun][developers.facebook.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun][developers.facebook.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun][developers.facebook.com] RISK: TLS (probably) Not Carrying HTTPS new: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [MIDSTREAM] detected: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS.AmazonAWS][Cloud][Acceptable] @@ -114,9 +114,9 @@ [ENTROPIES...: 4.7,5.2,4.9,6.7,4.6,5.0,6.4,5.9,4.8,4.7,7.0,7.0,4.7,4.7,7.8,4.9,7.0,6.1,6.0,4.8,4.8,6.0,7.7,5.9,5.8,6.0,4.8,7.5,4.8,5.0,4.9,5.0] new: [....31] [ip4][..tcp] [...10.24.82.188][42332] -> [.210.103.240.15][..443] [MIDSTREAM] new: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] - detected: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] [HTTP.Facebook][SocialNetwork][Fun] + detected: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] [HTTP.Facebook][SocialNetwork][Fun][www.facebook.com] new: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] - detected: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) analyse: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] min| max| avg| stddev| variance| entropy @@ -128,18 +128,18 @@ [IATS(ms)....: 995.9,1037.9,49.3,6.7,695.5,683.6,56.0,2329.9,2320.4,251.6,299.0,4.5,4.4,4.1,3.7,105.5,239.4,242.2,376.5,82.6,125.8,244.5,287.3,18.1,164.6,239.0,428.1,146.0,274.1,3803.0,24.7] [PKTLENS.....: 60,60,44,40,224,44,40,44,224,40,1320,40,1320,40,1027,40,162,40,87,40,694,40,69,40,342,40,83,40,180,40,67,116] [ENTROPIES...: 4.7,4.7,5.0,4.9,5.2,5.1,5.0,4.7,5.2,4.9,6.5,4.7,7.1,4.8,6.7,4.9,6.6,4.9,5.7,4.8,7.7,4.9,5.5,4.9,7.4,5.0,5.9,4.8,6.8,5.0,5.6,6.4] - detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) new: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] - detected: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) new: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [MIDSTREAM] new: [....36] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [MIDSTREAM] @@ -159,7 +159,7 @@ [ENTROPIES...: 4.7,5.0,4.9,5.2,4.7,5.0,6.5,7.1,6.7,4.8,4.9,4.9,6.5,4.9,5.9,4.8,7.7,5.0,5.6,4.8,6.9,7.1,5.0,5.0,5.8,4.9,5.5,4.9,5.6,6.3,5.0,5.0] update: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Network][Acceptable] new: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] - detected: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) idle: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] end: [....21] [ip4][..tcp] [...10.24.82.188][37553] -> [....31.13.68.84][...80] [HTTP.Facebook][SocialNetwork][Fun] @@ -179,14 +179,14 @@ idle: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Chat][Acceptable] idle: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] idle: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] - guessed: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] [HTTP][Web][Acceptable] + guessed: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] [HTTP][Web][Acceptable][] end: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] idle: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] idle: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Network][Acceptable] idle: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] idle: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Chat][Acceptable] idle: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable] - guessed: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Web][Acceptable][] idle: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] end: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] idle: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Network][Acceptable] @@ -202,7 +202,7 @@ idle: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] idle: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] idle: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] - guessed: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] [HTTP.Google][Web][Acceptable] + guessed: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] [HTTP.Google][Web][Acceptable][] end: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] guessed: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Web][Safe] idle: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] diff --git a/test/results/flow-info/KakaoTalk_talk.pcap.out b/test/results/flow-info/KakaoTalk_talk.pcap.out index 7d21bba55..64d502c10 100644 --- a/test/results/flow-info/KakaoTalk_talk.pcap.out +++ b/test/results/flow-info/KakaoTalk_talk.pcap.out @@ -6,20 +6,20 @@ new: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] [MIDSTREAM] new: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] new: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Chat][Fun] + detected: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Chat][Fun][hkminorshort.weixin.qq.com] RISK: Known Proto on Non Std Port - detection-update: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Download][Fun] + detection-update: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Download][Fun][hkminorshort.weixin.qq.com] RISK: Binary App Transfer, Known Proto on Non Std Port new: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] - detected: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS][Web][Safe] + detected: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) - detection-update: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable] + detection-update: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable][] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [MIDSTREAM] new: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] - detected: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS][Web][Safe] + detected: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) - detection-update: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable] + detection-update: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable][] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [TLS.Google][Web][Acceptable] @@ -80,13 +80,13 @@ new: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [MIDSTREAM] new: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] new: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] - detected: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] - detected: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun][mqtt.facebook.com] + detected: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] - detection-update: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun][mqtt.facebook.com] + detection-update: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun][] RISK: Obsolete TLS (v1.1 or older) - guessed: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [HTTP_Proxy][Web][Acceptable][] idle: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] guessed: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [TLS.Facebook][SocialNetwork][Fun] end: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] @@ -104,12 +104,12 @@ idle: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] [KakaoTalk_Voice][VoIP][Acceptable] end: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Download][Fun] RISK: Binary App Transfer, Known Proto on Non Std Port - guessed: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [HTTP][Web][Acceptable] + guessed: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [HTTP][Web][Acceptable][] end: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] idle: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher idle: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable] - guessed: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Web][Acceptable][] idle: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] idle: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher diff --git a/test/results/flow-info/WebattackRCE.pcap.out b/test/results/flow-info/WebattackRCE.pcap.out index 009b8f4bc..cb41764a1 100644 --- a/test/results/flow-info/WebattackRCE.pcap.out +++ b/test/results/flow-info/WebattackRCE.pcap.out @@ -2,2395 +2,2395 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [......127.0.0.1][49544] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [......127.0.0.1][49544] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][49544] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [.....2] [ip4][..tcp] [......127.0.0.1][49546] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [......127.0.0.1][49546] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [......127.0.0.1][49546] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [.....3] [ip4][..tcp] [......127.0.0.1][49548] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [......127.0.0.1][49548] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [......127.0.0.1][49548] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [.....4] [ip4][..tcp] [......127.0.0.1][49550] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [......127.0.0.1][49550] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [.....4] [ip4][..tcp] [......127.0.0.1][49550] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [.....5] [ip4][..tcp] [......127.0.0.1][49552] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [.....5] [ip4][..tcp] [......127.0.0.1][49552] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [.....5] [ip4][..tcp] [......127.0.0.1][49552] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [.....6] [ip4][..tcp] [......127.0.0.1][49554] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [.....6] [ip4][..tcp] [......127.0.0.1][49554] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [.....6] [ip4][..tcp] [......127.0.0.1][49554] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [.....7] [ip4][..tcp] [......127.0.0.1][49556] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [.....7] [ip4][..tcp] [......127.0.0.1][49556] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [.....7] [ip4][..tcp] [......127.0.0.1][49556] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [.....8] [ip4][..tcp] [......127.0.0.1][49558] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [.....8] [ip4][..tcp] [......127.0.0.1][49558] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [.....8] [ip4][..tcp] [......127.0.0.1][49558] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [.....9] [ip4][..tcp] [......127.0.0.1][49560] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [.....9] [ip4][..tcp] [......127.0.0.1][49560] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [.....9] [ip4][..tcp] [......127.0.0.1][49560] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....10] [ip4][..tcp] [......127.0.0.1][49562] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....10] [ip4][..tcp] [......127.0.0.1][49562] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....10] [ip4][..tcp] [......127.0.0.1][49562] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....11] [ip4][..tcp] [......127.0.0.1][49564] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....11] [ip4][..tcp] [......127.0.0.1][49564] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....11] [ip4][..tcp] [......127.0.0.1][49564] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....12] [ip4][..tcp] [......127.0.0.1][49566] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....12] [ip4][..tcp] [......127.0.0.1][49566] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....12] [ip4][..tcp] [......127.0.0.1][49566] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....13] [ip4][..tcp] [......127.0.0.1][49568] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....13] [ip4][..tcp] [......127.0.0.1][49568] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....13] [ip4][..tcp] [......127.0.0.1][49568] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....14] [ip4][..tcp] [......127.0.0.1][49570] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....14] [ip4][..tcp] [......127.0.0.1][49570] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....14] [ip4][..tcp] [......127.0.0.1][49570] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....15] [ip4][..tcp] [......127.0.0.1][49572] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....15] [ip4][..tcp] [......127.0.0.1][49572] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....15] [ip4][..tcp] [......127.0.0.1][49572] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....16] [ip4][..tcp] [......127.0.0.1][49574] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....16] [ip4][..tcp] [......127.0.0.1][49574] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....16] [ip4][..tcp] [......127.0.0.1][49574] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....17] [ip4][..tcp] [......127.0.0.1][49576] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....17] [ip4][..tcp] [......127.0.0.1][49576] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....17] [ip4][..tcp] [......127.0.0.1][49576] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....18] [ip4][..tcp] [......127.0.0.1][49578] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....18] [ip4][..tcp] [......127.0.0.1][49578] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....18] [ip4][..tcp] [......127.0.0.1][49578] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....19] [ip4][..tcp] [......127.0.0.1][49580] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....19] [ip4][..tcp] [......127.0.0.1][49580] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....19] [ip4][..tcp] [......127.0.0.1][49580] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....20] [ip4][..tcp] [......127.0.0.1][49582] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....20] [ip4][..tcp] [......127.0.0.1][49582] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....20] [ip4][..tcp] [......127.0.0.1][49582] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....21] [ip4][..tcp] [......127.0.0.1][49584] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....21] [ip4][..tcp] [......127.0.0.1][49584] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....21] [ip4][..tcp] [......127.0.0.1][49584] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....22] [ip4][..tcp] [......127.0.0.1][49586] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....22] [ip4][..tcp] [......127.0.0.1][49586] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....22] [ip4][..tcp] [......127.0.0.1][49586] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....23] [ip4][..tcp] [......127.0.0.1][49588] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....23] [ip4][..tcp] [......127.0.0.1][49588] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....23] [ip4][..tcp] [......127.0.0.1][49588] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....24] [ip4][..tcp] [......127.0.0.1][49590] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....24] [ip4][..tcp] [......127.0.0.1][49590] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....24] [ip4][..tcp] [......127.0.0.1][49590] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....25] [ip4][..tcp] [......127.0.0.1][49592] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....25] [ip4][..tcp] [......127.0.0.1][49592] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....25] [ip4][..tcp] [......127.0.0.1][49592] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....26] [ip4][..tcp] [......127.0.0.1][49594] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....26] [ip4][..tcp] [......127.0.0.1][49594] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....26] [ip4][..tcp] [......127.0.0.1][49594] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....27] [ip4][..tcp] [......127.0.0.1][49596] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....27] [ip4][..tcp] [......127.0.0.1][49596] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....27] [ip4][..tcp] [......127.0.0.1][49596] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....28] [ip4][..tcp] [......127.0.0.1][49598] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....28] [ip4][..tcp] [......127.0.0.1][49598] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....28] [ip4][..tcp] [......127.0.0.1][49598] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....29] [ip4][..tcp] [......127.0.0.1][49600] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....29] [ip4][..tcp] [......127.0.0.1][49600] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....29] [ip4][..tcp] [......127.0.0.1][49600] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....30] [ip4][..tcp] [......127.0.0.1][49602] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....30] [ip4][..tcp] [......127.0.0.1][49602] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....30] [ip4][..tcp] [......127.0.0.1][49602] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....31] [ip4][..tcp] [......127.0.0.1][49604] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....31] [ip4][..tcp] [......127.0.0.1][49604] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....31] [ip4][..tcp] [......127.0.0.1][49604] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....32] [ip4][..tcp] [......127.0.0.1][49606] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....32] [ip4][..tcp] [......127.0.0.1][49606] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....32] [ip4][..tcp] [......127.0.0.1][49606] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....33] [ip4][..tcp] [......127.0.0.1][49608] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....33] [ip4][..tcp] [......127.0.0.1][49608] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....33] [ip4][..tcp] [......127.0.0.1][49608] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....34] [ip4][..tcp] [......127.0.0.1][49610] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....34] [ip4][..tcp] [......127.0.0.1][49610] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....34] [ip4][..tcp] [......127.0.0.1][49610] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....35] [ip4][..tcp] [......127.0.0.1][49612] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....35] [ip4][..tcp] [......127.0.0.1][49612] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....35] [ip4][..tcp] [......127.0.0.1][49612] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....36] [ip4][..tcp] [......127.0.0.1][49614] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....36] [ip4][..tcp] [......127.0.0.1][49614] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....36] [ip4][..tcp] [......127.0.0.1][49614] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....37] [ip4][..tcp] [......127.0.0.1][49616] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....37] [ip4][..tcp] [......127.0.0.1][49616] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....37] [ip4][..tcp] [......127.0.0.1][49616] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....38] [ip4][..tcp] [......127.0.0.1][49618] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....38] [ip4][..tcp] [......127.0.0.1][49618] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....38] [ip4][..tcp] [......127.0.0.1][49618] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....39] [ip4][..tcp] [......127.0.0.1][49620] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....39] [ip4][..tcp] [......127.0.0.1][49620] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....39] [ip4][..tcp] [......127.0.0.1][49620] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....40] [ip4][..tcp] [......127.0.0.1][49622] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....40] [ip4][..tcp] [......127.0.0.1][49622] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....40] [ip4][..tcp] [......127.0.0.1][49622] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....41] [ip4][..tcp] [......127.0.0.1][49624] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....41] [ip4][..tcp] [......127.0.0.1][49624] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....41] [ip4][..tcp] [......127.0.0.1][49624] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....42] [ip4][..tcp] [......127.0.0.1][49626] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....42] [ip4][..tcp] [......127.0.0.1][49626] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....42] [ip4][..tcp] [......127.0.0.1][49626] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....43] [ip4][..tcp] [......127.0.0.1][49628] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....43] [ip4][..tcp] [......127.0.0.1][49628] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....43] [ip4][..tcp] [......127.0.0.1][49628] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....44] [ip4][..tcp] [......127.0.0.1][49630] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....44] [ip4][..tcp] [......127.0.0.1][49630] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....44] [ip4][..tcp] [......127.0.0.1][49630] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....45] [ip4][..tcp] [......127.0.0.1][49632] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....45] [ip4][..tcp] [......127.0.0.1][49632] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....45] [ip4][..tcp] [......127.0.0.1][49632] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....46] [ip4][..tcp] [......127.0.0.1][49634] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....46] [ip4][..tcp] [......127.0.0.1][49634] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....46] [ip4][..tcp] [......127.0.0.1][49634] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....47] [ip4][..tcp] [......127.0.0.1][49636] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....47] [ip4][..tcp] [......127.0.0.1][49636] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....47] [ip4][..tcp] [......127.0.0.1][49636] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....48] [ip4][..tcp] [......127.0.0.1][49638] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....48] [ip4][..tcp] [......127.0.0.1][49638] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....48] [ip4][..tcp] [......127.0.0.1][49638] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....49] [ip4][..tcp] [......127.0.0.1][49640] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....49] [ip4][..tcp] [......127.0.0.1][49640] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....49] [ip4][..tcp] [......127.0.0.1][49640] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....50] [ip4][..tcp] [......127.0.0.1][49642] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....50] [ip4][..tcp] [......127.0.0.1][49642] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....50] [ip4][..tcp] [......127.0.0.1][49642] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....51] [ip4][..tcp] [......127.0.0.1][49644] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....51] [ip4][..tcp] [......127.0.0.1][49644] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....51] [ip4][..tcp] [......127.0.0.1][49644] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....52] [ip4][..tcp] [......127.0.0.1][49646] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....52] [ip4][..tcp] [......127.0.0.1][49646] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....52] [ip4][..tcp] [......127.0.0.1][49646] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....53] [ip4][..tcp] [......127.0.0.1][49648] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....53] [ip4][..tcp] [......127.0.0.1][49648] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....53] [ip4][..tcp] [......127.0.0.1][49648] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....54] [ip4][..tcp] [......127.0.0.1][49650] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....54] [ip4][..tcp] [......127.0.0.1][49650] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....54] [ip4][..tcp] [......127.0.0.1][49650] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....55] [ip4][..tcp] [......127.0.0.1][49652] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....55] [ip4][..tcp] [......127.0.0.1][49652] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....55] [ip4][..tcp] [......127.0.0.1][49652] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....56] [ip4][..tcp] [......127.0.0.1][49654] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....56] [ip4][..tcp] [......127.0.0.1][49654] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....56] [ip4][..tcp] [......127.0.0.1][49654] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....57] [ip4][..tcp] [......127.0.0.1][49656] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....57] [ip4][..tcp] [......127.0.0.1][49656] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....57] [ip4][..tcp] [......127.0.0.1][49656] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....58] [ip4][..tcp] [......127.0.0.1][49658] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....58] [ip4][..tcp] [......127.0.0.1][49658] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....58] [ip4][..tcp] [......127.0.0.1][49658] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....59] [ip4][..tcp] [......127.0.0.1][49660] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....59] [ip4][..tcp] [......127.0.0.1][49660] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....59] [ip4][..tcp] [......127.0.0.1][49660] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....60] [ip4][..tcp] [......127.0.0.1][49662] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....60] [ip4][..tcp] [......127.0.0.1][49662] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....60] [ip4][..tcp] [......127.0.0.1][49662] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....61] [ip4][..tcp] [......127.0.0.1][49664] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....61] [ip4][..tcp] [......127.0.0.1][49664] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....61] [ip4][..tcp] [......127.0.0.1][49664] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....62] [ip4][..tcp] [......127.0.0.1][49666] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....62] [ip4][..tcp] [......127.0.0.1][49666] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....62] [ip4][..tcp] [......127.0.0.1][49666] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....63] [ip4][..tcp] [......127.0.0.1][49668] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....63] [ip4][..tcp] [......127.0.0.1][49668] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....63] [ip4][..tcp] [......127.0.0.1][49668] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....64] [ip4][..tcp] [......127.0.0.1][49670] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....64] [ip4][..tcp] [......127.0.0.1][49670] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....64] [ip4][..tcp] [......127.0.0.1][49670] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....65] [ip4][..tcp] [......127.0.0.1][49672] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....65] [ip4][..tcp] [......127.0.0.1][49672] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....65] [ip4][..tcp] [......127.0.0.1][49672] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....66] [ip4][..tcp] [......127.0.0.1][49674] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....66] [ip4][..tcp] [......127.0.0.1][49674] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....66] [ip4][..tcp] [......127.0.0.1][49674] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....67] [ip4][..tcp] [......127.0.0.1][49676] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....67] [ip4][..tcp] [......127.0.0.1][49676] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....67] [ip4][..tcp] [......127.0.0.1][49676] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....68] [ip4][..tcp] [......127.0.0.1][49678] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....68] [ip4][..tcp] [......127.0.0.1][49678] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....68] [ip4][..tcp] [......127.0.0.1][49678] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....69] [ip4][..tcp] [......127.0.0.1][49680] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....69] [ip4][..tcp] [......127.0.0.1][49680] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....69] [ip4][..tcp] [......127.0.0.1][49680] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....70] [ip4][..tcp] [......127.0.0.1][49682] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....70] [ip4][..tcp] [......127.0.0.1][49682] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....70] [ip4][..tcp] [......127.0.0.1][49682] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....71] [ip4][..tcp] [......127.0.0.1][49684] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....71] [ip4][..tcp] [......127.0.0.1][49684] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....71] [ip4][..tcp] [......127.0.0.1][49684] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....72] [ip4][..tcp] [......127.0.0.1][49686] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....72] [ip4][..tcp] [......127.0.0.1][49686] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....72] [ip4][..tcp] [......127.0.0.1][49686] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....73] [ip4][..tcp] [......127.0.0.1][49688] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....73] [ip4][..tcp] [......127.0.0.1][49688] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....73] [ip4][..tcp] [......127.0.0.1][49688] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....74] [ip4][..tcp] [......127.0.0.1][49690] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....74] [ip4][..tcp] [......127.0.0.1][49690] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....74] [ip4][..tcp] [......127.0.0.1][49690] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....75] [ip4][..tcp] [......127.0.0.1][49692] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....75] [ip4][..tcp] [......127.0.0.1][49692] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....75] [ip4][..tcp] [......127.0.0.1][49692] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....76] [ip4][..tcp] [......127.0.0.1][49694] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....76] [ip4][..tcp] [......127.0.0.1][49694] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....76] [ip4][..tcp] [......127.0.0.1][49694] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....77] [ip4][..tcp] [......127.0.0.1][49696] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....77] [ip4][..tcp] [......127.0.0.1][49696] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....77] [ip4][..tcp] [......127.0.0.1][49696] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....78] [ip4][..tcp] [......127.0.0.1][49698] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....78] [ip4][..tcp] [......127.0.0.1][49698] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....78] [ip4][..tcp] [......127.0.0.1][49698] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....79] [ip4][..tcp] [......127.0.0.1][49700] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....79] [ip4][..tcp] [......127.0.0.1][49700] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....79] [ip4][..tcp] [......127.0.0.1][49700] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....80] [ip4][..tcp] [......127.0.0.1][49702] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....80] [ip4][..tcp] [......127.0.0.1][49702] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....80] [ip4][..tcp] [......127.0.0.1][49702] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....81] [ip4][..tcp] [......127.0.0.1][49704] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....81] [ip4][..tcp] [......127.0.0.1][49704] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....81] [ip4][..tcp] [......127.0.0.1][49704] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....82] [ip4][..tcp] [......127.0.0.1][49706] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....82] [ip4][..tcp] [......127.0.0.1][49706] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....82] [ip4][..tcp] [......127.0.0.1][49706] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....83] [ip4][..tcp] [......127.0.0.1][49708] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....83] [ip4][..tcp] [......127.0.0.1][49708] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....83] [ip4][..tcp] [......127.0.0.1][49708] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....84] [ip4][..tcp] [......127.0.0.1][49710] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....84] [ip4][..tcp] [......127.0.0.1][49710] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....84] [ip4][..tcp] [......127.0.0.1][49710] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....85] [ip4][..tcp] [......127.0.0.1][49712] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....85] [ip4][..tcp] [......127.0.0.1][49712] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....85] [ip4][..tcp] [......127.0.0.1][49712] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....86] [ip4][..tcp] [......127.0.0.1][49714] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....86] [ip4][..tcp] [......127.0.0.1][49714] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....86] [ip4][..tcp] [......127.0.0.1][49714] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....87] [ip4][..tcp] [......127.0.0.1][49716] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....87] [ip4][..tcp] [......127.0.0.1][49716] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....87] [ip4][..tcp] [......127.0.0.1][49716] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....88] [ip4][..tcp] [......127.0.0.1][49718] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....88] [ip4][..tcp] [......127.0.0.1][49718] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....88] [ip4][..tcp] [......127.0.0.1][49718] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....89] [ip4][..tcp] [......127.0.0.1][49720] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....89] [ip4][..tcp] [......127.0.0.1][49720] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....89] [ip4][..tcp] [......127.0.0.1][49720] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][] RISK: Known Proto on Non Std Port new: [....90] [ip4][..tcp] [......127.0.0.1][49722] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....90] [ip4][..tcp] [......127.0.0.1][49722] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....90] [ip4][..tcp] [......127.0.0.1][49722] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....91] [ip4][..tcp] [......127.0.0.1][49724] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....91] [ip4][..tcp] [......127.0.0.1][49724] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....91] [ip4][..tcp] [......127.0.0.1][49724] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....92] [ip4][..tcp] [......127.0.0.1][49726] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....92] [ip4][..tcp] [......127.0.0.1][49726] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....92] [ip4][..tcp] [......127.0.0.1][49726] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....93] [ip4][..tcp] [......127.0.0.1][49728] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....93] [ip4][..tcp] [......127.0.0.1][49728] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....93] [ip4][..tcp] [......127.0.0.1][49728] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....94] [ip4][..tcp] [......127.0.0.1][49730] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....94] [ip4][..tcp] [......127.0.0.1][49730] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....94] [ip4][..tcp] [......127.0.0.1][49730] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....95] [ip4][..tcp] [......127.0.0.1][49732] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....95] [ip4][..tcp] [......127.0.0.1][49732] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....95] [ip4][..tcp] [......127.0.0.1][49732] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....96] [ip4][..tcp] [......127.0.0.1][49734] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....96] [ip4][..tcp] [......127.0.0.1][49734] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....96] [ip4][..tcp] [......127.0.0.1][49734] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....97] [ip4][..tcp] [......127.0.0.1][49736] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....97] [ip4][..tcp] [......127.0.0.1][49736] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....97] [ip4][..tcp] [......127.0.0.1][49736] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....98] [ip4][..tcp] [......127.0.0.1][49738] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....98] [ip4][..tcp] [......127.0.0.1][49738] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....98] [ip4][..tcp] [......127.0.0.1][49738] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....99] [ip4][..tcp] [......127.0.0.1][49740] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [....99] [ip4][..tcp] [......127.0.0.1][49740] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [....99] [ip4][..tcp] [......127.0.0.1][49740] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...100] [ip4][..tcp] [......127.0.0.1][49742] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...100] [ip4][..tcp] [......127.0.0.1][49742] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...100] [ip4][..tcp] [......127.0.0.1][49742] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...101] [ip4][..tcp] [......127.0.0.1][49744] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...101] [ip4][..tcp] [......127.0.0.1][49744] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...101] [ip4][..tcp] [......127.0.0.1][49744] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...102] [ip4][..tcp] [......127.0.0.1][49746] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...102] [ip4][..tcp] [......127.0.0.1][49746] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...102] [ip4][..tcp] [......127.0.0.1][49746] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...103] [ip4][..tcp] [......127.0.0.1][49748] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...103] [ip4][..tcp] [......127.0.0.1][49748] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...103] [ip4][..tcp] [......127.0.0.1][49748] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...104] [ip4][..tcp] [......127.0.0.1][49750] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...104] [ip4][..tcp] [......127.0.0.1][49750] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...104] [ip4][..tcp] [......127.0.0.1][49750] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...105] [ip4][..tcp] [......127.0.0.1][49752] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...105] [ip4][..tcp] [......127.0.0.1][49752] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...105] [ip4][..tcp] [......127.0.0.1][49752] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...106] [ip4][..tcp] [......127.0.0.1][49754] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...106] [ip4][..tcp] [......127.0.0.1][49754] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...106] [ip4][..tcp] [......127.0.0.1][49754] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...107] [ip4][..tcp] [......127.0.0.1][49756] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...107] [ip4][..tcp] [......127.0.0.1][49756] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...107] [ip4][..tcp] [......127.0.0.1][49756] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...108] [ip4][..tcp] [......127.0.0.1][49758] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...108] [ip4][..tcp] [......127.0.0.1][49758] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...108] [ip4][..tcp] [......127.0.0.1][49758] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...109] [ip4][..tcp] [......127.0.0.1][49760] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...109] [ip4][..tcp] [......127.0.0.1][49760] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...109] [ip4][..tcp] [......127.0.0.1][49760] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...110] [ip4][..tcp] [......127.0.0.1][49764] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...110] [ip4][..tcp] [......127.0.0.1][49764] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...110] [ip4][..tcp] [......127.0.0.1][49764] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...111] [ip4][..tcp] [......127.0.0.1][49766] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...111] [ip4][..tcp] [......127.0.0.1][49766] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...111] [ip4][..tcp] [......127.0.0.1][49766] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...112] [ip4][..tcp] [......127.0.0.1][49768] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...112] [ip4][..tcp] [......127.0.0.1][49768] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...112] [ip4][..tcp] [......127.0.0.1][49768] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...113] [ip4][..tcp] [......127.0.0.1][49770] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...113] [ip4][..tcp] [......127.0.0.1][49770] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...113] [ip4][..tcp] [......127.0.0.1][49770] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...114] [ip4][..tcp] [......127.0.0.1][49772] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...114] [ip4][..tcp] [......127.0.0.1][49772] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...114] [ip4][..tcp] [......127.0.0.1][49772] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...115] [ip4][..tcp] [......127.0.0.1][49774] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...115] [ip4][..tcp] [......127.0.0.1][49774] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...115] [ip4][..tcp] [......127.0.0.1][49774] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...116] [ip4][..tcp] [......127.0.0.1][49776] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...116] [ip4][..tcp] [......127.0.0.1][49776] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...116] [ip4][..tcp] [......127.0.0.1][49776] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...117] [ip4][..tcp] [......127.0.0.1][49778] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...117] [ip4][..tcp] [......127.0.0.1][49778] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...117] [ip4][..tcp] [......127.0.0.1][49778] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...118] [ip4][..tcp] [......127.0.0.1][49780] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...118] [ip4][..tcp] [......127.0.0.1][49780] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...118] [ip4][..tcp] [......127.0.0.1][49780] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...119] [ip4][..tcp] [......127.0.0.1][49782] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...119] [ip4][..tcp] [......127.0.0.1][49782] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...119] [ip4][..tcp] [......127.0.0.1][49782] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...120] [ip4][..tcp] [......127.0.0.1][49784] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...120] [ip4][..tcp] [......127.0.0.1][49784] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...120] [ip4][..tcp] [......127.0.0.1][49784] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...121] [ip4][..tcp] [......127.0.0.1][49786] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...121] [ip4][..tcp] [......127.0.0.1][49786] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...121] [ip4][..tcp] [......127.0.0.1][49786] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...122] [ip4][..tcp] [......127.0.0.1][49788] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...122] [ip4][..tcp] [......127.0.0.1][49788] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...122] [ip4][..tcp] [......127.0.0.1][49788] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...123] [ip4][..tcp] [......127.0.0.1][49790] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...123] [ip4][..tcp] [......127.0.0.1][49790] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...123] [ip4][..tcp] [......127.0.0.1][49790] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...124] [ip4][..tcp] [......127.0.0.1][49792] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...124] [ip4][..tcp] [......127.0.0.1][49792] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...124] [ip4][..tcp] [......127.0.0.1][49792] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...125] [ip4][..tcp] [......127.0.0.1][49794] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...125] [ip4][..tcp] [......127.0.0.1][49794] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...125] [ip4][..tcp] [......127.0.0.1][49794] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...126] [ip4][..tcp] [......127.0.0.1][49796] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...126] [ip4][..tcp] [......127.0.0.1][49796] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...126] [ip4][..tcp] [......127.0.0.1][49796] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...127] [ip4][..tcp] [......127.0.0.1][49798] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...127] [ip4][..tcp] [......127.0.0.1][49798] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...127] [ip4][..tcp] [......127.0.0.1][49798] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...128] [ip4][..tcp] [......127.0.0.1][49800] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...128] [ip4][..tcp] [......127.0.0.1][49800] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...128] [ip4][..tcp] [......127.0.0.1][49800] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...129] [ip4][..tcp] [......127.0.0.1][49802] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...129] [ip4][..tcp] [......127.0.0.1][49802] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...129] [ip4][..tcp] [......127.0.0.1][49802] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...130] [ip4][..tcp] [......127.0.0.1][49804] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...130] [ip4][..tcp] [......127.0.0.1][49804] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...130] [ip4][..tcp] [......127.0.0.1][49804] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...131] [ip4][..tcp] [......127.0.0.1][49806] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...131] [ip4][..tcp] [......127.0.0.1][49806] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...131] [ip4][..tcp] [......127.0.0.1][49806] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...132] [ip4][..tcp] [......127.0.0.1][49808] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...132] [ip4][..tcp] [......127.0.0.1][49808] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...132] [ip4][..tcp] [......127.0.0.1][49808] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...133] [ip4][..tcp] [......127.0.0.1][49810] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...133] [ip4][..tcp] [......127.0.0.1][49810] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...133] [ip4][..tcp] [......127.0.0.1][49810] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...134] [ip4][..tcp] [......127.0.0.1][49812] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...134] [ip4][..tcp] [......127.0.0.1][49812] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...134] [ip4][..tcp] [......127.0.0.1][49812] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...135] [ip4][..tcp] [......127.0.0.1][49814] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...135] [ip4][..tcp] [......127.0.0.1][49814] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...135] [ip4][..tcp] [......127.0.0.1][49814] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...136] [ip4][..tcp] [......127.0.0.1][49816] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...136] [ip4][..tcp] [......127.0.0.1][49816] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...136] [ip4][..tcp] [......127.0.0.1][49816] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...137] [ip4][..tcp] [......127.0.0.1][49818] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...137] [ip4][..tcp] [......127.0.0.1][49818] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...137] [ip4][..tcp] [......127.0.0.1][49818] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...138] [ip4][..tcp] [......127.0.0.1][49820] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...138] [ip4][..tcp] [......127.0.0.1][49820] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...138] [ip4][..tcp] [......127.0.0.1][49820] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...139] [ip4][..tcp] [......127.0.0.1][49822] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...139] [ip4][..tcp] [......127.0.0.1][49822] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...139] [ip4][..tcp] [......127.0.0.1][49822] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...140] [ip4][..tcp] [......127.0.0.1][49824] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...140] [ip4][..tcp] [......127.0.0.1][49824] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...140] [ip4][..tcp] [......127.0.0.1][49824] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...141] [ip4][..tcp] [......127.0.0.1][49826] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...141] [ip4][..tcp] [......127.0.0.1][49826] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...141] [ip4][..tcp] [......127.0.0.1][49826] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...142] [ip4][..tcp] [......127.0.0.1][49828] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...142] [ip4][..tcp] [......127.0.0.1][49828] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...142] [ip4][..tcp] [......127.0.0.1][49828] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...143] [ip4][..tcp] [......127.0.0.1][49830] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...143] [ip4][..tcp] [......127.0.0.1][49830] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...143] [ip4][..tcp] [......127.0.0.1][49830] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...144] [ip4][..tcp] [......127.0.0.1][49832] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...144] [ip4][..tcp] [......127.0.0.1][49832] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...144] [ip4][..tcp] [......127.0.0.1][49832] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...145] [ip4][..tcp] [......127.0.0.1][49834] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...145] [ip4][..tcp] [......127.0.0.1][49834] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...145] [ip4][..tcp] [......127.0.0.1][49834] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...146] [ip4][..tcp] [......127.0.0.1][49836] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...146] [ip4][..tcp] [......127.0.0.1][49836] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...146] [ip4][..tcp] [......127.0.0.1][49836] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...147] [ip4][..tcp] [......127.0.0.1][49838] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...147] [ip4][..tcp] [......127.0.0.1][49838] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...147] [ip4][..tcp] [......127.0.0.1][49838] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...148] [ip4][..tcp] [......127.0.0.1][49840] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...148] [ip4][..tcp] [......127.0.0.1][49840] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...148] [ip4][..tcp] [......127.0.0.1][49840] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...149] [ip4][..tcp] [......127.0.0.1][49842] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...149] [ip4][..tcp] [......127.0.0.1][49842] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...149] [ip4][..tcp] [......127.0.0.1][49842] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...150] [ip4][..tcp] [......127.0.0.1][49844] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...150] [ip4][..tcp] [......127.0.0.1][49844] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...150] [ip4][..tcp] [......127.0.0.1][49844] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...151] [ip4][..tcp] [......127.0.0.1][49846] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...151] [ip4][..tcp] [......127.0.0.1][49846] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...151] [ip4][..tcp] [......127.0.0.1][49846] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...152] [ip4][..tcp] [......127.0.0.1][49848] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...152] [ip4][..tcp] [......127.0.0.1][49848] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...152] [ip4][..tcp] [......127.0.0.1][49848] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...153] [ip4][..tcp] [......127.0.0.1][49850] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...153] [ip4][..tcp] [......127.0.0.1][49850] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...153] [ip4][..tcp] [......127.0.0.1][49850] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...154] [ip4][..tcp] [......127.0.0.1][49852] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...154] [ip4][..tcp] [......127.0.0.1][49852] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...154] [ip4][..tcp] [......127.0.0.1][49852] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...155] [ip4][..tcp] [......127.0.0.1][49854] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...155] [ip4][..tcp] [......127.0.0.1][49854] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...155] [ip4][..tcp] [......127.0.0.1][49854] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...156] [ip4][..tcp] [......127.0.0.1][49856] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...156] [ip4][..tcp] [......127.0.0.1][49856] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...156] [ip4][..tcp] [......127.0.0.1][49856] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...157] [ip4][..tcp] [......127.0.0.1][49858] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...157] [ip4][..tcp] [......127.0.0.1][49858] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...157] [ip4][..tcp] [......127.0.0.1][49858] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...158] [ip4][..tcp] [......127.0.0.1][49860] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...158] [ip4][..tcp] [......127.0.0.1][49860] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...158] [ip4][..tcp] [......127.0.0.1][49860] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...159] [ip4][..tcp] [......127.0.0.1][49862] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...159] [ip4][..tcp] [......127.0.0.1][49862] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...159] [ip4][..tcp] [......127.0.0.1][49862] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...160] [ip4][..tcp] [......127.0.0.1][49864] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...160] [ip4][..tcp] [......127.0.0.1][49864] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...160] [ip4][..tcp] [......127.0.0.1][49864] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...161] [ip4][..tcp] [......127.0.0.1][49866] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...161] [ip4][..tcp] [......127.0.0.1][49866] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...161] [ip4][..tcp] [......127.0.0.1][49866] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...162] [ip4][..tcp] [......127.0.0.1][49868] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...162] [ip4][..tcp] [......127.0.0.1][49868] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...162] [ip4][..tcp] [......127.0.0.1][49868] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...163] [ip4][..tcp] [......127.0.0.1][49870] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...163] [ip4][..tcp] [......127.0.0.1][49870] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...163] [ip4][..tcp] [......127.0.0.1][49870] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...164] [ip4][..tcp] [......127.0.0.1][49872] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...164] [ip4][..tcp] [......127.0.0.1][49872] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...164] [ip4][..tcp] [......127.0.0.1][49872] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...165] [ip4][..tcp] [......127.0.0.1][49874] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...165] [ip4][..tcp] [......127.0.0.1][49874] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...165] [ip4][..tcp] [......127.0.0.1][49874] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...166] [ip4][..tcp] [......127.0.0.1][49876] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...166] [ip4][..tcp] [......127.0.0.1][49876] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...166] [ip4][..tcp] [......127.0.0.1][49876] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...167] [ip4][..tcp] [......127.0.0.1][49878] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...167] [ip4][..tcp] [......127.0.0.1][49878] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...167] [ip4][..tcp] [......127.0.0.1][49878] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...168] [ip4][..tcp] [......127.0.0.1][49880] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...168] [ip4][..tcp] [......127.0.0.1][49880] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...168] [ip4][..tcp] [......127.0.0.1][49880] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...169] [ip4][..tcp] [......127.0.0.1][49882] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...169] [ip4][..tcp] [......127.0.0.1][49882] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...169] [ip4][..tcp] [......127.0.0.1][49882] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...170] [ip4][..tcp] [......127.0.0.1][49884] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...170] [ip4][..tcp] [......127.0.0.1][49884] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...170] [ip4][..tcp] [......127.0.0.1][49884] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...171] [ip4][..tcp] [......127.0.0.1][49886] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...171] [ip4][..tcp] [......127.0.0.1][49886] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...171] [ip4][..tcp] [......127.0.0.1][49886] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...172] [ip4][..tcp] [......127.0.0.1][49888] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...172] [ip4][..tcp] [......127.0.0.1][49888] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...172] [ip4][..tcp] [......127.0.0.1][49888] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...173] [ip4][..tcp] [......127.0.0.1][49890] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...173] [ip4][..tcp] [......127.0.0.1][49890] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...173] [ip4][..tcp] [......127.0.0.1][49890] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...174] [ip4][..tcp] [......127.0.0.1][49892] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...174] [ip4][..tcp] [......127.0.0.1][49892] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...174] [ip4][..tcp] [......127.0.0.1][49892] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...175] [ip4][..tcp] [......127.0.0.1][49894] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...175] [ip4][..tcp] [......127.0.0.1][49894] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...175] [ip4][..tcp] [......127.0.0.1][49894] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...176] [ip4][..tcp] [......127.0.0.1][49896] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...176] [ip4][..tcp] [......127.0.0.1][49896] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...176] [ip4][..tcp] [......127.0.0.1][49896] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...177] [ip4][..tcp] [......127.0.0.1][49898] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...177] [ip4][..tcp] [......127.0.0.1][49898] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...177] [ip4][..tcp] [......127.0.0.1][49898] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...178] [ip4][..tcp] [......127.0.0.1][49900] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...178] [ip4][..tcp] [......127.0.0.1][49900] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...178] [ip4][..tcp] [......127.0.0.1][49900] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...179] [ip4][..tcp] [......127.0.0.1][49902] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...179] [ip4][..tcp] [......127.0.0.1][49902] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...179] [ip4][..tcp] [......127.0.0.1][49902] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...180] [ip4][..tcp] [......127.0.0.1][49904] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...180] [ip4][..tcp] [......127.0.0.1][49904] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...180] [ip4][..tcp] [......127.0.0.1][49904] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...181] [ip4][..tcp] [......127.0.0.1][49906] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...181] [ip4][..tcp] [......127.0.0.1][49906] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...181] [ip4][..tcp] [......127.0.0.1][49906] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...182] [ip4][..tcp] [......127.0.0.1][49908] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...182] [ip4][..tcp] [......127.0.0.1][49908] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...182] [ip4][..tcp] [......127.0.0.1][49908] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...183] [ip4][..tcp] [......127.0.0.1][49910] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...183] [ip4][..tcp] [......127.0.0.1][49910] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...183] [ip4][..tcp] [......127.0.0.1][49910] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...184] [ip4][..tcp] [......127.0.0.1][49912] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...184] [ip4][..tcp] [......127.0.0.1][49912] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...184] [ip4][..tcp] [......127.0.0.1][49912] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...185] [ip4][..tcp] [......127.0.0.1][49914] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...185] [ip4][..tcp] [......127.0.0.1][49914] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...185] [ip4][..tcp] [......127.0.0.1][49914] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...186] [ip4][..tcp] [......127.0.0.1][49916] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...186] [ip4][..tcp] [......127.0.0.1][49916] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...186] [ip4][..tcp] [......127.0.0.1][49916] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...187] [ip4][..tcp] [......127.0.0.1][49918] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...187] [ip4][..tcp] [......127.0.0.1][49918] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...187] [ip4][..tcp] [......127.0.0.1][49918] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...188] [ip4][..tcp] [......127.0.0.1][49920] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...188] [ip4][..tcp] [......127.0.0.1][49920] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...188] [ip4][..tcp] [......127.0.0.1][49920] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...189] [ip4][..tcp] [......127.0.0.1][49922] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...189] [ip4][..tcp] [......127.0.0.1][49922] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...189] [ip4][..tcp] [......127.0.0.1][49922] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...190] [ip4][..tcp] [......127.0.0.1][49924] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...190] [ip4][..tcp] [......127.0.0.1][49924] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...190] [ip4][..tcp] [......127.0.0.1][49924] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...191] [ip4][..tcp] [......127.0.0.1][49926] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...191] [ip4][..tcp] [......127.0.0.1][49926] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...191] [ip4][..tcp] [......127.0.0.1][49926] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...192] [ip4][..tcp] [......127.0.0.1][49928] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...192] [ip4][..tcp] [......127.0.0.1][49928] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...192] [ip4][..tcp] [......127.0.0.1][49928] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...193] [ip4][..tcp] [......127.0.0.1][49930] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...193] [ip4][..tcp] [......127.0.0.1][49930] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...193] [ip4][..tcp] [......127.0.0.1][49930] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...194] [ip4][..tcp] [......127.0.0.1][49932] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...194] [ip4][..tcp] [......127.0.0.1][49932] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...194] [ip4][..tcp] [......127.0.0.1][49932] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...195] [ip4][..tcp] [......127.0.0.1][49934] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...195] [ip4][..tcp] [......127.0.0.1][49934] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...195] [ip4][..tcp] [......127.0.0.1][49934] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...196] [ip4][..tcp] [......127.0.0.1][49936] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...196] [ip4][..tcp] [......127.0.0.1][49936] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...196] [ip4][..tcp] [......127.0.0.1][49936] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...197] [ip4][..tcp] [......127.0.0.1][49938] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...197] [ip4][..tcp] [......127.0.0.1][49938] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...197] [ip4][..tcp] [......127.0.0.1][49938] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...198] [ip4][..tcp] [......127.0.0.1][49940] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...198] [ip4][..tcp] [......127.0.0.1][49940] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...198] [ip4][..tcp] [......127.0.0.1][49940] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...199] [ip4][..tcp] [......127.0.0.1][49942] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...199] [ip4][..tcp] [......127.0.0.1][49942] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...199] [ip4][..tcp] [......127.0.0.1][49942] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...200] [ip4][..tcp] [......127.0.0.1][49944] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...200] [ip4][..tcp] [......127.0.0.1][49944] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...200] [ip4][..tcp] [......127.0.0.1][49944] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...201] [ip4][..tcp] [......127.0.0.1][49946] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...201] [ip4][..tcp] [......127.0.0.1][49946] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...201] [ip4][..tcp] [......127.0.0.1][49946] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...202] [ip4][..tcp] [......127.0.0.1][49948] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...202] [ip4][..tcp] [......127.0.0.1][49948] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...202] [ip4][..tcp] [......127.0.0.1][49948] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...203] [ip4][..tcp] [......127.0.0.1][49950] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...203] [ip4][..tcp] [......127.0.0.1][49950] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...203] [ip4][..tcp] [......127.0.0.1][49950] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...204] [ip4][..tcp] [......127.0.0.1][49952] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...204] [ip4][..tcp] [......127.0.0.1][49952] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...204] [ip4][..tcp] [......127.0.0.1][49952] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...205] [ip4][..tcp] [......127.0.0.1][49954] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...205] [ip4][..tcp] [......127.0.0.1][49954] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...205] [ip4][..tcp] [......127.0.0.1][49954] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...206] [ip4][..tcp] [......127.0.0.1][49956] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...206] [ip4][..tcp] [......127.0.0.1][49956] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...206] [ip4][..tcp] [......127.0.0.1][49956] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...207] [ip4][..tcp] [......127.0.0.1][49958] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...207] [ip4][..tcp] [......127.0.0.1][49958] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...207] [ip4][..tcp] [......127.0.0.1][49958] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...208] [ip4][..tcp] [......127.0.0.1][49960] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...208] [ip4][..tcp] [......127.0.0.1][49960] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...208] [ip4][..tcp] [......127.0.0.1][49960] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...209] [ip4][..tcp] [......127.0.0.1][49962] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...209] [ip4][..tcp] [......127.0.0.1][49962] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...209] [ip4][..tcp] [......127.0.0.1][49962] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...210] [ip4][..tcp] [......127.0.0.1][49964] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...210] [ip4][..tcp] [......127.0.0.1][49964] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...210] [ip4][..tcp] [......127.0.0.1][49964] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...211] [ip4][..tcp] [......127.0.0.1][49966] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...211] [ip4][..tcp] [......127.0.0.1][49966] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...211] [ip4][..tcp] [......127.0.0.1][49966] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...212] [ip4][..tcp] [......127.0.0.1][49968] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...212] [ip4][..tcp] [......127.0.0.1][49968] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...212] [ip4][..tcp] [......127.0.0.1][49968] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...213] [ip4][..tcp] [......127.0.0.1][49970] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...213] [ip4][..tcp] [......127.0.0.1][49970] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...213] [ip4][..tcp] [......127.0.0.1][49970] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...214] [ip4][..tcp] [......127.0.0.1][49972] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...214] [ip4][..tcp] [......127.0.0.1][49972] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...214] [ip4][..tcp] [......127.0.0.1][49972] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...215] [ip4][..tcp] [......127.0.0.1][49974] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...215] [ip4][..tcp] [......127.0.0.1][49974] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...215] [ip4][..tcp] [......127.0.0.1][49974] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...216] [ip4][..tcp] [......127.0.0.1][49976] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...216] [ip4][..tcp] [......127.0.0.1][49976] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...216] [ip4][..tcp] [......127.0.0.1][49976] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...217] [ip4][..tcp] [......127.0.0.1][49978] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...217] [ip4][..tcp] [......127.0.0.1][49978] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...217] [ip4][..tcp] [......127.0.0.1][49978] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...218] [ip4][..tcp] [......127.0.0.1][49980] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...218] [ip4][..tcp] [......127.0.0.1][49980] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...218] [ip4][..tcp] [......127.0.0.1][49980] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...219] [ip4][..tcp] [......127.0.0.1][49982] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...219] [ip4][..tcp] [......127.0.0.1][49982] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...219] [ip4][..tcp] [......127.0.0.1][49982] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...220] [ip4][..tcp] [......127.0.0.1][49984] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...220] [ip4][..tcp] [......127.0.0.1][49984] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...220] [ip4][..tcp] [......127.0.0.1][49984] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...221] [ip4][..tcp] [......127.0.0.1][49986] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...221] [ip4][..tcp] [......127.0.0.1][49986] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...221] [ip4][..tcp] [......127.0.0.1][49986] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...222] [ip4][..tcp] [......127.0.0.1][49988] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...222] [ip4][..tcp] [......127.0.0.1][49988] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...222] [ip4][..tcp] [......127.0.0.1][49988] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...223] [ip4][..tcp] [......127.0.0.1][49990] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...223] [ip4][..tcp] [......127.0.0.1][49990] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...223] [ip4][..tcp] [......127.0.0.1][49990] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...224] [ip4][..tcp] [......127.0.0.1][49992] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...224] [ip4][..tcp] [......127.0.0.1][49992] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...224] [ip4][..tcp] [......127.0.0.1][49992] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...225] [ip4][..tcp] [......127.0.0.1][49994] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...225] [ip4][..tcp] [......127.0.0.1][49994] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...225] [ip4][..tcp] [......127.0.0.1][49994] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...226] [ip4][..tcp] [......127.0.0.1][49996] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...226] [ip4][..tcp] [......127.0.0.1][49996] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...226] [ip4][..tcp] [......127.0.0.1][49996] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...227] [ip4][..tcp] [......127.0.0.1][49998] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...227] [ip4][..tcp] [......127.0.0.1][49998] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...227] [ip4][..tcp] [......127.0.0.1][49998] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...228] [ip4][..tcp] [......127.0.0.1][50000] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...228] [ip4][..tcp] [......127.0.0.1][50000] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...228] [ip4][..tcp] [......127.0.0.1][50000] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...229] [ip4][..tcp] [......127.0.0.1][50002] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...229] [ip4][..tcp] [......127.0.0.1][50002] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...229] [ip4][..tcp] [......127.0.0.1][50002] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...230] [ip4][..tcp] [......127.0.0.1][50004] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...230] [ip4][..tcp] [......127.0.0.1][50004] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...230] [ip4][..tcp] [......127.0.0.1][50004] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...231] [ip4][..tcp] [......127.0.0.1][50006] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...231] [ip4][..tcp] [......127.0.0.1][50006] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...231] [ip4][..tcp] [......127.0.0.1][50006] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...232] [ip4][..tcp] [......127.0.0.1][50008] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...232] [ip4][..tcp] [......127.0.0.1][50008] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...232] [ip4][..tcp] [......127.0.0.1][50008] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...233] [ip4][..tcp] [......127.0.0.1][50010] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...233] [ip4][..tcp] [......127.0.0.1][50010] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...233] [ip4][..tcp] [......127.0.0.1][50010] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...234] [ip4][..tcp] [......127.0.0.1][50012] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...234] [ip4][..tcp] [......127.0.0.1][50012] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...234] [ip4][..tcp] [......127.0.0.1][50012] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...235] [ip4][..tcp] [......127.0.0.1][50014] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...235] [ip4][..tcp] [......127.0.0.1][50014] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...235] [ip4][..tcp] [......127.0.0.1][50014] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...236] [ip4][..tcp] [......127.0.0.1][50016] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...236] [ip4][..tcp] [......127.0.0.1][50016] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...236] [ip4][..tcp] [......127.0.0.1][50016] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...237] [ip4][..tcp] [......127.0.0.1][50018] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...237] [ip4][..tcp] [......127.0.0.1][50018] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...237] [ip4][..tcp] [......127.0.0.1][50018] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...238] [ip4][..tcp] [......127.0.0.1][50020] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...238] [ip4][..tcp] [......127.0.0.1][50020] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...238] [ip4][..tcp] [......127.0.0.1][50020] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...239] [ip4][..tcp] [......127.0.0.1][50022] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...239] [ip4][..tcp] [......127.0.0.1][50022] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...239] [ip4][..tcp] [......127.0.0.1][50022] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...240] [ip4][..tcp] [......127.0.0.1][50024] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...240] [ip4][..tcp] [......127.0.0.1][50024] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...240] [ip4][..tcp] [......127.0.0.1][50024] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...241] [ip4][..tcp] [......127.0.0.1][50026] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...241] [ip4][..tcp] [......127.0.0.1][50026] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...241] [ip4][..tcp] [......127.0.0.1][50026] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...242] [ip4][..tcp] [......127.0.0.1][50028] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...242] [ip4][..tcp] [......127.0.0.1][50028] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...242] [ip4][..tcp] [......127.0.0.1][50028] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...243] [ip4][..tcp] [......127.0.0.1][50030] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...243] [ip4][..tcp] [......127.0.0.1][50030] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...243] [ip4][..tcp] [......127.0.0.1][50030] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...244] [ip4][..tcp] [......127.0.0.1][50032] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...244] [ip4][..tcp] [......127.0.0.1][50032] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...244] [ip4][..tcp] [......127.0.0.1][50032] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...245] [ip4][..tcp] [......127.0.0.1][50034] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...245] [ip4][..tcp] [......127.0.0.1][50034] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...245] [ip4][..tcp] [......127.0.0.1][50034] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...246] [ip4][..tcp] [......127.0.0.1][50036] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...246] [ip4][..tcp] [......127.0.0.1][50036] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...246] [ip4][..tcp] [......127.0.0.1][50036] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...247] [ip4][..tcp] [......127.0.0.1][50038] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...247] [ip4][..tcp] [......127.0.0.1][50038] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...247] [ip4][..tcp] [......127.0.0.1][50038] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...248] [ip4][..tcp] [......127.0.0.1][50040] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...248] [ip4][..tcp] [......127.0.0.1][50040] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...248] [ip4][..tcp] [......127.0.0.1][50040] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...249] [ip4][..tcp] [......127.0.0.1][50042] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...249] [ip4][..tcp] [......127.0.0.1][50042] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...249] [ip4][..tcp] [......127.0.0.1][50042] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...250] [ip4][..tcp] [......127.0.0.1][50044] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...250] [ip4][..tcp] [......127.0.0.1][50044] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...250] [ip4][..tcp] [......127.0.0.1][50044] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...251] [ip4][..tcp] [......127.0.0.1][50046] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...251] [ip4][..tcp] [......127.0.0.1][50046] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...251] [ip4][..tcp] [......127.0.0.1][50046] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...252] [ip4][..tcp] [......127.0.0.1][50048] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...252] [ip4][..tcp] [......127.0.0.1][50048] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...252] [ip4][..tcp] [......127.0.0.1][50048] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...253] [ip4][..tcp] [......127.0.0.1][50050] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...253] [ip4][..tcp] [......127.0.0.1][50050] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...253] [ip4][..tcp] [......127.0.0.1][50050] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...254] [ip4][..tcp] [......127.0.0.1][50052] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...254] [ip4][..tcp] [......127.0.0.1][50052] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...254] [ip4][..tcp] [......127.0.0.1][50052] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...255] [ip4][..tcp] [......127.0.0.1][50054] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...255] [ip4][..tcp] [......127.0.0.1][50054] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...255] [ip4][..tcp] [......127.0.0.1][50054] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...256] [ip4][..tcp] [......127.0.0.1][50056] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...256] [ip4][..tcp] [......127.0.0.1][50056] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...256] [ip4][..tcp] [......127.0.0.1][50056] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...257] [ip4][..tcp] [......127.0.0.1][50058] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...257] [ip4][..tcp] [......127.0.0.1][50058] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...257] [ip4][..tcp] [......127.0.0.1][50058] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...258] [ip4][..tcp] [......127.0.0.1][50060] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...258] [ip4][..tcp] [......127.0.0.1][50060] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...258] [ip4][..tcp] [......127.0.0.1][50060] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...259] [ip4][..tcp] [......127.0.0.1][50062] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...259] [ip4][..tcp] [......127.0.0.1][50062] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...259] [ip4][..tcp] [......127.0.0.1][50062] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...260] [ip4][..tcp] [......127.0.0.1][50064] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...260] [ip4][..tcp] [......127.0.0.1][50064] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...260] [ip4][..tcp] [......127.0.0.1][50064] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...261] [ip4][..tcp] [......127.0.0.1][50066] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...261] [ip4][..tcp] [......127.0.0.1][50066] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...261] [ip4][..tcp] [......127.0.0.1][50066] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...262] [ip4][..tcp] [......127.0.0.1][50068] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...262] [ip4][..tcp] [......127.0.0.1][50068] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...262] [ip4][..tcp] [......127.0.0.1][50068] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...263] [ip4][..tcp] [......127.0.0.1][50070] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...263] [ip4][..tcp] [......127.0.0.1][50070] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...263] [ip4][..tcp] [......127.0.0.1][50070] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...264] [ip4][..tcp] [......127.0.0.1][50072] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...264] [ip4][..tcp] [......127.0.0.1][50072] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...264] [ip4][..tcp] [......127.0.0.1][50072] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...265] [ip4][..tcp] [......127.0.0.1][50074] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...265] [ip4][..tcp] [......127.0.0.1][50074] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...265] [ip4][..tcp] [......127.0.0.1][50074] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...266] [ip4][..tcp] [......127.0.0.1][50076] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...266] [ip4][..tcp] [......127.0.0.1][50076] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...266] [ip4][..tcp] [......127.0.0.1][50076] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...267] [ip4][..tcp] [......127.0.0.1][50078] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...267] [ip4][..tcp] [......127.0.0.1][50078] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...267] [ip4][..tcp] [......127.0.0.1][50078] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...268] [ip4][..tcp] [......127.0.0.1][50080] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...268] [ip4][..tcp] [......127.0.0.1][50080] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...268] [ip4][..tcp] [......127.0.0.1][50080] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...269] [ip4][..tcp] [......127.0.0.1][50082] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...269] [ip4][..tcp] [......127.0.0.1][50082] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...269] [ip4][..tcp] [......127.0.0.1][50082] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...270] [ip4][..tcp] [......127.0.0.1][50084] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...270] [ip4][..tcp] [......127.0.0.1][50084] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...270] [ip4][..tcp] [......127.0.0.1][50084] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...271] [ip4][..tcp] [......127.0.0.1][50086] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...271] [ip4][..tcp] [......127.0.0.1][50086] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...271] [ip4][..tcp] [......127.0.0.1][50086] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...272] [ip4][..tcp] [......127.0.0.1][50088] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...272] [ip4][..tcp] [......127.0.0.1][50088] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...272] [ip4][..tcp] [......127.0.0.1][50088] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...273] [ip4][..tcp] [......127.0.0.1][50090] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...273] [ip4][..tcp] [......127.0.0.1][50090] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...273] [ip4][..tcp] [......127.0.0.1][50090] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...274] [ip4][..tcp] [......127.0.0.1][50092] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...274] [ip4][..tcp] [......127.0.0.1][50092] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...274] [ip4][..tcp] [......127.0.0.1][50092] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...275] [ip4][..tcp] [......127.0.0.1][50094] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...275] [ip4][..tcp] [......127.0.0.1][50094] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...275] [ip4][..tcp] [......127.0.0.1][50094] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...276] [ip4][..tcp] [......127.0.0.1][50096] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...276] [ip4][..tcp] [......127.0.0.1][50096] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...276] [ip4][..tcp] [......127.0.0.1][50096] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...277] [ip4][..tcp] [......127.0.0.1][50098] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...277] [ip4][..tcp] [......127.0.0.1][50098] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...277] [ip4][..tcp] [......127.0.0.1][50098] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...278] [ip4][..tcp] [......127.0.0.1][50100] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...278] [ip4][..tcp] [......127.0.0.1][50100] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...278] [ip4][..tcp] [......127.0.0.1][50100] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...279] [ip4][..tcp] [......127.0.0.1][50102] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...279] [ip4][..tcp] [......127.0.0.1][50102] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...279] [ip4][..tcp] [......127.0.0.1][50102] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...280] [ip4][..tcp] [......127.0.0.1][50104] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...280] [ip4][..tcp] [......127.0.0.1][50104] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...280] [ip4][..tcp] [......127.0.0.1][50104] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...281] [ip4][..tcp] [......127.0.0.1][50106] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...281] [ip4][..tcp] [......127.0.0.1][50106] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...281] [ip4][..tcp] [......127.0.0.1][50106] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...282] [ip4][..tcp] [......127.0.0.1][50108] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...282] [ip4][..tcp] [......127.0.0.1][50108] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...282] [ip4][..tcp] [......127.0.0.1][50108] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...283] [ip4][..tcp] [......127.0.0.1][50110] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...283] [ip4][..tcp] [......127.0.0.1][50110] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...283] [ip4][..tcp] [......127.0.0.1][50110] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...284] [ip4][..tcp] [......127.0.0.1][50112] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...284] [ip4][..tcp] [......127.0.0.1][50112] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...284] [ip4][..tcp] [......127.0.0.1][50112] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...285] [ip4][..tcp] [......127.0.0.1][50114] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...285] [ip4][..tcp] [......127.0.0.1][50114] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...285] [ip4][..tcp] [......127.0.0.1][50114] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...286] [ip4][..tcp] [......127.0.0.1][50116] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...286] [ip4][..tcp] [......127.0.0.1][50116] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...286] [ip4][..tcp] [......127.0.0.1][50116] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...287] [ip4][..tcp] [......127.0.0.1][50118] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...287] [ip4][..tcp] [......127.0.0.1][50118] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...287] [ip4][..tcp] [......127.0.0.1][50118] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...288] [ip4][..tcp] [......127.0.0.1][50120] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...288] [ip4][..tcp] [......127.0.0.1][50120] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...288] [ip4][..tcp] [......127.0.0.1][50120] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...289] [ip4][..tcp] [......127.0.0.1][50122] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...289] [ip4][..tcp] [......127.0.0.1][50122] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...289] [ip4][..tcp] [......127.0.0.1][50122] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...290] [ip4][..tcp] [......127.0.0.1][50124] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...290] [ip4][..tcp] [......127.0.0.1][50124] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...290] [ip4][..tcp] [......127.0.0.1][50124] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...291] [ip4][..tcp] [......127.0.0.1][50126] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...291] [ip4][..tcp] [......127.0.0.1][50126] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...291] [ip4][..tcp] [......127.0.0.1][50126] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...292] [ip4][..tcp] [......127.0.0.1][50128] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...292] [ip4][..tcp] [......127.0.0.1][50128] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...292] [ip4][..tcp] [......127.0.0.1][50128] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...293] [ip4][..tcp] [......127.0.0.1][50130] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...293] [ip4][..tcp] [......127.0.0.1][50130] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...293] [ip4][..tcp] [......127.0.0.1][50130] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...294] [ip4][..tcp] [......127.0.0.1][50132] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...294] [ip4][..tcp] [......127.0.0.1][50132] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...294] [ip4][..tcp] [......127.0.0.1][50132] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...295] [ip4][..tcp] [......127.0.0.1][50134] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...295] [ip4][..tcp] [......127.0.0.1][50134] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...295] [ip4][..tcp] [......127.0.0.1][50134] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...296] [ip4][..tcp] [......127.0.0.1][50136] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...296] [ip4][..tcp] [......127.0.0.1][50136] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...296] [ip4][..tcp] [......127.0.0.1][50136] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...297] [ip4][..tcp] [......127.0.0.1][50138] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...297] [ip4][..tcp] [......127.0.0.1][50138] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...297] [ip4][..tcp] [......127.0.0.1][50138] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...298] [ip4][..tcp] [......127.0.0.1][50140] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...298] [ip4][..tcp] [......127.0.0.1][50140] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...298] [ip4][..tcp] [......127.0.0.1][50140] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...299] [ip4][..tcp] [......127.0.0.1][50142] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...299] [ip4][..tcp] [......127.0.0.1][50142] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...299] [ip4][..tcp] [......127.0.0.1][50142] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...300] [ip4][..tcp] [......127.0.0.1][50144] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...300] [ip4][..tcp] [......127.0.0.1][50144] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...300] [ip4][..tcp] [......127.0.0.1][50144] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...301] [ip4][..tcp] [......127.0.0.1][50146] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...301] [ip4][..tcp] [......127.0.0.1][50146] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...301] [ip4][..tcp] [......127.0.0.1][50146] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...302] [ip4][..tcp] [......127.0.0.1][50148] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...302] [ip4][..tcp] [......127.0.0.1][50148] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...302] [ip4][..tcp] [......127.0.0.1][50148] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...303] [ip4][..tcp] [......127.0.0.1][50150] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...303] [ip4][..tcp] [......127.0.0.1][50150] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...303] [ip4][..tcp] [......127.0.0.1][50150] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...304] [ip4][..tcp] [......127.0.0.1][50152] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...304] [ip4][..tcp] [......127.0.0.1][50152] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...304] [ip4][..tcp] [......127.0.0.1][50152] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...305] [ip4][..tcp] [......127.0.0.1][50154] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...305] [ip4][..tcp] [......127.0.0.1][50154] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...305] [ip4][..tcp] [......127.0.0.1][50154] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...306] [ip4][..tcp] [......127.0.0.1][50156] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...306] [ip4][..tcp] [......127.0.0.1][50156] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...306] [ip4][..tcp] [......127.0.0.1][50156] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...307] [ip4][..tcp] [......127.0.0.1][50158] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...307] [ip4][..tcp] [......127.0.0.1][50158] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...307] [ip4][..tcp] [......127.0.0.1][50158] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...308] [ip4][..tcp] [......127.0.0.1][50160] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...308] [ip4][..tcp] [......127.0.0.1][50160] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...308] [ip4][..tcp] [......127.0.0.1][50160] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...309] [ip4][..tcp] [......127.0.0.1][50162] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...309] [ip4][..tcp] [......127.0.0.1][50162] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...309] [ip4][..tcp] [......127.0.0.1][50162] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...310] [ip4][..tcp] [......127.0.0.1][50164] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...310] [ip4][..tcp] [......127.0.0.1][50164] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...310] [ip4][..tcp] [......127.0.0.1][50164] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...311] [ip4][..tcp] [......127.0.0.1][50166] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...311] [ip4][..tcp] [......127.0.0.1][50166] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...311] [ip4][..tcp] [......127.0.0.1][50166] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...312] [ip4][..tcp] [......127.0.0.1][50168] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...312] [ip4][..tcp] [......127.0.0.1][50168] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...312] [ip4][..tcp] [......127.0.0.1][50168] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...313] [ip4][..tcp] [......127.0.0.1][50170] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...313] [ip4][..tcp] [......127.0.0.1][50170] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...313] [ip4][..tcp] [......127.0.0.1][50170] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...314] [ip4][..tcp] [......127.0.0.1][50172] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...314] [ip4][..tcp] [......127.0.0.1][50172] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...314] [ip4][..tcp] [......127.0.0.1][50172] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...315] [ip4][..tcp] [......127.0.0.1][50174] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...315] [ip4][..tcp] [......127.0.0.1][50174] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...315] [ip4][..tcp] [......127.0.0.1][50174] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...316] [ip4][..tcp] [......127.0.0.1][50176] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...316] [ip4][..tcp] [......127.0.0.1][50176] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...316] [ip4][..tcp] [......127.0.0.1][50176] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...317] [ip4][..tcp] [......127.0.0.1][50178] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...317] [ip4][..tcp] [......127.0.0.1][50178] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...317] [ip4][..tcp] [......127.0.0.1][50178] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...318] [ip4][..tcp] [......127.0.0.1][50180] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...318] [ip4][..tcp] [......127.0.0.1][50180] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...318] [ip4][..tcp] [......127.0.0.1][50180] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...319] [ip4][..tcp] [......127.0.0.1][50182] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...319] [ip4][..tcp] [......127.0.0.1][50182] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...319] [ip4][..tcp] [......127.0.0.1][50182] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...320] [ip4][..tcp] [......127.0.0.1][50184] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...320] [ip4][..tcp] [......127.0.0.1][50184] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...320] [ip4][..tcp] [......127.0.0.1][50184] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...321] [ip4][..tcp] [......127.0.0.1][50186] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...321] [ip4][..tcp] [......127.0.0.1][50186] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...321] [ip4][..tcp] [......127.0.0.1][50186] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...322] [ip4][..tcp] [......127.0.0.1][50188] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...322] [ip4][..tcp] [......127.0.0.1][50188] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...322] [ip4][..tcp] [......127.0.0.1][50188] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...323] [ip4][..tcp] [......127.0.0.1][50190] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...323] [ip4][..tcp] [......127.0.0.1][50190] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...323] [ip4][..tcp] [......127.0.0.1][50190] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...324] [ip4][..tcp] [......127.0.0.1][50192] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...324] [ip4][..tcp] [......127.0.0.1][50192] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...324] [ip4][..tcp] [......127.0.0.1][50192] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...325] [ip4][..tcp] [......127.0.0.1][50194] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...325] [ip4][..tcp] [......127.0.0.1][50194] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...325] [ip4][..tcp] [......127.0.0.1][50194] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...326] [ip4][..tcp] [......127.0.0.1][50196] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...326] [ip4][..tcp] [......127.0.0.1][50196] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...326] [ip4][..tcp] [......127.0.0.1][50196] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...327] [ip4][..tcp] [......127.0.0.1][50198] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...327] [ip4][..tcp] [......127.0.0.1][50198] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...327] [ip4][..tcp] [......127.0.0.1][50198] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...328] [ip4][..tcp] [......127.0.0.1][50200] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...328] [ip4][..tcp] [......127.0.0.1][50200] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...328] [ip4][..tcp] [......127.0.0.1][50200] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...329] [ip4][..tcp] [......127.0.0.1][50202] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...329] [ip4][..tcp] [......127.0.0.1][50202] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...329] [ip4][..tcp] [......127.0.0.1][50202] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...330] [ip4][..tcp] [......127.0.0.1][50204] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...330] [ip4][..tcp] [......127.0.0.1][50204] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...330] [ip4][..tcp] [......127.0.0.1][50204] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...331] [ip4][..tcp] [......127.0.0.1][50206] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...331] [ip4][..tcp] [......127.0.0.1][50206] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...331] [ip4][..tcp] [......127.0.0.1][50206] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...332] [ip4][..tcp] [......127.0.0.1][50208] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...332] [ip4][..tcp] [......127.0.0.1][50208] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...332] [ip4][..tcp] [......127.0.0.1][50208] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...333] [ip4][..tcp] [......127.0.0.1][50210] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...333] [ip4][..tcp] [......127.0.0.1][50210] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...333] [ip4][..tcp] [......127.0.0.1][50210] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...334] [ip4][..tcp] [......127.0.0.1][50212] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...334] [ip4][..tcp] [......127.0.0.1][50212] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...334] [ip4][..tcp] [......127.0.0.1][50212] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...335] [ip4][..tcp] [......127.0.0.1][50214] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...335] [ip4][..tcp] [......127.0.0.1][50214] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...335] [ip4][..tcp] [......127.0.0.1][50214] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...336] [ip4][..tcp] [......127.0.0.1][50216] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...336] [ip4][..tcp] [......127.0.0.1][50216] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...336] [ip4][..tcp] [......127.0.0.1][50216] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...337] [ip4][..tcp] [......127.0.0.1][50218] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...337] [ip4][..tcp] [......127.0.0.1][50218] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...337] [ip4][..tcp] [......127.0.0.1][50218] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...338] [ip4][..tcp] [......127.0.0.1][50220] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...338] [ip4][..tcp] [......127.0.0.1][50220] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...338] [ip4][..tcp] [......127.0.0.1][50220] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...339] [ip4][..tcp] [......127.0.0.1][50222] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...339] [ip4][..tcp] [......127.0.0.1][50222] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...339] [ip4][..tcp] [......127.0.0.1][50222] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...340] [ip4][..tcp] [......127.0.0.1][50224] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...340] [ip4][..tcp] [......127.0.0.1][50224] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...340] [ip4][..tcp] [......127.0.0.1][50224] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...341] [ip4][..tcp] [......127.0.0.1][50226] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...341] [ip4][..tcp] [......127.0.0.1][50226] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...341] [ip4][..tcp] [......127.0.0.1][50226] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...342] [ip4][..tcp] [......127.0.0.1][50228] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...342] [ip4][..tcp] [......127.0.0.1][50228] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...342] [ip4][..tcp] [......127.0.0.1][50228] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...343] [ip4][..tcp] [......127.0.0.1][50230] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...343] [ip4][..tcp] [......127.0.0.1][50230] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...343] [ip4][..tcp] [......127.0.0.1][50230] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...344] [ip4][..tcp] [......127.0.0.1][50232] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...344] [ip4][..tcp] [......127.0.0.1][50232] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...344] [ip4][..tcp] [......127.0.0.1][50232] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...345] [ip4][..tcp] [......127.0.0.1][50234] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...345] [ip4][..tcp] [......127.0.0.1][50234] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...345] [ip4][..tcp] [......127.0.0.1][50234] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...346] [ip4][..tcp] [......127.0.0.1][50236] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...346] [ip4][..tcp] [......127.0.0.1][50236] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...346] [ip4][..tcp] [......127.0.0.1][50236] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...347] [ip4][..tcp] [......127.0.0.1][50238] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...347] [ip4][..tcp] [......127.0.0.1][50238] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...347] [ip4][..tcp] [......127.0.0.1][50238] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...348] [ip4][..tcp] [......127.0.0.1][50240] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...348] [ip4][..tcp] [......127.0.0.1][50240] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...348] [ip4][..tcp] [......127.0.0.1][50240] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...349] [ip4][..tcp] [......127.0.0.1][50242] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...349] [ip4][..tcp] [......127.0.0.1][50242] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...349] [ip4][..tcp] [......127.0.0.1][50242] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...350] [ip4][..tcp] [......127.0.0.1][50244] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...350] [ip4][..tcp] [......127.0.0.1][50244] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...350] [ip4][..tcp] [......127.0.0.1][50244] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...351] [ip4][..tcp] [......127.0.0.1][50246] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...351] [ip4][..tcp] [......127.0.0.1][50246] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...351] [ip4][..tcp] [......127.0.0.1][50246] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...352] [ip4][..tcp] [......127.0.0.1][50248] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...352] [ip4][..tcp] [......127.0.0.1][50248] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...352] [ip4][..tcp] [......127.0.0.1][50248] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...353] [ip4][..tcp] [......127.0.0.1][50250] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...353] [ip4][..tcp] [......127.0.0.1][50250] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...353] [ip4][..tcp] [......127.0.0.1][50250] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...354] [ip4][..tcp] [......127.0.0.1][50252] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...354] [ip4][..tcp] [......127.0.0.1][50252] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...354] [ip4][..tcp] [......127.0.0.1][50252] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...355] [ip4][..tcp] [......127.0.0.1][50254] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...355] [ip4][..tcp] [......127.0.0.1][50254] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...355] [ip4][..tcp] [......127.0.0.1][50254] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...356] [ip4][..tcp] [......127.0.0.1][50256] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...356] [ip4][..tcp] [......127.0.0.1][50256] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...356] [ip4][..tcp] [......127.0.0.1][50256] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...357] [ip4][..tcp] [......127.0.0.1][50258] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...357] [ip4][..tcp] [......127.0.0.1][50258] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...357] [ip4][..tcp] [......127.0.0.1][50258] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...358] [ip4][..tcp] [......127.0.0.1][50260] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...358] [ip4][..tcp] [......127.0.0.1][50260] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...358] [ip4][..tcp] [......127.0.0.1][50260] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...359] [ip4][..tcp] [......127.0.0.1][50262] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...359] [ip4][..tcp] [......127.0.0.1][50262] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...359] [ip4][..tcp] [......127.0.0.1][50262] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...360] [ip4][..tcp] [......127.0.0.1][50264] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...360] [ip4][..tcp] [......127.0.0.1][50264] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...360] [ip4][..tcp] [......127.0.0.1][50264] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...361] [ip4][..tcp] [......127.0.0.1][50266] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...361] [ip4][..tcp] [......127.0.0.1][50266] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...361] [ip4][..tcp] [......127.0.0.1][50266] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...362] [ip4][..tcp] [......127.0.0.1][50268] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...362] [ip4][..tcp] [......127.0.0.1][50268] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...362] [ip4][..tcp] [......127.0.0.1][50268] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...363] [ip4][..tcp] [......127.0.0.1][50270] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...363] [ip4][..tcp] [......127.0.0.1][50270] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...363] [ip4][..tcp] [......127.0.0.1][50270] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...364] [ip4][..tcp] [......127.0.0.1][50272] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...364] [ip4][..tcp] [......127.0.0.1][50272] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...364] [ip4][..tcp] [......127.0.0.1][50272] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...365] [ip4][..tcp] [......127.0.0.1][50274] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...365] [ip4][..tcp] [......127.0.0.1][50274] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...365] [ip4][..tcp] [......127.0.0.1][50274] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...366] [ip4][..tcp] [......127.0.0.1][50276] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...366] [ip4][..tcp] [......127.0.0.1][50276] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...366] [ip4][..tcp] [......127.0.0.1][50276] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...367] [ip4][..tcp] [......127.0.0.1][50278] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...367] [ip4][..tcp] [......127.0.0.1][50278] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...367] [ip4][..tcp] [......127.0.0.1][50278] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...368] [ip4][..tcp] [......127.0.0.1][50280] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...368] [ip4][..tcp] [......127.0.0.1][50280] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...368] [ip4][..tcp] [......127.0.0.1][50280] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...369] [ip4][..tcp] [......127.0.0.1][50282] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...369] [ip4][..tcp] [......127.0.0.1][50282] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...369] [ip4][..tcp] [......127.0.0.1][50282] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...370] [ip4][..tcp] [......127.0.0.1][50284] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...370] [ip4][..tcp] [......127.0.0.1][50284] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...370] [ip4][..tcp] [......127.0.0.1][50284] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...371] [ip4][..tcp] [......127.0.0.1][50286] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...371] [ip4][..tcp] [......127.0.0.1][50286] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...371] [ip4][..tcp] [......127.0.0.1][50286] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...372] [ip4][..tcp] [......127.0.0.1][50288] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...372] [ip4][..tcp] [......127.0.0.1][50288] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...372] [ip4][..tcp] [......127.0.0.1][50288] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...373] [ip4][..tcp] [......127.0.0.1][50290] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...373] [ip4][..tcp] [......127.0.0.1][50290] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...373] [ip4][..tcp] [......127.0.0.1][50290] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...374] [ip4][..tcp] [......127.0.0.1][50292] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...374] [ip4][..tcp] [......127.0.0.1][50292] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...374] [ip4][..tcp] [......127.0.0.1][50292] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...375] [ip4][..tcp] [......127.0.0.1][50294] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...375] [ip4][..tcp] [......127.0.0.1][50294] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...375] [ip4][..tcp] [......127.0.0.1][50294] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...376] [ip4][..tcp] [......127.0.0.1][50296] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...376] [ip4][..tcp] [......127.0.0.1][50296] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...376] [ip4][..tcp] [......127.0.0.1][50296] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...377] [ip4][..tcp] [......127.0.0.1][50298] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...377] [ip4][..tcp] [......127.0.0.1][50298] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...377] [ip4][..tcp] [......127.0.0.1][50298] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...378] [ip4][..tcp] [......127.0.0.1][50300] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...378] [ip4][..tcp] [......127.0.0.1][50300] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...378] [ip4][..tcp] [......127.0.0.1][50300] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...379] [ip4][..tcp] [......127.0.0.1][50302] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...379] [ip4][..tcp] [......127.0.0.1][50302] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...379] [ip4][..tcp] [......127.0.0.1][50302] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...380] [ip4][..tcp] [......127.0.0.1][50304] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...380] [ip4][..tcp] [......127.0.0.1][50304] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...380] [ip4][..tcp] [......127.0.0.1][50304] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...381] [ip4][..tcp] [......127.0.0.1][50306] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...381] [ip4][..tcp] [......127.0.0.1][50306] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...381] [ip4][..tcp] [......127.0.0.1][50306] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...382] [ip4][..tcp] [......127.0.0.1][50308] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...382] [ip4][..tcp] [......127.0.0.1][50308] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...382] [ip4][..tcp] [......127.0.0.1][50308] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...383] [ip4][..tcp] [......127.0.0.1][50310] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...383] [ip4][..tcp] [......127.0.0.1][50310] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...383] [ip4][..tcp] [......127.0.0.1][50310] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...384] [ip4][..tcp] [......127.0.0.1][50312] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...384] [ip4][..tcp] [......127.0.0.1][50312] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...384] [ip4][..tcp] [......127.0.0.1][50312] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...385] [ip4][..tcp] [......127.0.0.1][50314] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...385] [ip4][..tcp] [......127.0.0.1][50314] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...385] [ip4][..tcp] [......127.0.0.1][50314] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...386] [ip4][..tcp] [......127.0.0.1][50316] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...386] [ip4][..tcp] [......127.0.0.1][50316] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...386] [ip4][..tcp] [......127.0.0.1][50316] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...387] [ip4][..tcp] [......127.0.0.1][50318] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...387] [ip4][..tcp] [......127.0.0.1][50318] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...387] [ip4][..tcp] [......127.0.0.1][50318] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...388] [ip4][..tcp] [......127.0.0.1][50320] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...388] [ip4][..tcp] [......127.0.0.1][50320] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...388] [ip4][..tcp] [......127.0.0.1][50320] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...389] [ip4][..tcp] [......127.0.0.1][50322] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...389] [ip4][..tcp] [......127.0.0.1][50322] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...389] [ip4][..tcp] [......127.0.0.1][50322] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...390] [ip4][..tcp] [......127.0.0.1][50324] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...390] [ip4][..tcp] [......127.0.0.1][50324] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...390] [ip4][..tcp] [......127.0.0.1][50324] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...391] [ip4][..tcp] [......127.0.0.1][50326] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...391] [ip4][..tcp] [......127.0.0.1][50326] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...391] [ip4][..tcp] [......127.0.0.1][50326] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...392] [ip4][..tcp] [......127.0.0.1][50328] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...392] [ip4][..tcp] [......127.0.0.1][50328] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...392] [ip4][..tcp] [......127.0.0.1][50328] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...393] [ip4][..tcp] [......127.0.0.1][50330] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...393] [ip4][..tcp] [......127.0.0.1][50330] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...393] [ip4][..tcp] [......127.0.0.1][50330] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...394] [ip4][..tcp] [......127.0.0.1][50332] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...394] [ip4][..tcp] [......127.0.0.1][50332] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...394] [ip4][..tcp] [......127.0.0.1][50332] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...395] [ip4][..tcp] [......127.0.0.1][50334] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...395] [ip4][..tcp] [......127.0.0.1][50334] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...395] [ip4][..tcp] [......127.0.0.1][50334] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...396] [ip4][..tcp] [......127.0.0.1][50336] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...396] [ip4][..tcp] [......127.0.0.1][50336] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...396] [ip4][..tcp] [......127.0.0.1][50336] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...397] [ip4][..tcp] [......127.0.0.1][50338] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...397] [ip4][..tcp] [......127.0.0.1][50338] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...397] [ip4][..tcp] [......127.0.0.1][50338] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...398] [ip4][..tcp] [......127.0.0.1][50340] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...398] [ip4][..tcp] [......127.0.0.1][50340] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...398] [ip4][..tcp] [......127.0.0.1][50340] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...399] [ip4][..tcp] [......127.0.0.1][50342] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...399] [ip4][..tcp] [......127.0.0.1][50342] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...399] [ip4][..tcp] [......127.0.0.1][50342] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...400] [ip4][..tcp] [......127.0.0.1][50344] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...400] [ip4][..tcp] [......127.0.0.1][50344] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...400] [ip4][..tcp] [......127.0.0.1][50344] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...401] [ip4][..tcp] [......127.0.0.1][50346] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...401] [ip4][..tcp] [......127.0.0.1][50346] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...401] [ip4][..tcp] [......127.0.0.1][50346] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...402] [ip4][..tcp] [......127.0.0.1][50348] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...402] [ip4][..tcp] [......127.0.0.1][50348] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...402] [ip4][..tcp] [......127.0.0.1][50348] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...403] [ip4][..tcp] [......127.0.0.1][50350] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...403] [ip4][..tcp] [......127.0.0.1][50350] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...403] [ip4][..tcp] [......127.0.0.1][50350] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...404] [ip4][..tcp] [......127.0.0.1][50352] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...404] [ip4][..tcp] [......127.0.0.1][50352] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...404] [ip4][..tcp] [......127.0.0.1][50352] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...405] [ip4][..tcp] [......127.0.0.1][50354] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...405] [ip4][..tcp] [......127.0.0.1][50354] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...405] [ip4][..tcp] [......127.0.0.1][50354] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...406] [ip4][..tcp] [......127.0.0.1][50356] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...406] [ip4][..tcp] [......127.0.0.1][50356] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...406] [ip4][..tcp] [......127.0.0.1][50356] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...407] [ip4][..tcp] [......127.0.0.1][50358] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...407] [ip4][..tcp] [......127.0.0.1][50358] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...407] [ip4][..tcp] [......127.0.0.1][50358] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...408] [ip4][..tcp] [......127.0.0.1][50360] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...408] [ip4][..tcp] [......127.0.0.1][50360] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...408] [ip4][..tcp] [......127.0.0.1][50360] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...409] [ip4][..tcp] [......127.0.0.1][50362] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...409] [ip4][..tcp] [......127.0.0.1][50362] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...409] [ip4][..tcp] [......127.0.0.1][50362] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...410] [ip4][..tcp] [......127.0.0.1][50364] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...410] [ip4][..tcp] [......127.0.0.1][50364] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...410] [ip4][..tcp] [......127.0.0.1][50364] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...411] [ip4][..tcp] [......127.0.0.1][50366] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...411] [ip4][..tcp] [......127.0.0.1][50366] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...411] [ip4][..tcp] [......127.0.0.1][50366] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...412] [ip4][..tcp] [......127.0.0.1][50368] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...412] [ip4][..tcp] [......127.0.0.1][50368] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...412] [ip4][..tcp] [......127.0.0.1][50368] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...413] [ip4][..tcp] [......127.0.0.1][50370] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...413] [ip4][..tcp] [......127.0.0.1][50370] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...413] [ip4][..tcp] [......127.0.0.1][50370] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...414] [ip4][..tcp] [......127.0.0.1][50372] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...414] [ip4][..tcp] [......127.0.0.1][50372] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...414] [ip4][..tcp] [......127.0.0.1][50372] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...415] [ip4][..tcp] [......127.0.0.1][50374] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...415] [ip4][..tcp] [......127.0.0.1][50374] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...415] [ip4][..tcp] [......127.0.0.1][50374] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...416] [ip4][..tcp] [......127.0.0.1][50376] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...416] [ip4][..tcp] [......127.0.0.1][50376] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...416] [ip4][..tcp] [......127.0.0.1][50376] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...417] [ip4][..tcp] [......127.0.0.1][50378] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...417] [ip4][..tcp] [......127.0.0.1][50378] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...417] [ip4][..tcp] [......127.0.0.1][50378] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...418] [ip4][..tcp] [......127.0.0.1][50380] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...418] [ip4][..tcp] [......127.0.0.1][50380] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...418] [ip4][..tcp] [......127.0.0.1][50380] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...419] [ip4][..tcp] [......127.0.0.1][50382] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...419] [ip4][..tcp] [......127.0.0.1][50382] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...419] [ip4][..tcp] [......127.0.0.1][50382] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...420] [ip4][..tcp] [......127.0.0.1][50384] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...420] [ip4][..tcp] [......127.0.0.1][50384] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...420] [ip4][..tcp] [......127.0.0.1][50384] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...421] [ip4][..tcp] [......127.0.0.1][50386] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...421] [ip4][..tcp] [......127.0.0.1][50386] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...421] [ip4][..tcp] [......127.0.0.1][50386] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...422] [ip4][..tcp] [......127.0.0.1][50388] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...422] [ip4][..tcp] [......127.0.0.1][50388] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...422] [ip4][..tcp] [......127.0.0.1][50388] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...423] [ip4][..tcp] [......127.0.0.1][50390] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...423] [ip4][..tcp] [......127.0.0.1][50390] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...423] [ip4][..tcp] [......127.0.0.1][50390] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...424] [ip4][..tcp] [......127.0.0.1][50392] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...424] [ip4][..tcp] [......127.0.0.1][50392] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...424] [ip4][..tcp] [......127.0.0.1][50392] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...425] [ip4][..tcp] [......127.0.0.1][50394] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...425] [ip4][..tcp] [......127.0.0.1][50394] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...425] [ip4][..tcp] [......127.0.0.1][50394] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...426] [ip4][..tcp] [......127.0.0.1][50396] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...426] [ip4][..tcp] [......127.0.0.1][50396] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...426] [ip4][..tcp] [......127.0.0.1][50396] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...427] [ip4][..tcp] [......127.0.0.1][50398] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...427] [ip4][..tcp] [......127.0.0.1][50398] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...427] [ip4][..tcp] [......127.0.0.1][50398] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...428] [ip4][..tcp] [......127.0.0.1][50400] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...428] [ip4][..tcp] [......127.0.0.1][50400] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...428] [ip4][..tcp] [......127.0.0.1][50400] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...429] [ip4][..tcp] [......127.0.0.1][50402] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...429] [ip4][..tcp] [......127.0.0.1][50402] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...429] [ip4][..tcp] [......127.0.0.1][50402] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...430] [ip4][..tcp] [......127.0.0.1][50404] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...430] [ip4][..tcp] [......127.0.0.1][50404] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...430] [ip4][..tcp] [......127.0.0.1][50404] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...431] [ip4][..tcp] [......127.0.0.1][50406] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...431] [ip4][..tcp] [......127.0.0.1][50406] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...431] [ip4][..tcp] [......127.0.0.1][50406] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...432] [ip4][..tcp] [......127.0.0.1][50408] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...432] [ip4][..tcp] [......127.0.0.1][50408] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...432] [ip4][..tcp] [......127.0.0.1][50408] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...433] [ip4][..tcp] [......127.0.0.1][50410] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...433] [ip4][..tcp] [......127.0.0.1][50410] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...433] [ip4][..tcp] [......127.0.0.1][50410] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...434] [ip4][..tcp] [......127.0.0.1][50412] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...434] [ip4][..tcp] [......127.0.0.1][50412] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...434] [ip4][..tcp] [......127.0.0.1][50412] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...435] [ip4][..tcp] [......127.0.0.1][50414] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...435] [ip4][..tcp] [......127.0.0.1][50414] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...435] [ip4][..tcp] [......127.0.0.1][50414] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...436] [ip4][..tcp] [......127.0.0.1][50416] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...436] [ip4][..tcp] [......127.0.0.1][50416] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...436] [ip4][..tcp] [......127.0.0.1][50416] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...437] [ip4][..tcp] [......127.0.0.1][50418] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...437] [ip4][..tcp] [......127.0.0.1][50418] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...437] [ip4][..tcp] [......127.0.0.1][50418] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...438] [ip4][..tcp] [......127.0.0.1][50438] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...438] [ip4][..tcp] [......127.0.0.1][50438] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...438] [ip4][..tcp] [......127.0.0.1][50438] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...439] [ip4][..tcp] [......127.0.0.1][50440] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...439] [ip4][..tcp] [......127.0.0.1][50440] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...439] [ip4][..tcp] [......127.0.0.1][50440] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...440] [ip4][..tcp] [......127.0.0.1][50442] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...440] [ip4][..tcp] [......127.0.0.1][50442] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...440] [ip4][..tcp] [......127.0.0.1][50442] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...441] [ip4][..tcp] [......127.0.0.1][50444] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...441] [ip4][..tcp] [......127.0.0.1][50444] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...441] [ip4][..tcp] [......127.0.0.1][50444] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...442] [ip4][..tcp] [......127.0.0.1][50446] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...442] [ip4][..tcp] [......127.0.0.1][50446] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...442] [ip4][..tcp] [......127.0.0.1][50446] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...443] [ip4][..tcp] [......127.0.0.1][50448] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...443] [ip4][..tcp] [......127.0.0.1][50448] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...443] [ip4][..tcp] [......127.0.0.1][50448] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...444] [ip4][..tcp] [......127.0.0.1][50450] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...444] [ip4][..tcp] [......127.0.0.1][50450] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...444] [ip4][..tcp] [......127.0.0.1][50450] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...445] [ip4][..tcp] [......127.0.0.1][50452] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...445] [ip4][..tcp] [......127.0.0.1][50452] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...445] [ip4][..tcp] [......127.0.0.1][50452] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...446] [ip4][..tcp] [......127.0.0.1][50454] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...446] [ip4][..tcp] [......127.0.0.1][50454] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...446] [ip4][..tcp] [......127.0.0.1][50454] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...447] [ip4][..tcp] [......127.0.0.1][50456] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...447] [ip4][..tcp] [......127.0.0.1][50456] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...447] [ip4][..tcp] [......127.0.0.1][50456] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...448] [ip4][..tcp] [......127.0.0.1][50458] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...448] [ip4][..tcp] [......127.0.0.1][50458] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...448] [ip4][..tcp] [......127.0.0.1][50458] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...449] [ip4][..tcp] [......127.0.0.1][50460] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...449] [ip4][..tcp] [......127.0.0.1][50460] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...449] [ip4][..tcp] [......127.0.0.1][50460] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...450] [ip4][..tcp] [......127.0.0.1][50462] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...450] [ip4][..tcp] [......127.0.0.1][50462] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...450] [ip4][..tcp] [......127.0.0.1][50462] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...451] [ip4][..tcp] [......127.0.0.1][50464] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...451] [ip4][..tcp] [......127.0.0.1][50464] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...451] [ip4][..tcp] [......127.0.0.1][50464] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...452] [ip4][..tcp] [......127.0.0.1][50466] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...452] [ip4][..tcp] [......127.0.0.1][50466] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...452] [ip4][..tcp] [......127.0.0.1][50466] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...453] [ip4][..tcp] [......127.0.0.1][50468] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...453] [ip4][..tcp] [......127.0.0.1][50468] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...453] [ip4][..tcp] [......127.0.0.1][50468] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...454] [ip4][..tcp] [......127.0.0.1][50470] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...454] [ip4][..tcp] [......127.0.0.1][50470] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...454] [ip4][..tcp] [......127.0.0.1][50470] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...455] [ip4][..tcp] [......127.0.0.1][50472] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...455] [ip4][..tcp] [......127.0.0.1][50472] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...455] [ip4][..tcp] [......127.0.0.1][50472] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...456] [ip4][..tcp] [......127.0.0.1][50474] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...456] [ip4][..tcp] [......127.0.0.1][50474] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...456] [ip4][..tcp] [......127.0.0.1][50474] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...457] [ip4][..tcp] [......127.0.0.1][50476] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...457] [ip4][..tcp] [......127.0.0.1][50476] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...457] [ip4][..tcp] [......127.0.0.1][50476] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...458] [ip4][..tcp] [......127.0.0.1][50478] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...458] [ip4][..tcp] [......127.0.0.1][50478] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...458] [ip4][..tcp] [......127.0.0.1][50478] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...459] [ip4][..tcp] [......127.0.0.1][50480] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...459] [ip4][..tcp] [......127.0.0.1][50480] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...459] [ip4][..tcp] [......127.0.0.1][50480] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...460] [ip4][..tcp] [......127.0.0.1][50482] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...460] [ip4][..tcp] [......127.0.0.1][50482] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...460] [ip4][..tcp] [......127.0.0.1][50482] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...461] [ip4][..tcp] [......127.0.0.1][50484] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...461] [ip4][..tcp] [......127.0.0.1][50484] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...461] [ip4][..tcp] [......127.0.0.1][50484] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...462] [ip4][..tcp] [......127.0.0.1][50486] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...462] [ip4][..tcp] [......127.0.0.1][50486] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...462] [ip4][..tcp] [......127.0.0.1][50486] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...463] [ip4][..tcp] [......127.0.0.1][50488] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...463] [ip4][..tcp] [......127.0.0.1][50488] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...463] [ip4][..tcp] [......127.0.0.1][50488] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...464] [ip4][..tcp] [......127.0.0.1][50490] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...464] [ip4][..tcp] [......127.0.0.1][50490] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...464] [ip4][..tcp] [......127.0.0.1][50490] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...465] [ip4][..tcp] [......127.0.0.1][50492] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...465] [ip4][..tcp] [......127.0.0.1][50492] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...465] [ip4][..tcp] [......127.0.0.1][50492] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...466] [ip4][..tcp] [......127.0.0.1][50494] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...466] [ip4][..tcp] [......127.0.0.1][50494] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...466] [ip4][..tcp] [......127.0.0.1][50494] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...467] [ip4][..tcp] [......127.0.0.1][50496] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...467] [ip4][..tcp] [......127.0.0.1][50496] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...467] [ip4][..tcp] [......127.0.0.1][50496] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...468] [ip4][..tcp] [......127.0.0.1][50498] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...468] [ip4][..tcp] [......127.0.0.1][50498] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...468] [ip4][..tcp] [......127.0.0.1][50498] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...469] [ip4][..tcp] [......127.0.0.1][50500] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...469] [ip4][..tcp] [......127.0.0.1][50500] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...469] [ip4][..tcp] [......127.0.0.1][50500] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...470] [ip4][..tcp] [......127.0.0.1][50502] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...470] [ip4][..tcp] [......127.0.0.1][50502] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...470] [ip4][..tcp] [......127.0.0.1][50502] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...471] [ip4][..tcp] [......127.0.0.1][50504] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...471] [ip4][..tcp] [......127.0.0.1][50504] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...471] [ip4][..tcp] [......127.0.0.1][50504] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...472] [ip4][..tcp] [......127.0.0.1][50506] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...472] [ip4][..tcp] [......127.0.0.1][50506] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...472] [ip4][..tcp] [......127.0.0.1][50506] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...473] [ip4][..tcp] [......127.0.0.1][50508] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...473] [ip4][..tcp] [......127.0.0.1][50508] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...473] [ip4][..tcp] [......127.0.0.1][50508] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...474] [ip4][..tcp] [......127.0.0.1][50510] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...474] [ip4][..tcp] [......127.0.0.1][50510] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...474] [ip4][..tcp] [......127.0.0.1][50510] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...475] [ip4][..tcp] [......127.0.0.1][50512] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...475] [ip4][..tcp] [......127.0.0.1][50512] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...475] [ip4][..tcp] [......127.0.0.1][50512] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...476] [ip4][..tcp] [......127.0.0.1][50514] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...476] [ip4][..tcp] [......127.0.0.1][50514] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...476] [ip4][..tcp] [......127.0.0.1][50514] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...477] [ip4][..tcp] [......127.0.0.1][50516] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...477] [ip4][..tcp] [......127.0.0.1][50516] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...477] [ip4][..tcp] [......127.0.0.1][50516] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...478] [ip4][..tcp] [......127.0.0.1][50518] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...478] [ip4][..tcp] [......127.0.0.1][50518] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...478] [ip4][..tcp] [......127.0.0.1][50518] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...479] [ip4][..tcp] [......127.0.0.1][50520] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...479] [ip4][..tcp] [......127.0.0.1][50520] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...479] [ip4][..tcp] [......127.0.0.1][50520] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...480] [ip4][..tcp] [......127.0.0.1][50522] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...480] [ip4][..tcp] [......127.0.0.1][50522] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...480] [ip4][..tcp] [......127.0.0.1][50522] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...481] [ip4][..tcp] [......127.0.0.1][50524] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...481] [ip4][..tcp] [......127.0.0.1][50524] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...481] [ip4][..tcp] [......127.0.0.1][50524] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...482] [ip4][..tcp] [......127.0.0.1][50526] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...482] [ip4][..tcp] [......127.0.0.1][50526] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...482] [ip4][..tcp] [......127.0.0.1][50526] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...483] [ip4][..tcp] [......127.0.0.1][50528] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...483] [ip4][..tcp] [......127.0.0.1][50528] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...483] [ip4][..tcp] [......127.0.0.1][50528] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...484] [ip4][..tcp] [......127.0.0.1][50530] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...484] [ip4][..tcp] [......127.0.0.1][50530] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...484] [ip4][..tcp] [......127.0.0.1][50530] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...485] [ip4][..tcp] [......127.0.0.1][50532] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...485] [ip4][..tcp] [......127.0.0.1][50532] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...485] [ip4][..tcp] [......127.0.0.1][50532] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...486] [ip4][..tcp] [......127.0.0.1][50534] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...486] [ip4][..tcp] [......127.0.0.1][50534] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...486] [ip4][..tcp] [......127.0.0.1][50534] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...487] [ip4][..tcp] [......127.0.0.1][50536] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...487] [ip4][..tcp] [......127.0.0.1][50536] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...487] [ip4][..tcp] [......127.0.0.1][50536] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...488] [ip4][..tcp] [......127.0.0.1][50538] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...488] [ip4][..tcp] [......127.0.0.1][50538] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...488] [ip4][..tcp] [......127.0.0.1][50538] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...489] [ip4][..tcp] [......127.0.0.1][50540] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...489] [ip4][..tcp] [......127.0.0.1][50540] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...489] [ip4][..tcp] [......127.0.0.1][50540] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...490] [ip4][..tcp] [......127.0.0.1][50542] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...490] [ip4][..tcp] [......127.0.0.1][50542] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...490] [ip4][..tcp] [......127.0.0.1][50542] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...491] [ip4][..tcp] [......127.0.0.1][50544] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...491] [ip4][..tcp] [......127.0.0.1][50544] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...491] [ip4][..tcp] [......127.0.0.1][50544] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...492] [ip4][..tcp] [......127.0.0.1][50546] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...492] [ip4][..tcp] [......127.0.0.1][50546] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...492] [ip4][..tcp] [......127.0.0.1][50546] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...493] [ip4][..tcp] [......127.0.0.1][50548] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...493] [ip4][..tcp] [......127.0.0.1][50548] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...493] [ip4][..tcp] [......127.0.0.1][50548] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...494] [ip4][..tcp] [......127.0.0.1][50550] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...494] [ip4][..tcp] [......127.0.0.1][50550] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...494] [ip4][..tcp] [......127.0.0.1][50550] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...495] [ip4][..tcp] [......127.0.0.1][50552] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...495] [ip4][..tcp] [......127.0.0.1][50552] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...495] [ip4][..tcp] [......127.0.0.1][50552] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...496] [ip4][..tcp] [......127.0.0.1][50554] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...496] [ip4][..tcp] [......127.0.0.1][50554] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...496] [ip4][..tcp] [......127.0.0.1][50554] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...497] [ip4][..tcp] [......127.0.0.1][50556] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...497] [ip4][..tcp] [......127.0.0.1][50556] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...497] [ip4][..tcp] [......127.0.0.1][50556] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...498] [ip4][..tcp] [......127.0.0.1][50558] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...498] [ip4][..tcp] [......127.0.0.1][50558] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...498] [ip4][..tcp] [......127.0.0.1][50558] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...499] [ip4][..tcp] [......127.0.0.1][50560] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...499] [ip4][..tcp] [......127.0.0.1][50560] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...499] [ip4][..tcp] [......127.0.0.1][50560] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Suspicious User-Agent, HTTP Numeric IP Address new: [...500] [ip4][..tcp] [......127.0.0.1][50562] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...500] [ip4][..tcp] [......127.0.0.1][50562] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...500] [ip4][..tcp] [......127.0.0.1][50562] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...501] [ip4][..tcp] [......127.0.0.1][50564] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...501] [ip4][..tcp] [......127.0.0.1][50564] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...501] [ip4][..tcp] [......127.0.0.1][50564] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...502] [ip4][..tcp] [......127.0.0.1][50566] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...502] [ip4][..tcp] [......127.0.0.1][50566] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...502] [ip4][..tcp] [......127.0.0.1][50566] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...503] [ip4][..tcp] [......127.0.0.1][50568] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...503] [ip4][..tcp] [......127.0.0.1][50568] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...503] [ip4][..tcp] [......127.0.0.1][50568] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...504] [ip4][..tcp] [......127.0.0.1][50570] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...504] [ip4][..tcp] [......127.0.0.1][50570] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...504] [ip4][..tcp] [......127.0.0.1][50570] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...505] [ip4][..tcp] [......127.0.0.1][50572] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...505] [ip4][..tcp] [......127.0.0.1][50572] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...505] [ip4][..tcp] [......127.0.0.1][50572] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...506] [ip4][..tcp] [......127.0.0.1][50574] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...506] [ip4][..tcp] [......127.0.0.1][50574] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...506] [ip4][..tcp] [......127.0.0.1][50574] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...507] [ip4][..tcp] [......127.0.0.1][50576] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...507] [ip4][..tcp] [......127.0.0.1][50576] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...507] [ip4][..tcp] [......127.0.0.1][50576] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...508] [ip4][..tcp] [......127.0.0.1][50578] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...508] [ip4][..tcp] [......127.0.0.1][50578] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...508] [ip4][..tcp] [......127.0.0.1][50578] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...509] [ip4][..tcp] [......127.0.0.1][50580] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...509] [ip4][..tcp] [......127.0.0.1][50580] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...509] [ip4][..tcp] [......127.0.0.1][50580] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...510] [ip4][..tcp] [......127.0.0.1][50582] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...510] [ip4][..tcp] [......127.0.0.1][50582] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...510] [ip4][..tcp] [......127.0.0.1][50582] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...511] [ip4][..tcp] [......127.0.0.1][50584] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...511] [ip4][..tcp] [......127.0.0.1][50584] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...511] [ip4][..tcp] [......127.0.0.1][50584] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...512] [ip4][..tcp] [......127.0.0.1][50586] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...512] [ip4][..tcp] [......127.0.0.1][50586] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...512] [ip4][..tcp] [......127.0.0.1][50586] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...513] [ip4][..tcp] [......127.0.0.1][50588] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...513] [ip4][..tcp] [......127.0.0.1][50588] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...513] [ip4][..tcp] [......127.0.0.1][50588] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...514] [ip4][..tcp] [......127.0.0.1][50590] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...514] [ip4][..tcp] [......127.0.0.1][50590] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...514] [ip4][..tcp] [......127.0.0.1][50590] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...515] [ip4][..tcp] [......127.0.0.1][50592] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...515] [ip4][..tcp] [......127.0.0.1][50592] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...515] [ip4][..tcp] [......127.0.0.1][50592] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...516] [ip4][..tcp] [......127.0.0.1][50594] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...516] [ip4][..tcp] [......127.0.0.1][50594] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...516] [ip4][..tcp] [......127.0.0.1][50594] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...517] [ip4][..tcp] [......127.0.0.1][50596] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...517] [ip4][..tcp] [......127.0.0.1][50596] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...517] [ip4][..tcp] [......127.0.0.1][50596] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...518] [ip4][..tcp] [......127.0.0.1][50598] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...518] [ip4][..tcp] [......127.0.0.1][50598] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...518] [ip4][..tcp] [......127.0.0.1][50598] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...519] [ip4][..tcp] [......127.0.0.1][50600] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...519] [ip4][..tcp] [......127.0.0.1][50600] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...519] [ip4][..tcp] [......127.0.0.1][50600] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...520] [ip4][..tcp] [......127.0.0.1][50602] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...520] [ip4][..tcp] [......127.0.0.1][50602] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...520] [ip4][..tcp] [......127.0.0.1][50602] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...521] [ip4][..tcp] [......127.0.0.1][50604] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...521] [ip4][..tcp] [......127.0.0.1][50604] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...521] [ip4][..tcp] [......127.0.0.1][50604] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...522] [ip4][..tcp] [......127.0.0.1][50606] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...522] [ip4][..tcp] [......127.0.0.1][50606] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...522] [ip4][..tcp] [......127.0.0.1][50606] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...523] [ip4][..tcp] [......127.0.0.1][50608] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...523] [ip4][..tcp] [......127.0.0.1][50608] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...523] [ip4][..tcp] [......127.0.0.1][50608] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...524] [ip4][..tcp] [......127.0.0.1][50610] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...524] [ip4][..tcp] [......127.0.0.1][50610] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...524] [ip4][..tcp] [......127.0.0.1][50610] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...525] [ip4][..tcp] [......127.0.0.1][50612] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...525] [ip4][..tcp] [......127.0.0.1][50612] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...525] [ip4][..tcp] [......127.0.0.1][50612] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...526] [ip4][..tcp] [......127.0.0.1][50614] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...526] [ip4][..tcp] [......127.0.0.1][50614] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...526] [ip4][..tcp] [......127.0.0.1][50614] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...527] [ip4][..tcp] [......127.0.0.1][50616] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...527] [ip4][..tcp] [......127.0.0.1][50616] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...527] [ip4][..tcp] [......127.0.0.1][50616] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...528] [ip4][..tcp] [......127.0.0.1][50618] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...528] [ip4][..tcp] [......127.0.0.1][50618] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...528] [ip4][..tcp] [......127.0.0.1][50618] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...529] [ip4][..tcp] [......127.0.0.1][50620] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...529] [ip4][..tcp] [......127.0.0.1][50620] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...529] [ip4][..tcp] [......127.0.0.1][50620] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...530] [ip4][..tcp] [......127.0.0.1][50622] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...530] [ip4][..tcp] [......127.0.0.1][50622] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...530] [ip4][..tcp] [......127.0.0.1][50622] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...531] [ip4][..tcp] [......127.0.0.1][50624] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...531] [ip4][..tcp] [......127.0.0.1][50624] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...531] [ip4][..tcp] [......127.0.0.1][50624] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...532] [ip4][..tcp] [......127.0.0.1][50626] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...532] [ip4][..tcp] [......127.0.0.1][50626] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...532] [ip4][..tcp] [......127.0.0.1][50626] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...533] [ip4][..tcp] [......127.0.0.1][50628] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...533] [ip4][..tcp] [......127.0.0.1][50628] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...533] [ip4][..tcp] [......127.0.0.1][50628] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...534] [ip4][..tcp] [......127.0.0.1][50630] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...534] [ip4][..tcp] [......127.0.0.1][50630] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...534] [ip4][..tcp] [......127.0.0.1][50630] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...535] [ip4][..tcp] [......127.0.0.1][50632] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...535] [ip4][..tcp] [......127.0.0.1][50632] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...535] [ip4][..tcp] [......127.0.0.1][50632] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...536] [ip4][..tcp] [......127.0.0.1][50634] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...536] [ip4][..tcp] [......127.0.0.1][50634] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...536] [ip4][..tcp] [......127.0.0.1][50634] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...537] [ip4][..tcp] [......127.0.0.1][50636] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...537] [ip4][..tcp] [......127.0.0.1][50636] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...537] [ip4][..tcp] [......127.0.0.1][50636] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...538] [ip4][..tcp] [......127.0.0.1][50638] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...538] [ip4][..tcp] [......127.0.0.1][50638] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...538] [ip4][..tcp] [......127.0.0.1][50638] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...539] [ip4][..tcp] [......127.0.0.1][50640] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...539] [ip4][..tcp] [......127.0.0.1][50640] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...539] [ip4][..tcp] [......127.0.0.1][50640] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...540] [ip4][..tcp] [......127.0.0.1][50642] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...540] [ip4][..tcp] [......127.0.0.1][50642] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...540] [ip4][..tcp] [......127.0.0.1][50642] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...541] [ip4][..tcp] [......127.0.0.1][50644] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...541] [ip4][..tcp] [......127.0.0.1][50644] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...541] [ip4][..tcp] [......127.0.0.1][50644] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...542] [ip4][..tcp] [......127.0.0.1][50646] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...542] [ip4][..tcp] [......127.0.0.1][50646] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...542] [ip4][..tcp] [......127.0.0.1][50646] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...543] [ip4][..tcp] [......127.0.0.1][50648] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...543] [ip4][..tcp] [......127.0.0.1][50648] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...543] [ip4][..tcp] [......127.0.0.1][50648] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...544] [ip4][..tcp] [......127.0.0.1][50650] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...544] [ip4][..tcp] [......127.0.0.1][50650] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...544] [ip4][..tcp] [......127.0.0.1][50650] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...545] [ip4][..tcp] [......127.0.0.1][50652] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...545] [ip4][..tcp] [......127.0.0.1][50652] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...545] [ip4][..tcp] [......127.0.0.1][50652] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...546] [ip4][..tcp] [......127.0.0.1][50654] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...546] [ip4][..tcp] [......127.0.0.1][50654] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...546] [ip4][..tcp] [......127.0.0.1][50654] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...547] [ip4][..tcp] [......127.0.0.1][50656] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...547] [ip4][..tcp] [......127.0.0.1][50656] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...547] [ip4][..tcp] [......127.0.0.1][50656] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...548] [ip4][..tcp] [......127.0.0.1][50658] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...548] [ip4][..tcp] [......127.0.0.1][50658] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...548] [ip4][..tcp] [......127.0.0.1][50658] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...549] [ip4][..tcp] [......127.0.0.1][50660] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...549] [ip4][..tcp] [......127.0.0.1][50660] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...549] [ip4][..tcp] [......127.0.0.1][50660] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...550] [ip4][..tcp] [......127.0.0.1][50662] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...550] [ip4][..tcp] [......127.0.0.1][50662] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...550] [ip4][..tcp] [......127.0.0.1][50662] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...551] [ip4][..tcp] [......127.0.0.1][50664] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...551] [ip4][..tcp] [......127.0.0.1][50664] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...551] [ip4][..tcp] [......127.0.0.1][50664] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...552] [ip4][..tcp] [......127.0.0.1][50666] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...552] [ip4][..tcp] [......127.0.0.1][50666] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...552] [ip4][..tcp] [......127.0.0.1][50666] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...553] [ip4][..tcp] [......127.0.0.1][50668] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...553] [ip4][..tcp] [......127.0.0.1][50668] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...553] [ip4][..tcp] [......127.0.0.1][50668] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...554] [ip4][..tcp] [......127.0.0.1][50670] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...554] [ip4][..tcp] [......127.0.0.1][50670] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...554] [ip4][..tcp] [......127.0.0.1][50670] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...555] [ip4][..tcp] [......127.0.0.1][50672] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...555] [ip4][..tcp] [......127.0.0.1][50672] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...555] [ip4][..tcp] [......127.0.0.1][50672] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...556] [ip4][..tcp] [......127.0.0.1][50674] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...556] [ip4][..tcp] [......127.0.0.1][50674] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...556] [ip4][..tcp] [......127.0.0.1][50674] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...557] [ip4][..tcp] [......127.0.0.1][50676] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...557] [ip4][..tcp] [......127.0.0.1][50676] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...557] [ip4][..tcp] [......127.0.0.1][50676] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...558] [ip4][..tcp] [......127.0.0.1][50678] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...558] [ip4][..tcp] [......127.0.0.1][50678] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...558] [ip4][..tcp] [......127.0.0.1][50678] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...559] [ip4][..tcp] [......127.0.0.1][50680] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...559] [ip4][..tcp] [......127.0.0.1][50680] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...559] [ip4][..tcp] [......127.0.0.1][50680] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...560] [ip4][..tcp] [......127.0.0.1][50682] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...560] [ip4][..tcp] [......127.0.0.1][50682] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...560] [ip4][..tcp] [......127.0.0.1][50682] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...561] [ip4][..tcp] [......127.0.0.1][50684] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...561] [ip4][..tcp] [......127.0.0.1][50684] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...561] [ip4][..tcp] [......127.0.0.1][50684] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...562] [ip4][..tcp] [......127.0.0.1][50686] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...562] [ip4][..tcp] [......127.0.0.1][50686] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...562] [ip4][..tcp] [......127.0.0.1][50686] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...563] [ip4][..tcp] [......127.0.0.1][50688] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...563] [ip4][..tcp] [......127.0.0.1][50688] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...563] [ip4][..tcp] [......127.0.0.1][50688] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...564] [ip4][..tcp] [......127.0.0.1][50690] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...564] [ip4][..tcp] [......127.0.0.1][50690] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...564] [ip4][..tcp] [......127.0.0.1][50690] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...565] [ip4][..tcp] [......127.0.0.1][50692] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...565] [ip4][..tcp] [......127.0.0.1][50692] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...565] [ip4][..tcp] [......127.0.0.1][50692] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...566] [ip4][..tcp] [......127.0.0.1][50694] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...566] [ip4][..tcp] [......127.0.0.1][50694] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...566] [ip4][..tcp] [......127.0.0.1][50694] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...567] [ip4][..tcp] [......127.0.0.1][50696] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...567] [ip4][..tcp] [......127.0.0.1][50696] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...567] [ip4][..tcp] [......127.0.0.1][50696] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...568] [ip4][..tcp] [......127.0.0.1][50698] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...568] [ip4][..tcp] [......127.0.0.1][50698] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...568] [ip4][..tcp] [......127.0.0.1][50698] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...569] [ip4][..tcp] [......127.0.0.1][50700] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...569] [ip4][..tcp] [......127.0.0.1][50700] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...569] [ip4][..tcp] [......127.0.0.1][50700] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...570] [ip4][..tcp] [......127.0.0.1][50702] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...570] [ip4][..tcp] [......127.0.0.1][50702] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...570] [ip4][..tcp] [......127.0.0.1][50702] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...571] [ip4][..tcp] [......127.0.0.1][50704] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...571] [ip4][..tcp] [......127.0.0.1][50704] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...571] [ip4][..tcp] [......127.0.0.1][50704] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...572] [ip4][..tcp] [......127.0.0.1][50706] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...572] [ip4][..tcp] [......127.0.0.1][50706] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...572] [ip4][..tcp] [......127.0.0.1][50706] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...573] [ip4][..tcp] [......127.0.0.1][50708] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...573] [ip4][..tcp] [......127.0.0.1][50708] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...573] [ip4][..tcp] [......127.0.0.1][50708] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...574] [ip4][..tcp] [......127.0.0.1][50710] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...574] [ip4][..tcp] [......127.0.0.1][50710] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...574] [ip4][..tcp] [......127.0.0.1][50710] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...575] [ip4][..tcp] [......127.0.0.1][50712] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...575] [ip4][..tcp] [......127.0.0.1][50712] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...575] [ip4][..tcp] [......127.0.0.1][50712] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...576] [ip4][..tcp] [......127.0.0.1][50714] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...576] [ip4][..tcp] [......127.0.0.1][50714] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...576] [ip4][..tcp] [......127.0.0.1][50714] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...577] [ip4][..tcp] [......127.0.0.1][50716] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...577] [ip4][..tcp] [......127.0.0.1][50716] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...577] [ip4][..tcp] [......127.0.0.1][50716] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...578] [ip4][..tcp] [......127.0.0.1][50718] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...578] [ip4][..tcp] [......127.0.0.1][50718] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...578] [ip4][..tcp] [......127.0.0.1][50718] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...579] [ip4][..tcp] [......127.0.0.1][50720] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...579] [ip4][..tcp] [......127.0.0.1][50720] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...579] [ip4][..tcp] [......127.0.0.1][50720] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...580] [ip4][..tcp] [......127.0.0.1][50722] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...580] [ip4][..tcp] [......127.0.0.1][50722] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...580] [ip4][..tcp] [......127.0.0.1][50722] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...581] [ip4][..tcp] [......127.0.0.1][50724] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...581] [ip4][..tcp] [......127.0.0.1][50724] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...581] [ip4][..tcp] [......127.0.0.1][50724] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...582] [ip4][..tcp] [......127.0.0.1][50726] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...582] [ip4][..tcp] [......127.0.0.1][50726] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...582] [ip4][..tcp] [......127.0.0.1][50726] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...583] [ip4][..tcp] [......127.0.0.1][50728] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...583] [ip4][..tcp] [......127.0.0.1][50728] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...583] [ip4][..tcp] [......127.0.0.1][50728] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...584] [ip4][..tcp] [......127.0.0.1][50730] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...584] [ip4][..tcp] [......127.0.0.1][50730] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...584] [ip4][..tcp] [......127.0.0.1][50730] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...585] [ip4][..tcp] [......127.0.0.1][50732] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...585] [ip4][..tcp] [......127.0.0.1][50732] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...585] [ip4][..tcp] [......127.0.0.1][50732] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...586] [ip4][..tcp] [......127.0.0.1][50734] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...586] [ip4][..tcp] [......127.0.0.1][50734] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...586] [ip4][..tcp] [......127.0.0.1][50734] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...587] [ip4][..tcp] [......127.0.0.1][50736] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...587] [ip4][..tcp] [......127.0.0.1][50736] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...587] [ip4][..tcp] [......127.0.0.1][50736] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...588] [ip4][..tcp] [......127.0.0.1][50738] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...588] [ip4][..tcp] [......127.0.0.1][50738] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...588] [ip4][..tcp] [......127.0.0.1][50738] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...589] [ip4][..tcp] [......127.0.0.1][50740] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...589] [ip4][..tcp] [......127.0.0.1][50740] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...589] [ip4][..tcp] [......127.0.0.1][50740] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...590] [ip4][..tcp] [......127.0.0.1][50742] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...590] [ip4][..tcp] [......127.0.0.1][50742] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...590] [ip4][..tcp] [......127.0.0.1][50742] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...591] [ip4][..tcp] [......127.0.0.1][50744] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...591] [ip4][..tcp] [......127.0.0.1][50744] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...591] [ip4][..tcp] [......127.0.0.1][50744] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...592] [ip4][..tcp] [......127.0.0.1][50746] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...592] [ip4][..tcp] [......127.0.0.1][50746] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...592] [ip4][..tcp] [......127.0.0.1][50746] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...593] [ip4][..tcp] [......127.0.0.1][50748] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...593] [ip4][..tcp] [......127.0.0.1][50748] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...593] [ip4][..tcp] [......127.0.0.1][50748] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...594] [ip4][..tcp] [......127.0.0.1][50750] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...594] [ip4][..tcp] [......127.0.0.1][50750] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...594] [ip4][..tcp] [......127.0.0.1][50750] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...595] [ip4][..tcp] [......127.0.0.1][50752] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...595] [ip4][..tcp] [......127.0.0.1][50752] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...595] [ip4][..tcp] [......127.0.0.1][50752] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...596] [ip4][..tcp] [......127.0.0.1][50754] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...596] [ip4][..tcp] [......127.0.0.1][50754] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...596] [ip4][..tcp] [......127.0.0.1][50754] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...597] [ip4][..tcp] [......127.0.0.1][50756] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...597] [ip4][..tcp] [......127.0.0.1][50756] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...597] [ip4][..tcp] [......127.0.0.1][50756] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...598] [ip4][..tcp] [......127.0.0.1][50758] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...598] [ip4][..tcp] [......127.0.0.1][50758] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...598] [ip4][..tcp] [......127.0.0.1][50758] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...599] [ip4][..tcp] [......127.0.0.1][50760] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...599] [ip4][..tcp] [......127.0.0.1][50760] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...599] [ip4][..tcp] [......127.0.0.1][50760] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...600] [ip4][..tcp] [......127.0.0.1][50762] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...600] [ip4][..tcp] [......127.0.0.1][50762] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...600] [ip4][..tcp] [......127.0.0.1][50762] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...601] [ip4][..tcp] [......127.0.0.1][50764] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...601] [ip4][..tcp] [......127.0.0.1][50764] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...601] [ip4][..tcp] [......127.0.0.1][50764] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...602] [ip4][..tcp] [......127.0.0.1][50766] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...602] [ip4][..tcp] [......127.0.0.1][50766] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...602] [ip4][..tcp] [......127.0.0.1][50766] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...603] [ip4][..tcp] [......127.0.0.1][50768] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...603] [ip4][..tcp] [......127.0.0.1][50768] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...603] [ip4][..tcp] [......127.0.0.1][50768] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...604] [ip4][..tcp] [......127.0.0.1][50770] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...604] [ip4][..tcp] [......127.0.0.1][50770] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...604] [ip4][..tcp] [......127.0.0.1][50770] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...605] [ip4][..tcp] [......127.0.0.1][50772] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...605] [ip4][..tcp] [......127.0.0.1][50772] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...605] [ip4][..tcp] [......127.0.0.1][50772] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...606] [ip4][..tcp] [......127.0.0.1][50774] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...606] [ip4][..tcp] [......127.0.0.1][50774] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...606] [ip4][..tcp] [......127.0.0.1][50774] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...607] [ip4][..tcp] [......127.0.0.1][50776] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...607] [ip4][..tcp] [......127.0.0.1][50776] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...607] [ip4][..tcp] [......127.0.0.1][50776] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...608] [ip4][..tcp] [......127.0.0.1][50778] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...608] [ip4][..tcp] [......127.0.0.1][50778] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...608] [ip4][..tcp] [......127.0.0.1][50778] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...609] [ip4][..tcp] [......127.0.0.1][50780] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...609] [ip4][..tcp] [......127.0.0.1][50780] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...609] [ip4][..tcp] [......127.0.0.1][50780] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...610] [ip4][..tcp] [......127.0.0.1][50782] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...610] [ip4][..tcp] [......127.0.0.1][50782] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...610] [ip4][..tcp] [......127.0.0.1][50782] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...611] [ip4][..tcp] [......127.0.0.1][50784] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...611] [ip4][..tcp] [......127.0.0.1][50784] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...611] [ip4][..tcp] [......127.0.0.1][50784] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...612] [ip4][..tcp] [......127.0.0.1][50786] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...612] [ip4][..tcp] [......127.0.0.1][50786] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...612] [ip4][..tcp] [......127.0.0.1][50786] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...613] [ip4][..tcp] [......127.0.0.1][50788] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...613] [ip4][..tcp] [......127.0.0.1][50788] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...613] [ip4][..tcp] [......127.0.0.1][50788] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...614] [ip4][..tcp] [......127.0.0.1][50790] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...614] [ip4][..tcp] [......127.0.0.1][50790] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...614] [ip4][..tcp] [......127.0.0.1][50790] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...615] [ip4][..tcp] [......127.0.0.1][50792] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...615] [ip4][..tcp] [......127.0.0.1][50792] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...615] [ip4][..tcp] [......127.0.0.1][50792] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...616] [ip4][..tcp] [......127.0.0.1][50794] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...616] [ip4][..tcp] [......127.0.0.1][50794] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...616] [ip4][..tcp] [......127.0.0.1][50794] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...617] [ip4][..tcp] [......127.0.0.1][50796] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...617] [ip4][..tcp] [......127.0.0.1][50796] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...617] [ip4][..tcp] [......127.0.0.1][50796] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...618] [ip4][..tcp] [......127.0.0.1][50798] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...618] [ip4][..tcp] [......127.0.0.1][50798] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...618] [ip4][..tcp] [......127.0.0.1][50798] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...619] [ip4][..tcp] [......127.0.0.1][50800] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...619] [ip4][..tcp] [......127.0.0.1][50800] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...619] [ip4][..tcp] [......127.0.0.1][50800] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...620] [ip4][..tcp] [......127.0.0.1][50802] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...620] [ip4][..tcp] [......127.0.0.1][50802] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...620] [ip4][..tcp] [......127.0.0.1][50802] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...621] [ip4][..tcp] [......127.0.0.1][50804] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...621] [ip4][..tcp] [......127.0.0.1][50804] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...621] [ip4][..tcp] [......127.0.0.1][50804] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...622] [ip4][..tcp] [......127.0.0.1][50806] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...622] [ip4][..tcp] [......127.0.0.1][50806] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...622] [ip4][..tcp] [......127.0.0.1][50806] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...623] [ip4][..tcp] [......127.0.0.1][50808] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...623] [ip4][..tcp] [......127.0.0.1][50808] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...623] [ip4][..tcp] [......127.0.0.1][50808] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...624] [ip4][..tcp] [......127.0.0.1][50810] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...624] [ip4][..tcp] [......127.0.0.1][50810] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...624] [ip4][..tcp] [......127.0.0.1][50810] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...625] [ip4][..tcp] [......127.0.0.1][50812] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...625] [ip4][..tcp] [......127.0.0.1][50812] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...625] [ip4][..tcp] [......127.0.0.1][50812] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...626] [ip4][..tcp] [......127.0.0.1][50814] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...626] [ip4][..tcp] [......127.0.0.1][50814] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...626] [ip4][..tcp] [......127.0.0.1][50814] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...627] [ip4][..tcp] [......127.0.0.1][50816] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...627] [ip4][..tcp] [......127.0.0.1][50816] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...627] [ip4][..tcp] [......127.0.0.1][50816] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...628] [ip4][..tcp] [......127.0.0.1][50818] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...628] [ip4][..tcp] [......127.0.0.1][50818] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...628] [ip4][..tcp] [......127.0.0.1][50818] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...629] [ip4][..tcp] [......127.0.0.1][50820] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...629] [ip4][..tcp] [......127.0.0.1][50820] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...629] [ip4][..tcp] [......127.0.0.1][50820] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...630] [ip4][..tcp] [......127.0.0.1][50822] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...630] [ip4][..tcp] [......127.0.0.1][50822] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...630] [ip4][..tcp] [......127.0.0.1][50822] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...631] [ip4][..tcp] [......127.0.0.1][50824] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...631] [ip4][..tcp] [......127.0.0.1][50824] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...631] [ip4][..tcp] [......127.0.0.1][50824] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...632] [ip4][..tcp] [......127.0.0.1][50826] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...632] [ip4][..tcp] [......127.0.0.1][50826] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...632] [ip4][..tcp] [......127.0.0.1][50826] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...633] [ip4][..tcp] [......127.0.0.1][50828] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...633] [ip4][..tcp] [......127.0.0.1][50828] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...633] [ip4][..tcp] [......127.0.0.1][50828] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...634] [ip4][..tcp] [......127.0.0.1][50830] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...634] [ip4][..tcp] [......127.0.0.1][50830] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...634] [ip4][..tcp] [......127.0.0.1][50830] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...635] [ip4][..tcp] [......127.0.0.1][50832] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...635] [ip4][..tcp] [......127.0.0.1][50832] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...635] [ip4][..tcp] [......127.0.0.1][50832] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...636] [ip4][..tcp] [......127.0.0.1][50834] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...636] [ip4][..tcp] [......127.0.0.1][50834] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...636] [ip4][..tcp] [......127.0.0.1][50834] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...637] [ip4][..tcp] [......127.0.0.1][50836] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...637] [ip4][..tcp] [......127.0.0.1][50836] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...637] [ip4][..tcp] [......127.0.0.1][50836] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...638] [ip4][..tcp] [......127.0.0.1][50838] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...638] [ip4][..tcp] [......127.0.0.1][50838] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...638] [ip4][..tcp] [......127.0.0.1][50838] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...639] [ip4][..tcp] [......127.0.0.1][50840] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...639] [ip4][..tcp] [......127.0.0.1][50840] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...639] [ip4][..tcp] [......127.0.0.1][50840] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...640] [ip4][..tcp] [......127.0.0.1][50842] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...640] [ip4][..tcp] [......127.0.0.1][50842] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...640] [ip4][..tcp] [......127.0.0.1][50842] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...641] [ip4][..tcp] [......127.0.0.1][50844] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...641] [ip4][..tcp] [......127.0.0.1][50844] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...641] [ip4][..tcp] [......127.0.0.1][50844] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...642] [ip4][..tcp] [......127.0.0.1][50846] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...642] [ip4][..tcp] [......127.0.0.1][50846] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...642] [ip4][..tcp] [......127.0.0.1][50846] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...643] [ip4][..tcp] [......127.0.0.1][50848] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...643] [ip4][..tcp] [......127.0.0.1][50848] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...643] [ip4][..tcp] [......127.0.0.1][50848] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...644] [ip4][..tcp] [......127.0.0.1][50850] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...644] [ip4][..tcp] [......127.0.0.1][50850] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...644] [ip4][..tcp] [......127.0.0.1][50850] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...645] [ip4][..tcp] [......127.0.0.1][50852] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...645] [ip4][..tcp] [......127.0.0.1][50852] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...645] [ip4][..tcp] [......127.0.0.1][50852] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...646] [ip4][..tcp] [......127.0.0.1][50854] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...646] [ip4][..tcp] [......127.0.0.1][50854] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...646] [ip4][..tcp] [......127.0.0.1][50854] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...647] [ip4][..tcp] [......127.0.0.1][50856] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...647] [ip4][..tcp] [......127.0.0.1][50856] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...647] [ip4][..tcp] [......127.0.0.1][50856] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...648] [ip4][..tcp] [......127.0.0.1][50858] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...648] [ip4][..tcp] [......127.0.0.1][50858] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...648] [ip4][..tcp] [......127.0.0.1][50858] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...649] [ip4][..tcp] [......127.0.0.1][50860] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...649] [ip4][..tcp] [......127.0.0.1][50860] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...649] [ip4][..tcp] [......127.0.0.1][50860] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...650] [ip4][..tcp] [......127.0.0.1][50862] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...650] [ip4][..tcp] [......127.0.0.1][50862] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...650] [ip4][..tcp] [......127.0.0.1][50862] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...651] [ip4][..tcp] [......127.0.0.1][50864] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...651] [ip4][..tcp] [......127.0.0.1][50864] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...651] [ip4][..tcp] [......127.0.0.1][50864] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...652] [ip4][..tcp] [......127.0.0.1][50866] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...652] [ip4][..tcp] [......127.0.0.1][50866] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...652] [ip4][..tcp] [......127.0.0.1][50866] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...653] [ip4][..tcp] [......127.0.0.1][50868] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...653] [ip4][..tcp] [......127.0.0.1][50868] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...653] [ip4][..tcp] [......127.0.0.1][50868] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...654] [ip4][..tcp] [......127.0.0.1][50870] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...654] [ip4][..tcp] [......127.0.0.1][50870] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...654] [ip4][..tcp] [......127.0.0.1][50870] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...655] [ip4][..tcp] [......127.0.0.1][50872] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...655] [ip4][..tcp] [......127.0.0.1][50872] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...655] [ip4][..tcp] [......127.0.0.1][50872] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...656] [ip4][..tcp] [......127.0.0.1][50874] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...656] [ip4][..tcp] [......127.0.0.1][50874] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...656] [ip4][..tcp] [......127.0.0.1][50874] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...657] [ip4][..tcp] [......127.0.0.1][50876] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...657] [ip4][..tcp] [......127.0.0.1][50876] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...657] [ip4][..tcp] [......127.0.0.1][50876] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...658] [ip4][..tcp] [......127.0.0.1][50878] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...658] [ip4][..tcp] [......127.0.0.1][50878] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...658] [ip4][..tcp] [......127.0.0.1][50878] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...659] [ip4][..tcp] [......127.0.0.1][50880] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...659] [ip4][..tcp] [......127.0.0.1][50880] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...659] [ip4][..tcp] [......127.0.0.1][50880] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...660] [ip4][..tcp] [......127.0.0.1][50882] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...660] [ip4][..tcp] [......127.0.0.1][50882] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...660] [ip4][..tcp] [......127.0.0.1][50882] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...661] [ip4][..tcp] [......127.0.0.1][50884] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...661] [ip4][..tcp] [......127.0.0.1][50884] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...661] [ip4][..tcp] [......127.0.0.1][50884] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...662] [ip4][..tcp] [......127.0.0.1][50886] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...662] [ip4][..tcp] [......127.0.0.1][50886] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...662] [ip4][..tcp] [......127.0.0.1][50886] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...663] [ip4][..tcp] [......127.0.0.1][50888] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...663] [ip4][..tcp] [......127.0.0.1][50888] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...663] [ip4][..tcp] [......127.0.0.1][50888] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...664] [ip4][..tcp] [......127.0.0.1][50890] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...664] [ip4][..tcp] [......127.0.0.1][50890] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...664] [ip4][..tcp] [......127.0.0.1][50890] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...665] [ip4][..tcp] [......127.0.0.1][50892] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...665] [ip4][..tcp] [......127.0.0.1][50892] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...665] [ip4][..tcp] [......127.0.0.1][50892] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...666] [ip4][..tcp] [......127.0.0.1][50894] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...666] [ip4][..tcp] [......127.0.0.1][50894] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...666] [ip4][..tcp] [......127.0.0.1][50894] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...667] [ip4][..tcp] [......127.0.0.1][50896] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...667] [ip4][..tcp] [......127.0.0.1][50896] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...667] [ip4][..tcp] [......127.0.0.1][50896] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...668] [ip4][..tcp] [......127.0.0.1][50898] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...668] [ip4][..tcp] [......127.0.0.1][50898] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...668] [ip4][..tcp] [......127.0.0.1][50898] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...669] [ip4][..tcp] [......127.0.0.1][50900] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...669] [ip4][..tcp] [......127.0.0.1][50900] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...669] [ip4][..tcp] [......127.0.0.1][50900] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...670] [ip4][..tcp] [......127.0.0.1][50902] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...670] [ip4][..tcp] [......127.0.0.1][50902] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...670] [ip4][..tcp] [......127.0.0.1][50902] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...671] [ip4][..tcp] [......127.0.0.1][50904] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...671] [ip4][..tcp] [......127.0.0.1][50904] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...671] [ip4][..tcp] [......127.0.0.1][50904] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...672] [ip4][..tcp] [......127.0.0.1][50906] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...672] [ip4][..tcp] [......127.0.0.1][50906] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...672] [ip4][..tcp] [......127.0.0.1][50906] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...673] [ip4][..tcp] [......127.0.0.1][50908] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...673] [ip4][..tcp] [......127.0.0.1][50908] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...673] [ip4][..tcp] [......127.0.0.1][50908] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...674] [ip4][..tcp] [......127.0.0.1][50910] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...674] [ip4][..tcp] [......127.0.0.1][50910] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...674] [ip4][..tcp] [......127.0.0.1][50910] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...675] [ip4][..tcp] [......127.0.0.1][50912] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...675] [ip4][..tcp] [......127.0.0.1][50912] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...675] [ip4][..tcp] [......127.0.0.1][50912] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...676] [ip4][..tcp] [......127.0.0.1][50914] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...676] [ip4][..tcp] [......127.0.0.1][50914] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...676] [ip4][..tcp] [......127.0.0.1][50914] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...677] [ip4][..tcp] [......127.0.0.1][50916] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...677] [ip4][..tcp] [......127.0.0.1][50916] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...677] [ip4][..tcp] [......127.0.0.1][50916] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...678] [ip4][..tcp] [......127.0.0.1][50918] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...678] [ip4][..tcp] [......127.0.0.1][50918] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...678] [ip4][..tcp] [......127.0.0.1][50918] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...679] [ip4][..tcp] [......127.0.0.1][50920] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...679] [ip4][..tcp] [......127.0.0.1][50920] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...679] [ip4][..tcp] [......127.0.0.1][50920] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...680] [ip4][..tcp] [......127.0.0.1][50922] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...680] [ip4][..tcp] [......127.0.0.1][50922] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...680] [ip4][..tcp] [......127.0.0.1][50922] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...681] [ip4][..tcp] [......127.0.0.1][50924] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...681] [ip4][..tcp] [......127.0.0.1][50924] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...681] [ip4][..tcp] [......127.0.0.1][50924] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...682] [ip4][..tcp] [......127.0.0.1][50926] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...682] [ip4][..tcp] [......127.0.0.1][50926] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...682] [ip4][..tcp] [......127.0.0.1][50926] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...683] [ip4][..tcp] [......127.0.0.1][50928] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...683] [ip4][..tcp] [......127.0.0.1][50928] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...683] [ip4][..tcp] [......127.0.0.1][50928] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...684] [ip4][..tcp] [......127.0.0.1][50930] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...684] [ip4][..tcp] [......127.0.0.1][50930] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...684] [ip4][..tcp] [......127.0.0.1][50930] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...685] [ip4][..tcp] [......127.0.0.1][50932] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...685] [ip4][..tcp] [......127.0.0.1][50932] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...685] [ip4][..tcp] [......127.0.0.1][50932] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...686] [ip4][..tcp] [......127.0.0.1][50934] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...686] [ip4][..tcp] [......127.0.0.1][50934] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...686] [ip4][..tcp] [......127.0.0.1][50934] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...687] [ip4][..tcp] [......127.0.0.1][50936] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...687] [ip4][..tcp] [......127.0.0.1][50936] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...687] [ip4][..tcp] [......127.0.0.1][50936] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...688] [ip4][..tcp] [......127.0.0.1][50938] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...688] [ip4][..tcp] [......127.0.0.1][50938] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...688] [ip4][..tcp] [......127.0.0.1][50938] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...689] [ip4][..tcp] [......127.0.0.1][50940] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...689] [ip4][..tcp] [......127.0.0.1][50940] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...689] [ip4][..tcp] [......127.0.0.1][50940] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...690] [ip4][..tcp] [......127.0.0.1][50942] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...690] [ip4][..tcp] [......127.0.0.1][50942] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...690] [ip4][..tcp] [......127.0.0.1][50942] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...691] [ip4][..tcp] [......127.0.0.1][50944] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...691] [ip4][..tcp] [......127.0.0.1][50944] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...691] [ip4][..tcp] [......127.0.0.1][50944] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...692] [ip4][..tcp] [......127.0.0.1][50946] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...692] [ip4][..tcp] [......127.0.0.1][50946] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...692] [ip4][..tcp] [......127.0.0.1][50946] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...693] [ip4][..tcp] [......127.0.0.1][50948] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...693] [ip4][..tcp] [......127.0.0.1][50948] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...693] [ip4][..tcp] [......127.0.0.1][50948] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...694] [ip4][..tcp] [......127.0.0.1][50950] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...694] [ip4][..tcp] [......127.0.0.1][50950] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...694] [ip4][..tcp] [......127.0.0.1][50950] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...695] [ip4][..tcp] [......127.0.0.1][50952] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...695] [ip4][..tcp] [......127.0.0.1][50952] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...695] [ip4][..tcp] [......127.0.0.1][50952] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...696] [ip4][..tcp] [......127.0.0.1][50954] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...696] [ip4][..tcp] [......127.0.0.1][50954] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...696] [ip4][..tcp] [......127.0.0.1][50954] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...697] [ip4][..tcp] [......127.0.0.1][50956] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...697] [ip4][..tcp] [......127.0.0.1][50956] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...697] [ip4][..tcp] [......127.0.0.1][50956] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...698] [ip4][..tcp] [......127.0.0.1][50958] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...698] [ip4][..tcp] [......127.0.0.1][50958] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...698] [ip4][..tcp] [......127.0.0.1][50958] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...699] [ip4][..tcp] [......127.0.0.1][50960] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...699] [ip4][..tcp] [......127.0.0.1][50960] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...699] [ip4][..tcp] [......127.0.0.1][50960] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...700] [ip4][..tcp] [......127.0.0.1][50962] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...700] [ip4][..tcp] [......127.0.0.1][50962] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...700] [ip4][..tcp] [......127.0.0.1][50962] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...701] [ip4][..tcp] [......127.0.0.1][50964] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...701] [ip4][..tcp] [......127.0.0.1][50964] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...701] [ip4][..tcp] [......127.0.0.1][50964] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...702] [ip4][..tcp] [......127.0.0.1][50966] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...702] [ip4][..tcp] [......127.0.0.1][50966] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...702] [ip4][..tcp] [......127.0.0.1][50966] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...703] [ip4][..tcp] [......127.0.0.1][50968] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...703] [ip4][..tcp] [......127.0.0.1][50968] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...703] [ip4][..tcp] [......127.0.0.1][50968] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...704] [ip4][..tcp] [......127.0.0.1][50970] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...704] [ip4][..tcp] [......127.0.0.1][50970] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...704] [ip4][..tcp] [......127.0.0.1][50970] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...705] [ip4][..tcp] [......127.0.0.1][50972] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...705] [ip4][..tcp] [......127.0.0.1][50972] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...705] [ip4][..tcp] [......127.0.0.1][50972] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...706] [ip4][..tcp] [......127.0.0.1][50974] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...706] [ip4][..tcp] [......127.0.0.1][50974] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...706] [ip4][..tcp] [......127.0.0.1][50974] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...707] [ip4][..tcp] [......127.0.0.1][50976] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...707] [ip4][..tcp] [......127.0.0.1][50976] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...707] [ip4][..tcp] [......127.0.0.1][50976] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...708] [ip4][..tcp] [......127.0.0.1][50978] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...708] [ip4][..tcp] [......127.0.0.1][50978] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...708] [ip4][..tcp] [......127.0.0.1][50978] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...709] [ip4][..tcp] [......127.0.0.1][50980] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...709] [ip4][..tcp] [......127.0.0.1][50980] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...709] [ip4][..tcp] [......127.0.0.1][50980] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...710] [ip4][..tcp] [......127.0.0.1][50982] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...710] [ip4][..tcp] [......127.0.0.1][50982] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...710] [ip4][..tcp] [......127.0.0.1][50982] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...711] [ip4][..tcp] [......127.0.0.1][50984] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...711] [ip4][..tcp] [......127.0.0.1][50984] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...711] [ip4][..tcp] [......127.0.0.1][50984] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...712] [ip4][..tcp] [......127.0.0.1][50986] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...712] [ip4][..tcp] [......127.0.0.1][50986] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...712] [ip4][..tcp] [......127.0.0.1][50986] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...713] [ip4][..tcp] [......127.0.0.1][50988] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...713] [ip4][..tcp] [......127.0.0.1][50988] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...713] [ip4][..tcp] [......127.0.0.1][50988] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...714] [ip4][..tcp] [......127.0.0.1][50990] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...714] [ip4][..tcp] [......127.0.0.1][50990] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...714] [ip4][..tcp] [......127.0.0.1][50990] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...715] [ip4][..tcp] [......127.0.0.1][50992] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...715] [ip4][..tcp] [......127.0.0.1][50992] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...715] [ip4][..tcp] [......127.0.0.1][50992] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...716] [ip4][..tcp] [......127.0.0.1][50994] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...716] [ip4][..tcp] [......127.0.0.1][50994] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...716] [ip4][..tcp] [......127.0.0.1][50994] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...717] [ip4][..tcp] [......127.0.0.1][50996] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...717] [ip4][..tcp] [......127.0.0.1][50996] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...717] [ip4][..tcp] [......127.0.0.1][50996] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...718] [ip4][..tcp] [......127.0.0.1][50998] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...718] [ip4][..tcp] [......127.0.0.1][50998] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...718] [ip4][..tcp] [......127.0.0.1][50998] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...719] [ip4][..tcp] [......127.0.0.1][51000] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...719] [ip4][..tcp] [......127.0.0.1][51000] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...719] [ip4][..tcp] [......127.0.0.1][51000] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...720] [ip4][..tcp] [......127.0.0.1][51002] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...720] [ip4][..tcp] [......127.0.0.1][51002] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...720] [ip4][..tcp] [......127.0.0.1][51002] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...721] [ip4][..tcp] [......127.0.0.1][51004] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...721] [ip4][..tcp] [......127.0.0.1][51004] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...721] [ip4][..tcp] [......127.0.0.1][51004] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...722] [ip4][..tcp] [......127.0.0.1][51006] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...722] [ip4][..tcp] [......127.0.0.1][51006] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...722] [ip4][..tcp] [......127.0.0.1][51006] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...723] [ip4][..tcp] [......127.0.0.1][51008] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...723] [ip4][..tcp] [......127.0.0.1][51008] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...723] [ip4][..tcp] [......127.0.0.1][51008] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...724] [ip4][..tcp] [......127.0.0.1][51010] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...724] [ip4][..tcp] [......127.0.0.1][51010] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...724] [ip4][..tcp] [......127.0.0.1][51010] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...725] [ip4][..tcp] [......127.0.0.1][51012] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...725] [ip4][..tcp] [......127.0.0.1][51012] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...725] [ip4][..tcp] [......127.0.0.1][51012] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...726] [ip4][..tcp] [......127.0.0.1][51014] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...726] [ip4][..tcp] [......127.0.0.1][51014] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...726] [ip4][..tcp] [......127.0.0.1][51014] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...727] [ip4][..tcp] [......127.0.0.1][51016] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...727] [ip4][..tcp] [......127.0.0.1][51016] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...727] [ip4][..tcp] [......127.0.0.1][51016] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...728] [ip4][..tcp] [......127.0.0.1][51018] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...728] [ip4][..tcp] [......127.0.0.1][51018] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...728] [ip4][..tcp] [......127.0.0.1][51018] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...729] [ip4][..tcp] [......127.0.0.1][51020] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...729] [ip4][..tcp] [......127.0.0.1][51020] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...729] [ip4][..tcp] [......127.0.0.1][51020] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...730] [ip4][..tcp] [......127.0.0.1][51022] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...730] [ip4][..tcp] [......127.0.0.1][51022] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...730] [ip4][..tcp] [......127.0.0.1][51022] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...731] [ip4][..tcp] [......127.0.0.1][51024] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...731] [ip4][..tcp] [......127.0.0.1][51024] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...731] [ip4][..tcp] [......127.0.0.1][51024] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...732] [ip4][..tcp] [......127.0.0.1][51026] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...732] [ip4][..tcp] [......127.0.0.1][51026] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...732] [ip4][..tcp] [......127.0.0.1][51026] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...733] [ip4][..tcp] [......127.0.0.1][51028] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...733] [ip4][..tcp] [......127.0.0.1][51028] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...733] [ip4][..tcp] [......127.0.0.1][51028] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...734] [ip4][..tcp] [......127.0.0.1][51030] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...734] [ip4][..tcp] [......127.0.0.1][51030] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...734] [ip4][..tcp] [......127.0.0.1][51030] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...735] [ip4][..tcp] [......127.0.0.1][51032] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...735] [ip4][..tcp] [......127.0.0.1][51032] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...735] [ip4][..tcp] [......127.0.0.1][51032] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...736] [ip4][..tcp] [......127.0.0.1][51034] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...736] [ip4][..tcp] [......127.0.0.1][51034] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...736] [ip4][..tcp] [......127.0.0.1][51034] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...737] [ip4][..tcp] [......127.0.0.1][51036] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...737] [ip4][..tcp] [......127.0.0.1][51036] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...737] [ip4][..tcp] [......127.0.0.1][51036] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...738] [ip4][..tcp] [......127.0.0.1][51038] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...738] [ip4][..tcp] [......127.0.0.1][51038] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...738] [ip4][..tcp] [......127.0.0.1][51038] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...739] [ip4][..tcp] [......127.0.0.1][51040] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...739] [ip4][..tcp] [......127.0.0.1][51040] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...739] [ip4][..tcp] [......127.0.0.1][51040] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...740] [ip4][..tcp] [......127.0.0.1][51042] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...740] [ip4][..tcp] [......127.0.0.1][51042] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...740] [ip4][..tcp] [......127.0.0.1][51042] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...741] [ip4][..tcp] [......127.0.0.1][51044] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...741] [ip4][..tcp] [......127.0.0.1][51044] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...741] [ip4][..tcp] [......127.0.0.1][51044] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...742] [ip4][..tcp] [......127.0.0.1][51046] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...742] [ip4][..tcp] [......127.0.0.1][51046] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...742] [ip4][..tcp] [......127.0.0.1][51046] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...743] [ip4][..tcp] [......127.0.0.1][51048] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...743] [ip4][..tcp] [......127.0.0.1][51048] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...743] [ip4][..tcp] [......127.0.0.1][51048] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...744] [ip4][..tcp] [......127.0.0.1][51050] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...744] [ip4][..tcp] [......127.0.0.1][51050] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...744] [ip4][..tcp] [......127.0.0.1][51050] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...745] [ip4][..tcp] [......127.0.0.1][51052] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...745] [ip4][..tcp] [......127.0.0.1][51052] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...745] [ip4][..tcp] [......127.0.0.1][51052] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...746] [ip4][..tcp] [......127.0.0.1][51054] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...746] [ip4][..tcp] [......127.0.0.1][51054] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...746] [ip4][..tcp] [......127.0.0.1][51054] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...747] [ip4][..tcp] [......127.0.0.1][51056] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...747] [ip4][..tcp] [......127.0.0.1][51056] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...747] [ip4][..tcp] [......127.0.0.1][51056] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...748] [ip4][..tcp] [......127.0.0.1][51058] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...748] [ip4][..tcp] [......127.0.0.1][51058] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...748] [ip4][..tcp] [......127.0.0.1][51058] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...749] [ip4][..tcp] [......127.0.0.1][51060] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...749] [ip4][..tcp] [......127.0.0.1][51060] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...749] [ip4][..tcp] [......127.0.0.1][51060] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...750] [ip4][..tcp] [......127.0.0.1][51062] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...750] [ip4][..tcp] [......127.0.0.1][51062] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...750] [ip4][..tcp] [......127.0.0.1][51062] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...751] [ip4][..tcp] [......127.0.0.1][51064] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...751] [ip4][..tcp] [......127.0.0.1][51064] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...751] [ip4][..tcp] [......127.0.0.1][51064] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...752] [ip4][..tcp] [......127.0.0.1][51066] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...752] [ip4][..tcp] [......127.0.0.1][51066] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...752] [ip4][..tcp] [......127.0.0.1][51066] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...753] [ip4][..tcp] [......127.0.0.1][51068] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...753] [ip4][..tcp] [......127.0.0.1][51068] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...753] [ip4][..tcp] [......127.0.0.1][51068] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...754] [ip4][..tcp] [......127.0.0.1][51070] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...754] [ip4][..tcp] [......127.0.0.1][51070] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...754] [ip4][..tcp] [......127.0.0.1][51070] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...755] [ip4][..tcp] [......127.0.0.1][51072] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...755] [ip4][..tcp] [......127.0.0.1][51072] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...755] [ip4][..tcp] [......127.0.0.1][51072] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...756] [ip4][..tcp] [......127.0.0.1][51074] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...756] [ip4][..tcp] [......127.0.0.1][51074] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...756] [ip4][..tcp] [......127.0.0.1][51074] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...757] [ip4][..tcp] [......127.0.0.1][51076] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...757] [ip4][..tcp] [......127.0.0.1][51076] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...757] [ip4][..tcp] [......127.0.0.1][51076] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...758] [ip4][..tcp] [......127.0.0.1][51078] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...758] [ip4][..tcp] [......127.0.0.1][51078] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...758] [ip4][..tcp] [......127.0.0.1][51078] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...759] [ip4][..tcp] [......127.0.0.1][51080] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...759] [ip4][..tcp] [......127.0.0.1][51080] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...759] [ip4][..tcp] [......127.0.0.1][51080] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...760] [ip4][..tcp] [......127.0.0.1][51082] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...760] [ip4][..tcp] [......127.0.0.1][51082] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...760] [ip4][..tcp] [......127.0.0.1][51082] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...761] [ip4][..tcp] [......127.0.0.1][51084] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...761] [ip4][..tcp] [......127.0.0.1][51084] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...761] [ip4][..tcp] [......127.0.0.1][51084] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...762] [ip4][..tcp] [......127.0.0.1][51086] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...762] [ip4][..tcp] [......127.0.0.1][51086] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...762] [ip4][..tcp] [......127.0.0.1][51086] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...763] [ip4][..tcp] [......127.0.0.1][51088] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...763] [ip4][..tcp] [......127.0.0.1][51088] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...763] [ip4][..tcp] [......127.0.0.1][51088] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...764] [ip4][..tcp] [......127.0.0.1][51090] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...764] [ip4][..tcp] [......127.0.0.1][51090] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...764] [ip4][..tcp] [......127.0.0.1][51090] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...765] [ip4][..tcp] [......127.0.0.1][51092] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...765] [ip4][..tcp] [......127.0.0.1][51092] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...765] [ip4][..tcp] [......127.0.0.1][51092] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...766] [ip4][..tcp] [......127.0.0.1][51094] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...766] [ip4][..tcp] [......127.0.0.1][51094] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...766] [ip4][..tcp] [......127.0.0.1][51094] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...767] [ip4][..tcp] [......127.0.0.1][51096] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...767] [ip4][..tcp] [......127.0.0.1][51096] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...767] [ip4][..tcp] [......127.0.0.1][51096] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...768] [ip4][..tcp] [......127.0.0.1][51098] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...768] [ip4][..tcp] [......127.0.0.1][51098] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...768] [ip4][..tcp] [......127.0.0.1][51098] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...769] [ip4][..tcp] [......127.0.0.1][51100] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...769] [ip4][..tcp] [......127.0.0.1][51100] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...769] [ip4][..tcp] [......127.0.0.1][51100] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...770] [ip4][..tcp] [......127.0.0.1][51148] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...770] [ip4][..tcp] [......127.0.0.1][51148] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...770] [ip4][..tcp] [......127.0.0.1][51148] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...771] [ip4][..tcp] [......127.0.0.1][51150] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...771] [ip4][..tcp] [......127.0.0.1][51150] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...771] [ip4][..tcp] [......127.0.0.1][51150] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...772] [ip4][..tcp] [......127.0.0.1][51152] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...772] [ip4][..tcp] [......127.0.0.1][51152] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...772] [ip4][..tcp] [......127.0.0.1][51152] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...773] [ip4][..tcp] [......127.0.0.1][51154] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...773] [ip4][..tcp] [......127.0.0.1][51154] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...773] [ip4][..tcp] [......127.0.0.1][51154] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...774] [ip4][..tcp] [......127.0.0.1][51156] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...774] [ip4][..tcp] [......127.0.0.1][51156] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...774] [ip4][..tcp] [......127.0.0.1][51156] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...775] [ip4][..tcp] [......127.0.0.1][51158] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...775] [ip4][..tcp] [......127.0.0.1][51158] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...775] [ip4][..tcp] [......127.0.0.1][51158] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...776] [ip4][..tcp] [......127.0.0.1][51160] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...776] [ip4][..tcp] [......127.0.0.1][51160] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...776] [ip4][..tcp] [......127.0.0.1][51160] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...777] [ip4][..tcp] [......127.0.0.1][51162] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...777] [ip4][..tcp] [......127.0.0.1][51162] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...777] [ip4][..tcp] [......127.0.0.1][51162] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...778] [ip4][..tcp] [......127.0.0.1][51164] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...778] [ip4][..tcp] [......127.0.0.1][51164] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...778] [ip4][..tcp] [......127.0.0.1][51164] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...779] [ip4][..tcp] [......127.0.0.1][51166] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...779] [ip4][..tcp] [......127.0.0.1][51166] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...779] [ip4][..tcp] [......127.0.0.1][51166] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...780] [ip4][..tcp] [......127.0.0.1][51168] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...780] [ip4][..tcp] [......127.0.0.1][51168] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...780] [ip4][..tcp] [......127.0.0.1][51168] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...781] [ip4][..tcp] [......127.0.0.1][51170] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...781] [ip4][..tcp] [......127.0.0.1][51170] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...781] [ip4][..tcp] [......127.0.0.1][51170] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...782] [ip4][..tcp] [......127.0.0.1][51172] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...782] [ip4][..tcp] [......127.0.0.1][51172] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...782] [ip4][..tcp] [......127.0.0.1][51172] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...783] [ip4][..tcp] [......127.0.0.1][51174] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...783] [ip4][..tcp] [......127.0.0.1][51174] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...783] [ip4][..tcp] [......127.0.0.1][51174] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...784] [ip4][..tcp] [......127.0.0.1][51176] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...784] [ip4][..tcp] [......127.0.0.1][51176] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...784] [ip4][..tcp] [......127.0.0.1][51176] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...785] [ip4][..tcp] [......127.0.0.1][51178] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...785] [ip4][..tcp] [......127.0.0.1][51178] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...785] [ip4][..tcp] [......127.0.0.1][51178] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...786] [ip4][..tcp] [......127.0.0.1][51182] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...786] [ip4][..tcp] [......127.0.0.1][51182] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...786] [ip4][..tcp] [......127.0.0.1][51182] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...787] [ip4][..tcp] [......127.0.0.1][51184] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...787] [ip4][..tcp] [......127.0.0.1][51184] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...787] [ip4][..tcp] [......127.0.0.1][51184] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...788] [ip4][..tcp] [......127.0.0.1][51186] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...788] [ip4][..tcp] [......127.0.0.1][51186] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...788] [ip4][..tcp] [......127.0.0.1][51186] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...789] [ip4][..tcp] [......127.0.0.1][51188] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...789] [ip4][..tcp] [......127.0.0.1][51188] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...789] [ip4][..tcp] [......127.0.0.1][51188] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...790] [ip4][..tcp] [......127.0.0.1][51190] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...790] [ip4][..tcp] [......127.0.0.1][51190] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...790] [ip4][..tcp] [......127.0.0.1][51190] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...791] [ip4][..tcp] [......127.0.0.1][51192] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...791] [ip4][..tcp] [......127.0.0.1][51192] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...791] [ip4][..tcp] [......127.0.0.1][51192] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...792] [ip4][..tcp] [......127.0.0.1][51194] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...792] [ip4][..tcp] [......127.0.0.1][51194] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...792] [ip4][..tcp] [......127.0.0.1][51194] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...793] [ip4][..tcp] [......127.0.0.1][51196] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...793] [ip4][..tcp] [......127.0.0.1][51196] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...793] [ip4][..tcp] [......127.0.0.1][51196] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...794] [ip4][..tcp] [......127.0.0.1][51198] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...794] [ip4][..tcp] [......127.0.0.1][51198] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...794] [ip4][..tcp] [......127.0.0.1][51198] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...795] [ip4][..tcp] [......127.0.0.1][51200] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...795] [ip4][..tcp] [......127.0.0.1][51200] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...795] [ip4][..tcp] [......127.0.0.1][51200] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...796] [ip4][..tcp] [......127.0.0.1][51202] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...796] [ip4][..tcp] [......127.0.0.1][51202] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...796] [ip4][..tcp] [......127.0.0.1][51202] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [...797] [ip4][..tcp] [......127.0.0.1][51204] -> [......127.0.0.1][.8080] [MIDSTREAM] - detected: [...797] [ip4][..tcp] [......127.0.0.1][51204] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable] + detected: [...797] [ip4][..tcp] [......127.0.0.1][51204] -> [......127.0.0.1][.8080] [HTTP][Web][Acceptable][127.0.0.1] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address idle: [...745] [ip4][..tcp] [......127.0.0.1][51052] -> [......127.0.0.1][.8080] idle: [...746] [ip4][..tcp] [......127.0.0.1][51054] -> [......127.0.0.1][.8080] diff --git a/test/results/flow-info/WebattackSQLinj.pcap.out b/test/results/flow-info/WebattackSQLinj.pcap.out index f68c45e3c..ffc44e526 100644 --- a/test/results/flow-info/WebattackSQLinj.pcap.out +++ b/test/results/flow-info/WebattackSQLinj.pcap.out @@ -2,31 +2,31 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....172.16.0.1][36196] -> [..192.168.10.50][...80] - detected: [.....1] [ip4][..tcp] [.....172.16.0.1][36196] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [.....172.16.0.1][36196] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....2] [ip4][..tcp] [.....172.16.0.1][36198] -> [..192.168.10.50][...80] - detected: [.....2] [ip4][..tcp] [.....172.16.0.1][36198] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [.....172.16.0.1][36198] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....3] [ip4][..tcp] [.....172.16.0.1][36200] -> [..192.168.10.50][...80] - detected: [.....3] [ip4][..tcp] [.....172.16.0.1][36200] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [.....172.16.0.1][36200] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....4] [ip4][..tcp] [.....172.16.0.1][36202] -> [..192.168.10.50][...80] - detected: [.....4] [ip4][..tcp] [.....172.16.0.1][36202] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....4] [ip4][..tcp] [.....172.16.0.1][36202] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....5] [ip4][..tcp] [.....172.16.0.1][36204] -> [..192.168.10.50][...80] - detected: [.....5] [ip4][..tcp] [.....172.16.0.1][36204] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....5] [ip4][..tcp] [.....172.16.0.1][36204] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....6] [ip4][..tcp] [.....172.16.0.1][36206] -> [..192.168.10.50][...80] - detected: [.....6] [ip4][..tcp] [.....172.16.0.1][36206] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....6] [ip4][..tcp] [.....172.16.0.1][36206] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....7] [ip4][..tcp] [.....172.16.0.1][36208] -> [..192.168.10.50][...80] - detected: [.....7] [ip4][..tcp] [.....172.16.0.1][36208] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....7] [ip4][..tcp] [.....172.16.0.1][36208] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....8] [ip4][..tcp] [.....172.16.0.1][36210] -> [..192.168.10.50][...80] - detected: [.....8] [ip4][..tcp] [.....172.16.0.1][36210] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....8] [ip4][..tcp] [.....172.16.0.1][36210] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....9] [ip4][..tcp] [.....172.16.0.1][36212] -> [..192.168.10.50][...80] - detected: [.....9] [ip4][..tcp] [.....172.16.0.1][36212] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....9] [ip4][..tcp] [.....172.16.0.1][36212] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address end: [.....1] [ip4][..tcp] [.....172.16.0.1][36196] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address diff --git a/test/results/flow-info/WebattackXSS.pcap.out b/test/results/flow-info/WebattackXSS.pcap.out index f3a126fe8..659a93532 100644 --- a/test/results/flow-info/WebattackXSS.pcap.out +++ b/test/results/flow-info/WebattackXSS.pcap.out @@ -2,13 +2,13 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....172.16.0.1][52098] -> [..192.168.10.50][...80] - detected: [.....1] [ip4][..tcp] [.....172.16.0.1][52098] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [.....172.16.0.1][52098] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....2] [ip4][..tcp] [.....172.16.0.1][52100] -> [..192.168.10.50][...80] new: [.....3] [ip4][..tcp] [.....172.16.0.1][52118] -> [..192.168.10.50][...80] new: [.....4] [ip4][..tcp] [.....172.16.0.1][52120] -> [..192.168.10.50][...80] new: [.....5] [ip4][..tcp] [.....172.16.0.1][52200] -> [..192.168.10.50][...80] - detected: [.....5] [ip4][..tcp] [.....172.16.0.1][52200] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....5] [ip4][..tcp] [.....172.16.0.1][52200] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [.....6] [ip4][..tcp] [.....172.16.0.1][52202] -> [..192.168.10.50][...80] new: [.....7] [ip4][..tcp] [.....172.16.0.1][52220] -> [..192.168.10.50][...80] @@ -24,7 +24,7 @@ [PKTLENS.....: 60,60,52,361,52,564,52,394,1184,417,793,440,1500,7978,52,52,52,52,363,557,52,393,557,52,611,415,52,409,573,52,52,52] [ENTROPIES...: 4.6,5.1,4.9,5.9,4.9,5.8,4.9,6.0,7.5,6.0,7.3,5.9,7.6,8.0,4.9,4.9,4.9,4.9,6.0,5.8,5.0,6.0,5.8,4.9,5.9,5.7,4.9,6.0,5.8,5.0,5.1,4.9] new: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] - detected: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [....10] [ip4][..tcp] [.....172.16.0.1][52300] -> [..192.168.10.50][...80] new: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80] @@ -39,9 +39,9 @@ [IATS(ms)....: 0.2,0.9,0.0,0.9,1.5,2.1,20.7,25.9,42.5,6.0,44.4,1.3,0.2,1.3,0.1,0.1,1.2,0.3,0.4,68.6,70.5,37.8,60.4,98.3,1.1,851.7,856.3,4.6,109.7,139.3,29.5] [PKTLENS.....: 60,60,52,361,52,564,52,394,1186,52,417,793,52,440,4396,4396,738,52,52,52,363,557,52,393,557,52,611,415,52,435,1856,52] [ENTROPIES...: 4.6,5.1,4.9,5.9,4.8,5.7,4.9,5.9,7.4,4.9,5.9,7.2,4.9,5.9,7.9,7.9,7.7,4.9,4.9,4.8,5.9,5.8,4.8,5.9,5.8,4.8,5.9,5.7,4.9,5.9,7.8,5.0] - detected: [....10] [ip4][..tcp] [.....172.16.0.1][52300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [....10] [ip4][..tcp] [.....172.16.0.1][52300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address - detected: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [....13] [ip4][..tcp] [.....172.16.0.1][52386] -> [..192.168.10.50][...80] new: [....14] [ip4][..tcp] [.....172.16.0.1][52400] -> [..192.168.10.50][...80] @@ -74,7 +74,7 @@ new: [....41] [ip4][..tcp] [.....172.16.0.1][52910] -> [..192.168.10.50][...80] new: [....42] [ip4][..tcp] [.....172.16.0.1][52924] -> [..192.168.10.50][...80] new: [....43] [ip4][..tcp] [.....172.16.0.1][52938] -> [..192.168.10.50][...80] - detected: [....41] [ip4][..tcp] [.....172.16.0.1][52910] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [....41] [ip4][..tcp] [.....172.16.0.1][52910] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [....44] [ip4][..tcp] [.....172.16.0.1][52964] -> [..192.168.10.50][...80] new: [....45] [ip4][..tcp] [.....172.16.0.1][52978] -> [..192.168.10.50][...80] @@ -105,11 +105,11 @@ new: [....60] [ip4][..tcp] [.....172.16.0.1][53260] -> [..192.168.10.50][...80] end: [.....1] [ip4][..tcp] [.....172.16.0.1][52098] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address - guessed: [.....2] [ip4][..tcp] [.....172.16.0.1][52100] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [.....2] [ip4][..tcp] [.....172.16.0.1][52100] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [.....2] [ip4][..tcp] [.....172.16.0.1][52100] -> [..192.168.10.50][...80] - guessed: [.....3] [ip4][..tcp] [.....172.16.0.1][52118] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [.....3] [ip4][..tcp] [.....172.16.0.1][52118] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [.....3] [ip4][..tcp] [.....172.16.0.1][52118] -> [..192.168.10.50][...80] - guessed: [.....4] [ip4][..tcp] [.....172.16.0.1][52120] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [.....4] [ip4][..tcp] [.....172.16.0.1][52120] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [.....4] [ip4][..tcp] [.....172.16.0.1][52120] -> [..192.168.10.50][...80] new: [....61] [ip4][..tcp] [.....172.16.0.1][53286] -> [..192.168.10.50][...80] new: [....62] [ip4][..tcp] [.....172.16.0.1][53300] -> [..192.168.10.50][...80] @@ -126,11 +126,11 @@ new: [....73] [ip4][..tcp] [.....172.16.0.1][53490] -> [..192.168.10.50][...80] end: [.....5] [ip4][..tcp] [.....172.16.0.1][52200] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address - guessed: [.....6] [ip4][..tcp] [.....172.16.0.1][52202] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [.....6] [ip4][..tcp] [.....172.16.0.1][52202] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [.....6] [ip4][..tcp] [.....172.16.0.1][52202] -> [..192.168.10.50][...80] - guessed: [.....7] [ip4][..tcp] [.....172.16.0.1][52220] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [.....7] [ip4][..tcp] [.....172.16.0.1][52220] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [.....7] [ip4][..tcp] [.....172.16.0.1][52220] -> [..192.168.10.50][...80] - guessed: [.....8] [ip4][..tcp] [.....172.16.0.1][52222] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [.....8] [ip4][..tcp] [.....172.16.0.1][52222] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [.....8] [ip4][..tcp] [.....172.16.0.1][52222] -> [..192.168.10.50][...80] new: [....74] [ip4][..tcp] [.....172.16.0.1][53516] -> [..192.168.10.50][...80] new: [....75] [ip4][..tcp] [.....172.16.0.1][53530] -> [..192.168.10.50][...80] @@ -139,7 +139,7 @@ new: [....78] [ip4][..tcp] [.....172.16.0.1][53584] -> [..192.168.10.50][...80] new: [....79] [ip4][..tcp] [.....172.16.0.1][53598] -> [..192.168.10.50][...80] new: [....80] [ip4][..tcp] [.....172.16.0.1][53624] -> [..192.168.10.50][...80] - detected: [....78] [ip4][..tcp] [.....172.16.0.1][53584] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [....78] [ip4][..tcp] [.....172.16.0.1][53584] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [....81] [ip4][..tcp] [.....172.16.0.1][53638] -> [..192.168.10.50][...80] new: [....82] [ip4][..tcp] [.....172.16.0.1][53664] -> [..192.168.10.50][...80] @@ -159,9 +159,9 @@ RISK: HTTP Numeric IP Address end: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address - guessed: [....12] [ip4][..tcp] [.....172.16.0.1][52320] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....12] [ip4][..tcp] [.....172.16.0.1][52320] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....12] [ip4][..tcp] [.....172.16.0.1][52320] -> [..192.168.10.50][...80] - guessed: [....13] [ip4][..tcp] [.....172.16.0.1][52386] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....13] [ip4][..tcp] [.....172.16.0.1][52386] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....13] [ip4][..tcp] [.....172.16.0.1][52386] -> [..192.168.10.50][...80] new: [....85] [ip4][..tcp] [.....172.16.0.1][53718] -> [..192.168.10.50][...80] new: [....86] [ip4][..tcp] [.....172.16.0.1][53732] -> [..192.168.10.50][...80] @@ -169,17 +169,17 @@ new: [....88] [ip4][..tcp] [.....172.16.0.1][53772] -> [..192.168.10.50][...80] new: [....89] [ip4][..tcp] [.....172.16.0.1][53786] -> [..192.168.10.50][...80] new: [....90] [ip4][..tcp] [.....172.16.0.1][53812] -> [..192.168.10.50][...80] - guessed: [....14] [ip4][..tcp] [.....172.16.0.1][52400] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....14] [ip4][..tcp] [.....172.16.0.1][52400] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....14] [ip4][..tcp] [.....172.16.0.1][52400] -> [..192.168.10.50][...80] - guessed: [....15] [ip4][..tcp] [.....172.16.0.1][52414] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....15] [ip4][..tcp] [.....172.16.0.1][52414] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....15] [ip4][..tcp] [.....172.16.0.1][52414] -> [..192.168.10.50][...80] - guessed: [....16] [ip4][..tcp] [.....172.16.0.1][52440] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....16] [ip4][..tcp] [.....172.16.0.1][52440] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....16] [ip4][..tcp] [.....172.16.0.1][52440] -> [..192.168.10.50][...80] - guessed: [....17] [ip4][..tcp] [.....172.16.0.1][52454] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....17] [ip4][..tcp] [.....172.16.0.1][52454] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....17] [ip4][..tcp] [.....172.16.0.1][52454] -> [..192.168.10.50][...80] - guessed: [....18] [ip4][..tcp] [.....172.16.0.1][52480] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....18] [ip4][..tcp] [.....172.16.0.1][52480] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....18] [ip4][..tcp] [.....172.16.0.1][52480] -> [..192.168.10.50][...80] - guessed: [....19] [ip4][..tcp] [.....172.16.0.1][52494] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....19] [ip4][..tcp] [.....172.16.0.1][52494] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....19] [ip4][..tcp] [.....172.16.0.1][52494] -> [..192.168.10.50][...80] new: [....91] [ip4][..tcp] [.....172.16.0.1][53826] -> [..192.168.10.50][...80] new: [....92] [ip4][..tcp] [.....172.16.0.1][53852] -> [..192.168.10.50][...80] @@ -187,32 +187,32 @@ new: [....94] [ip4][..tcp] [.....172.16.0.1][53880] -> [..192.168.10.50][...80] new: [....95] [ip4][..tcp] [.....172.16.0.1][53906] -> [..192.168.10.50][...80] new: [....96] [ip4][..tcp] [.....172.16.0.1][53920] -> [..192.168.10.50][...80] - guessed: [....20] [ip4][..tcp] [.....172.16.0.1][52508] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....20] [ip4][..tcp] [.....172.16.0.1][52508] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....20] [ip4][..tcp] [.....172.16.0.1][52508] -> [..192.168.10.50][...80] - guessed: [....21] [ip4][..tcp] [.....172.16.0.1][52534] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....21] [ip4][..tcp] [.....172.16.0.1][52534] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....21] [ip4][..tcp] [.....172.16.0.1][52534] -> [..192.168.10.50][...80] - guessed: [....22] [ip4][..tcp] [.....172.16.0.1][52548] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....22] [ip4][..tcp] [.....172.16.0.1][52548] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....22] [ip4][..tcp] [.....172.16.0.1][52548] -> [..192.168.10.50][...80] - guessed: [....23] [ip4][..tcp] [.....172.16.0.1][52574] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....23] [ip4][..tcp] [.....172.16.0.1][52574] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....23] [ip4][..tcp] [.....172.16.0.1][52574] -> [..192.168.10.50][...80] - guessed: [....24] [ip4][..tcp] [.....172.16.0.1][52588] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....24] [ip4][..tcp] [.....172.16.0.1][52588] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....24] [ip4][..tcp] [.....172.16.0.1][52588] -> [..192.168.10.50][...80] - guessed: [....25] [ip4][..tcp] [.....172.16.0.1][52602] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....25] [ip4][..tcp] [.....172.16.0.1][52602] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....25] [ip4][..tcp] [.....172.16.0.1][52602] -> [..192.168.10.50][...80] new: [....97] [ip4][..tcp] [.....172.16.0.1][53946] -> [..192.168.10.50][...80] new: [....98] [ip4][..tcp] [.....172.16.0.1][53960] -> [..192.168.10.50][...80] new: [....99] [ip4][..tcp] [.....172.16.0.1][53974] -> [..192.168.10.50][...80] new: [...100] [ip4][..tcp] [.....172.16.0.1][54000] -> [..192.168.10.50][...80] new: [...101] [ip4][..tcp] [.....172.16.0.1][54014] -> [..192.168.10.50][...80] - guessed: [....26] [ip4][..tcp] [.....172.16.0.1][52628] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....26] [ip4][..tcp] [.....172.16.0.1][52628] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....26] [ip4][..tcp] [.....172.16.0.1][52628] -> [..192.168.10.50][...80] - guessed: [....27] [ip4][..tcp] [.....172.16.0.1][52642] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....27] [ip4][..tcp] [.....172.16.0.1][52642] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....27] [ip4][..tcp] [.....172.16.0.1][52642] -> [..192.168.10.50][...80] - guessed: [....28] [ip4][..tcp] [.....172.16.0.1][52668] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....28] [ip4][..tcp] [.....172.16.0.1][52668] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....28] [ip4][..tcp] [.....172.16.0.1][52668] -> [..192.168.10.50][...80] - guessed: [....29] [ip4][..tcp] [.....172.16.0.1][52682] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....29] [ip4][..tcp] [.....172.16.0.1][52682] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....29] [ip4][..tcp] [.....172.16.0.1][52682] -> [..192.168.10.50][...80] - guessed: [....30] [ip4][..tcp] [.....172.16.0.1][52696] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....30] [ip4][..tcp] [.....172.16.0.1][52696] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....30] [ip4][..tcp] [.....172.16.0.1][52696] -> [..192.168.10.50][...80] new: [...102] [ip4][..tcp] [.....172.16.0.1][54040] -> [..192.168.10.50][...80] new: [...103] [ip4][..tcp] [.....172.16.0.1][54054] -> [..192.168.10.50][...80] @@ -220,17 +220,17 @@ new: [...105] [ip4][..tcp] [.....172.16.0.1][54094] -> [..192.168.10.50][...80] new: [...106] [ip4][..tcp] [.....172.16.0.1][54108] -> [..192.168.10.50][...80] new: [...107] [ip4][..tcp] [.....172.16.0.1][54134] -> [..192.168.10.50][...80] - guessed: [....36] [ip4][..tcp] [.....172.16.0.1][52816] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....36] [ip4][..tcp] [.....172.16.0.1][52816] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....36] [ip4][..tcp] [.....172.16.0.1][52816] -> [..192.168.10.50][...80] - guessed: [....31] [ip4][..tcp] [.....172.16.0.1][52722] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....31] [ip4][..tcp] [.....172.16.0.1][52722] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....31] [ip4][..tcp] [.....172.16.0.1][52722] -> [..192.168.10.50][...80] - guessed: [....32] [ip4][..tcp] [.....172.16.0.1][52736] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....32] [ip4][..tcp] [.....172.16.0.1][52736] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....32] [ip4][..tcp] [.....172.16.0.1][52736] -> [..192.168.10.50][...80] - guessed: [....33] [ip4][..tcp] [.....172.16.0.1][52750] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....33] [ip4][..tcp] [.....172.16.0.1][52750] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....33] [ip4][..tcp] [.....172.16.0.1][52750] -> [..192.168.10.50][...80] - guessed: [....34] [ip4][..tcp] [.....172.16.0.1][52776] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....34] [ip4][..tcp] [.....172.16.0.1][52776] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....34] [ip4][..tcp] [.....172.16.0.1][52776] -> [..192.168.10.50][...80] - guessed: [....35] [ip4][..tcp] [.....172.16.0.1][52790] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....35] [ip4][..tcp] [.....172.16.0.1][52790] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....35] [ip4][..tcp] [.....172.16.0.1][52790] -> [..192.168.10.50][...80] new: [...108] [ip4][..tcp] [.....172.16.0.1][54148] -> [..192.168.10.50][...80] new: [...109] [ip4][..tcp] [.....172.16.0.1][54162] -> [..192.168.10.50][...80] @@ -238,36 +238,36 @@ new: [...111] [ip4][..tcp] [.....172.16.0.1][54202] -> [..192.168.10.50][...80] new: [...112] [ip4][..tcp] [.....172.16.0.1][54228] -> [..192.168.10.50][...80] new: [...113] [ip4][..tcp] [.....172.16.0.1][54242] -> [..192.168.10.50][...80] - guessed: [....37] [ip4][..tcp] [.....172.16.0.1][52830] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....37] [ip4][..tcp] [.....172.16.0.1][52830] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....37] [ip4][..tcp] [.....172.16.0.1][52830] -> [..192.168.10.50][...80] - guessed: [....38] [ip4][..tcp] [.....172.16.0.1][52856] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....38] [ip4][..tcp] [.....172.16.0.1][52856] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....38] [ip4][..tcp] [.....172.16.0.1][52856] -> [..192.168.10.50][...80] - guessed: [....39] [ip4][..tcp] [.....172.16.0.1][52870] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....39] [ip4][..tcp] [.....172.16.0.1][52870] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....39] [ip4][..tcp] [.....172.16.0.1][52870] -> [..192.168.10.50][...80] - guessed: [....40] [ip4][..tcp] [.....172.16.0.1][52884] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....40] [ip4][..tcp] [.....172.16.0.1][52884] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....40] [ip4][..tcp] [.....172.16.0.1][52884] -> [..192.168.10.50][...80] - guessed: [....42] [ip4][..tcp] [.....172.16.0.1][52924] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....42] [ip4][..tcp] [.....172.16.0.1][52924] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....42] [ip4][..tcp] [.....172.16.0.1][52924] -> [..192.168.10.50][...80] end: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address new: [...114] [ip4][..tcp] [.....172.16.0.1][54268] -> [..192.168.10.50][...80] new: [...115] [ip4][..tcp] [.....172.16.0.1][54282] -> [..192.168.10.50][...80] new: [...116] [ip4][..tcp] [.....172.16.0.1][54296] -> [..192.168.10.50][...80] - detected: [...114] [ip4][..tcp] [.....172.16.0.1][54268] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...114] [ip4][..tcp] [.....172.16.0.1][54268] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...117] [ip4][..tcp] [.....172.16.0.1][54322] -> [..192.168.10.50][...80] new: [...118] [ip4][..tcp] [.....172.16.0.1][54336] -> [..192.168.10.50][...80] - guessed: [....43] [ip4][..tcp] [.....172.16.0.1][52938] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....43] [ip4][..tcp] [.....172.16.0.1][52938] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....43] [ip4][..tcp] [.....172.16.0.1][52938] -> [..192.168.10.50][...80] - guessed: [....44] [ip4][..tcp] [.....172.16.0.1][52964] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....44] [ip4][..tcp] [.....172.16.0.1][52964] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....44] [ip4][..tcp] [.....172.16.0.1][52964] -> [..192.168.10.50][...80] - guessed: [....45] [ip4][..tcp] [.....172.16.0.1][52978] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....45] [ip4][..tcp] [.....172.16.0.1][52978] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....45] [ip4][..tcp] [.....172.16.0.1][52978] -> [..192.168.10.50][...80] - guessed: [....46] [ip4][..tcp] [.....172.16.0.1][53004] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....46] [ip4][..tcp] [.....172.16.0.1][53004] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....46] [ip4][..tcp] [.....172.16.0.1][53004] -> [..192.168.10.50][...80] - guessed: [....47] [ip4][..tcp] [.....172.16.0.1][53018] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....47] [ip4][..tcp] [.....172.16.0.1][53018] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....47] [ip4][..tcp] [.....172.16.0.1][53018] -> [..192.168.10.50][...80] - guessed: [....48] [ip4][..tcp] [.....172.16.0.1][53032] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....48] [ip4][..tcp] [.....172.16.0.1][53032] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....48] [ip4][..tcp] [.....172.16.0.1][53032] -> [..192.168.10.50][...80] new: [...119] [ip4][..tcp] [.....172.16.0.1][54362] -> [..192.168.10.50][...80] analyse: [...114] [ip4][..tcp] [.....172.16.0.1][54268] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -285,15 +285,15 @@ new: [...122] [ip4][..tcp] [.....172.16.0.1][54416] -> [..192.168.10.50][...80] new: [...123] [ip4][..tcp] [.....172.16.0.1][54430] -> [..192.168.10.50][...80] new: [...124] [ip4][..tcp] [.....172.16.0.1][54456] -> [..192.168.10.50][...80] - guessed: [....49] [ip4][..tcp] [.....172.16.0.1][53058] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....49] [ip4][..tcp] [.....172.16.0.1][53058] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....49] [ip4][..tcp] [.....172.16.0.1][53058] -> [..192.168.10.50][...80] - guessed: [....50] [ip4][..tcp] [.....172.16.0.1][53072] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....50] [ip4][..tcp] [.....172.16.0.1][53072] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....50] [ip4][..tcp] [.....172.16.0.1][53072] -> [..192.168.10.50][...80] - guessed: [....51] [ip4][..tcp] [.....172.16.0.1][53098] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....51] [ip4][..tcp] [.....172.16.0.1][53098] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....51] [ip4][..tcp] [.....172.16.0.1][53098] -> [..192.168.10.50][...80] - guessed: [....52] [ip4][..tcp] [.....172.16.0.1][53112] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....52] [ip4][..tcp] [.....172.16.0.1][53112] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....52] [ip4][..tcp] [.....172.16.0.1][53112] -> [..192.168.10.50][...80] - guessed: [....53] [ip4][..tcp] [.....172.16.0.1][53126] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....53] [ip4][..tcp] [.....172.16.0.1][53126] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....53] [ip4][..tcp] [.....172.16.0.1][53126] -> [..192.168.10.50][...80] new: [...125] [ip4][..tcp] [.....172.16.0.1][54470] -> [..192.168.10.50][...80] new: [...126] [ip4][..tcp] [.....172.16.0.1][54484] -> [..192.168.10.50][...80] @@ -302,19 +302,19 @@ new: [...129] [ip4][..tcp] [.....172.16.0.1][54538] -> [..192.168.10.50][...80] new: [...130] [ip4][..tcp] [.....172.16.0.1][54552] -> [..192.168.10.50][...80] new: [...131] [ip4][..tcp] [.....172.16.0.1][54566] -> [..192.168.10.50][...80] - guessed: [....54] [ip4][..tcp] [.....172.16.0.1][53152] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....54] [ip4][..tcp] [.....172.16.0.1][53152] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....54] [ip4][..tcp] [.....172.16.0.1][53152] -> [..192.168.10.50][...80] - guessed: [....55] [ip4][..tcp] [.....172.16.0.1][53166] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....55] [ip4][..tcp] [.....172.16.0.1][53166] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....55] [ip4][..tcp] [.....172.16.0.1][53166] -> [..192.168.10.50][...80] - guessed: [....56] [ip4][..tcp] [.....172.16.0.1][53192] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....56] [ip4][..tcp] [.....172.16.0.1][53192] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....56] [ip4][..tcp] [.....172.16.0.1][53192] -> [..192.168.10.50][...80] - guessed: [....57] [ip4][..tcp] [.....172.16.0.1][53206] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....57] [ip4][..tcp] [.....172.16.0.1][53206] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....57] [ip4][..tcp] [.....172.16.0.1][53206] -> [..192.168.10.50][...80] - guessed: [....58] [ip4][..tcp] [.....172.16.0.1][53220] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....58] [ip4][..tcp] [.....172.16.0.1][53220] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....58] [ip4][..tcp] [.....172.16.0.1][53220] -> [..192.168.10.50][...80] - guessed: [....59] [ip4][..tcp] [.....172.16.0.1][53246] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....59] [ip4][..tcp] [.....172.16.0.1][53246] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....59] [ip4][..tcp] [.....172.16.0.1][53246] -> [..192.168.10.50][...80] - guessed: [....60] [ip4][..tcp] [.....172.16.0.1][53260] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....60] [ip4][..tcp] [.....172.16.0.1][53260] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....60] [ip4][..tcp] [.....172.16.0.1][53260] -> [..192.168.10.50][...80] new: [...132] [ip4][..tcp] [.....172.16.0.1][54580] -> [..192.168.10.50][...80] new: [...133] [ip4][..tcp] [.....172.16.0.1][54606] -> [..192.168.10.50][...80] @@ -322,15 +322,15 @@ new: [...135] [ip4][..tcp] [.....172.16.0.1][54634] -> [..192.168.10.50][...80] new: [...136] [ip4][..tcp] [.....172.16.0.1][54660] -> [..192.168.10.50][...80] new: [...137] [ip4][..tcp] [.....172.16.0.1][54674] -> [..192.168.10.50][...80] - guessed: [....61] [ip4][..tcp] [.....172.16.0.1][53286] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....61] [ip4][..tcp] [.....172.16.0.1][53286] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....61] [ip4][..tcp] [.....172.16.0.1][53286] -> [..192.168.10.50][...80] - guessed: [....62] [ip4][..tcp] [.....172.16.0.1][53300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....62] [ip4][..tcp] [.....172.16.0.1][53300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....62] [ip4][..tcp] [.....172.16.0.1][53300] -> [..192.168.10.50][...80] - guessed: [....63] [ip4][..tcp] [.....172.16.0.1][53314] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....63] [ip4][..tcp] [.....172.16.0.1][53314] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....63] [ip4][..tcp] [.....172.16.0.1][53314] -> [..192.168.10.50][...80] - guessed: [....64] [ip4][..tcp] [.....172.16.0.1][53340] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....64] [ip4][..tcp] [.....172.16.0.1][53340] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....64] [ip4][..tcp] [.....172.16.0.1][53340] -> [..192.168.10.50][...80] - guessed: [....65] [ip4][..tcp] [.....172.16.0.1][53354] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....65] [ip4][..tcp] [.....172.16.0.1][53354] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....65] [ip4][..tcp] [.....172.16.0.1][53354] -> [..192.168.10.50][...80] new: [...138] [ip4][..tcp] [.....172.16.0.1][54688] -> [..192.168.10.50][...80] new: [...139] [ip4][..tcp] [.....172.16.0.1][54714] -> [..192.168.10.50][...80] @@ -338,17 +338,17 @@ new: [...141] [ip4][..tcp] [.....172.16.0.1][54742] -> [..192.168.10.50][...80] new: [...142] [ip4][..tcp] [.....172.16.0.1][54768] -> [..192.168.10.50][...80] new: [...143] [ip4][..tcp] [.....172.16.0.1][54782] -> [..192.168.10.50][...80] - guessed: [....66] [ip4][..tcp] [.....172.16.0.1][53380] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....66] [ip4][..tcp] [.....172.16.0.1][53380] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....66] [ip4][..tcp] [.....172.16.0.1][53380] -> [..192.168.10.50][...80] - guessed: [....67] [ip4][..tcp] [.....172.16.0.1][53394] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....67] [ip4][..tcp] [.....172.16.0.1][53394] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....67] [ip4][..tcp] [.....172.16.0.1][53394] -> [..192.168.10.50][...80] - guessed: [....68] [ip4][..tcp] [.....172.16.0.1][53408] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....68] [ip4][..tcp] [.....172.16.0.1][53408] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....68] [ip4][..tcp] [.....172.16.0.1][53408] -> [..192.168.10.50][...80] - guessed: [....69] [ip4][..tcp] [.....172.16.0.1][53422] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....69] [ip4][..tcp] [.....172.16.0.1][53422] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....69] [ip4][..tcp] [.....172.16.0.1][53422] -> [..192.168.10.50][...80] - guessed: [....70] [ip4][..tcp] [.....172.16.0.1][53436] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....70] [ip4][..tcp] [.....172.16.0.1][53436] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....70] [ip4][..tcp] [.....172.16.0.1][53436] -> [..192.168.10.50][...80] - guessed: [....71] [ip4][..tcp] [.....172.16.0.1][53450] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....71] [ip4][..tcp] [.....172.16.0.1][53450] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....71] [ip4][..tcp] [.....172.16.0.1][53450] -> [..192.168.10.50][...80] new: [...144] [ip4][..tcp] [.....172.16.0.1][54808] -> [..192.168.10.50][...80] new: [...145] [ip4][..tcp] [.....172.16.0.1][54822] -> [..192.168.10.50][...80] @@ -358,34 +358,34 @@ new: [...149] [ip4][..tcp] [.....172.16.0.1][54890] -> [..192.168.10.50][...80] end: [....41] [ip4][..tcp] [.....172.16.0.1][52910] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address - guessed: [....72] [ip4][..tcp] [.....172.16.0.1][53476] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....72] [ip4][..tcp] [.....172.16.0.1][53476] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....72] [ip4][..tcp] [.....172.16.0.1][53476] -> [..192.168.10.50][...80] - guessed: [....73] [ip4][..tcp] [.....172.16.0.1][53490] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....73] [ip4][..tcp] [.....172.16.0.1][53490] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....73] [ip4][..tcp] [.....172.16.0.1][53490] -> [..192.168.10.50][...80] - guessed: [....74] [ip4][..tcp] [.....172.16.0.1][53516] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....74] [ip4][..tcp] [.....172.16.0.1][53516] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....74] [ip4][..tcp] [.....172.16.0.1][53516] -> [..192.168.10.50][...80] - guessed: [....75] [ip4][..tcp] [.....172.16.0.1][53530] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....75] [ip4][..tcp] [.....172.16.0.1][53530] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....75] [ip4][..tcp] [.....172.16.0.1][53530] -> [..192.168.10.50][...80] - guessed: [....76] [ip4][..tcp] [.....172.16.0.1][53544] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....76] [ip4][..tcp] [.....172.16.0.1][53544] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....76] [ip4][..tcp] [.....172.16.0.1][53544] -> [..192.168.10.50][...80] - guessed: [....77] [ip4][..tcp] [.....172.16.0.1][53570] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....77] [ip4][..tcp] [.....172.16.0.1][53570] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....77] [ip4][..tcp] [.....172.16.0.1][53570] -> [..192.168.10.50][...80] new: [...150] [ip4][..tcp] [.....172.16.0.1][54916] -> [..192.168.10.50][...80] new: [...151] [ip4][..tcp] [.....172.16.0.1][54930] -> [..192.168.10.50][...80] new: [...152] [ip4][..tcp] [.....172.16.0.1][54956] -> [..192.168.10.50][...80] new: [...153] [ip4][..tcp] [.....172.16.0.1][54970] -> [..192.168.10.50][...80] new: [...154] [ip4][..tcp] [.....172.16.0.1][54984] -> [..192.168.10.50][...80] - detected: [...152] [ip4][..tcp] [.....172.16.0.1][54956] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...152] [ip4][..tcp] [.....172.16.0.1][54956] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address - guessed: [....79] [ip4][..tcp] [.....172.16.0.1][53598] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....79] [ip4][..tcp] [.....172.16.0.1][53598] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....79] [ip4][..tcp] [.....172.16.0.1][53598] -> [..192.168.10.50][...80] - guessed: [....80] [ip4][..tcp] [.....172.16.0.1][53624] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....80] [ip4][..tcp] [.....172.16.0.1][53624] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....80] [ip4][..tcp] [.....172.16.0.1][53624] -> [..192.168.10.50][...80] - guessed: [....81] [ip4][..tcp] [.....172.16.0.1][53638] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....81] [ip4][..tcp] [.....172.16.0.1][53638] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....81] [ip4][..tcp] [.....172.16.0.1][53638] -> [..192.168.10.50][...80] - guessed: [....82] [ip4][..tcp] [.....172.16.0.1][53664] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....82] [ip4][..tcp] [.....172.16.0.1][53664] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....82] [ip4][..tcp] [.....172.16.0.1][53664] -> [..192.168.10.50][...80] - guessed: [....83] [ip4][..tcp] [.....172.16.0.1][53678] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....83] [ip4][..tcp] [.....172.16.0.1][53678] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....83] [ip4][..tcp] [.....172.16.0.1][53678] -> [..192.168.10.50][...80] new: [...155] [ip4][..tcp] [.....172.16.0.1][55010] -> [..192.168.10.50][...80] new: [...156] [ip4][..tcp] [.....172.16.0.1][55024] -> [..192.168.10.50][...80] @@ -403,15 +403,15 @@ new: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] new: [...159] [ip4][..tcp] [.....172.16.0.1][55078] -> [..192.168.10.50][...80] new: [...160] [ip4][..tcp] [.....172.16.0.1][55092] -> [..192.168.10.50][...80] - guessed: [....84] [ip4][..tcp] [.....172.16.0.1][53692] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....84] [ip4][..tcp] [.....172.16.0.1][53692] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....84] [ip4][..tcp] [.....172.16.0.1][53692] -> [..192.168.10.50][...80] - guessed: [....85] [ip4][..tcp] [.....172.16.0.1][53718] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....85] [ip4][..tcp] [.....172.16.0.1][53718] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....85] [ip4][..tcp] [.....172.16.0.1][53718] -> [..192.168.10.50][...80] - guessed: [....86] [ip4][..tcp] [.....172.16.0.1][53732] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....86] [ip4][..tcp] [.....172.16.0.1][53732] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....86] [ip4][..tcp] [.....172.16.0.1][53732] -> [..192.168.10.50][...80] - guessed: [....87] [ip4][..tcp] [.....172.16.0.1][53758] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....87] [ip4][..tcp] [.....172.16.0.1][53758] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....87] [ip4][..tcp] [.....172.16.0.1][53758] -> [..192.168.10.50][...80] - guessed: [....88] [ip4][..tcp] [.....172.16.0.1][53772] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....88] [ip4][..tcp] [.....172.16.0.1][53772] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....88] [ip4][..tcp] [.....172.16.0.1][53772] -> [..192.168.10.50][...80] new: [...161] [ip4][..tcp] [.....172.16.0.1][55118] -> [..192.168.10.50][...80] new: [...162] [ip4][..tcp] [.....172.16.0.1][55132] -> [..192.168.10.50][...80] @@ -419,17 +419,17 @@ new: [...164] [ip4][..tcp] [.....172.16.0.1][55172] -> [..192.168.10.50][...80] new: [...165] [ip4][..tcp] [.....172.16.0.1][55186] -> [..192.168.10.50][...80] new: [...166] [ip4][..tcp] [.....172.16.0.1][55212] -> [..192.168.10.50][...80] - guessed: [....89] [ip4][..tcp] [.....172.16.0.1][53786] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....89] [ip4][..tcp] [.....172.16.0.1][53786] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....89] [ip4][..tcp] [.....172.16.0.1][53786] -> [..192.168.10.50][...80] - guessed: [....90] [ip4][..tcp] [.....172.16.0.1][53812] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....90] [ip4][..tcp] [.....172.16.0.1][53812] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....90] [ip4][..tcp] [.....172.16.0.1][53812] -> [..192.168.10.50][...80] - guessed: [....91] [ip4][..tcp] [.....172.16.0.1][53826] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....91] [ip4][..tcp] [.....172.16.0.1][53826] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....91] [ip4][..tcp] [.....172.16.0.1][53826] -> [..192.168.10.50][...80] - guessed: [....92] [ip4][..tcp] [.....172.16.0.1][53852] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....92] [ip4][..tcp] [.....172.16.0.1][53852] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....92] [ip4][..tcp] [.....172.16.0.1][53852] -> [..192.168.10.50][...80] - guessed: [....93] [ip4][..tcp] [.....172.16.0.1][53866] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....93] [ip4][..tcp] [.....172.16.0.1][53866] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....93] [ip4][..tcp] [.....172.16.0.1][53866] -> [..192.168.10.50][...80] - guessed: [....94] [ip4][..tcp] [.....172.16.0.1][53880] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....94] [ip4][..tcp] [.....172.16.0.1][53880] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....94] [ip4][..tcp] [.....172.16.0.1][53880] -> [..192.168.10.50][...80] new: [...167] [ip4][..tcp] [.....172.16.0.1][55226] -> [..192.168.10.50][...80] new: [...168] [ip4][..tcp] [.....172.16.0.1][55240] -> [..192.168.10.50][...80] @@ -437,17 +437,17 @@ new: [...170] [ip4][..tcp] [.....172.16.0.1][55280] -> [..192.168.10.50][...80] new: [...171] [ip4][..tcp] [.....172.16.0.1][55294] -> [..192.168.10.50][...80] new: [...172] [ip4][..tcp] [.....172.16.0.1][55320] -> [..192.168.10.50][...80] - guessed: [....95] [ip4][..tcp] [.....172.16.0.1][53906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....95] [ip4][..tcp] [.....172.16.0.1][53906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....95] [ip4][..tcp] [.....172.16.0.1][53906] -> [..192.168.10.50][...80] - guessed: [....96] [ip4][..tcp] [.....172.16.0.1][53920] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....96] [ip4][..tcp] [.....172.16.0.1][53920] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....96] [ip4][..tcp] [.....172.16.0.1][53920] -> [..192.168.10.50][...80] - guessed: [....97] [ip4][..tcp] [.....172.16.0.1][53946] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....97] [ip4][..tcp] [.....172.16.0.1][53946] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....97] [ip4][..tcp] [.....172.16.0.1][53946] -> [..192.168.10.50][...80] - guessed: [....98] [ip4][..tcp] [.....172.16.0.1][53960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....98] [ip4][..tcp] [.....172.16.0.1][53960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....98] [ip4][..tcp] [.....172.16.0.1][53960] -> [..192.168.10.50][...80] - guessed: [....99] [ip4][..tcp] [.....172.16.0.1][53974] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [....99] [ip4][..tcp] [.....172.16.0.1][53974] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [....99] [ip4][..tcp] [.....172.16.0.1][53974] -> [..192.168.10.50][...80] - guessed: [...100] [ip4][..tcp] [.....172.16.0.1][54000] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...100] [ip4][..tcp] [.....172.16.0.1][54000] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...100] [ip4][..tcp] [.....172.16.0.1][54000] -> [..192.168.10.50][...80] new: [...173] [ip4][..tcp] [.....172.16.0.1][55334] -> [..192.168.10.50][...80] new: [...174] [ip4][..tcp] [.....172.16.0.1][55348] -> [..192.168.10.50][...80] @@ -456,17 +456,17 @@ new: [...177] [ip4][..tcp] [.....172.16.0.1][55390] -> [..192.168.10.50][...80] new: [...178] [ip4][..tcp] [.....172.16.0.1][55416] -> [..192.168.10.50][...80] new: [...179] [ip4][..tcp] [.....172.16.0.1][55430] -> [..192.168.10.50][...80] - guessed: [...101] [ip4][..tcp] [.....172.16.0.1][54014] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...101] [ip4][..tcp] [.....172.16.0.1][54014] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...101] [ip4][..tcp] [.....172.16.0.1][54014] -> [..192.168.10.50][...80] - guessed: [...102] [ip4][..tcp] [.....172.16.0.1][54040] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...102] [ip4][..tcp] [.....172.16.0.1][54040] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...102] [ip4][..tcp] [.....172.16.0.1][54040] -> [..192.168.10.50][...80] - guessed: [...103] [ip4][..tcp] [.....172.16.0.1][54054] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...103] [ip4][..tcp] [.....172.16.0.1][54054] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...103] [ip4][..tcp] [.....172.16.0.1][54054] -> [..192.168.10.50][...80] - guessed: [...104] [ip4][..tcp] [.....172.16.0.1][54068] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...104] [ip4][..tcp] [.....172.16.0.1][54068] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...104] [ip4][..tcp] [.....172.16.0.1][54068] -> [..192.168.10.50][...80] - guessed: [...105] [ip4][..tcp] [.....172.16.0.1][54094] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...105] [ip4][..tcp] [.....172.16.0.1][54094] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...105] [ip4][..tcp] [.....172.16.0.1][54094] -> [..192.168.10.50][...80] - guessed: [...106] [ip4][..tcp] [.....172.16.0.1][54108] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...106] [ip4][..tcp] [.....172.16.0.1][54108] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...106] [ip4][..tcp] [.....172.16.0.1][54108] -> [..192.168.10.50][...80] new: [...180] [ip4][..tcp] [.....172.16.0.1][55444] -> [..192.168.10.50][...80] new: [...181] [ip4][..tcp] [.....172.16.0.1][55470] -> [..192.168.10.50][...80] @@ -474,15 +474,15 @@ new: [...183] [ip4][..tcp] [.....172.16.0.1][55510] -> [..192.168.10.50][...80] new: [...184] [ip4][..tcp] [.....172.16.0.1][55524] -> [..192.168.10.50][...80] new: [...185] [ip4][..tcp] [.....172.16.0.1][55538] -> [..192.168.10.50][...80] - guessed: [...107] [ip4][..tcp] [.....172.16.0.1][54134] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...107] [ip4][..tcp] [.....172.16.0.1][54134] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...107] [ip4][..tcp] [.....172.16.0.1][54134] -> [..192.168.10.50][...80] - guessed: [...108] [ip4][..tcp] [.....172.16.0.1][54148] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...108] [ip4][..tcp] [.....172.16.0.1][54148] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...108] [ip4][..tcp] [.....172.16.0.1][54148] -> [..192.168.10.50][...80] - guessed: [...109] [ip4][..tcp] [.....172.16.0.1][54162] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...109] [ip4][..tcp] [.....172.16.0.1][54162] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...109] [ip4][..tcp] [.....172.16.0.1][54162] -> [..192.168.10.50][...80] - guessed: [...110] [ip4][..tcp] [.....172.16.0.1][54188] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...110] [ip4][..tcp] [.....172.16.0.1][54188] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...110] [ip4][..tcp] [.....172.16.0.1][54188] -> [..192.168.10.50][...80] - guessed: [...111] [ip4][..tcp] [.....172.16.0.1][54202] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...111] [ip4][..tcp] [.....172.16.0.1][54202] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...111] [ip4][..tcp] [.....172.16.0.1][54202] -> [..192.168.10.50][...80] new: [...186] [ip4][..tcp] [.....172.16.0.1][55564] -> [..192.168.10.50][...80] new: [...187] [ip4][..tcp] [.....172.16.0.1][55578] -> [..192.168.10.50][...80] @@ -492,16 +492,16 @@ new: [...191] [ip4][..tcp] [.....172.16.0.1][55646] -> [..192.168.10.50][...80] end: [....78] [ip4][..tcp] [.....172.16.0.1][53584] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address - guessed: [...112] [ip4][..tcp] [.....172.16.0.1][54228] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...112] [ip4][..tcp] [.....172.16.0.1][54228] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...112] [ip4][..tcp] [.....172.16.0.1][54228] -> [..192.168.10.50][...80] - guessed: [...113] [ip4][..tcp] [.....172.16.0.1][54242] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...113] [ip4][..tcp] [.....172.16.0.1][54242] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...113] [ip4][..tcp] [.....172.16.0.1][54242] -> [..192.168.10.50][...80] - guessed: [...115] [ip4][..tcp] [.....172.16.0.1][54282] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...115] [ip4][..tcp] [.....172.16.0.1][54282] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...115] [ip4][..tcp] [.....172.16.0.1][54282] -> [..192.168.10.50][...80] - guessed: [...116] [ip4][..tcp] [.....172.16.0.1][54296] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...116] [ip4][..tcp] [.....172.16.0.1][54296] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...116] [ip4][..tcp] [.....172.16.0.1][54296] -> [..192.168.10.50][...80] new: [...192] [ip4][..tcp] [.....172.16.0.1][55672] -> [..192.168.10.50][...80] - detected: [...190] [ip4][..tcp] [.....172.16.0.1][55632] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...190] [ip4][..tcp] [.....172.16.0.1][55632] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...193] [ip4][..tcp] [.....172.16.0.1][55686] -> [..192.168.10.50][...80] new: [...194] [ip4][..tcp] [.....172.16.0.1][55700] -> [..192.168.10.50][...80] @@ -517,19 +517,19 @@ [PKTLENS.....: 60,60,52,637,52,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435] [ENTROPIES...: 4.6,5.0,4.9,6.0,4.9,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,5.0,6.1,7.8,5.0,5.9,7.7,4.8,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9] new: [...196] [ip4][..tcp] [.....172.16.0.1][55740] -> [..192.168.10.50][...80] - guessed: [...117] [ip4][..tcp] [.....172.16.0.1][54322] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...117] [ip4][..tcp] [.....172.16.0.1][54322] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...117] [ip4][..tcp] [.....172.16.0.1][54322] -> [..192.168.10.50][...80] - guessed: [...118] [ip4][..tcp] [.....172.16.0.1][54336] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...118] [ip4][..tcp] [.....172.16.0.1][54336] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...118] [ip4][..tcp] [.....172.16.0.1][54336] -> [..192.168.10.50][...80] - guessed: [...119] [ip4][..tcp] [.....172.16.0.1][54362] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...119] [ip4][..tcp] [.....172.16.0.1][54362] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...119] [ip4][..tcp] [.....172.16.0.1][54362] -> [..192.168.10.50][...80] - guessed: [...120] [ip4][..tcp] [.....172.16.0.1][54376] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...120] [ip4][..tcp] [.....172.16.0.1][54376] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...120] [ip4][..tcp] [.....172.16.0.1][54376] -> [..192.168.10.50][...80] - guessed: [...121] [ip4][..tcp] [.....172.16.0.1][54390] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...121] [ip4][..tcp] [.....172.16.0.1][54390] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...121] [ip4][..tcp] [.....172.16.0.1][54390] -> [..192.168.10.50][...80] - guessed: [...122] [ip4][..tcp] [.....172.16.0.1][54416] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...122] [ip4][..tcp] [.....172.16.0.1][54416] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...122] [ip4][..tcp] [.....172.16.0.1][54416] -> [..192.168.10.50][...80] - guessed: [...123] [ip4][..tcp] [.....172.16.0.1][54430] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...123] [ip4][..tcp] [.....172.16.0.1][54430] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...123] [ip4][..tcp] [.....172.16.0.1][54430] -> [..192.168.10.50][...80] new: [...197] [ip4][..tcp] [.....172.16.0.1][55766] -> [..192.168.10.50][...80] new: [...198] [ip4][..tcp] [.....172.16.0.1][55780] -> [..192.168.10.50][...80] @@ -537,15 +537,15 @@ new: [...200] [ip4][..tcp] [.....172.16.0.1][55820] -> [..192.168.10.50][...80] new: [...201] [ip4][..tcp] [.....172.16.0.1][55834] -> [..192.168.10.50][...80] new: [...202] [ip4][..tcp] [.....172.16.0.1][55860] -> [..192.168.10.50][...80] - guessed: [...124] [ip4][..tcp] [.....172.16.0.1][54456] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...124] [ip4][..tcp] [.....172.16.0.1][54456] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...124] [ip4][..tcp] [.....172.16.0.1][54456] -> [..192.168.10.50][...80] - guessed: [...125] [ip4][..tcp] [.....172.16.0.1][54470] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...125] [ip4][..tcp] [.....172.16.0.1][54470] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...125] [ip4][..tcp] [.....172.16.0.1][54470] -> [..192.168.10.50][...80] - guessed: [...126] [ip4][..tcp] [.....172.16.0.1][54484] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...126] [ip4][..tcp] [.....172.16.0.1][54484] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...126] [ip4][..tcp] [.....172.16.0.1][54484] -> [..192.168.10.50][...80] - guessed: [...127] [ip4][..tcp] [.....172.16.0.1][54510] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...127] [ip4][..tcp] [.....172.16.0.1][54510] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...127] [ip4][..tcp] [.....172.16.0.1][54510] -> [..192.168.10.50][...80] - guessed: [...128] [ip4][..tcp] [.....172.16.0.1][54524] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...128] [ip4][..tcp] [.....172.16.0.1][54524] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...128] [ip4][..tcp] [.....172.16.0.1][54524] -> [..192.168.10.50][...80] new: [...203] [ip4][..tcp] [.....172.16.0.1][55874] -> [..192.168.10.50][...80] new: [...204] [ip4][..tcp] [.....172.16.0.1][55888] -> [..192.168.10.50][...80] @@ -553,19 +553,19 @@ new: [...206] [ip4][..tcp] [.....172.16.0.1][55928] -> [..192.168.10.50][...80] new: [...207] [ip4][..tcp] [.....172.16.0.1][55942] -> [..192.168.10.50][...80] new: [...208] [ip4][..tcp] [.....172.16.0.1][55968] -> [..192.168.10.50][...80] - guessed: [...129] [ip4][..tcp] [.....172.16.0.1][54538] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...129] [ip4][..tcp] [.....172.16.0.1][54538] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...129] [ip4][..tcp] [.....172.16.0.1][54538] -> [..192.168.10.50][...80] - guessed: [...130] [ip4][..tcp] [.....172.16.0.1][54552] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...130] [ip4][..tcp] [.....172.16.0.1][54552] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...130] [ip4][..tcp] [.....172.16.0.1][54552] -> [..192.168.10.50][...80] - guessed: [...131] [ip4][..tcp] [.....172.16.0.1][54566] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...131] [ip4][..tcp] [.....172.16.0.1][54566] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...131] [ip4][..tcp] [.....172.16.0.1][54566] -> [..192.168.10.50][...80] - guessed: [...132] [ip4][..tcp] [.....172.16.0.1][54580] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...132] [ip4][..tcp] [.....172.16.0.1][54580] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...132] [ip4][..tcp] [.....172.16.0.1][54580] -> [..192.168.10.50][...80] - guessed: [...133] [ip4][..tcp] [.....172.16.0.1][54606] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...133] [ip4][..tcp] [.....172.16.0.1][54606] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...133] [ip4][..tcp] [.....172.16.0.1][54606] -> [..192.168.10.50][...80] - guessed: [...134] [ip4][..tcp] [.....172.16.0.1][54620] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...134] [ip4][..tcp] [.....172.16.0.1][54620] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...134] [ip4][..tcp] [.....172.16.0.1][54620] -> [..192.168.10.50][...80] - guessed: [...135] [ip4][..tcp] [.....172.16.0.1][54634] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...135] [ip4][..tcp] [.....172.16.0.1][54634] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...135] [ip4][..tcp] [.....172.16.0.1][54634] -> [..192.168.10.50][...80] new: [...209] [ip4][..tcp] [.....172.16.0.1][55982] -> [..192.168.10.50][...80] new: [...210] [ip4][..tcp] [.....172.16.0.1][55996] -> [..192.168.10.50][...80] @@ -573,17 +573,17 @@ new: [...212] [ip4][..tcp] [.....172.16.0.1][56036] -> [..192.168.10.50][...80] new: [...213] [ip4][..tcp] [.....172.16.0.1][56062] -> [..192.168.10.50][...80] new: [...214] [ip4][..tcp] [.....172.16.0.1][56076] -> [..192.168.10.50][...80] - guessed: [...136] [ip4][..tcp] [.....172.16.0.1][54660] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...136] [ip4][..tcp] [.....172.16.0.1][54660] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...136] [ip4][..tcp] [.....172.16.0.1][54660] -> [..192.168.10.50][...80] - guessed: [...137] [ip4][..tcp] [.....172.16.0.1][54674] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...137] [ip4][..tcp] [.....172.16.0.1][54674] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...137] [ip4][..tcp] [.....172.16.0.1][54674] -> [..192.168.10.50][...80] - guessed: [...138] [ip4][..tcp] [.....172.16.0.1][54688] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...138] [ip4][..tcp] [.....172.16.0.1][54688] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...138] [ip4][..tcp] [.....172.16.0.1][54688] -> [..192.168.10.50][...80] - guessed: [...139] [ip4][..tcp] [.....172.16.0.1][54714] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...139] [ip4][..tcp] [.....172.16.0.1][54714] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...139] [ip4][..tcp] [.....172.16.0.1][54714] -> [..192.168.10.50][...80] - guessed: [...140] [ip4][..tcp] [.....172.16.0.1][54728] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...140] [ip4][..tcp] [.....172.16.0.1][54728] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...140] [ip4][..tcp] [.....172.16.0.1][54728] -> [..192.168.10.50][...80] - guessed: [...141] [ip4][..tcp] [.....172.16.0.1][54742] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...141] [ip4][..tcp] [.....172.16.0.1][54742] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...141] [ip4][..tcp] [.....172.16.0.1][54742] -> [..192.168.10.50][...80] new: [...215] [ip4][..tcp] [.....172.16.0.1][56090] -> [..192.168.10.50][...80] new: [...216] [ip4][..tcp] [.....172.16.0.1][56116] -> [..192.168.10.50][...80] @@ -592,52 +592,52 @@ new: [...219] [ip4][..tcp] [.....172.16.0.1][56158] -> [..192.168.10.50][...80] new: [...220] [ip4][..tcp] [.....172.16.0.1][56172] -> [..192.168.10.50][...80] new: [...221] [ip4][..tcp] [.....172.16.0.1][56186] -> [..192.168.10.50][...80] - guessed: [...142] [ip4][..tcp] [.....172.16.0.1][54768] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...142] [ip4][..tcp] [.....172.16.0.1][54768] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...142] [ip4][..tcp] [.....172.16.0.1][54768] -> [..192.168.10.50][...80] - guessed: [...143] [ip4][..tcp] [.....172.16.0.1][54782] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...143] [ip4][..tcp] [.....172.16.0.1][54782] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...143] [ip4][..tcp] [.....172.16.0.1][54782] -> [..192.168.10.50][...80] - guessed: [...144] [ip4][..tcp] [.....172.16.0.1][54808] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...144] [ip4][..tcp] [.....172.16.0.1][54808] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...144] [ip4][..tcp] [.....172.16.0.1][54808] -> [..192.168.10.50][...80] - guessed: [...145] [ip4][..tcp] [.....172.16.0.1][54822] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...145] [ip4][..tcp] [.....172.16.0.1][54822] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...145] [ip4][..tcp] [.....172.16.0.1][54822] -> [..192.168.10.50][...80] - guessed: [...146] [ip4][..tcp] [.....172.16.0.1][54836] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...146] [ip4][..tcp] [.....172.16.0.1][54836] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...146] [ip4][..tcp] [.....172.16.0.1][54836] -> [..192.168.10.50][...80] new: [...222] [ip4][..tcp] [.....172.16.0.1][56212] -> [..192.168.10.50][...80] new: [...223] [ip4][..tcp] [.....172.16.0.1][56226] -> [..192.168.10.50][...80] new: [...224] [ip4][..tcp] [.....172.16.0.1][56240] -> [..192.168.10.50][...80] new: [...225] [ip4][..tcp] [.....172.16.0.1][56266] -> [..192.168.10.50][...80] new: [...226] [ip4][..tcp] [.....172.16.0.1][56280] -> [..192.168.10.50][...80] - guessed: [...147] [ip4][..tcp] [.....172.16.0.1][54862] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...147] [ip4][..tcp] [.....172.16.0.1][54862] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...147] [ip4][..tcp] [.....172.16.0.1][54862] -> [..192.168.10.50][...80] - guessed: [...148] [ip4][..tcp] [.....172.16.0.1][54876] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...148] [ip4][..tcp] [.....172.16.0.1][54876] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...148] [ip4][..tcp] [.....172.16.0.1][54876] -> [..192.168.10.50][...80] - guessed: [...149] [ip4][..tcp] [.....172.16.0.1][54890] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...149] [ip4][..tcp] [.....172.16.0.1][54890] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...149] [ip4][..tcp] [.....172.16.0.1][54890] -> [..192.168.10.50][...80] - guessed: [...150] [ip4][..tcp] [.....172.16.0.1][54916] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...150] [ip4][..tcp] [.....172.16.0.1][54916] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...150] [ip4][..tcp] [.....172.16.0.1][54916] -> [..192.168.10.50][...80] - guessed: [...151] [ip4][..tcp] [.....172.16.0.1][54930] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...151] [ip4][..tcp] [.....172.16.0.1][54930] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...151] [ip4][..tcp] [.....172.16.0.1][54930] -> [..192.168.10.50][...80] end: [...114] [ip4][..tcp] [.....172.16.0.1][54268] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address new: [...227] [ip4][..tcp] [.....172.16.0.1][56306] -> [..192.168.10.50][...80] new: [...228] [ip4][..tcp] [.....172.16.0.1][56320] -> [..192.168.10.50][...80] new: [...229] [ip4][..tcp] [.....172.16.0.1][56334] -> [..192.168.10.50][...80] - detected: [...227] [ip4][..tcp] [.....172.16.0.1][56306] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...227] [ip4][..tcp] [.....172.16.0.1][56306] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...230] [ip4][..tcp] [.....172.16.0.1][56360] -> [..192.168.10.50][...80] new: [...231] [ip4][..tcp] [.....172.16.0.1][56374] -> [..192.168.10.50][...80] new: [...232] [ip4][..tcp] [.....172.16.0.1][56400] -> [..192.168.10.50][...80] - guessed: [...153] [ip4][..tcp] [.....172.16.0.1][54970] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...153] [ip4][..tcp] [.....172.16.0.1][54970] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...153] [ip4][..tcp] [.....172.16.0.1][54970] -> [..192.168.10.50][...80] - guessed: [...154] [ip4][..tcp] [.....172.16.0.1][54984] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...154] [ip4][..tcp] [.....172.16.0.1][54984] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...154] [ip4][..tcp] [.....172.16.0.1][54984] -> [..192.168.10.50][...80] - guessed: [...155] [ip4][..tcp] [.....172.16.0.1][55010] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...155] [ip4][..tcp] [.....172.16.0.1][55010] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...155] [ip4][..tcp] [.....172.16.0.1][55010] -> [..192.168.10.50][...80] - guessed: [...156] [ip4][..tcp] [.....172.16.0.1][55024] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...156] [ip4][..tcp] [.....172.16.0.1][55024] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...156] [ip4][..tcp] [.....172.16.0.1][55024] -> [..192.168.10.50][...80] - guessed: [...157] [ip4][..tcp] [.....172.16.0.1][55038] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...157] [ip4][..tcp] [.....172.16.0.1][55038] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...157] [ip4][..tcp] [.....172.16.0.1][55038] -> [..192.168.10.50][...80] - guessed: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] analyse: [...227] [ip4][..tcp] [.....172.16.0.1][56306] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy @@ -655,19 +655,19 @@ new: [...236] [ip4][..tcp] [.....172.16.0.1][56468] -> [..192.168.10.50][...80] new: [...237] [ip4][..tcp] [.....172.16.0.1][56482] -> [..192.168.10.50][...80] new: [...238] [ip4][..tcp] [.....172.16.0.1][56508] -> [..192.168.10.50][...80] - guessed: [...159] [ip4][..tcp] [.....172.16.0.1][55078] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...159] [ip4][..tcp] [.....172.16.0.1][55078] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...159] [ip4][..tcp] [.....172.16.0.1][55078] -> [..192.168.10.50][...80] - guessed: [...160] [ip4][..tcp] [.....172.16.0.1][55092] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...160] [ip4][..tcp] [.....172.16.0.1][55092] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...160] [ip4][..tcp] [.....172.16.0.1][55092] -> [..192.168.10.50][...80] - guessed: [...161] [ip4][..tcp] [.....172.16.0.1][55118] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...161] [ip4][..tcp] [.....172.16.0.1][55118] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...161] [ip4][..tcp] [.....172.16.0.1][55118] -> [..192.168.10.50][...80] - guessed: [...162] [ip4][..tcp] [.....172.16.0.1][55132] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...162] [ip4][..tcp] [.....172.16.0.1][55132] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...162] [ip4][..tcp] [.....172.16.0.1][55132] -> [..192.168.10.50][...80] - guessed: [...163] [ip4][..tcp] [.....172.16.0.1][55158] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...163] [ip4][..tcp] [.....172.16.0.1][55158] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...163] [ip4][..tcp] [.....172.16.0.1][55158] -> [..192.168.10.50][...80] - guessed: [...164] [ip4][..tcp] [.....172.16.0.1][55172] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...164] [ip4][..tcp] [.....172.16.0.1][55172] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...164] [ip4][..tcp] [.....172.16.0.1][55172] -> [..192.168.10.50][...80] - guessed: [...165] [ip4][..tcp] [.....172.16.0.1][55186] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...165] [ip4][..tcp] [.....172.16.0.1][55186] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...165] [ip4][..tcp] [.....172.16.0.1][55186] -> [..192.168.10.50][...80] new: [...239] [ip4][..tcp] [.....172.16.0.1][56522] -> [..192.168.10.50][...80] new: [...240] [ip4][..tcp] [.....172.16.0.1][56536] -> [..192.168.10.50][...80] @@ -675,15 +675,15 @@ new: [...242] [ip4][..tcp] [.....172.16.0.1][56576] -> [..192.168.10.50][...80] new: [...243] [ip4][..tcp] [.....172.16.0.1][56590] -> [..192.168.10.50][...80] new: [...244] [ip4][..tcp] [.....172.16.0.1][56616] -> [..192.168.10.50][...80] - guessed: [...166] [ip4][..tcp] [.....172.16.0.1][55212] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...166] [ip4][..tcp] [.....172.16.0.1][55212] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...166] [ip4][..tcp] [.....172.16.0.1][55212] -> [..192.168.10.50][...80] - guessed: [...167] [ip4][..tcp] [.....172.16.0.1][55226] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...167] [ip4][..tcp] [.....172.16.0.1][55226] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...167] [ip4][..tcp] [.....172.16.0.1][55226] -> [..192.168.10.50][...80] - guessed: [...168] [ip4][..tcp] [.....172.16.0.1][55240] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...168] [ip4][..tcp] [.....172.16.0.1][55240] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...168] [ip4][..tcp] [.....172.16.0.1][55240] -> [..192.168.10.50][...80] - guessed: [...169] [ip4][..tcp] [.....172.16.0.1][55266] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...169] [ip4][..tcp] [.....172.16.0.1][55266] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...169] [ip4][..tcp] [.....172.16.0.1][55266] -> [..192.168.10.50][...80] - guessed: [...170] [ip4][..tcp] [.....172.16.0.1][55280] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...170] [ip4][..tcp] [.....172.16.0.1][55280] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...170] [ip4][..tcp] [.....172.16.0.1][55280] -> [..192.168.10.50][...80] new: [...245] [ip4][..tcp] [.....172.16.0.1][56630] -> [..192.168.10.50][...80] new: [...246] [ip4][..tcp] [.....172.16.0.1][56644] -> [..192.168.10.50][...80] @@ -691,19 +691,19 @@ new: [...248] [ip4][..tcp] [.....172.16.0.1][56684] -> [..192.168.10.50][...80] new: [...249] [ip4][..tcp] [.....172.16.0.1][56710] -> [..192.168.10.50][...80] new: [...250] [ip4][..tcp] [.....172.16.0.1][56724] -> [..192.168.10.50][...80] - guessed: [...171] [ip4][..tcp] [.....172.16.0.1][55294] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...171] [ip4][..tcp] [.....172.16.0.1][55294] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...171] [ip4][..tcp] [.....172.16.0.1][55294] -> [..192.168.10.50][...80] - guessed: [...172] [ip4][..tcp] [.....172.16.0.1][55320] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...172] [ip4][..tcp] [.....172.16.0.1][55320] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...172] [ip4][..tcp] [.....172.16.0.1][55320] -> [..192.168.10.50][...80] - guessed: [...173] [ip4][..tcp] [.....172.16.0.1][55334] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...173] [ip4][..tcp] [.....172.16.0.1][55334] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...173] [ip4][..tcp] [.....172.16.0.1][55334] -> [..192.168.10.50][...80] - guessed: [...174] [ip4][..tcp] [.....172.16.0.1][55348] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...174] [ip4][..tcp] [.....172.16.0.1][55348] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...174] [ip4][..tcp] [.....172.16.0.1][55348] -> [..192.168.10.50][...80] - guessed: [...175] [ip4][..tcp] [.....172.16.0.1][55362] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...175] [ip4][..tcp] [.....172.16.0.1][55362] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...175] [ip4][..tcp] [.....172.16.0.1][55362] -> [..192.168.10.50][...80] - guessed: [...176] [ip4][..tcp] [.....172.16.0.1][55376] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...176] [ip4][..tcp] [.....172.16.0.1][55376] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...176] [ip4][..tcp] [.....172.16.0.1][55376] -> [..192.168.10.50][...80] - guessed: [...177] [ip4][..tcp] [.....172.16.0.1][55390] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...177] [ip4][..tcp] [.....172.16.0.1][55390] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...177] [ip4][..tcp] [.....172.16.0.1][55390] -> [..192.168.10.50][...80] new: [...251] [ip4][..tcp] [.....172.16.0.1][56738] -> [..192.168.10.50][...80] new: [...252] [ip4][..tcp] [.....172.16.0.1][56764] -> [..192.168.10.50][...80] @@ -711,15 +711,15 @@ new: [...254] [ip4][..tcp] [.....172.16.0.1][56792] -> [..192.168.10.50][...80] new: [...255] [ip4][..tcp] [.....172.16.0.1][56818] -> [..192.168.10.50][...80] new: [...256] [ip4][..tcp] [.....172.16.0.1][56832] -> [..192.168.10.50][...80] - guessed: [...178] [ip4][..tcp] [.....172.16.0.1][55416] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...178] [ip4][..tcp] [.....172.16.0.1][55416] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...178] [ip4][..tcp] [.....172.16.0.1][55416] -> [..192.168.10.50][...80] - guessed: [...179] [ip4][..tcp] [.....172.16.0.1][55430] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...179] [ip4][..tcp] [.....172.16.0.1][55430] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...179] [ip4][..tcp] [.....172.16.0.1][55430] -> [..192.168.10.50][...80] - guessed: [...180] [ip4][..tcp] [.....172.16.0.1][55444] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...180] [ip4][..tcp] [.....172.16.0.1][55444] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...180] [ip4][..tcp] [.....172.16.0.1][55444] -> [..192.168.10.50][...80] - guessed: [...181] [ip4][..tcp] [.....172.16.0.1][55470] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...181] [ip4][..tcp] [.....172.16.0.1][55470] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...181] [ip4][..tcp] [.....172.16.0.1][55470] -> [..192.168.10.50][...80] - guessed: [...182] [ip4][..tcp] [.....172.16.0.1][55484] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...182] [ip4][..tcp] [.....172.16.0.1][55484] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...182] [ip4][..tcp] [.....172.16.0.1][55484] -> [..192.168.10.50][...80] new: [...257] [ip4][..tcp] [.....172.16.0.1][56858] -> [..192.168.10.50][...80] new: [...258] [ip4][..tcp] [.....172.16.0.1][56872] -> [..192.168.10.50][...80] @@ -727,17 +727,17 @@ new: [...260] [ip4][..tcp] [.....172.16.0.1][56912] -> [..192.168.10.50][...80] new: [...261] [ip4][..tcp] [.....172.16.0.1][56926] -> [..192.168.10.50][...80] new: [...262] [ip4][..tcp] [.....172.16.0.1][56940] -> [..192.168.10.50][...80] - guessed: [...183] [ip4][..tcp] [.....172.16.0.1][55510] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...183] [ip4][..tcp] [.....172.16.0.1][55510] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...183] [ip4][..tcp] [.....172.16.0.1][55510] -> [..192.168.10.50][...80] - guessed: [...184] [ip4][..tcp] [.....172.16.0.1][55524] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...184] [ip4][..tcp] [.....172.16.0.1][55524] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...184] [ip4][..tcp] [.....172.16.0.1][55524] -> [..192.168.10.50][...80] - guessed: [...185] [ip4][..tcp] [.....172.16.0.1][55538] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...185] [ip4][..tcp] [.....172.16.0.1][55538] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...185] [ip4][..tcp] [.....172.16.0.1][55538] -> [..192.168.10.50][...80] - guessed: [...186] [ip4][..tcp] [.....172.16.0.1][55564] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...186] [ip4][..tcp] [.....172.16.0.1][55564] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...186] [ip4][..tcp] [.....172.16.0.1][55564] -> [..192.168.10.50][...80] - guessed: [...187] [ip4][..tcp] [.....172.16.0.1][55578] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...187] [ip4][..tcp] [.....172.16.0.1][55578] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...187] [ip4][..tcp] [.....172.16.0.1][55578] -> [..192.168.10.50][...80] - guessed: [...188] [ip4][..tcp] [.....172.16.0.1][55592] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...188] [ip4][..tcp] [.....172.16.0.1][55592] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...188] [ip4][..tcp] [.....172.16.0.1][55592] -> [..192.168.10.50][...80] new: [...263] [ip4][..tcp] [.....172.16.0.1][56966] -> [..192.168.10.50][...80] new: [...264] [ip4][..tcp] [.....172.16.0.1][56980] -> [..192.168.10.50][...80] @@ -745,19 +745,19 @@ new: [...266] [ip4][..tcp] [.....172.16.0.1][57008] -> [..192.168.10.50][...80] new: [...267] [ip4][..tcp] [.....172.16.0.1][57022] -> [..192.168.10.50][...80] new: [...268] [ip4][..tcp] [.....172.16.0.1][57036] -> [..192.168.10.50][...80] - detected: [...265] [ip4][..tcp] [.....172.16.0.1][56994] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...265] [ip4][..tcp] [.....172.16.0.1][56994] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address end: [...152] [ip4][..tcp] [.....172.16.0.1][54956] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address - guessed: [...189] [ip4][..tcp] [.....172.16.0.1][55618] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...189] [ip4][..tcp] [.....172.16.0.1][55618] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...189] [ip4][..tcp] [.....172.16.0.1][55618] -> [..192.168.10.50][...80] - guessed: [...191] [ip4][..tcp] [.....172.16.0.1][55646] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...191] [ip4][..tcp] [.....172.16.0.1][55646] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...191] [ip4][..tcp] [.....172.16.0.1][55646] -> [..192.168.10.50][...80] - guessed: [...192] [ip4][..tcp] [.....172.16.0.1][55672] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...192] [ip4][..tcp] [.....172.16.0.1][55672] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...192] [ip4][..tcp] [.....172.16.0.1][55672] -> [..192.168.10.50][...80] - guessed: [...193] [ip4][..tcp] [.....172.16.0.1][55686] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...193] [ip4][..tcp] [.....172.16.0.1][55686] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...193] [ip4][..tcp] [.....172.16.0.1][55686] -> [..192.168.10.50][...80] - guessed: [...194] [ip4][..tcp] [.....172.16.0.1][55700] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...194] [ip4][..tcp] [.....172.16.0.1][55700] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...194] [ip4][..tcp] [.....172.16.0.1][55700] -> [..192.168.10.50][...80] new: [...269] [ip4][..tcp] [.....172.16.0.1][57062] -> [..192.168.10.50][...80] new: [...270] [ip4][..tcp] [.....172.16.0.1][57076] -> [..192.168.10.50][...80] @@ -775,17 +775,17 @@ new: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] new: [...273] [ip4][..tcp] [.....172.16.0.1][57130] -> [..192.168.10.50][...80] new: [...274] [ip4][..tcp] [.....172.16.0.1][57144] -> [..192.168.10.50][...80] - guessed: [...195] [ip4][..tcp] [.....172.16.0.1][55726] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...195] [ip4][..tcp] [.....172.16.0.1][55726] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...195] [ip4][..tcp] [.....172.16.0.1][55726] -> [..192.168.10.50][...80] - guessed: [...196] [ip4][..tcp] [.....172.16.0.1][55740] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...196] [ip4][..tcp] [.....172.16.0.1][55740] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...196] [ip4][..tcp] [.....172.16.0.1][55740] -> [..192.168.10.50][...80] - guessed: [...197] [ip4][..tcp] [.....172.16.0.1][55766] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...197] [ip4][..tcp] [.....172.16.0.1][55766] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...197] [ip4][..tcp] [.....172.16.0.1][55766] -> [..192.168.10.50][...80] - guessed: [...198] [ip4][..tcp] [.....172.16.0.1][55780] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...198] [ip4][..tcp] [.....172.16.0.1][55780] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...198] [ip4][..tcp] [.....172.16.0.1][55780] -> [..192.168.10.50][...80] - guessed: [...199] [ip4][..tcp] [.....172.16.0.1][55794] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...199] [ip4][..tcp] [.....172.16.0.1][55794] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...199] [ip4][..tcp] [.....172.16.0.1][55794] -> [..192.168.10.50][...80] - guessed: [...200] [ip4][..tcp] [.....172.16.0.1][55820] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...200] [ip4][..tcp] [.....172.16.0.1][55820] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...200] [ip4][..tcp] [.....172.16.0.1][55820] -> [..192.168.10.50][...80] new: [...275] [ip4][..tcp] [.....172.16.0.1][57170] -> [..192.168.10.50][...80] new: [...276] [ip4][..tcp] [.....172.16.0.1][57184] -> [..192.168.10.50][...80] @@ -793,17 +793,17 @@ new: [...278] [ip4][..tcp] [.....172.16.0.1][57224] -> [..192.168.10.50][...80] new: [...279] [ip4][..tcp] [.....172.16.0.1][57238] -> [..192.168.10.50][...80] new: [...280] [ip4][..tcp] [.....172.16.0.1][57264] -> [..192.168.10.50][...80] - guessed: [...201] [ip4][..tcp] [.....172.16.0.1][55834] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...201] [ip4][..tcp] [.....172.16.0.1][55834] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...201] [ip4][..tcp] [.....172.16.0.1][55834] -> [..192.168.10.50][...80] - guessed: [...202] [ip4][..tcp] [.....172.16.0.1][55860] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...202] [ip4][..tcp] [.....172.16.0.1][55860] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...202] [ip4][..tcp] [.....172.16.0.1][55860] -> [..192.168.10.50][...80] - guessed: [...203] [ip4][..tcp] [.....172.16.0.1][55874] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...203] [ip4][..tcp] [.....172.16.0.1][55874] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...203] [ip4][..tcp] [.....172.16.0.1][55874] -> [..192.168.10.50][...80] - guessed: [...204] [ip4][..tcp] [.....172.16.0.1][55888] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...204] [ip4][..tcp] [.....172.16.0.1][55888] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...204] [ip4][..tcp] [.....172.16.0.1][55888] -> [..192.168.10.50][...80] - guessed: [...205] [ip4][..tcp] [.....172.16.0.1][55914] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...205] [ip4][..tcp] [.....172.16.0.1][55914] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...205] [ip4][..tcp] [.....172.16.0.1][55914] -> [..192.168.10.50][...80] - guessed: [...206] [ip4][..tcp] [.....172.16.0.1][55928] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...206] [ip4][..tcp] [.....172.16.0.1][55928] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...206] [ip4][..tcp] [.....172.16.0.1][55928] -> [..192.168.10.50][...80] new: [...281] [ip4][..tcp] [.....172.16.0.1][57278] -> [..192.168.10.50][...80] new: [...282] [ip4][..tcp] [.....172.16.0.1][57292] -> [..192.168.10.50][...80] @@ -811,17 +811,17 @@ new: [...284] [ip4][..tcp] [.....172.16.0.1][57332] -> [..192.168.10.50][...80] new: [...285] [ip4][..tcp] [.....172.16.0.1][57346] -> [..192.168.10.50][...80] new: [...286] [ip4][..tcp] [.....172.16.0.1][57372] -> [..192.168.10.50][...80] - guessed: [...207] [ip4][..tcp] [.....172.16.0.1][55942] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...207] [ip4][..tcp] [.....172.16.0.1][55942] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...207] [ip4][..tcp] [.....172.16.0.1][55942] -> [..192.168.10.50][...80] - guessed: [...208] [ip4][..tcp] [.....172.16.0.1][55968] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...208] [ip4][..tcp] [.....172.16.0.1][55968] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...208] [ip4][..tcp] [.....172.16.0.1][55968] -> [..192.168.10.50][...80] - guessed: [...209] [ip4][..tcp] [.....172.16.0.1][55982] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...209] [ip4][..tcp] [.....172.16.0.1][55982] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...209] [ip4][..tcp] [.....172.16.0.1][55982] -> [..192.168.10.50][...80] - guessed: [...210] [ip4][..tcp] [.....172.16.0.1][55996] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...210] [ip4][..tcp] [.....172.16.0.1][55996] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...210] [ip4][..tcp] [.....172.16.0.1][55996] -> [..192.168.10.50][...80] - guessed: [...211] [ip4][..tcp] [.....172.16.0.1][56022] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...211] [ip4][..tcp] [.....172.16.0.1][56022] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...211] [ip4][..tcp] [.....172.16.0.1][56022] -> [..192.168.10.50][...80] - guessed: [...212] [ip4][..tcp] [.....172.16.0.1][56036] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...212] [ip4][..tcp] [.....172.16.0.1][56036] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...212] [ip4][..tcp] [.....172.16.0.1][56036] -> [..192.168.10.50][...80] new: [...287] [ip4][..tcp] [.....172.16.0.1][57386] -> [..192.168.10.50][...80] new: [...288] [ip4][..tcp] [.....172.16.0.1][57400] -> [..192.168.10.50][...80] @@ -829,17 +829,17 @@ new: [...290] [ip4][..tcp] [.....172.16.0.1][57440] -> [..192.168.10.50][...80] new: [...291] [ip4][..tcp] [.....172.16.0.1][57454] -> [..192.168.10.50][...80] new: [...292] [ip4][..tcp] [.....172.16.0.1][57480] -> [..192.168.10.50][...80] - guessed: [...213] [ip4][..tcp] [.....172.16.0.1][56062] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...213] [ip4][..tcp] [.....172.16.0.1][56062] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...213] [ip4][..tcp] [.....172.16.0.1][56062] -> [..192.168.10.50][...80] - guessed: [...214] [ip4][..tcp] [.....172.16.0.1][56076] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...214] [ip4][..tcp] [.....172.16.0.1][56076] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...214] [ip4][..tcp] [.....172.16.0.1][56076] -> [..192.168.10.50][...80] - guessed: [...215] [ip4][..tcp] [.....172.16.0.1][56090] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...215] [ip4][..tcp] [.....172.16.0.1][56090] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...215] [ip4][..tcp] [.....172.16.0.1][56090] -> [..192.168.10.50][...80] - guessed: [...216] [ip4][..tcp] [.....172.16.0.1][56116] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...216] [ip4][..tcp] [.....172.16.0.1][56116] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...216] [ip4][..tcp] [.....172.16.0.1][56116] -> [..192.168.10.50][...80] - guessed: [...217] [ip4][..tcp] [.....172.16.0.1][56130] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...217] [ip4][..tcp] [.....172.16.0.1][56130] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...217] [ip4][..tcp] [.....172.16.0.1][56130] -> [..192.168.10.50][...80] - guessed: [...218] [ip4][..tcp] [.....172.16.0.1][56144] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...218] [ip4][..tcp] [.....172.16.0.1][56144] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...218] [ip4][..tcp] [.....172.16.0.1][56144] -> [..192.168.10.50][...80] new: [...293] [ip4][..tcp] [.....172.16.0.1][57494] -> [..192.168.10.50][...80] new: [...294] [ip4][..tcp] [.....172.16.0.1][57508] -> [..192.168.10.50][...80] @@ -848,17 +848,17 @@ new: [...297] [ip4][..tcp] [.....172.16.0.1][57550] -> [..192.168.10.50][...80] new: [...298] [ip4][..tcp] [.....172.16.0.1][57576] -> [..192.168.10.50][...80] new: [...299] [ip4][..tcp] [.....172.16.0.1][57590] -> [..192.168.10.50][...80] - guessed: [...219] [ip4][..tcp] [.....172.16.0.1][56158] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...219] [ip4][..tcp] [.....172.16.0.1][56158] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...219] [ip4][..tcp] [.....172.16.0.1][56158] -> [..192.168.10.50][...80] - guessed: [...220] [ip4][..tcp] [.....172.16.0.1][56172] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...220] [ip4][..tcp] [.....172.16.0.1][56172] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...220] [ip4][..tcp] [.....172.16.0.1][56172] -> [..192.168.10.50][...80] - guessed: [...221] [ip4][..tcp] [.....172.16.0.1][56186] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...221] [ip4][..tcp] [.....172.16.0.1][56186] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...221] [ip4][..tcp] [.....172.16.0.1][56186] -> [..192.168.10.50][...80] - guessed: [...222] [ip4][..tcp] [.....172.16.0.1][56212] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...222] [ip4][..tcp] [.....172.16.0.1][56212] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...222] [ip4][..tcp] [.....172.16.0.1][56212] -> [..192.168.10.50][...80] - guessed: [...223] [ip4][..tcp] [.....172.16.0.1][56226] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...223] [ip4][..tcp] [.....172.16.0.1][56226] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...223] [ip4][..tcp] [.....172.16.0.1][56226] -> [..192.168.10.50][...80] - guessed: [...224] [ip4][..tcp] [.....172.16.0.1][56240] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...224] [ip4][..tcp] [.....172.16.0.1][56240] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...224] [ip4][..tcp] [.....172.16.0.1][56240] -> [..192.168.10.50][...80] new: [...300] [ip4][..tcp] [.....172.16.0.1][57604] -> [..192.168.10.50][...80] new: [...301] [ip4][..tcp] [.....172.16.0.1][57630] -> [..192.168.10.50][...80] @@ -868,18 +868,18 @@ new: [...305] [ip4][..tcp] [.....172.16.0.1][57698] -> [..192.168.10.50][...80] end: [...190] [ip4][..tcp] [.....172.16.0.1][55632] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address - guessed: [...225] [ip4][..tcp] [.....172.16.0.1][56266] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...225] [ip4][..tcp] [.....172.16.0.1][56266] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...225] [ip4][..tcp] [.....172.16.0.1][56266] -> [..192.168.10.50][...80] - guessed: [...226] [ip4][..tcp] [.....172.16.0.1][56280] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...226] [ip4][..tcp] [.....172.16.0.1][56280] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...226] [ip4][..tcp] [.....172.16.0.1][56280] -> [..192.168.10.50][...80] - guessed: [...228] [ip4][..tcp] [.....172.16.0.1][56320] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...228] [ip4][..tcp] [.....172.16.0.1][56320] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...228] [ip4][..tcp] [.....172.16.0.1][56320] -> [..192.168.10.50][...80] - guessed: [...229] [ip4][..tcp] [.....172.16.0.1][56334] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...229] [ip4][..tcp] [.....172.16.0.1][56334] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...229] [ip4][..tcp] [.....172.16.0.1][56334] -> [..192.168.10.50][...80] - guessed: [...230] [ip4][..tcp] [.....172.16.0.1][56360] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...230] [ip4][..tcp] [.....172.16.0.1][56360] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...230] [ip4][..tcp] [.....172.16.0.1][56360] -> [..192.168.10.50][...80] new: [...306] [ip4][..tcp] [.....172.16.0.1][57712] -> [..192.168.10.50][...80] - detected: [...304] [ip4][..tcp] [.....172.16.0.1][57684] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...304] [ip4][..tcp] [.....172.16.0.1][57684] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...307] [ip4][..tcp] [.....172.16.0.1][57738] -> [..192.168.10.50][...80] new: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80] @@ -896,17 +896,17 @@ [ENTROPIES...: 4.6,5.0,4.8,5.9,4.8,7.7,4.6,6.0,7.8,4.8,5.9,7.7,4.8,6.0,7.8,4.9,5.9,7.7,4.8,6.0,7.8,4.8,5.9,7.7,4.8,6.0,7.8,4.8,5.9,7.7,4.8,6.0] new: [...310] [ip4][..tcp] [.....172.16.0.1][57792] -> [..192.168.10.50][...80] new: [...311] [ip4][..tcp] [.....172.16.0.1][57806] -> [..192.168.10.50][...80] - guessed: [...231] [ip4][..tcp] [.....172.16.0.1][56374] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...231] [ip4][..tcp] [.....172.16.0.1][56374] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...231] [ip4][..tcp] [.....172.16.0.1][56374] -> [..192.168.10.50][...80] - guessed: [...232] [ip4][..tcp] [.....172.16.0.1][56400] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...232] [ip4][..tcp] [.....172.16.0.1][56400] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...232] [ip4][..tcp] [.....172.16.0.1][56400] -> [..192.168.10.50][...80] - guessed: [...233] [ip4][..tcp] [.....172.16.0.1][56414] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...233] [ip4][..tcp] [.....172.16.0.1][56414] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...233] [ip4][..tcp] [.....172.16.0.1][56414] -> [..192.168.10.50][...80] - guessed: [...234] [ip4][..tcp] [.....172.16.0.1][56428] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...234] [ip4][..tcp] [.....172.16.0.1][56428] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...234] [ip4][..tcp] [.....172.16.0.1][56428] -> [..192.168.10.50][...80] - guessed: [...235] [ip4][..tcp] [.....172.16.0.1][56454] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...235] [ip4][..tcp] [.....172.16.0.1][56454] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...235] [ip4][..tcp] [.....172.16.0.1][56454] -> [..192.168.10.50][...80] - guessed: [...236] [ip4][..tcp] [.....172.16.0.1][56468] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...236] [ip4][..tcp] [.....172.16.0.1][56468] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...236] [ip4][..tcp] [.....172.16.0.1][56468] -> [..192.168.10.50][...80] new: [...312] [ip4][..tcp] [.....172.16.0.1][57832] -> [..192.168.10.50][...80] new: [...313] [ip4][..tcp] [.....172.16.0.1][57846] -> [..192.168.10.50][...80] @@ -914,34 +914,34 @@ new: [...315] [ip4][..tcp] [.....172.16.0.1][57886] -> [..192.168.10.50][...80] new: [...316] [ip4][..tcp] [.....172.16.0.1][57900] -> [..192.168.10.50][...80] new: [...317] [ip4][..tcp] [.....172.16.0.1][57914] -> [..192.168.10.50][...80] - guessed: [...237] [ip4][..tcp] [.....172.16.0.1][56482] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...237] [ip4][..tcp] [.....172.16.0.1][56482] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...237] [ip4][..tcp] [.....172.16.0.1][56482] -> [..192.168.10.50][...80] - guessed: [...238] [ip4][..tcp] [.....172.16.0.1][56508] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...238] [ip4][..tcp] [.....172.16.0.1][56508] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...238] [ip4][..tcp] [.....172.16.0.1][56508] -> [..192.168.10.50][...80] - guessed: [...239] [ip4][..tcp] [.....172.16.0.1][56522] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...239] [ip4][..tcp] [.....172.16.0.1][56522] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...239] [ip4][..tcp] [.....172.16.0.1][56522] -> [..192.168.10.50][...80] - guessed: [...240] [ip4][..tcp] [.....172.16.0.1][56536] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...240] [ip4][..tcp] [.....172.16.0.1][56536] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...240] [ip4][..tcp] [.....172.16.0.1][56536] -> [..192.168.10.50][...80] - guessed: [...241] [ip4][..tcp] [.....172.16.0.1][56562] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...241] [ip4][..tcp] [.....172.16.0.1][56562] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...241] [ip4][..tcp] [.....172.16.0.1][56562] -> [..192.168.10.50][...80] - guessed: [...242] [ip4][..tcp] [.....172.16.0.1][56576] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...242] [ip4][..tcp] [.....172.16.0.1][56576] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...242] [ip4][..tcp] [.....172.16.0.1][56576] -> [..192.168.10.50][...80] new: [...318] [ip4][..tcp] [.....172.16.0.1][57940] -> [..192.168.10.50][...80] new: [...319] [ip4][..tcp] [.....172.16.0.1][57954] -> [..192.168.10.50][...80] new: [...320] [ip4][..tcp] [.....172.16.0.1][57980] -> [..192.168.10.50][...80] new: [...321] [ip4][..tcp] [.....172.16.0.1][57994] -> [..192.168.10.50][...80] new: [...322] [ip4][..tcp] [.....172.16.0.1][58008] -> [..192.168.10.50][...80] - guessed: [...243] [ip4][..tcp] [.....172.16.0.1][56590] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...243] [ip4][..tcp] [.....172.16.0.1][56590] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...243] [ip4][..tcp] [.....172.16.0.1][56590] -> [..192.168.10.50][...80] - guessed: [...244] [ip4][..tcp] [.....172.16.0.1][56616] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...244] [ip4][..tcp] [.....172.16.0.1][56616] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...244] [ip4][..tcp] [.....172.16.0.1][56616] -> [..192.168.10.50][...80] - guessed: [...245] [ip4][..tcp] [.....172.16.0.1][56630] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...245] [ip4][..tcp] [.....172.16.0.1][56630] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...245] [ip4][..tcp] [.....172.16.0.1][56630] -> [..192.168.10.50][...80] - guessed: [...246] [ip4][..tcp] [.....172.16.0.1][56644] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...246] [ip4][..tcp] [.....172.16.0.1][56644] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...246] [ip4][..tcp] [.....172.16.0.1][56644] -> [..192.168.10.50][...80] - guessed: [...247] [ip4][..tcp] [.....172.16.0.1][56670] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...247] [ip4][..tcp] [.....172.16.0.1][56670] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...247] [ip4][..tcp] [.....172.16.0.1][56670] -> [..192.168.10.50][...80] - guessed: [...248] [ip4][..tcp] [.....172.16.0.1][56684] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...248] [ip4][..tcp] [.....172.16.0.1][56684] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...248] [ip4][..tcp] [.....172.16.0.1][56684] -> [..192.168.10.50][...80] new: [...323] [ip4][..tcp] [.....172.16.0.1][58034] -> [..192.168.10.50][...80] new: [...324] [ip4][..tcp] [.....172.16.0.1][58048] -> [..192.168.10.50][...80] @@ -950,15 +950,15 @@ new: [...327] [ip4][..tcp] [.....172.16.0.1][58102] -> [..192.168.10.50][...80] new: [...328] [ip4][..tcp] [.....172.16.0.1][58116] -> [..192.168.10.50][...80] new: [...329] [ip4][..tcp] [.....172.16.0.1][58130] -> [..192.168.10.50][...80] - guessed: [...249] [ip4][..tcp] [.....172.16.0.1][56710] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...249] [ip4][..tcp] [.....172.16.0.1][56710] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...249] [ip4][..tcp] [.....172.16.0.1][56710] -> [..192.168.10.50][...80] - guessed: [...250] [ip4][..tcp] [.....172.16.0.1][56724] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...250] [ip4][..tcp] [.....172.16.0.1][56724] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...250] [ip4][..tcp] [.....172.16.0.1][56724] -> [..192.168.10.50][...80] - guessed: [...251] [ip4][..tcp] [.....172.16.0.1][56738] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...251] [ip4][..tcp] [.....172.16.0.1][56738] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...251] [ip4][..tcp] [.....172.16.0.1][56738] -> [..192.168.10.50][...80] - guessed: [...252] [ip4][..tcp] [.....172.16.0.1][56764] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...252] [ip4][..tcp] [.....172.16.0.1][56764] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...252] [ip4][..tcp] [.....172.16.0.1][56764] -> [..192.168.10.50][...80] - guessed: [...253] [ip4][..tcp] [.....172.16.0.1][56778] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...253] [ip4][..tcp] [.....172.16.0.1][56778] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...253] [ip4][..tcp] [.....172.16.0.1][56778] -> [..192.168.10.50][...80] new: [...330] [ip4][..tcp] [.....172.16.0.1][58144] -> [..192.168.10.50][...80] new: [...331] [ip4][..tcp] [.....172.16.0.1][58158] -> [..192.168.10.50][...80] @@ -968,17 +968,17 @@ DAEMON-EVENT: [Processed: 4739 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 82 / 334|skipped: 0|!detected: 0|guessed: 242|detection-updates: 0|updates: 0] new: [...335] [ip4][..tcp] [.....172.16.0.1][58238] -> [..192.168.10.50][...80] - guessed: [...254] [ip4][..tcp] [.....172.16.0.1][56792] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...254] [ip4][..tcp] [.....172.16.0.1][56792] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...254] [ip4][..tcp] [.....172.16.0.1][56792] -> [..192.168.10.50][...80] - guessed: [...255] [ip4][..tcp] [.....172.16.0.1][56818] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...255] [ip4][..tcp] [.....172.16.0.1][56818] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...255] [ip4][..tcp] [.....172.16.0.1][56818] -> [..192.168.10.50][...80] - guessed: [...256] [ip4][..tcp] [.....172.16.0.1][56832] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...256] [ip4][..tcp] [.....172.16.0.1][56832] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...256] [ip4][..tcp] [.....172.16.0.1][56832] -> [..192.168.10.50][...80] - guessed: [...257] [ip4][..tcp] [.....172.16.0.1][56858] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...257] [ip4][..tcp] [.....172.16.0.1][56858] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...257] [ip4][..tcp] [.....172.16.0.1][56858] -> [..192.168.10.50][...80] - guessed: [...258] [ip4][..tcp] [.....172.16.0.1][56872] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...258] [ip4][..tcp] [.....172.16.0.1][56872] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...258] [ip4][..tcp] [.....172.16.0.1][56872] -> [..192.168.10.50][...80] - guessed: [...259] [ip4][..tcp] [.....172.16.0.1][56886] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...259] [ip4][..tcp] [.....172.16.0.1][56886] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...259] [ip4][..tcp] [.....172.16.0.1][56886] -> [..192.168.10.50][...80] new: [...336] [ip4][..tcp] [.....172.16.0.1][58252] -> [..192.168.10.50][...80] new: [...337] [ip4][..tcp] [.....172.16.0.1][58278] -> [..192.168.10.50][...80] @@ -986,39 +986,39 @@ new: [...339] [ip4][..tcp] [.....172.16.0.1][58306] -> [..192.168.10.50][...80] new: [...340] [ip4][..tcp] [.....172.16.0.1][58332] -> [..192.168.10.50][...80] new: [...341] [ip4][..tcp] [.....172.16.0.1][58346] -> [..192.168.10.50][...80] - guessed: [...260] [ip4][..tcp] [.....172.16.0.1][56912] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...260] [ip4][..tcp] [.....172.16.0.1][56912] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...260] [ip4][..tcp] [.....172.16.0.1][56912] -> [..192.168.10.50][...80] - guessed: [...261] [ip4][..tcp] [.....172.16.0.1][56926] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...261] [ip4][..tcp] [.....172.16.0.1][56926] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...261] [ip4][..tcp] [.....172.16.0.1][56926] -> [..192.168.10.50][...80] - guessed: [...262] [ip4][..tcp] [.....172.16.0.1][56940] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...262] [ip4][..tcp] [.....172.16.0.1][56940] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...262] [ip4][..tcp] [.....172.16.0.1][56940] -> [..192.168.10.50][...80] - guessed: [...263] [ip4][..tcp] [.....172.16.0.1][56966] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...263] [ip4][..tcp] [.....172.16.0.1][56966] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...263] [ip4][..tcp] [.....172.16.0.1][56966] -> [..192.168.10.50][...80] - guessed: [...264] [ip4][..tcp] [.....172.16.0.1][56980] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...264] [ip4][..tcp] [.....172.16.0.1][56980] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...264] [ip4][..tcp] [.....172.16.0.1][56980] -> [..192.168.10.50][...80] - guessed: [...266] [ip4][..tcp] [.....172.16.0.1][57008] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...266] [ip4][..tcp] [.....172.16.0.1][57008] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...266] [ip4][..tcp] [.....172.16.0.1][57008] -> [..192.168.10.50][...80] end: [...227] [ip4][..tcp] [.....172.16.0.1][56306] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address new: [...342] [ip4][..tcp] [.....172.16.0.1][58360] -> [..192.168.10.50][...80] new: [...343] [ip4][..tcp] [.....172.16.0.1][58386] -> [..192.168.10.50][...80] new: [...344] [ip4][..tcp] [.....172.16.0.1][58400] -> [..192.168.10.50][...80] - detected: [...342] [ip4][..tcp] [.....172.16.0.1][58360] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...342] [ip4][..tcp] [.....172.16.0.1][58360] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...345] [ip4][..tcp] [.....172.16.0.1][58414] -> [..192.168.10.50][...80] new: [...346] [ip4][..tcp] [.....172.16.0.1][58440] -> [..192.168.10.50][...80] new: [...347] [ip4][..tcp] [.....172.16.0.1][58454] -> [..192.168.10.50][...80] - guessed: [...267] [ip4][..tcp] [.....172.16.0.1][57022] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...267] [ip4][..tcp] [.....172.16.0.1][57022] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...267] [ip4][..tcp] [.....172.16.0.1][57022] -> [..192.168.10.50][...80] - guessed: [...268] [ip4][..tcp] [.....172.16.0.1][57036] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...268] [ip4][..tcp] [.....172.16.0.1][57036] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...268] [ip4][..tcp] [.....172.16.0.1][57036] -> [..192.168.10.50][...80] - guessed: [...269] [ip4][..tcp] [.....172.16.0.1][57062] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...269] [ip4][..tcp] [.....172.16.0.1][57062] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...269] [ip4][..tcp] [.....172.16.0.1][57062] -> [..192.168.10.50][...80] - guessed: [...270] [ip4][..tcp] [.....172.16.0.1][57076] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...270] [ip4][..tcp] [.....172.16.0.1][57076] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...270] [ip4][..tcp] [.....172.16.0.1][57076] -> [..192.168.10.50][...80] - guessed: [...271] [ip4][..tcp] [.....172.16.0.1][57090] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...271] [ip4][..tcp] [.....172.16.0.1][57090] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...271] [ip4][..tcp] [.....172.16.0.1][57090] -> [..192.168.10.50][...80] - guessed: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] analyse: [...342] [ip4][..tcp] [.....172.16.0.1][58360] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy @@ -1037,34 +1037,34 @@ new: [...352] [ip4][..tcp] [.....172.16.0.1][58536] -> [..192.168.10.50][...80] new: [...353] [ip4][..tcp] [.....172.16.0.1][58550] -> [..192.168.10.50][...80] new: [...354] [ip4][..tcp] [.....172.16.0.1][58564] -> [..192.168.10.50][...80] - guessed: [...273] [ip4][..tcp] [.....172.16.0.1][57130] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...273] [ip4][..tcp] [.....172.16.0.1][57130] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...273] [ip4][..tcp] [.....172.16.0.1][57130] -> [..192.168.10.50][...80] - guessed: [...274] [ip4][..tcp] [.....172.16.0.1][57144] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...274] [ip4][..tcp] [.....172.16.0.1][57144] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...274] [ip4][..tcp] [.....172.16.0.1][57144] -> [..192.168.10.50][...80] - guessed: [...275] [ip4][..tcp] [.....172.16.0.1][57170] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...275] [ip4][..tcp] [.....172.16.0.1][57170] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...275] [ip4][..tcp] [.....172.16.0.1][57170] -> [..192.168.10.50][...80] - guessed: [...276] [ip4][..tcp] [.....172.16.0.1][57184] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...276] [ip4][..tcp] [.....172.16.0.1][57184] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...276] [ip4][..tcp] [.....172.16.0.1][57184] -> [..192.168.10.50][...80] - guessed: [...277] [ip4][..tcp] [.....172.16.0.1][57210] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...277] [ip4][..tcp] [.....172.16.0.1][57210] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...277] [ip4][..tcp] [.....172.16.0.1][57210] -> [..192.168.10.50][...80] - guessed: [...278] [ip4][..tcp] [.....172.16.0.1][57224] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...278] [ip4][..tcp] [.....172.16.0.1][57224] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...278] [ip4][..tcp] [.....172.16.0.1][57224] -> [..192.168.10.50][...80] new: [...355] [ip4][..tcp] [.....172.16.0.1][58590] -> [..192.168.10.50][...80] new: [...356] [ip4][..tcp] [.....172.16.0.1][58604] -> [..192.168.10.50][...80] new: [...357] [ip4][..tcp] [.....172.16.0.1][58630] -> [..192.168.10.50][...80] new: [...358] [ip4][..tcp] [.....172.16.0.1][58650] -> [..192.168.10.50][...80] new: [...359] [ip4][..tcp] [.....172.16.0.1][58664] -> [..192.168.10.50][...80] - guessed: [...279] [ip4][..tcp] [.....172.16.0.1][57238] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...279] [ip4][..tcp] [.....172.16.0.1][57238] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...279] [ip4][..tcp] [.....172.16.0.1][57238] -> [..192.168.10.50][...80] - guessed: [...280] [ip4][..tcp] [.....172.16.0.1][57264] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...280] [ip4][..tcp] [.....172.16.0.1][57264] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...280] [ip4][..tcp] [.....172.16.0.1][57264] -> [..192.168.10.50][...80] - guessed: [...281] [ip4][..tcp] [.....172.16.0.1][57278] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...281] [ip4][..tcp] [.....172.16.0.1][57278] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...281] [ip4][..tcp] [.....172.16.0.1][57278] -> [..192.168.10.50][...80] - guessed: [...282] [ip4][..tcp] [.....172.16.0.1][57292] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...282] [ip4][..tcp] [.....172.16.0.1][57292] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...282] [ip4][..tcp] [.....172.16.0.1][57292] -> [..192.168.10.50][...80] - guessed: [...283] [ip4][..tcp] [.....172.16.0.1][57318] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...283] [ip4][..tcp] [.....172.16.0.1][57318] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...283] [ip4][..tcp] [.....172.16.0.1][57318] -> [..192.168.10.50][...80] - guessed: [...284] [ip4][..tcp] [.....172.16.0.1][57332] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...284] [ip4][..tcp] [.....172.16.0.1][57332] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...284] [ip4][..tcp] [.....172.16.0.1][57332] -> [..192.168.10.50][...80] new: [...360] [ip4][..tcp] [.....172.16.0.1][58690] -> [..192.168.10.50][...80] new: [...361] [ip4][..tcp] [.....172.16.0.1][58704] -> [..192.168.10.50][...80] @@ -1072,17 +1072,17 @@ new: [...363] [ip4][..tcp] [.....172.16.0.1][58744] -> [..192.168.10.50][...80] new: [...364] [ip4][..tcp] [.....172.16.0.1][58758] -> [..192.168.10.50][...80] new: [...365] [ip4][..tcp] [.....172.16.0.1][58772] -> [..192.168.10.50][...80] - guessed: [...285] [ip4][..tcp] [.....172.16.0.1][57346] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...285] [ip4][..tcp] [.....172.16.0.1][57346] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...285] [ip4][..tcp] [.....172.16.0.1][57346] -> [..192.168.10.50][...80] - guessed: [...286] [ip4][..tcp] [.....172.16.0.1][57372] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...286] [ip4][..tcp] [.....172.16.0.1][57372] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...286] [ip4][..tcp] [.....172.16.0.1][57372] -> [..192.168.10.50][...80] - guessed: [...287] [ip4][..tcp] [.....172.16.0.1][57386] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...287] [ip4][..tcp] [.....172.16.0.1][57386] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...287] [ip4][..tcp] [.....172.16.0.1][57386] -> [..192.168.10.50][...80] - guessed: [...288] [ip4][..tcp] [.....172.16.0.1][57400] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...288] [ip4][..tcp] [.....172.16.0.1][57400] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...288] [ip4][..tcp] [.....172.16.0.1][57400] -> [..192.168.10.50][...80] - guessed: [...289] [ip4][..tcp] [.....172.16.0.1][57426] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...289] [ip4][..tcp] [.....172.16.0.1][57426] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...289] [ip4][..tcp] [.....172.16.0.1][57426] -> [..192.168.10.50][...80] - guessed: [...290] [ip4][..tcp] [.....172.16.0.1][57440] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...290] [ip4][..tcp] [.....172.16.0.1][57440] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...290] [ip4][..tcp] [.....172.16.0.1][57440] -> [..192.168.10.50][...80] new: [...366] [ip4][..tcp] [.....172.16.0.1][58798] -> [..192.168.10.50][...80] new: [...367] [ip4][..tcp] [.....172.16.0.1][58812] -> [..192.168.10.50][...80] @@ -1090,19 +1090,19 @@ new: [...369] [ip4][..tcp] [.....172.16.0.1][58852] -> [..192.168.10.50][...80] new: [...370] [ip4][..tcp] [.....172.16.0.1][58866] -> [..192.168.10.50][...80] new: [...371] [ip4][..tcp] [.....172.16.0.1][58892] -> [..192.168.10.50][...80] - guessed: [...291] [ip4][..tcp] [.....172.16.0.1][57454] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...291] [ip4][..tcp] [.....172.16.0.1][57454] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...291] [ip4][..tcp] [.....172.16.0.1][57454] -> [..192.168.10.50][...80] - guessed: [...292] [ip4][..tcp] [.....172.16.0.1][57480] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...292] [ip4][..tcp] [.....172.16.0.1][57480] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...292] [ip4][..tcp] [.....172.16.0.1][57480] -> [..192.168.10.50][...80] - guessed: [...293] [ip4][..tcp] [.....172.16.0.1][57494] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...293] [ip4][..tcp] [.....172.16.0.1][57494] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...293] [ip4][..tcp] [.....172.16.0.1][57494] -> [..192.168.10.50][...80] - guessed: [...294] [ip4][..tcp] [.....172.16.0.1][57508] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...294] [ip4][..tcp] [.....172.16.0.1][57508] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...294] [ip4][..tcp] [.....172.16.0.1][57508] -> [..192.168.10.50][...80] - guessed: [...295] [ip4][..tcp] [.....172.16.0.1][57522] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...295] [ip4][..tcp] [.....172.16.0.1][57522] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...295] [ip4][..tcp] [.....172.16.0.1][57522] -> [..192.168.10.50][...80] - guessed: [...296] [ip4][..tcp] [.....172.16.0.1][57536] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...296] [ip4][..tcp] [.....172.16.0.1][57536] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...296] [ip4][..tcp] [.....172.16.0.1][57536] -> [..192.168.10.50][...80] - guessed: [...297] [ip4][..tcp] [.....172.16.0.1][57550] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...297] [ip4][..tcp] [.....172.16.0.1][57550] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...297] [ip4][..tcp] [.....172.16.0.1][57550] -> [..192.168.10.50][...80] new: [...372] [ip4][..tcp] [.....172.16.0.1][58906] -> [..192.168.10.50][...80] new: [...373] [ip4][..tcp] [.....172.16.0.1][58920] -> [..192.168.10.50][...80] @@ -1113,33 +1113,33 @@ new: [...378] [ip4][..tcp] [.....172.16.0.1][59002] -> [..192.168.10.50][...80] end: [...265] [ip4][..tcp] [.....172.16.0.1][56994] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address - guessed: [...298] [ip4][..tcp] [.....172.16.0.1][57576] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...298] [ip4][..tcp] [.....172.16.0.1][57576] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...298] [ip4][..tcp] [.....172.16.0.1][57576] -> [..192.168.10.50][...80] - guessed: [...299] [ip4][..tcp] [.....172.16.0.1][57590] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...299] [ip4][..tcp] [.....172.16.0.1][57590] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...299] [ip4][..tcp] [.....172.16.0.1][57590] -> [..192.168.10.50][...80] - guessed: [...300] [ip4][..tcp] [.....172.16.0.1][57604] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...300] [ip4][..tcp] [.....172.16.0.1][57604] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...300] [ip4][..tcp] [.....172.16.0.1][57604] -> [..192.168.10.50][...80] - guessed: [...301] [ip4][..tcp] [.....172.16.0.1][57630] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...301] [ip4][..tcp] [.....172.16.0.1][57630] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...301] [ip4][..tcp] [.....172.16.0.1][57630] -> [..192.168.10.50][...80] - guessed: [...302] [ip4][..tcp] [.....172.16.0.1][57644] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...302] [ip4][..tcp] [.....172.16.0.1][57644] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...302] [ip4][..tcp] [.....172.16.0.1][57644] -> [..192.168.10.50][...80] - guessed: [...303] [ip4][..tcp] [.....172.16.0.1][57658] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...303] [ip4][..tcp] [.....172.16.0.1][57658] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...303] [ip4][..tcp] [.....172.16.0.1][57658] -> [..192.168.10.50][...80] new: [...379] [ip4][..tcp] [.....172.16.0.1][59016] -> [..192.168.10.50][...80] new: [...380] [ip4][..tcp] [.....172.16.0.1][59042] -> [..192.168.10.50][...80] new: [...381] [ip4][..tcp] [.....172.16.0.1][59056] -> [..192.168.10.50][...80] new: [...382] [ip4][..tcp] [.....172.16.0.1][59070] -> [..192.168.10.50][...80] - detected: [...380] [ip4][..tcp] [.....172.16.0.1][59042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...380] [ip4][..tcp] [.....172.16.0.1][59042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...383] [ip4][..tcp] [.....172.16.0.1][59096] -> [..192.168.10.50][...80] new: [...384] [ip4][..tcp] [.....172.16.0.1][59110] -> [..192.168.10.50][...80] - guessed: [...305] [ip4][..tcp] [.....172.16.0.1][57698] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...305] [ip4][..tcp] [.....172.16.0.1][57698] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...305] [ip4][..tcp] [.....172.16.0.1][57698] -> [..192.168.10.50][...80] - guessed: [...306] [ip4][..tcp] [.....172.16.0.1][57712] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...306] [ip4][..tcp] [.....172.16.0.1][57712] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...306] [ip4][..tcp] [.....172.16.0.1][57712] -> [..192.168.10.50][...80] - guessed: [...307] [ip4][..tcp] [.....172.16.0.1][57738] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...307] [ip4][..tcp] [.....172.16.0.1][57738] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...307] [ip4][..tcp] [.....172.16.0.1][57738] -> [..192.168.10.50][...80] - guessed: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80] new: [...385] [ip4][..tcp] [.....172.16.0.1][59124] -> [..192.168.10.50][...80] analyse: [...380] [ip4][..tcp] [.....172.16.0.1][59042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -1158,17 +1158,17 @@ new: [...389] [ip4][..tcp] [.....172.16.0.1][59192] -> [..192.168.10.50][...80] new: [...390] [ip4][..tcp] [.....172.16.0.1][59206] -> [..192.168.10.50][...80] new: [...391] [ip4][..tcp] [.....172.16.0.1][59220] -> [..192.168.10.50][...80] - guessed: [...309] [ip4][..tcp] [.....172.16.0.1][57778] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...309] [ip4][..tcp] [.....172.16.0.1][57778] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...309] [ip4][..tcp] [.....172.16.0.1][57778] -> [..192.168.10.50][...80] - guessed: [...310] [ip4][..tcp] [.....172.16.0.1][57792] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...310] [ip4][..tcp] [.....172.16.0.1][57792] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...310] [ip4][..tcp] [.....172.16.0.1][57792] -> [..192.168.10.50][...80] - guessed: [...311] [ip4][..tcp] [.....172.16.0.1][57806] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...311] [ip4][..tcp] [.....172.16.0.1][57806] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...311] [ip4][..tcp] [.....172.16.0.1][57806] -> [..192.168.10.50][...80] - guessed: [...312] [ip4][..tcp] [.....172.16.0.1][57832] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...312] [ip4][..tcp] [.....172.16.0.1][57832] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...312] [ip4][..tcp] [.....172.16.0.1][57832] -> [..192.168.10.50][...80] - guessed: [...313] [ip4][..tcp] [.....172.16.0.1][57846] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...313] [ip4][..tcp] [.....172.16.0.1][57846] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...313] [ip4][..tcp] [.....172.16.0.1][57846] -> [..192.168.10.50][...80] - guessed: [...314] [ip4][..tcp] [.....172.16.0.1][57860] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...314] [ip4][..tcp] [.....172.16.0.1][57860] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...314] [ip4][..tcp] [.....172.16.0.1][57860] -> [..192.168.10.50][...80] new: [...392] [ip4][..tcp] [.....172.16.0.1][59246] -> [..192.168.10.50][...80] new: [...393] [ip4][..tcp] [.....172.16.0.1][59260] -> [..192.168.10.50][...80] @@ -1176,17 +1176,17 @@ new: [...395] [ip4][..tcp] [.....172.16.0.1][59300] -> [..192.168.10.50][...80] new: [...396] [ip4][..tcp] [.....172.16.0.1][59314] -> [..192.168.10.50][...80] new: [...397] [ip4][..tcp] [.....172.16.0.1][59328] -> [..192.168.10.50][...80] - guessed: [...315] [ip4][..tcp] [.....172.16.0.1][57886] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...315] [ip4][..tcp] [.....172.16.0.1][57886] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...315] [ip4][..tcp] [.....172.16.0.1][57886] -> [..192.168.10.50][...80] - guessed: [...316] [ip4][..tcp] [.....172.16.0.1][57900] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...316] [ip4][..tcp] [.....172.16.0.1][57900] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...316] [ip4][..tcp] [.....172.16.0.1][57900] -> [..192.168.10.50][...80] - guessed: [...317] [ip4][..tcp] [.....172.16.0.1][57914] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...317] [ip4][..tcp] [.....172.16.0.1][57914] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...317] [ip4][..tcp] [.....172.16.0.1][57914] -> [..192.168.10.50][...80] - guessed: [...318] [ip4][..tcp] [.....172.16.0.1][57940] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...318] [ip4][..tcp] [.....172.16.0.1][57940] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...318] [ip4][..tcp] [.....172.16.0.1][57940] -> [..192.168.10.50][...80] - guessed: [...319] [ip4][..tcp] [.....172.16.0.1][57954] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...319] [ip4][..tcp] [.....172.16.0.1][57954] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...319] [ip4][..tcp] [.....172.16.0.1][57954] -> [..192.168.10.50][...80] - guessed: [...320] [ip4][..tcp] [.....172.16.0.1][57980] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...320] [ip4][..tcp] [.....172.16.0.1][57980] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...320] [ip4][..tcp] [.....172.16.0.1][57980] -> [..192.168.10.50][...80] new: [...398] [ip4][..tcp] [.....172.16.0.1][59354] -> [..192.168.10.50][...80] new: [...399] [ip4][..tcp] [.....172.16.0.1][59368] -> [..192.168.10.50][...80] @@ -1194,36 +1194,36 @@ new: [...401] [ip4][..tcp] [.....172.16.0.1][59408] -> [..192.168.10.50][...80] new: [...402] [ip4][..tcp] [.....172.16.0.1][59422] -> [..192.168.10.50][...80] new: [...403] [ip4][..tcp] [.....172.16.0.1][59436] -> [..192.168.10.50][...80] - guessed: [...321] [ip4][..tcp] [.....172.16.0.1][57994] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...321] [ip4][..tcp] [.....172.16.0.1][57994] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...321] [ip4][..tcp] [.....172.16.0.1][57994] -> [..192.168.10.50][...80] - guessed: [...322] [ip4][..tcp] [.....172.16.0.1][58008] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...322] [ip4][..tcp] [.....172.16.0.1][58008] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...322] [ip4][..tcp] [.....172.16.0.1][58008] -> [..192.168.10.50][...80] - guessed: [...323] [ip4][..tcp] [.....172.16.0.1][58034] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...323] [ip4][..tcp] [.....172.16.0.1][58034] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...323] [ip4][..tcp] [.....172.16.0.1][58034] -> [..192.168.10.50][...80] - guessed: [...324] [ip4][..tcp] [.....172.16.0.1][58048] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...324] [ip4][..tcp] [.....172.16.0.1][58048] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...324] [ip4][..tcp] [.....172.16.0.1][58048] -> [..192.168.10.50][...80] - guessed: [...325] [ip4][..tcp] [.....172.16.0.1][58062] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...325] [ip4][..tcp] [.....172.16.0.1][58062] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...325] [ip4][..tcp] [.....172.16.0.1][58062] -> [..192.168.10.50][...80] - guessed: [...326] [ip4][..tcp] [.....172.16.0.1][58088] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...326] [ip4][..tcp] [.....172.16.0.1][58088] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...326] [ip4][..tcp] [.....172.16.0.1][58088] -> [..192.168.10.50][...80] new: [...404] [ip4][..tcp] [.....172.16.0.1][59462] -> [..192.168.10.50][...80] new: [...405] [ip4][..tcp] [.....172.16.0.1][59476] -> [..192.168.10.50][...80] new: [...406] [ip4][..tcp] [.....172.16.0.1][59502] -> [..192.168.10.50][...80] new: [...407] [ip4][..tcp] [.....172.16.0.1][59516] -> [..192.168.10.50][...80] new: [...408] [ip4][..tcp] [.....172.16.0.1][59530] -> [..192.168.10.50][...80] - guessed: [...327] [ip4][..tcp] [.....172.16.0.1][58102] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...327] [ip4][..tcp] [.....172.16.0.1][58102] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...327] [ip4][..tcp] [.....172.16.0.1][58102] -> [..192.168.10.50][...80] - guessed: [...328] [ip4][..tcp] [.....172.16.0.1][58116] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...328] [ip4][..tcp] [.....172.16.0.1][58116] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...328] [ip4][..tcp] [.....172.16.0.1][58116] -> [..192.168.10.50][...80] - guessed: [...329] [ip4][..tcp] [.....172.16.0.1][58130] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...329] [ip4][..tcp] [.....172.16.0.1][58130] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...329] [ip4][..tcp] [.....172.16.0.1][58130] -> [..192.168.10.50][...80] - guessed: [...330] [ip4][..tcp] [.....172.16.0.1][58144] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...330] [ip4][..tcp] [.....172.16.0.1][58144] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...330] [ip4][..tcp] [.....172.16.0.1][58144] -> [..192.168.10.50][...80] - guessed: [...331] [ip4][..tcp] [.....172.16.0.1][58158] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...331] [ip4][..tcp] [.....172.16.0.1][58158] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...331] [ip4][..tcp] [.....172.16.0.1][58158] -> [..192.168.10.50][...80] - guessed: [...332] [ip4][..tcp] [.....172.16.0.1][58184] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...332] [ip4][..tcp] [.....172.16.0.1][58184] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...332] [ip4][..tcp] [.....172.16.0.1][58184] -> [..192.168.10.50][...80] - guessed: [...333] [ip4][..tcp] [.....172.16.0.1][58198] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...333] [ip4][..tcp] [.....172.16.0.1][58198] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...333] [ip4][..tcp] [.....172.16.0.1][58198] -> [..192.168.10.50][...80] new: [...409] [ip4][..tcp] [.....172.16.0.1][59556] -> [..192.168.10.50][...80] new: [...410] [ip4][..tcp] [.....172.16.0.1][59570] -> [..192.168.10.50][...80] @@ -1231,17 +1231,17 @@ new: [...412] [ip4][..tcp] [.....172.16.0.1][59610] -> [..192.168.10.50][...80] new: [...413] [ip4][..tcp] [.....172.16.0.1][59624] -> [..192.168.10.50][...80] new: [...414] [ip4][..tcp] [.....172.16.0.1][59650] -> [..192.168.10.50][...80] - guessed: [...334] [ip4][..tcp] [.....172.16.0.1][58224] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...334] [ip4][..tcp] [.....172.16.0.1][58224] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...334] [ip4][..tcp] [.....172.16.0.1][58224] -> [..192.168.10.50][...80] - guessed: [...335] [ip4][..tcp] [.....172.16.0.1][58238] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...335] [ip4][..tcp] [.....172.16.0.1][58238] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...335] [ip4][..tcp] [.....172.16.0.1][58238] -> [..192.168.10.50][...80] - guessed: [...336] [ip4][..tcp] [.....172.16.0.1][58252] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...336] [ip4][..tcp] [.....172.16.0.1][58252] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...336] [ip4][..tcp] [.....172.16.0.1][58252] -> [..192.168.10.50][...80] - guessed: [...337] [ip4][..tcp] [.....172.16.0.1][58278] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...337] [ip4][..tcp] [.....172.16.0.1][58278] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...337] [ip4][..tcp] [.....172.16.0.1][58278] -> [..192.168.10.50][...80] - guessed: [...338] [ip4][..tcp] [.....172.16.0.1][58292] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...338] [ip4][..tcp] [.....172.16.0.1][58292] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...338] [ip4][..tcp] [.....172.16.0.1][58292] -> [..192.168.10.50][...80] - guessed: [...339] [ip4][..tcp] [.....172.16.0.1][58306] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...339] [ip4][..tcp] [.....172.16.0.1][58306] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...339] [ip4][..tcp] [.....172.16.0.1][58306] -> [..192.168.10.50][...80] new: [...415] [ip4][..tcp] [.....172.16.0.1][59664] -> [..192.168.10.50][...80] new: [...416] [ip4][..tcp] [.....172.16.0.1][59678] -> [..192.168.10.50][...80] @@ -1251,18 +1251,18 @@ new: [...420] [ip4][..tcp] [.....172.16.0.1][59758] -> [..192.168.10.50][...80] end: [...304] [ip4][..tcp] [.....172.16.0.1][57684] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address - guessed: [...340] [ip4][..tcp] [.....172.16.0.1][58332] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...340] [ip4][..tcp] [.....172.16.0.1][58332] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...340] [ip4][..tcp] [.....172.16.0.1][58332] -> [..192.168.10.50][...80] - guessed: [...341] [ip4][..tcp] [.....172.16.0.1][58346] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...341] [ip4][..tcp] [.....172.16.0.1][58346] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...341] [ip4][..tcp] [.....172.16.0.1][58346] -> [..192.168.10.50][...80] - guessed: [...343] [ip4][..tcp] [.....172.16.0.1][58386] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...343] [ip4][..tcp] [.....172.16.0.1][58386] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...343] [ip4][..tcp] [.....172.16.0.1][58386] -> [..192.168.10.50][...80] - guessed: [...344] [ip4][..tcp] [.....172.16.0.1][58400] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...344] [ip4][..tcp] [.....172.16.0.1][58400] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...344] [ip4][..tcp] [.....172.16.0.1][58400] -> [..192.168.10.50][...80] - guessed: [...345] [ip4][..tcp] [.....172.16.0.1][58414] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...345] [ip4][..tcp] [.....172.16.0.1][58414] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...345] [ip4][..tcp] [.....172.16.0.1][58414] -> [..192.168.10.50][...80] new: [...421] [ip4][..tcp] [.....172.16.0.1][59772] -> [..192.168.10.50][...80] - detected: [...419] [ip4][..tcp] [.....172.16.0.1][59732] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...419] [ip4][..tcp] [.....172.16.0.1][59732] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...422] [ip4][..tcp] [.....172.16.0.1][59786] -> [..192.168.10.50][...80] new: [...423] [ip4][..tcp] [.....172.16.0.1][59812] -> [..192.168.10.50][...80] @@ -1279,17 +1279,17 @@ [ENTROPIES...: 4.6,5.1,4.9,6.0,4.9,7.8,4.9,5.9,7.7,5.0,6.0,7.8,4.8,5.9,7.7,4.9,6.0,7.8,4.8,5.9,7.7,4.9,6.0,7.8,4.8,5.9,7.7,4.9,6.0,7.8,4.9,5.9] new: [...425] [ip4][..tcp] [.....172.16.0.1][59852] -> [..192.168.10.50][...80] new: [...426] [ip4][..tcp] [.....172.16.0.1][59866] -> [..192.168.10.50][...80] - guessed: [...346] [ip4][..tcp] [.....172.16.0.1][58440] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...346] [ip4][..tcp] [.....172.16.0.1][58440] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...346] [ip4][..tcp] [.....172.16.0.1][58440] -> [..192.168.10.50][...80] - guessed: [...347] [ip4][..tcp] [.....172.16.0.1][58454] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...347] [ip4][..tcp] [.....172.16.0.1][58454] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...347] [ip4][..tcp] [.....172.16.0.1][58454] -> [..192.168.10.50][...80] - guessed: [...348] [ip4][..tcp] [.....172.16.0.1][58468] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...348] [ip4][..tcp] [.....172.16.0.1][58468] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...348] [ip4][..tcp] [.....172.16.0.1][58468] -> [..192.168.10.50][...80] - guessed: [...349] [ip4][..tcp] [.....172.16.0.1][58482] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...349] [ip4][..tcp] [.....172.16.0.1][58482] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...349] [ip4][..tcp] [.....172.16.0.1][58482] -> [..192.168.10.50][...80] - guessed: [...350] [ip4][..tcp] [.....172.16.0.1][58496] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...350] [ip4][..tcp] [.....172.16.0.1][58496] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...350] [ip4][..tcp] [.....172.16.0.1][58496] -> [..192.168.10.50][...80] - guessed: [...351] [ip4][..tcp] [.....172.16.0.1][58510] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...351] [ip4][..tcp] [.....172.16.0.1][58510] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...351] [ip4][..tcp] [.....172.16.0.1][58510] -> [..192.168.10.50][...80] new: [...427] [ip4][..tcp] [.....172.16.0.1][59880] -> [..192.168.10.50][...80] new: [...428] [ip4][..tcp] [.....172.16.0.1][59906] -> [..192.168.10.50][...80] @@ -1297,17 +1297,17 @@ new: [...430] [ip4][..tcp] [.....172.16.0.1][59934] -> [..192.168.10.50][...80] new: [...431] [ip4][..tcp] [.....172.16.0.1][59960] -> [..192.168.10.50][...80] new: [...432] [ip4][..tcp] [.....172.16.0.1][59974] -> [..192.168.10.50][...80] - guessed: [...352] [ip4][..tcp] [.....172.16.0.1][58536] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...352] [ip4][..tcp] [.....172.16.0.1][58536] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...352] [ip4][..tcp] [.....172.16.0.1][58536] -> [..192.168.10.50][...80] - guessed: [...353] [ip4][..tcp] [.....172.16.0.1][58550] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...353] [ip4][..tcp] [.....172.16.0.1][58550] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...353] [ip4][..tcp] [.....172.16.0.1][58550] -> [..192.168.10.50][...80] - guessed: [...354] [ip4][..tcp] [.....172.16.0.1][58564] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...354] [ip4][..tcp] [.....172.16.0.1][58564] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...354] [ip4][..tcp] [.....172.16.0.1][58564] -> [..192.168.10.50][...80] - guessed: [...355] [ip4][..tcp] [.....172.16.0.1][58590] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...355] [ip4][..tcp] [.....172.16.0.1][58590] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...355] [ip4][..tcp] [.....172.16.0.1][58590] -> [..192.168.10.50][...80] - guessed: [...356] [ip4][..tcp] [.....172.16.0.1][58604] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...356] [ip4][..tcp] [.....172.16.0.1][58604] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...356] [ip4][..tcp] [.....172.16.0.1][58604] -> [..192.168.10.50][...80] - guessed: [...357] [ip4][..tcp] [.....172.16.0.1][58630] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...357] [ip4][..tcp] [.....172.16.0.1][58630] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...357] [ip4][..tcp] [.....172.16.0.1][58630] -> [..192.168.10.50][...80] new: [...433] [ip4][..tcp] [.....172.16.0.1][59988] -> [..192.168.10.50][...80] new: [...434] [ip4][..tcp] [.....172.16.0.1][60014] -> [..192.168.10.50][...80] @@ -1315,17 +1315,17 @@ new: [...436] [ip4][..tcp] [.....172.16.0.1][60042] -> [..192.168.10.50][...80] new: [...437] [ip4][..tcp] [.....172.16.0.1][60056] -> [..192.168.10.50][...80] new: [...438] [ip4][..tcp] [.....172.16.0.1][60084] -> [..192.168.10.50][...80] - guessed: [...358] [ip4][..tcp] [.....172.16.0.1][58650] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...358] [ip4][..tcp] [.....172.16.0.1][58650] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...358] [ip4][..tcp] [.....172.16.0.1][58650] -> [..192.168.10.50][...80] - guessed: [...359] [ip4][..tcp] [.....172.16.0.1][58664] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...359] [ip4][..tcp] [.....172.16.0.1][58664] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...359] [ip4][..tcp] [.....172.16.0.1][58664] -> [..192.168.10.50][...80] - guessed: [...360] [ip4][..tcp] [.....172.16.0.1][58690] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...360] [ip4][..tcp] [.....172.16.0.1][58690] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...360] [ip4][..tcp] [.....172.16.0.1][58690] -> [..192.168.10.50][...80] - guessed: [...361] [ip4][..tcp] [.....172.16.0.1][58704] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...361] [ip4][..tcp] [.....172.16.0.1][58704] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...361] [ip4][..tcp] [.....172.16.0.1][58704] -> [..192.168.10.50][...80] - guessed: [...362] [ip4][..tcp] [.....172.16.0.1][58718] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...362] [ip4][..tcp] [.....172.16.0.1][58718] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...362] [ip4][..tcp] [.....172.16.0.1][58718] -> [..192.168.10.50][...80] - guessed: [...363] [ip4][..tcp] [.....172.16.0.1][58744] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...363] [ip4][..tcp] [.....172.16.0.1][58744] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...363] [ip4][..tcp] [.....172.16.0.1][58744] -> [..192.168.10.50][...80] new: [...439] [ip4][..tcp] [.....172.16.0.1][60134] -> [..192.168.10.50][...80] new: [...440] [ip4][..tcp] [.....172.16.0.1][60136] -> [..192.168.10.50][...80] @@ -1333,19 +1333,19 @@ new: [...442] [ip4][..tcp] [.....172.16.0.1][60180] -> [..192.168.10.50][...80] new: [...443] [ip4][..tcp] [.....172.16.0.1][60194] -> [..192.168.10.50][...80] new: [...444] [ip4][..tcp] [.....172.16.0.1][60220] -> [..192.168.10.50][...80] - guessed: [...364] [ip4][..tcp] [.....172.16.0.1][58758] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...364] [ip4][..tcp] [.....172.16.0.1][58758] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...364] [ip4][..tcp] [.....172.16.0.1][58758] -> [..192.168.10.50][...80] - guessed: [...365] [ip4][..tcp] [.....172.16.0.1][58772] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...365] [ip4][..tcp] [.....172.16.0.1][58772] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...365] [ip4][..tcp] [.....172.16.0.1][58772] -> [..192.168.10.50][...80] - guessed: [...366] [ip4][..tcp] [.....172.16.0.1][58798] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...366] [ip4][..tcp] [.....172.16.0.1][58798] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...366] [ip4][..tcp] [.....172.16.0.1][58798] -> [..192.168.10.50][...80] - guessed: [...367] [ip4][..tcp] [.....172.16.0.1][58812] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...367] [ip4][..tcp] [.....172.16.0.1][58812] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...367] [ip4][..tcp] [.....172.16.0.1][58812] -> [..192.168.10.50][...80] - guessed: [...368] [ip4][..tcp] [.....172.16.0.1][58838] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...368] [ip4][..tcp] [.....172.16.0.1][58838] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...368] [ip4][..tcp] [.....172.16.0.1][58838] -> [..192.168.10.50][...80] - guessed: [...369] [ip4][..tcp] [.....172.16.0.1][58852] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...369] [ip4][..tcp] [.....172.16.0.1][58852] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...369] [ip4][..tcp] [.....172.16.0.1][58852] -> [..192.168.10.50][...80] - guessed: [...370] [ip4][..tcp] [.....172.16.0.1][58866] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...370] [ip4][..tcp] [.....172.16.0.1][58866] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...370] [ip4][..tcp] [.....172.16.0.1][58866] -> [..192.168.10.50][...80] new: [...445] [ip4][..tcp] [.....172.16.0.1][60234] -> [..192.168.10.50][...80] new: [...446] [ip4][..tcp] [.....172.16.0.1][60260] -> [..192.168.10.50][...80] @@ -1353,17 +1353,17 @@ new: [...448] [ip4][..tcp] [.....172.16.0.1][60288] -> [..192.168.10.50][...80] new: [...449] [ip4][..tcp] [.....172.16.0.1][60314] -> [..192.168.10.50][...80] new: [...450] [ip4][..tcp] [.....172.16.0.1][60328] -> [..192.168.10.50][...80] - guessed: [...374] [ip4][..tcp] [.....172.16.0.1][58946] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...374] [ip4][..tcp] [.....172.16.0.1][58946] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...374] [ip4][..tcp] [.....172.16.0.1][58946] -> [..192.168.10.50][...80] - guessed: [...375] [ip4][..tcp] [.....172.16.0.1][58960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...375] [ip4][..tcp] [.....172.16.0.1][58960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...375] [ip4][..tcp] [.....172.16.0.1][58960] -> [..192.168.10.50][...80] - guessed: [...376] [ip4][..tcp] [.....172.16.0.1][58974] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...376] [ip4][..tcp] [.....172.16.0.1][58974] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...376] [ip4][..tcp] [.....172.16.0.1][58974] -> [..192.168.10.50][...80] - guessed: [...371] [ip4][..tcp] [.....172.16.0.1][58892] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...371] [ip4][..tcp] [.....172.16.0.1][58892] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...371] [ip4][..tcp] [.....172.16.0.1][58892] -> [..192.168.10.50][...80] - guessed: [...372] [ip4][..tcp] [.....172.16.0.1][58906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...372] [ip4][..tcp] [.....172.16.0.1][58906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...372] [ip4][..tcp] [.....172.16.0.1][58906] -> [..192.168.10.50][...80] - guessed: [...373] [ip4][..tcp] [.....172.16.0.1][58920] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...373] [ip4][..tcp] [.....172.16.0.1][58920] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...373] [ip4][..tcp] [.....172.16.0.1][58920] -> [..192.168.10.50][...80] new: [...451] [ip4][..tcp] [.....172.16.0.1][60342] -> [..192.168.10.50][...80] new: [...452] [ip4][..tcp] [.....172.16.0.1][60356] -> [..192.168.10.50][...80] @@ -1372,38 +1372,38 @@ new: [...455] [ip4][..tcp] [.....172.16.0.1][60410] -> [..192.168.10.50][...80] new: [...456] [ip4][..tcp] [.....172.16.0.1][60424] -> [..192.168.10.50][...80] new: [...457] [ip4][..tcp] [.....172.16.0.1][60438] -> [..192.168.10.50][...80] - guessed: [...377] [ip4][..tcp] [.....172.16.0.1][58988] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...377] [ip4][..tcp] [.....172.16.0.1][58988] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...377] [ip4][..tcp] [.....172.16.0.1][58988] -> [..192.168.10.50][...80] - guessed: [...378] [ip4][..tcp] [.....172.16.0.1][59002] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...378] [ip4][..tcp] [.....172.16.0.1][59002] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...378] [ip4][..tcp] [.....172.16.0.1][59002] -> [..192.168.10.50][...80] - guessed: [...379] [ip4][..tcp] [.....172.16.0.1][59016] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...379] [ip4][..tcp] [.....172.16.0.1][59016] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...379] [ip4][..tcp] [.....172.16.0.1][59016] -> [..192.168.10.50][...80] - guessed: [...381] [ip4][..tcp] [.....172.16.0.1][59056] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...381] [ip4][..tcp] [.....172.16.0.1][59056] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...381] [ip4][..tcp] [.....172.16.0.1][59056] -> [..192.168.10.50][...80] - guessed: [...382] [ip4][..tcp] [.....172.16.0.1][59070] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...382] [ip4][..tcp] [.....172.16.0.1][59070] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...382] [ip4][..tcp] [.....172.16.0.1][59070] -> [..192.168.10.50][...80] end: [...342] [ip4][..tcp] [.....172.16.0.1][58360] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address new: [...458] [ip4][..tcp] [.....172.16.0.1][60464] -> [..192.168.10.50][...80] new: [...459] [ip4][..tcp] [.....172.16.0.1][60478] -> [..192.168.10.50][...80] - detected: [...458] [ip4][..tcp] [.....172.16.0.1][60464] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...458] [ip4][..tcp] [.....172.16.0.1][60464] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...460] [ip4][..tcp] [.....172.16.0.1][60504] -> [..192.168.10.50][...80] new: [...461] [ip4][..tcp] [.....172.16.0.1][60518] -> [..192.168.10.50][...80] new: [...462] [ip4][..tcp] [.....172.16.0.1][60532] -> [..192.168.10.50][...80] - guessed: [...383] [ip4][..tcp] [.....172.16.0.1][59096] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...383] [ip4][..tcp] [.....172.16.0.1][59096] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...383] [ip4][..tcp] [.....172.16.0.1][59096] -> [..192.168.10.50][...80] - guessed: [...384] [ip4][..tcp] [.....172.16.0.1][59110] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...384] [ip4][..tcp] [.....172.16.0.1][59110] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...384] [ip4][..tcp] [.....172.16.0.1][59110] -> [..192.168.10.50][...80] - guessed: [...385] [ip4][..tcp] [.....172.16.0.1][59124] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...385] [ip4][..tcp] [.....172.16.0.1][59124] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...385] [ip4][..tcp] [.....172.16.0.1][59124] -> [..192.168.10.50][...80] - guessed: [...386] [ip4][..tcp] [.....172.16.0.1][59150] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...386] [ip4][..tcp] [.....172.16.0.1][59150] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...386] [ip4][..tcp] [.....172.16.0.1][59150] -> [..192.168.10.50][...80] - guessed: [...387] [ip4][..tcp] [.....172.16.0.1][59164] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...387] [ip4][..tcp] [.....172.16.0.1][59164] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...387] [ip4][..tcp] [.....172.16.0.1][59164] -> [..192.168.10.50][...80] - guessed: [...388] [ip4][..tcp] [.....172.16.0.1][59178] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...388] [ip4][..tcp] [.....172.16.0.1][59178] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...388] [ip4][..tcp] [.....172.16.0.1][59178] -> [..192.168.10.50][...80] - guessed: [...389] [ip4][..tcp] [.....172.16.0.1][59192] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...389] [ip4][..tcp] [.....172.16.0.1][59192] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...389] [ip4][..tcp] [.....172.16.0.1][59192] -> [..192.168.10.50][...80] new: [...463] [ip4][..tcp] [.....172.16.0.1][60558] -> [..192.168.10.50][...80] analyse: [...458] [ip4][..tcp] [.....172.16.0.1][60464] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] @@ -1421,19 +1421,19 @@ new: [...466] [ip4][..tcp] [.....172.16.0.1][60612] -> [..192.168.10.50][...80] new: [...467] [ip4][..tcp] [.....172.16.0.1][60626] -> [..192.168.10.50][...80] new: [...468] [ip4][..tcp] [.....172.16.0.1][60652] -> [..192.168.10.50][...80] - guessed: [...390] [ip4][..tcp] [.....172.16.0.1][59206] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...390] [ip4][..tcp] [.....172.16.0.1][59206] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...390] [ip4][..tcp] [.....172.16.0.1][59206] -> [..192.168.10.50][...80] - guessed: [...391] [ip4][..tcp] [.....172.16.0.1][59220] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...391] [ip4][..tcp] [.....172.16.0.1][59220] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...391] [ip4][..tcp] [.....172.16.0.1][59220] -> [..192.168.10.50][...80] - guessed: [...392] [ip4][..tcp] [.....172.16.0.1][59246] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...392] [ip4][..tcp] [.....172.16.0.1][59246] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...392] [ip4][..tcp] [.....172.16.0.1][59246] -> [..192.168.10.50][...80] - guessed: [...393] [ip4][..tcp] [.....172.16.0.1][59260] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...393] [ip4][..tcp] [.....172.16.0.1][59260] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...393] [ip4][..tcp] [.....172.16.0.1][59260] -> [..192.168.10.50][...80] - guessed: [...394] [ip4][..tcp] [.....172.16.0.1][59274] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...394] [ip4][..tcp] [.....172.16.0.1][59274] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...394] [ip4][..tcp] [.....172.16.0.1][59274] -> [..192.168.10.50][...80] - guessed: [...395] [ip4][..tcp] [.....172.16.0.1][59300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...395] [ip4][..tcp] [.....172.16.0.1][59300] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...395] [ip4][..tcp] [.....172.16.0.1][59300] -> [..192.168.10.50][...80] - guessed: [...396] [ip4][..tcp] [.....172.16.0.1][59314] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...396] [ip4][..tcp] [.....172.16.0.1][59314] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...396] [ip4][..tcp] [.....172.16.0.1][59314] -> [..192.168.10.50][...80] new: [...469] [ip4][..tcp] [.....172.16.0.1][60666] -> [..192.168.10.50][...80] new: [...470] [ip4][..tcp] [.....172.16.0.1][60692] -> [..192.168.10.50][...80] @@ -1442,34 +1442,34 @@ new: [...473] [ip4][..tcp] [.....172.16.0.1][60734] -> [..192.168.10.50][...80] new: [...474] [ip4][..tcp] [.....172.16.0.1][60748] -> [..192.168.10.50][...80] new: [...475] [ip4][..tcp] [.....172.16.0.1][60762] -> [..192.168.10.50][...80] - guessed: [...397] [ip4][..tcp] [.....172.16.0.1][59328] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...397] [ip4][..tcp] [.....172.16.0.1][59328] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...397] [ip4][..tcp] [.....172.16.0.1][59328] -> [..192.168.10.50][...80] - guessed: [...398] [ip4][..tcp] [.....172.16.0.1][59354] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...398] [ip4][..tcp] [.....172.16.0.1][59354] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...398] [ip4][..tcp] [.....172.16.0.1][59354] -> [..192.168.10.50][...80] - guessed: [...399] [ip4][..tcp] [.....172.16.0.1][59368] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...399] [ip4][..tcp] [.....172.16.0.1][59368] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...399] [ip4][..tcp] [.....172.16.0.1][59368] -> [..192.168.10.50][...80] - guessed: [...400] [ip4][..tcp] [.....172.16.0.1][59382] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...400] [ip4][..tcp] [.....172.16.0.1][59382] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...400] [ip4][..tcp] [.....172.16.0.1][59382] -> [..192.168.10.50][...80] - guessed: [...401] [ip4][..tcp] [.....172.16.0.1][59408] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...401] [ip4][..tcp] [.....172.16.0.1][59408] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...401] [ip4][..tcp] [.....172.16.0.1][59408] -> [..192.168.10.50][...80] - guessed: [...402] [ip4][..tcp] [.....172.16.0.1][59422] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...402] [ip4][..tcp] [.....172.16.0.1][59422] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...402] [ip4][..tcp] [.....172.16.0.1][59422] -> [..192.168.10.50][...80] new: [...476] [ip4][..tcp] [.....172.16.0.1][60788] -> [..192.168.10.50][...80] new: [...477] [ip4][..tcp] [.....172.16.0.1][60802] -> [..192.168.10.50][...80] new: [...478] [ip4][..tcp] [.....172.16.0.1][60816] -> [..192.168.10.50][...80] new: [...479] [ip4][..tcp] [.....172.16.0.1][60842] -> [..192.168.10.50][...80] new: [...480] [ip4][..tcp] [.....172.16.0.1][60856] -> [..192.168.10.50][...80] - guessed: [...403] [ip4][..tcp] [.....172.16.0.1][59436] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...403] [ip4][..tcp] [.....172.16.0.1][59436] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...403] [ip4][..tcp] [.....172.16.0.1][59436] -> [..192.168.10.50][...80] - guessed: [...404] [ip4][..tcp] [.....172.16.0.1][59462] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...404] [ip4][..tcp] [.....172.16.0.1][59462] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...404] [ip4][..tcp] [.....172.16.0.1][59462] -> [..192.168.10.50][...80] - guessed: [...405] [ip4][..tcp] [.....172.16.0.1][59476] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...405] [ip4][..tcp] [.....172.16.0.1][59476] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...405] [ip4][..tcp] [.....172.16.0.1][59476] -> [..192.168.10.50][...80] - guessed: [...406] [ip4][..tcp] [.....172.16.0.1][59502] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...406] [ip4][..tcp] [.....172.16.0.1][59502] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...406] [ip4][..tcp] [.....172.16.0.1][59502] -> [..192.168.10.50][...80] - guessed: [...407] [ip4][..tcp] [.....172.16.0.1][59516] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...407] [ip4][..tcp] [.....172.16.0.1][59516] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...407] [ip4][..tcp] [.....172.16.0.1][59516] -> [..192.168.10.50][...80] - guessed: [...408] [ip4][..tcp] [.....172.16.0.1][59530] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...408] [ip4][..tcp] [.....172.16.0.1][59530] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...408] [ip4][..tcp] [.....172.16.0.1][59530] -> [..192.168.10.50][...80] new: [...481] [ip4][..tcp] [.....172.16.0.1][60882] -> [..192.168.10.50][...80] new: [...482] [ip4][..tcp] [.....172.16.0.1][60896] -> [..192.168.10.50][...80] @@ -1477,15 +1477,15 @@ new: [...484] [ip4][..tcp] [.....172.16.0.1][60936] -> [..192.168.10.50][...80] new: [...485] [ip4][..tcp] [.....172.16.0.1][60950] -> [..192.168.10.50][...80] new: [...486] [ip4][..tcp] [.....172.16.0.1][60976] -> [..192.168.10.50][...80] - guessed: [...409] [ip4][..tcp] [.....172.16.0.1][59556] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...409] [ip4][..tcp] [.....172.16.0.1][59556] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...409] [ip4][..tcp] [.....172.16.0.1][59556] -> [..192.168.10.50][...80] - guessed: [...410] [ip4][..tcp] [.....172.16.0.1][59570] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...410] [ip4][..tcp] [.....172.16.0.1][59570] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...410] [ip4][..tcp] [.....172.16.0.1][59570] -> [..192.168.10.50][...80] - guessed: [...411] [ip4][..tcp] [.....172.16.0.1][59584] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...411] [ip4][..tcp] [.....172.16.0.1][59584] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...411] [ip4][..tcp] [.....172.16.0.1][59584] -> [..192.168.10.50][...80] - guessed: [...412] [ip4][..tcp] [.....172.16.0.1][59610] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...412] [ip4][..tcp] [.....172.16.0.1][59610] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...412] [ip4][..tcp] [.....172.16.0.1][59610] -> [..192.168.10.50][...80] - guessed: [...413] [ip4][..tcp] [.....172.16.0.1][59624] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...413] [ip4][..tcp] [.....172.16.0.1][59624] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...413] [ip4][..tcp] [.....172.16.0.1][59624] -> [..192.168.10.50][...80] new: [...487] [ip4][..tcp] [.....172.16.0.1][60990] -> [..192.168.10.50][...80] new: [...488] [ip4][..tcp] [.....172.16.0.1][32784] -> [..192.168.10.50][...80] @@ -1495,33 +1495,33 @@ new: [...492] [ip4][..tcp] [.....172.16.0.1][32852] -> [..192.168.10.50][...80] end: [...380] [ip4][..tcp] [.....172.16.0.1][59042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address - guessed: [...414] [ip4][..tcp] [.....172.16.0.1][59650] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...414] [ip4][..tcp] [.....172.16.0.1][59650] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...414] [ip4][..tcp] [.....172.16.0.1][59650] -> [..192.168.10.50][...80] - guessed: [...415] [ip4][..tcp] [.....172.16.0.1][59664] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...415] [ip4][..tcp] [.....172.16.0.1][59664] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...415] [ip4][..tcp] [.....172.16.0.1][59664] -> [..192.168.10.50][...80] - guessed: [...416] [ip4][..tcp] [.....172.16.0.1][59678] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...416] [ip4][..tcp] [.....172.16.0.1][59678] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...416] [ip4][..tcp] [.....172.16.0.1][59678] -> [..192.168.10.50][...80] - guessed: [...417] [ip4][..tcp] [.....172.16.0.1][59704] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...417] [ip4][..tcp] [.....172.16.0.1][59704] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...417] [ip4][..tcp] [.....172.16.0.1][59704] -> [..192.168.10.50][...80] - guessed: [...418] [ip4][..tcp] [.....172.16.0.1][59718] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...418] [ip4][..tcp] [.....172.16.0.1][59718] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...418] [ip4][..tcp] [.....172.16.0.1][59718] -> [..192.168.10.50][...80] new: [...493] [ip4][..tcp] [.....172.16.0.1][32878] -> [..192.168.10.50][...80] new: [...494] [ip4][..tcp] [.....172.16.0.1][32892] -> [..192.168.10.50][...80] new: [...495] [ip4][..tcp] [.....172.16.0.1][32906] -> [..192.168.10.50][...80] new: [...496] [ip4][..tcp] [.....172.16.0.1][32932] -> [..192.168.10.50][...80] new: [...497] [ip4][..tcp] [.....172.16.0.1][32946] -> [..192.168.10.50][...80] - detected: [...495] [ip4][..tcp] [.....172.16.0.1][32906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...495] [ip4][..tcp] [.....172.16.0.1][32906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...498] [ip4][..tcp] [.....172.16.0.1][32960] -> [..192.168.10.50][...80] - guessed: [...420] [ip4][..tcp] [.....172.16.0.1][59758] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...420] [ip4][..tcp] [.....172.16.0.1][59758] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...420] [ip4][..tcp] [.....172.16.0.1][59758] -> [..192.168.10.50][...80] - guessed: [...421] [ip4][..tcp] [.....172.16.0.1][59772] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...421] [ip4][..tcp] [.....172.16.0.1][59772] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...421] [ip4][..tcp] [.....172.16.0.1][59772] -> [..192.168.10.50][...80] - guessed: [...422] [ip4][..tcp] [.....172.16.0.1][59786] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...422] [ip4][..tcp] [.....172.16.0.1][59786] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...422] [ip4][..tcp] [.....172.16.0.1][59786] -> [..192.168.10.50][...80] - guessed: [...423] [ip4][..tcp] [.....172.16.0.1][59812] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...423] [ip4][..tcp] [.....172.16.0.1][59812] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...423] [ip4][..tcp] [.....172.16.0.1][59812] -> [..192.168.10.50][...80] - guessed: [...424] [ip4][..tcp] [.....172.16.0.1][59826] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...424] [ip4][..tcp] [.....172.16.0.1][59826] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...424] [ip4][..tcp] [.....172.16.0.1][59826] -> [..192.168.10.50][...80] new: [...499] [ip4][..tcp] [.....172.16.0.1][32974] -> [..192.168.10.50][...80] new: [...500] [ip4][..tcp] [.....172.16.0.1][32988] -> [..192.168.10.50][...80] @@ -1539,19 +1539,19 @@ new: [...502] [ip4][..tcp] [.....172.16.0.1][33028] -> [..192.168.10.50][...80] new: [...503] [ip4][..tcp] [.....172.16.0.1][33042] -> [..192.168.10.50][...80] new: [...504] [ip4][..tcp] [.....172.16.0.1][33068] -> [..192.168.10.50][...80] - guessed: [...425] [ip4][..tcp] [.....172.16.0.1][59852] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...425] [ip4][..tcp] [.....172.16.0.1][59852] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...425] [ip4][..tcp] [.....172.16.0.1][59852] -> [..192.168.10.50][...80] - guessed: [...426] [ip4][..tcp] [.....172.16.0.1][59866] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...426] [ip4][..tcp] [.....172.16.0.1][59866] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...426] [ip4][..tcp] [.....172.16.0.1][59866] -> [..192.168.10.50][...80] - guessed: [...427] [ip4][..tcp] [.....172.16.0.1][59880] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...427] [ip4][..tcp] [.....172.16.0.1][59880] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...427] [ip4][..tcp] [.....172.16.0.1][59880] -> [..192.168.10.50][...80] - guessed: [...428] [ip4][..tcp] [.....172.16.0.1][59906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...428] [ip4][..tcp] [.....172.16.0.1][59906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...428] [ip4][..tcp] [.....172.16.0.1][59906] -> [..192.168.10.50][...80] - guessed: [...429] [ip4][..tcp] [.....172.16.0.1][59920] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...429] [ip4][..tcp] [.....172.16.0.1][59920] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...429] [ip4][..tcp] [.....172.16.0.1][59920] -> [..192.168.10.50][...80] - guessed: [...430] [ip4][..tcp] [.....172.16.0.1][59934] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...430] [ip4][..tcp] [.....172.16.0.1][59934] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...430] [ip4][..tcp] [.....172.16.0.1][59934] -> [..192.168.10.50][...80] - guessed: [...431] [ip4][..tcp] [.....172.16.0.1][59960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...431] [ip4][..tcp] [.....172.16.0.1][59960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...431] [ip4][..tcp] [.....172.16.0.1][59960] -> [..192.168.10.50][...80] new: [...505] [ip4][..tcp] [.....172.16.0.1][33082] -> [..192.168.10.50][...80] new: [...506] [ip4][..tcp] [.....172.16.0.1][33096] -> [..192.168.10.50][...80] @@ -1559,34 +1559,34 @@ new: [...508] [ip4][..tcp] [.....172.16.0.1][33136] -> [..192.168.10.50][...80] new: [...509] [ip4][..tcp] [.....172.16.0.1][33162] -> [..192.168.10.50][...80] new: [...510] [ip4][..tcp] [.....172.16.0.1][33176] -> [..192.168.10.50][...80] - guessed: [...432] [ip4][..tcp] [.....172.16.0.1][59974] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...432] [ip4][..tcp] [.....172.16.0.1][59974] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...432] [ip4][..tcp] [.....172.16.0.1][59974] -> [..192.168.10.50][...80] - guessed: [...433] [ip4][..tcp] [.....172.16.0.1][59988] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...433] [ip4][..tcp] [.....172.16.0.1][59988] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...433] [ip4][..tcp] [.....172.16.0.1][59988] -> [..192.168.10.50][...80] - guessed: [...434] [ip4][..tcp] [.....172.16.0.1][60014] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...434] [ip4][..tcp] [.....172.16.0.1][60014] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...434] [ip4][..tcp] [.....172.16.0.1][60014] -> [..192.168.10.50][...80] - guessed: [...435] [ip4][..tcp] [.....172.16.0.1][60028] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...435] [ip4][..tcp] [.....172.16.0.1][60028] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...435] [ip4][..tcp] [.....172.16.0.1][60028] -> [..192.168.10.50][...80] - guessed: [...436] [ip4][..tcp] [.....172.16.0.1][60042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...436] [ip4][..tcp] [.....172.16.0.1][60042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...436] [ip4][..tcp] [.....172.16.0.1][60042] -> [..192.168.10.50][...80] - guessed: [...437] [ip4][..tcp] [.....172.16.0.1][60056] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...437] [ip4][..tcp] [.....172.16.0.1][60056] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...437] [ip4][..tcp] [.....172.16.0.1][60056] -> [..192.168.10.50][...80] new: [...511] [ip4][..tcp] [.....172.16.0.1][33202] -> [..192.168.10.50][...80] new: [...512] [ip4][..tcp] [.....172.16.0.1][33216] -> [..192.168.10.50][...80] new: [...513] [ip4][..tcp] [.....172.16.0.1][33230] -> [..192.168.10.50][...80] new: [...514] [ip4][..tcp] [.....172.16.0.1][33256] -> [..192.168.10.50][...80] new: [...515] [ip4][..tcp] [.....172.16.0.1][33270] -> [..192.168.10.50][...80] - guessed: [...438] [ip4][..tcp] [.....172.16.0.1][60084] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...438] [ip4][..tcp] [.....172.16.0.1][60084] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...438] [ip4][..tcp] [.....172.16.0.1][60084] -> [..192.168.10.50][...80] - guessed: [...439] [ip4][..tcp] [.....172.16.0.1][60134] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...439] [ip4][..tcp] [.....172.16.0.1][60134] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...439] [ip4][..tcp] [.....172.16.0.1][60134] -> [..192.168.10.50][...80] - guessed: [...440] [ip4][..tcp] [.....172.16.0.1][60136] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...440] [ip4][..tcp] [.....172.16.0.1][60136] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...440] [ip4][..tcp] [.....172.16.0.1][60136] -> [..192.168.10.50][...80] - guessed: [...441] [ip4][..tcp] [.....172.16.0.1][60154] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...441] [ip4][..tcp] [.....172.16.0.1][60154] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...441] [ip4][..tcp] [.....172.16.0.1][60154] -> [..192.168.10.50][...80] - guessed: [...442] [ip4][..tcp] [.....172.16.0.1][60180] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...442] [ip4][..tcp] [.....172.16.0.1][60180] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...442] [ip4][..tcp] [.....172.16.0.1][60180] -> [..192.168.10.50][...80] - guessed: [...443] [ip4][..tcp] [.....172.16.0.1][60194] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...443] [ip4][..tcp] [.....172.16.0.1][60194] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...443] [ip4][..tcp] [.....172.16.0.1][60194] -> [..192.168.10.50][...80] new: [...516] [ip4][..tcp] [.....172.16.0.1][33296] -> [..192.168.10.50][...80] new: [...517] [ip4][..tcp] [.....172.16.0.1][33310] -> [..192.168.10.50][...80] @@ -1594,15 +1594,15 @@ new: [...519] [ip4][..tcp] [.....172.16.0.1][33350] -> [..192.168.10.50][...80] new: [...520] [ip4][..tcp] [.....172.16.0.1][33364] -> [..192.168.10.50][...80] new: [...521] [ip4][..tcp] [.....172.16.0.1][33378] -> [..192.168.10.50][...80] - guessed: [...444] [ip4][..tcp] [.....172.16.0.1][60220] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...444] [ip4][..tcp] [.....172.16.0.1][60220] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...444] [ip4][..tcp] [.....172.16.0.1][60220] -> [..192.168.10.50][...80] - guessed: [...445] [ip4][..tcp] [.....172.16.0.1][60234] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...445] [ip4][..tcp] [.....172.16.0.1][60234] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...445] [ip4][..tcp] [.....172.16.0.1][60234] -> [..192.168.10.50][...80] - guessed: [...446] [ip4][..tcp] [.....172.16.0.1][60260] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...446] [ip4][..tcp] [.....172.16.0.1][60260] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...446] [ip4][..tcp] [.....172.16.0.1][60260] -> [..192.168.10.50][...80] - guessed: [...447] [ip4][..tcp] [.....172.16.0.1][60274] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...447] [ip4][..tcp] [.....172.16.0.1][60274] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...447] [ip4][..tcp] [.....172.16.0.1][60274] -> [..192.168.10.50][...80] - guessed: [...448] [ip4][..tcp] [.....172.16.0.1][60288] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...448] [ip4][..tcp] [.....172.16.0.1][60288] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...448] [ip4][..tcp] [.....172.16.0.1][60288] -> [..192.168.10.50][...80] new: [...522] [ip4][..tcp] [.....172.16.0.1][33404] -> [..192.168.10.50][...80] new: [...523] [ip4][..tcp] [.....172.16.0.1][33418] -> [..192.168.10.50][...80] @@ -1611,21 +1611,21 @@ new: [...526] [ip4][..tcp] [.....172.16.0.1][33472] -> [..192.168.10.50][...80] new: [...527] [ip4][..tcp] [.....172.16.0.1][33486] -> [..192.168.10.50][...80] new: [...528] [ip4][..tcp] [.....172.16.0.1][33500] -> [..192.168.10.50][...80] - guessed: [...449] [ip4][..tcp] [.....172.16.0.1][60314] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...449] [ip4][..tcp] [.....172.16.0.1][60314] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...449] [ip4][..tcp] [.....172.16.0.1][60314] -> [..192.168.10.50][...80] - guessed: [...450] [ip4][..tcp] [.....172.16.0.1][60328] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...450] [ip4][..tcp] [.....172.16.0.1][60328] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...450] [ip4][..tcp] [.....172.16.0.1][60328] -> [..192.168.10.50][...80] - guessed: [...451] [ip4][..tcp] [.....172.16.0.1][60342] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...451] [ip4][..tcp] [.....172.16.0.1][60342] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...451] [ip4][..tcp] [.....172.16.0.1][60342] -> [..192.168.10.50][...80] - guessed: [...452] [ip4][..tcp] [.....172.16.0.1][60356] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...452] [ip4][..tcp] [.....172.16.0.1][60356] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...452] [ip4][..tcp] [.....172.16.0.1][60356] -> [..192.168.10.50][...80] - guessed: [...453] [ip4][..tcp] [.....172.16.0.1][60370] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...453] [ip4][..tcp] [.....172.16.0.1][60370] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...453] [ip4][..tcp] [.....172.16.0.1][60370] -> [..192.168.10.50][...80] - guessed: [...454] [ip4][..tcp] [.....172.16.0.1][60384] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...454] [ip4][..tcp] [.....172.16.0.1][60384] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...454] [ip4][..tcp] [.....172.16.0.1][60384] -> [..192.168.10.50][...80] - guessed: [...455] [ip4][..tcp] [.....172.16.0.1][60410] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...455] [ip4][..tcp] [.....172.16.0.1][60410] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...455] [ip4][..tcp] [.....172.16.0.1][60410] -> [..192.168.10.50][...80] - guessed: [...456] [ip4][..tcp] [.....172.16.0.1][60424] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...456] [ip4][..tcp] [.....172.16.0.1][60424] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...456] [ip4][..tcp] [.....172.16.0.1][60424] -> [..192.168.10.50][...80] new: [...529] [ip4][..tcp] [.....172.16.0.1][33526] -> [..192.168.10.50][...80] new: [...530] [ip4][..tcp] [.....172.16.0.1][33540] -> [..192.168.10.50][...80] @@ -1635,17 +1635,17 @@ new: [...534] [ip4][..tcp] [.....172.16.0.1][33608] -> [..192.168.10.50][...80] end: [...419] [ip4][..tcp] [.....172.16.0.1][59732] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address - guessed: [...457] [ip4][..tcp] [.....172.16.0.1][60438] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...457] [ip4][..tcp] [.....172.16.0.1][60438] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...457] [ip4][..tcp] [.....172.16.0.1][60438] -> [..192.168.10.50][...80] - guessed: [...459] [ip4][..tcp] [.....172.16.0.1][60478] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...459] [ip4][..tcp] [.....172.16.0.1][60478] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...459] [ip4][..tcp] [.....172.16.0.1][60478] -> [..192.168.10.50][...80] - guessed: [...460] [ip4][..tcp] [.....172.16.0.1][60504] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...460] [ip4][..tcp] [.....172.16.0.1][60504] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...460] [ip4][..tcp] [.....172.16.0.1][60504] -> [..192.168.10.50][...80] - guessed: [...461] [ip4][..tcp] [.....172.16.0.1][60518] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...461] [ip4][..tcp] [.....172.16.0.1][60518] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...461] [ip4][..tcp] [.....172.16.0.1][60518] -> [..192.168.10.50][...80] - guessed: [...462] [ip4][..tcp] [.....172.16.0.1][60532] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...462] [ip4][..tcp] [.....172.16.0.1][60532] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...462] [ip4][..tcp] [.....172.16.0.1][60532] -> [..192.168.10.50][...80] - detected: [...532] [ip4][..tcp] [.....172.16.0.1][33580] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...532] [ip4][..tcp] [.....172.16.0.1][33580] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...535] [ip4][..tcp] [.....172.16.0.1][33634] -> [..192.168.10.50][...80] new: [...536] [ip4][..tcp] [.....172.16.0.1][33648] -> [..192.168.10.50][...80] @@ -1662,15 +1662,15 @@ [ENTROPIES...: 4.6,5.1,4.9,5.9,4.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,5.0,6.0] new: [...538] [ip4][..tcp] [.....172.16.0.1][33688] -> [..192.168.10.50][...80] new: [...539] [ip4][..tcp] [.....172.16.0.1][33702] -> [..192.168.10.50][...80] - guessed: [...463] [ip4][..tcp] [.....172.16.0.1][60558] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...463] [ip4][..tcp] [.....172.16.0.1][60558] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...463] [ip4][..tcp] [.....172.16.0.1][60558] -> [..192.168.10.50][...80] - guessed: [...464] [ip4][..tcp] [.....172.16.0.1][60572] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...464] [ip4][..tcp] [.....172.16.0.1][60572] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...464] [ip4][..tcp] [.....172.16.0.1][60572] -> [..192.168.10.50][...80] - guessed: [...465] [ip4][..tcp] [.....172.16.0.1][60598] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...465] [ip4][..tcp] [.....172.16.0.1][60598] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...465] [ip4][..tcp] [.....172.16.0.1][60598] -> [..192.168.10.50][...80] - guessed: [...466] [ip4][..tcp] [.....172.16.0.1][60612] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...466] [ip4][..tcp] [.....172.16.0.1][60612] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...466] [ip4][..tcp] [.....172.16.0.1][60612] -> [..192.168.10.50][...80] - guessed: [...467] [ip4][..tcp] [.....172.16.0.1][60626] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...467] [ip4][..tcp] [.....172.16.0.1][60626] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...467] [ip4][..tcp] [.....172.16.0.1][60626] -> [..192.168.10.50][...80] new: [...540] [ip4][..tcp] [.....172.16.0.1][33728] -> [..192.168.10.50][...80] new: [...541] [ip4][..tcp] [.....172.16.0.1][33742] -> [..192.168.10.50][...80] @@ -1678,19 +1678,19 @@ new: [...543] [ip4][..tcp] [.....172.16.0.1][33782] -> [..192.168.10.50][...80] new: [...544] [ip4][..tcp] [.....172.16.0.1][33808] -> [..192.168.10.50][...80] new: [...545] [ip4][..tcp] [.....172.16.0.1][33822] -> [..192.168.10.50][...80] - guessed: [...468] [ip4][..tcp] [.....172.16.0.1][60652] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...468] [ip4][..tcp] [.....172.16.0.1][60652] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...468] [ip4][..tcp] [.....172.16.0.1][60652] -> [..192.168.10.50][...80] - guessed: [...469] [ip4][..tcp] [.....172.16.0.1][60666] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...469] [ip4][..tcp] [.....172.16.0.1][60666] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...469] [ip4][..tcp] [.....172.16.0.1][60666] -> [..192.168.10.50][...80] - guessed: [...470] [ip4][..tcp] [.....172.16.0.1][60692] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...470] [ip4][..tcp] [.....172.16.0.1][60692] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...470] [ip4][..tcp] [.....172.16.0.1][60692] -> [..192.168.10.50][...80] - guessed: [...471] [ip4][..tcp] [.....172.16.0.1][60706] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...471] [ip4][..tcp] [.....172.16.0.1][60706] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...471] [ip4][..tcp] [.....172.16.0.1][60706] -> [..192.168.10.50][...80] - guessed: [...472] [ip4][..tcp] [.....172.16.0.1][60720] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...472] [ip4][..tcp] [.....172.16.0.1][60720] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...472] [ip4][..tcp] [.....172.16.0.1][60720] -> [..192.168.10.50][...80] - guessed: [...473] [ip4][..tcp] [.....172.16.0.1][60734] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...473] [ip4][..tcp] [.....172.16.0.1][60734] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...473] [ip4][..tcp] [.....172.16.0.1][60734] -> [..192.168.10.50][...80] - guessed: [...474] [ip4][..tcp] [.....172.16.0.1][60748] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...474] [ip4][..tcp] [.....172.16.0.1][60748] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...474] [ip4][..tcp] [.....172.16.0.1][60748] -> [..192.168.10.50][...80] new: [...546] [ip4][..tcp] [.....172.16.0.1][33836] -> [..192.168.10.50][...80] new: [...547] [ip4][..tcp] [.....172.16.0.1][33862] -> [..192.168.10.50][...80] @@ -1698,32 +1698,32 @@ new: [...549] [ip4][..tcp] [.....172.16.0.1][33902] -> [..192.168.10.50][...80] new: [...550] [ip4][..tcp] [.....172.16.0.1][33916] -> [..192.168.10.50][...80] new: [...551] [ip4][..tcp] [.....172.16.0.1][33930] -> [..192.168.10.50][...80] - guessed: [...475] [ip4][..tcp] [.....172.16.0.1][60762] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...475] [ip4][..tcp] [.....172.16.0.1][60762] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...475] [ip4][..tcp] [.....172.16.0.1][60762] -> [..192.168.10.50][...80] - guessed: [...476] [ip4][..tcp] [.....172.16.0.1][60788] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...476] [ip4][..tcp] [.....172.16.0.1][60788] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...476] [ip4][..tcp] [.....172.16.0.1][60788] -> [..192.168.10.50][...80] - guessed: [...477] [ip4][..tcp] [.....172.16.0.1][60802] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...477] [ip4][..tcp] [.....172.16.0.1][60802] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...477] [ip4][..tcp] [.....172.16.0.1][60802] -> [..192.168.10.50][...80] - guessed: [...478] [ip4][..tcp] [.....172.16.0.1][60816] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...478] [ip4][..tcp] [.....172.16.0.1][60816] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...478] [ip4][..tcp] [.....172.16.0.1][60816] -> [..192.168.10.50][...80] - guessed: [...479] [ip4][..tcp] [.....172.16.0.1][60842] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...479] [ip4][..tcp] [.....172.16.0.1][60842] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...479] [ip4][..tcp] [.....172.16.0.1][60842] -> [..192.168.10.50][...80] - guessed: [...480] [ip4][..tcp] [.....172.16.0.1][60856] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...480] [ip4][..tcp] [.....172.16.0.1][60856] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...480] [ip4][..tcp] [.....172.16.0.1][60856] -> [..192.168.10.50][...80] new: [...552] [ip4][..tcp] [.....172.16.0.1][33956] -> [..192.168.10.50][...80] new: [...553] [ip4][..tcp] [.....172.16.0.1][33970] -> [..192.168.10.50][...80] new: [...554] [ip4][..tcp] [.....172.16.0.1][33996] -> [..192.168.10.50][...80] new: [...555] [ip4][..tcp] [.....172.16.0.1][34010] -> [..192.168.10.50][...80] new: [...556] [ip4][..tcp] [.....172.16.0.1][34024] -> [..192.168.10.50][...80] - guessed: [...481] [ip4][..tcp] [.....172.16.0.1][60882] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...481] [ip4][..tcp] [.....172.16.0.1][60882] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...481] [ip4][..tcp] [.....172.16.0.1][60882] -> [..192.168.10.50][...80] - guessed: [...482] [ip4][..tcp] [.....172.16.0.1][60896] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...482] [ip4][..tcp] [.....172.16.0.1][60896] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...482] [ip4][..tcp] [.....172.16.0.1][60896] -> [..192.168.10.50][...80] - guessed: [...483] [ip4][..tcp] [.....172.16.0.1][60922] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...483] [ip4][..tcp] [.....172.16.0.1][60922] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...483] [ip4][..tcp] [.....172.16.0.1][60922] -> [..192.168.10.50][...80] - guessed: [...484] [ip4][..tcp] [.....172.16.0.1][60936] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...484] [ip4][..tcp] [.....172.16.0.1][60936] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...484] [ip4][..tcp] [.....172.16.0.1][60936] -> [..192.168.10.50][...80] - guessed: [...485] [ip4][..tcp] [.....172.16.0.1][60950] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...485] [ip4][..tcp] [.....172.16.0.1][60950] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...485] [ip4][..tcp] [.....172.16.0.1][60950] -> [..192.168.10.50][...80] new: [...557] [ip4][..tcp] [.....172.16.0.1][34050] -> [..192.168.10.50][...80] new: [...558] [ip4][..tcp] [.....172.16.0.1][34064] -> [..192.168.10.50][...80] @@ -1731,17 +1731,17 @@ new: [...560] [ip4][..tcp] [.....172.16.0.1][34104] -> [..192.168.10.50][...80] new: [...561] [ip4][..tcp] [.....172.16.0.1][34118] -> [..192.168.10.50][...80] new: [...562] [ip4][..tcp] [.....172.16.0.1][34144] -> [..192.168.10.50][...80] - guessed: [...487] [ip4][..tcp] [.....172.16.0.1][60990] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...487] [ip4][..tcp] [.....172.16.0.1][60990] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...487] [ip4][..tcp] [.....172.16.0.1][60990] -> [..192.168.10.50][...80] - guessed: [...488] [ip4][..tcp] [.....172.16.0.1][32784] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...488] [ip4][..tcp] [.....172.16.0.1][32784] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...488] [ip4][..tcp] [.....172.16.0.1][32784] -> [..192.168.10.50][...80] - guessed: [...489] [ip4][..tcp] [.....172.16.0.1][32798] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...489] [ip4][..tcp] [.....172.16.0.1][32798] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...489] [ip4][..tcp] [.....172.16.0.1][32798] -> [..192.168.10.50][...80] - guessed: [...490] [ip4][..tcp] [.....172.16.0.1][32812] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...490] [ip4][..tcp] [.....172.16.0.1][32812] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...490] [ip4][..tcp] [.....172.16.0.1][32812] -> [..192.168.10.50][...80] - guessed: [...491] [ip4][..tcp] [.....172.16.0.1][32838] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...491] [ip4][..tcp] [.....172.16.0.1][32838] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...491] [ip4][..tcp] [.....172.16.0.1][32838] -> [..192.168.10.50][...80] - guessed: [...486] [ip4][..tcp] [.....172.16.0.1][60976] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...486] [ip4][..tcp] [.....172.16.0.1][60976] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...486] [ip4][..tcp] [.....172.16.0.1][60976] -> [..192.168.10.50][...80] new: [...563] [ip4][..tcp] [.....172.16.0.1][34158] -> [..192.168.10.50][...80] new: [...564] [ip4][..tcp] [.....172.16.0.1][34184] -> [..192.168.10.50][...80] @@ -1749,21 +1749,21 @@ new: [...566] [ip4][..tcp] [.....172.16.0.1][34224] -> [..192.168.10.50][...80] new: [...567] [ip4][..tcp] [.....172.16.0.1][34238] -> [..192.168.10.50][...80] new: [...568] [ip4][..tcp] [.....172.16.0.1][34252] -> [..192.168.10.50][...80] - guessed: [...492] [ip4][..tcp] [.....172.16.0.1][32852] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...492] [ip4][..tcp] [.....172.16.0.1][32852] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...492] [ip4][..tcp] [.....172.16.0.1][32852] -> [..192.168.10.50][...80] - guessed: [...493] [ip4][..tcp] [.....172.16.0.1][32878] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...493] [ip4][..tcp] [.....172.16.0.1][32878] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...493] [ip4][..tcp] [.....172.16.0.1][32878] -> [..192.168.10.50][...80] - guessed: [...494] [ip4][..tcp] [.....172.16.0.1][32892] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...494] [ip4][..tcp] [.....172.16.0.1][32892] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...494] [ip4][..tcp] [.....172.16.0.1][32892] -> [..192.168.10.50][...80] - guessed: [...496] [ip4][..tcp] [.....172.16.0.1][32932] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...496] [ip4][..tcp] [.....172.16.0.1][32932] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...496] [ip4][..tcp] [.....172.16.0.1][32932] -> [..192.168.10.50][...80] - guessed: [...497] [ip4][..tcp] [.....172.16.0.1][32946] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...497] [ip4][..tcp] [.....172.16.0.1][32946] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...497] [ip4][..tcp] [.....172.16.0.1][32946] -> [..192.168.10.50][...80] end: [...458] [ip4][..tcp] [.....172.16.0.1][60464] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address new: [...569] [ip4][..tcp] [.....172.16.0.1][34278] -> [..192.168.10.50][...80] new: [...570] [ip4][..tcp] [.....172.16.0.1][34292] -> [..192.168.10.50][...80] - detected: [...569] [ip4][..tcp] [.....172.16.0.1][34278] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...569] [ip4][..tcp] [.....172.16.0.1][34278] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...571] [ip4][..tcp] [.....172.16.0.1][34318] -> [..192.168.10.50][...80] new: [...572] [ip4][..tcp] [.....172.16.0.1][34332] -> [..192.168.10.50][...80] @@ -1778,17 +1778,17 @@ [IATS(ms)....: 0.2,0.7,2587.7,2588.4,3.7,4.5,1020.5,1024.9,4.4,244.7,248.4,3.7,1042.3,1047.0,4.6,242.3,246.0,3.7,1031.2,1034.9,3.7,241.4,245.1,3.6,0.5,1025.2,1029.3,3.8,251.3,255.5,4.2] [PKTLENS.....: 60,60,52,637,52,1918,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,52,435,1822,52,637,1918,52] [ENTROPIES...: 4.6,5.0,5.0,6.0,4.9,7.8,4.9,5.9,7.7,4.9,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9,7.7,4.9,6.0,7.8,4.9,4.9,5.9,7.7,4.8,6.0,7.7,4.9] - guessed: [...498] [ip4][..tcp] [.....172.16.0.1][32960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...498] [ip4][..tcp] [.....172.16.0.1][32960] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...498] [ip4][..tcp] [.....172.16.0.1][32960] -> [..192.168.10.50][...80] - guessed: [...499] [ip4][..tcp] [.....172.16.0.1][32974] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...499] [ip4][..tcp] [.....172.16.0.1][32974] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...499] [ip4][..tcp] [.....172.16.0.1][32974] -> [..192.168.10.50][...80] - guessed: [...500] [ip4][..tcp] [.....172.16.0.1][32988] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...500] [ip4][..tcp] [.....172.16.0.1][32988] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...500] [ip4][..tcp] [.....172.16.0.1][32988] -> [..192.168.10.50][...80] - guessed: [...501] [ip4][..tcp] [.....172.16.0.1][33002] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...501] [ip4][..tcp] [.....172.16.0.1][33002] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...501] [ip4][..tcp] [.....172.16.0.1][33002] -> [..192.168.10.50][...80] - guessed: [...502] [ip4][..tcp] [.....172.16.0.1][33028] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...502] [ip4][..tcp] [.....172.16.0.1][33028] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...502] [ip4][..tcp] [.....172.16.0.1][33028] -> [..192.168.10.50][...80] - guessed: [...503] [ip4][..tcp] [.....172.16.0.1][33042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...503] [ip4][..tcp] [.....172.16.0.1][33042] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...503] [ip4][..tcp] [.....172.16.0.1][33042] -> [..192.168.10.50][...80] new: [...574] [ip4][..tcp] [.....172.16.0.1][34372] -> [..192.168.10.50][...80] new: [...575] [ip4][..tcp] [.....172.16.0.1][34386] -> [..192.168.10.50][...80] @@ -1796,17 +1796,17 @@ new: [...577] [ip4][..tcp] [.....172.16.0.1][34426] -> [..192.168.10.50][...80] new: [...578] [ip4][..tcp] [.....172.16.0.1][34440] -> [..192.168.10.50][...80] new: [...579] [ip4][..tcp] [.....172.16.0.1][34466] -> [..192.168.10.50][...80] - guessed: [...504] [ip4][..tcp] [.....172.16.0.1][33068] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...504] [ip4][..tcp] [.....172.16.0.1][33068] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...504] [ip4][..tcp] [.....172.16.0.1][33068] -> [..192.168.10.50][...80] - guessed: [...505] [ip4][..tcp] [.....172.16.0.1][33082] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...505] [ip4][..tcp] [.....172.16.0.1][33082] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...505] [ip4][..tcp] [.....172.16.0.1][33082] -> [..192.168.10.50][...80] - guessed: [...506] [ip4][..tcp] [.....172.16.0.1][33096] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...506] [ip4][..tcp] [.....172.16.0.1][33096] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...506] [ip4][..tcp] [.....172.16.0.1][33096] -> [..192.168.10.50][...80] - guessed: [...507] [ip4][..tcp] [.....172.16.0.1][33122] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...507] [ip4][..tcp] [.....172.16.0.1][33122] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...507] [ip4][..tcp] [.....172.16.0.1][33122] -> [..192.168.10.50][...80] - guessed: [...508] [ip4][..tcp] [.....172.16.0.1][33136] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...508] [ip4][..tcp] [.....172.16.0.1][33136] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...508] [ip4][..tcp] [.....172.16.0.1][33136] -> [..192.168.10.50][...80] - guessed: [...509] [ip4][..tcp] [.....172.16.0.1][33162] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...509] [ip4][..tcp] [.....172.16.0.1][33162] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...509] [ip4][..tcp] [.....172.16.0.1][33162] -> [..192.168.10.50][...80] new: [...580] [ip4][..tcp] [.....172.16.0.1][34480] -> [..192.168.10.50][...80] new: [...581] [ip4][..tcp] [.....172.16.0.1][34506] -> [..192.168.10.50][...80] @@ -1815,34 +1815,34 @@ new: [...584] [ip4][..tcp] [.....172.16.0.1][34548] -> [..192.168.10.50][...80] new: [...585] [ip4][..tcp] [.....172.16.0.1][34562] -> [..192.168.10.50][...80] new: [...586] [ip4][..tcp] [.....172.16.0.1][34576] -> [..192.168.10.50][...80] - guessed: [...510] [ip4][..tcp] [.....172.16.0.1][33176] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...510] [ip4][..tcp] [.....172.16.0.1][33176] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...510] [ip4][..tcp] [.....172.16.0.1][33176] -> [..192.168.10.50][...80] - guessed: [...511] [ip4][..tcp] [.....172.16.0.1][33202] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...511] [ip4][..tcp] [.....172.16.0.1][33202] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...511] [ip4][..tcp] [.....172.16.0.1][33202] -> [..192.168.10.50][...80] - guessed: [...512] [ip4][..tcp] [.....172.16.0.1][33216] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...512] [ip4][..tcp] [.....172.16.0.1][33216] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...512] [ip4][..tcp] [.....172.16.0.1][33216] -> [..192.168.10.50][...80] - guessed: [...513] [ip4][..tcp] [.....172.16.0.1][33230] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...513] [ip4][..tcp] [.....172.16.0.1][33230] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...513] [ip4][..tcp] [.....172.16.0.1][33230] -> [..192.168.10.50][...80] - guessed: [...514] [ip4][..tcp] [.....172.16.0.1][33256] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...514] [ip4][..tcp] [.....172.16.0.1][33256] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...514] [ip4][..tcp] [.....172.16.0.1][33256] -> [..192.168.10.50][...80] - guessed: [...515] [ip4][..tcp] [.....172.16.0.1][33270] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...515] [ip4][..tcp] [.....172.16.0.1][33270] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...515] [ip4][..tcp] [.....172.16.0.1][33270] -> [..192.168.10.50][...80] new: [...587] [ip4][..tcp] [.....172.16.0.1][34602] -> [..192.168.10.50][...80] new: [...588] [ip4][..tcp] [.....172.16.0.1][34616] -> [..192.168.10.50][...80] new: [...589] [ip4][..tcp] [.....172.16.0.1][34642] -> [..192.168.10.50][...80] new: [...590] [ip4][..tcp] [.....172.16.0.1][34656] -> [..192.168.10.50][...80] new: [...591] [ip4][..tcp] [.....172.16.0.1][34670] -> [..192.168.10.50][...80] - guessed: [...516] [ip4][..tcp] [.....172.16.0.1][33296] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...516] [ip4][..tcp] [.....172.16.0.1][33296] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...516] [ip4][..tcp] [.....172.16.0.1][33296] -> [..192.168.10.50][...80] - guessed: [...517] [ip4][..tcp] [.....172.16.0.1][33310] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...517] [ip4][..tcp] [.....172.16.0.1][33310] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...517] [ip4][..tcp] [.....172.16.0.1][33310] -> [..192.168.10.50][...80] - guessed: [...518] [ip4][..tcp] [.....172.16.0.1][33324] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...518] [ip4][..tcp] [.....172.16.0.1][33324] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...518] [ip4][..tcp] [.....172.16.0.1][33324] -> [..192.168.10.50][...80] - guessed: [...519] [ip4][..tcp] [.....172.16.0.1][33350] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...519] [ip4][..tcp] [.....172.16.0.1][33350] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...519] [ip4][..tcp] [.....172.16.0.1][33350] -> [..192.168.10.50][...80] - guessed: [...520] [ip4][..tcp] [.....172.16.0.1][33364] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...520] [ip4][..tcp] [.....172.16.0.1][33364] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...520] [ip4][..tcp] [.....172.16.0.1][33364] -> [..192.168.10.50][...80] - guessed: [...521] [ip4][..tcp] [.....172.16.0.1][33378] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...521] [ip4][..tcp] [.....172.16.0.1][33378] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...521] [ip4][..tcp] [.....172.16.0.1][33378] -> [..192.168.10.50][...80] new: [...592] [ip4][..tcp] [.....172.16.0.1][34696] -> [..192.168.10.50][...80] new: [...593] [ip4][..tcp] [.....172.16.0.1][34710] -> [..192.168.10.50][...80] @@ -1851,17 +1851,17 @@ new: [...596] [ip4][..tcp] [.....172.16.0.1][34752] -> [..192.168.10.50][...80] new: [...597] [ip4][..tcp] [.....172.16.0.1][34766] -> [..192.168.10.50][...80] new: [...598] [ip4][..tcp] [.....172.16.0.1][34792] -> [..192.168.10.50][...80] - guessed: [...522] [ip4][..tcp] [.....172.16.0.1][33404] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...522] [ip4][..tcp] [.....172.16.0.1][33404] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...522] [ip4][..tcp] [.....172.16.0.1][33404] -> [..192.168.10.50][...80] - guessed: [...523] [ip4][..tcp] [.....172.16.0.1][33418] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...523] [ip4][..tcp] [.....172.16.0.1][33418] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...523] [ip4][..tcp] [.....172.16.0.1][33418] -> [..192.168.10.50][...80] - guessed: [...524] [ip4][..tcp] [.....172.16.0.1][33444] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...524] [ip4][..tcp] [.....172.16.0.1][33444] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...524] [ip4][..tcp] [.....172.16.0.1][33444] -> [..192.168.10.50][...80] - guessed: [...525] [ip4][..tcp] [.....172.16.0.1][33458] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...525] [ip4][..tcp] [.....172.16.0.1][33458] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...525] [ip4][..tcp] [.....172.16.0.1][33458] -> [..192.168.10.50][...80] - guessed: [...526] [ip4][..tcp] [.....172.16.0.1][33472] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...526] [ip4][..tcp] [.....172.16.0.1][33472] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...526] [ip4][..tcp] [.....172.16.0.1][33472] -> [..192.168.10.50][...80] - guessed: [...527] [ip4][..tcp] [.....172.16.0.1][33486] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...527] [ip4][..tcp] [.....172.16.0.1][33486] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...527] [ip4][..tcp] [.....172.16.0.1][33486] -> [..192.168.10.50][...80] new: [...599] [ip4][..tcp] [.....172.16.0.1][34806] -> [..192.168.10.50][...80] new: [...600] [ip4][..tcp] [.....172.16.0.1][34832] -> [..192.168.10.50][...80] @@ -1871,34 +1871,34 @@ new: [...604] [ip4][..tcp] [.....172.16.0.1][34900] -> [..192.168.10.50][...80] end: [...495] [ip4][..tcp] [.....172.16.0.1][32906] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address - guessed: [...528] [ip4][..tcp] [.....172.16.0.1][33500] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...528] [ip4][..tcp] [.....172.16.0.1][33500] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...528] [ip4][..tcp] [.....172.16.0.1][33500] -> [..192.168.10.50][...80] - guessed: [...529] [ip4][..tcp] [.....172.16.0.1][33526] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...529] [ip4][..tcp] [.....172.16.0.1][33526] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...529] [ip4][..tcp] [.....172.16.0.1][33526] -> [..192.168.10.50][...80] - guessed: [...530] [ip4][..tcp] [.....172.16.0.1][33540] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...530] [ip4][..tcp] [.....172.16.0.1][33540] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...530] [ip4][..tcp] [.....172.16.0.1][33540] -> [..192.168.10.50][...80] - guessed: [...531] [ip4][..tcp] [.....172.16.0.1][33554] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...531] [ip4][..tcp] [.....172.16.0.1][33554] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...531] [ip4][..tcp] [.....172.16.0.1][33554] -> [..192.168.10.50][...80] - guessed: [...533] [ip4][..tcp] [.....172.16.0.1][33594] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...533] [ip4][..tcp] [.....172.16.0.1][33594] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...533] [ip4][..tcp] [.....172.16.0.1][33594] -> [..192.168.10.50][...80] new: [...605] [ip4][..tcp] [.....172.16.0.1][34926] -> [..192.168.10.50][...80] new: [...606] [ip4][..tcp] [.....172.16.0.1][34940] -> [..192.168.10.50][...80] new: [...607] [ip4][..tcp] [.....172.16.0.1][34954] -> [..192.168.10.50][...80] new: [...608] [ip4][..tcp] [.....172.16.0.1][34980] -> [..192.168.10.50][...80] - detected: [...606] [ip4][..tcp] [.....172.16.0.1][34940] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...606] [ip4][..tcp] [.....172.16.0.1][34940] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...609] [ip4][..tcp] [.....172.16.0.1][34994] -> [..192.168.10.50][...80] - guessed: [...534] [ip4][..tcp] [.....172.16.0.1][33608] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...534] [ip4][..tcp] [.....172.16.0.1][33608] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...534] [ip4][..tcp] [.....172.16.0.1][33608] -> [..192.168.10.50][...80] - guessed: [...535] [ip4][..tcp] [.....172.16.0.1][33634] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...535] [ip4][..tcp] [.....172.16.0.1][33634] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...535] [ip4][..tcp] [.....172.16.0.1][33634] -> [..192.168.10.50][...80] - guessed: [...536] [ip4][..tcp] [.....172.16.0.1][33648] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...536] [ip4][..tcp] [.....172.16.0.1][33648] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...536] [ip4][..tcp] [.....172.16.0.1][33648] -> [..192.168.10.50][...80] - guessed: [...537] [ip4][..tcp] [.....172.16.0.1][33674] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...537] [ip4][..tcp] [.....172.16.0.1][33674] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...537] [ip4][..tcp] [.....172.16.0.1][33674] -> [..192.168.10.50][...80] - guessed: [...538] [ip4][..tcp] [.....172.16.0.1][33688] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...538] [ip4][..tcp] [.....172.16.0.1][33688] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...538] [ip4][..tcp] [.....172.16.0.1][33688] -> [..192.168.10.50][...80] - guessed: [...539] [ip4][..tcp] [.....172.16.0.1][33702] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...539] [ip4][..tcp] [.....172.16.0.1][33702] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...539] [ip4][..tcp] [.....172.16.0.1][33702] -> [..192.168.10.50][...80] new: [...610] [ip4][..tcp] [.....172.16.0.1][35020] -> [..192.168.10.50][...80] new: [...611] [ip4][..tcp] [.....172.16.0.1][35034] -> [..192.168.10.50][...80] @@ -1916,13 +1916,13 @@ new: [...613] [ip4][..tcp] [.....172.16.0.1][35074] -> [..192.168.10.50][...80] new: [...614] [ip4][..tcp] [.....172.16.0.1][35088] -> [..192.168.10.50][...80] new: [...615] [ip4][..tcp] [.....172.16.0.1][35114] -> [..192.168.10.50][...80] - guessed: [...540] [ip4][..tcp] [.....172.16.0.1][33728] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...540] [ip4][..tcp] [.....172.16.0.1][33728] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...540] [ip4][..tcp] [.....172.16.0.1][33728] -> [..192.168.10.50][...80] - guessed: [...541] [ip4][..tcp] [.....172.16.0.1][33742] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...541] [ip4][..tcp] [.....172.16.0.1][33742] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...541] [ip4][..tcp] [.....172.16.0.1][33742] -> [..192.168.10.50][...80] - guessed: [...542] [ip4][..tcp] [.....172.16.0.1][33768] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...542] [ip4][..tcp] [.....172.16.0.1][33768] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...542] [ip4][..tcp] [.....172.16.0.1][33768] -> [..192.168.10.50][...80] - guessed: [...543] [ip4][..tcp] [.....172.16.0.1][33782] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...543] [ip4][..tcp] [.....172.16.0.1][33782] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...543] [ip4][..tcp] [.....172.16.0.1][33782] -> [..192.168.10.50][...80] new: [...616] [ip4][..tcp] [.....172.16.0.1][35128] -> [..192.168.10.50][...80] new: [...617] [ip4][..tcp] [.....172.16.0.1][35142] -> [..192.168.10.50][...80] @@ -1930,36 +1930,36 @@ new: [...619] [ip4][..tcp] [.....172.16.0.1][35182] -> [..192.168.10.50][...80] new: [...620] [ip4][..tcp] [.....172.16.0.1][35208] -> [..192.168.10.50][...80] new: [...621] [ip4][..tcp] [.....172.16.0.1][35222] -> [..192.168.10.50][...80] - guessed: [...544] [ip4][..tcp] [.....172.16.0.1][33808] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...544] [ip4][..tcp] [.....172.16.0.1][33808] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...544] [ip4][..tcp] [.....172.16.0.1][33808] -> [..192.168.10.50][...80] - guessed: [...545] [ip4][..tcp] [.....172.16.0.1][33822] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...545] [ip4][..tcp] [.....172.16.0.1][33822] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...545] [ip4][..tcp] [.....172.16.0.1][33822] -> [..192.168.10.50][...80] - guessed: [...546] [ip4][..tcp] [.....172.16.0.1][33836] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...546] [ip4][..tcp] [.....172.16.0.1][33836] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...546] [ip4][..tcp] [.....172.16.0.1][33836] -> [..192.168.10.50][...80] - guessed: [...547] [ip4][..tcp] [.....172.16.0.1][33862] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...547] [ip4][..tcp] [.....172.16.0.1][33862] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...547] [ip4][..tcp] [.....172.16.0.1][33862] -> [..192.168.10.50][...80] - guessed: [...548] [ip4][..tcp] [.....172.16.0.1][33876] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...548] [ip4][..tcp] [.....172.16.0.1][33876] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...548] [ip4][..tcp] [.....172.16.0.1][33876] -> [..192.168.10.50][...80] - guessed: [...549] [ip4][..tcp] [.....172.16.0.1][33902] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...549] [ip4][..tcp] [.....172.16.0.1][33902] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...549] [ip4][..tcp] [.....172.16.0.1][33902] -> [..192.168.10.50][...80] - guessed: [...550] [ip4][..tcp] [.....172.16.0.1][33916] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...550] [ip4][..tcp] [.....172.16.0.1][33916] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...550] [ip4][..tcp] [.....172.16.0.1][33916] -> [..192.168.10.50][...80] new: [...622] [ip4][..tcp] [.....172.16.0.1][35236] -> [..192.168.10.50][...80] new: [...623] [ip4][..tcp] [.....172.16.0.1][35262] -> [..192.168.10.50][...80] new: [...624] [ip4][..tcp] [.....172.16.0.1][35276] -> [..192.168.10.50][...80] new: [...625] [ip4][..tcp] [.....172.16.0.1][35302] -> [..192.168.10.50][...80] new: [...626] [ip4][..tcp] [.....172.16.0.1][35316] -> [..192.168.10.50][...80] - guessed: [...551] [ip4][..tcp] [.....172.16.0.1][33930] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...551] [ip4][..tcp] [.....172.16.0.1][33930] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...551] [ip4][..tcp] [.....172.16.0.1][33930] -> [..192.168.10.50][...80] - guessed: [...552] [ip4][..tcp] [.....172.16.0.1][33956] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...552] [ip4][..tcp] [.....172.16.0.1][33956] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...552] [ip4][..tcp] [.....172.16.0.1][33956] -> [..192.168.10.50][...80] - guessed: [...553] [ip4][..tcp] [.....172.16.0.1][33970] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...553] [ip4][..tcp] [.....172.16.0.1][33970] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...553] [ip4][..tcp] [.....172.16.0.1][33970] -> [..192.168.10.50][...80] - guessed: [...554] [ip4][..tcp] [.....172.16.0.1][33996] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...554] [ip4][..tcp] [.....172.16.0.1][33996] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...554] [ip4][..tcp] [.....172.16.0.1][33996] -> [..192.168.10.50][...80] - guessed: [...555] [ip4][..tcp] [.....172.16.0.1][34010] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...555] [ip4][..tcp] [.....172.16.0.1][34010] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...555] [ip4][..tcp] [.....172.16.0.1][34010] -> [..192.168.10.50][...80] - guessed: [...556] [ip4][..tcp] [.....172.16.0.1][34024] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...556] [ip4][..tcp] [.....172.16.0.1][34024] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...556] [ip4][..tcp] [.....172.16.0.1][34024] -> [..192.168.10.50][...80] new: [...627] [ip4][..tcp] [.....172.16.0.1][35342] -> [..192.168.10.50][...80] new: [...628] [ip4][..tcp] [.....172.16.0.1][35356] -> [..192.168.10.50][...80] @@ -1967,15 +1967,15 @@ new: [...630] [ip4][..tcp] [.....172.16.0.1][35396] -> [..192.168.10.50][...80] new: [...631] [ip4][..tcp] [.....172.16.0.1][35410] -> [..192.168.10.50][...80] new: [...632] [ip4][..tcp] [.....172.16.0.1][35436] -> [..192.168.10.50][...80] - guessed: [...557] [ip4][..tcp] [.....172.16.0.1][34050] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...557] [ip4][..tcp] [.....172.16.0.1][34050] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...557] [ip4][..tcp] [.....172.16.0.1][34050] -> [..192.168.10.50][...80] - guessed: [...558] [ip4][..tcp] [.....172.16.0.1][34064] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...558] [ip4][..tcp] [.....172.16.0.1][34064] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...558] [ip4][..tcp] [.....172.16.0.1][34064] -> [..192.168.10.50][...80] - guessed: [...559] [ip4][..tcp] [.....172.16.0.1][34090] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...559] [ip4][..tcp] [.....172.16.0.1][34090] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...559] [ip4][..tcp] [.....172.16.0.1][34090] -> [..192.168.10.50][...80] - guessed: [...560] [ip4][..tcp] [.....172.16.0.1][34104] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...560] [ip4][..tcp] [.....172.16.0.1][34104] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...560] [ip4][..tcp] [.....172.16.0.1][34104] -> [..192.168.10.50][...80] - guessed: [...561] [ip4][..tcp] [.....172.16.0.1][34118] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...561] [ip4][..tcp] [.....172.16.0.1][34118] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...561] [ip4][..tcp] [.....172.16.0.1][34118] -> [..192.168.10.50][...80] new: [...633] [ip4][..tcp] [.....172.16.0.1][35450] -> [..192.168.10.50][...80] new: [...634] [ip4][..tcp] [.....172.16.0.1][35464] -> [..192.168.10.50][...80] @@ -1984,17 +1984,17 @@ new: [...637] [ip4][..tcp] [.....172.16.0.1][35518] -> [..192.168.10.50][...80] new: [...638] [ip4][..tcp] [.....172.16.0.1][35532] -> [..192.168.10.50][...80] new: [...639] [ip4][..tcp] [.....172.16.0.1][35546] -> [..192.168.10.50][...80] - guessed: [...562] [ip4][..tcp] [.....172.16.0.1][34144] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...562] [ip4][..tcp] [.....172.16.0.1][34144] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...562] [ip4][..tcp] [.....172.16.0.1][34144] -> [..192.168.10.50][...80] - guessed: [...563] [ip4][..tcp] [.....172.16.0.1][34158] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...563] [ip4][..tcp] [.....172.16.0.1][34158] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...563] [ip4][..tcp] [.....172.16.0.1][34158] -> [..192.168.10.50][...80] - guessed: [...564] [ip4][..tcp] [.....172.16.0.1][34184] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...564] [ip4][..tcp] [.....172.16.0.1][34184] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...564] [ip4][..tcp] [.....172.16.0.1][34184] -> [..192.168.10.50][...80] - guessed: [...565] [ip4][..tcp] [.....172.16.0.1][34198] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...565] [ip4][..tcp] [.....172.16.0.1][34198] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...565] [ip4][..tcp] [.....172.16.0.1][34198] -> [..192.168.10.50][...80] - guessed: [...566] [ip4][..tcp] [.....172.16.0.1][34224] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...566] [ip4][..tcp] [.....172.16.0.1][34224] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...566] [ip4][..tcp] [.....172.16.0.1][34224] -> [..192.168.10.50][...80] - guessed: [...567] [ip4][..tcp] [.....172.16.0.1][34238] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...567] [ip4][..tcp] [.....172.16.0.1][34238] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...567] [ip4][..tcp] [.....172.16.0.1][34238] -> [..192.168.10.50][...80] new: [...640] [ip4][..tcp] [.....172.16.0.1][35560] -> [..192.168.10.50][...80] new: [...641] [ip4][..tcp] [.....172.16.0.1][35586] -> [..192.168.10.50][...80] @@ -2004,18 +2004,18 @@ new: [...645] [ip4][..tcp] [.....172.16.0.1][35654] -> [..192.168.10.50][...80] end: [...532] [ip4][..tcp] [.....172.16.0.1][33580] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address - guessed: [...568] [ip4][..tcp] [.....172.16.0.1][34252] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...568] [ip4][..tcp] [.....172.16.0.1][34252] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...568] [ip4][..tcp] [.....172.16.0.1][34252] -> [..192.168.10.50][...80] - guessed: [...570] [ip4][..tcp] [.....172.16.0.1][34292] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...570] [ip4][..tcp] [.....172.16.0.1][34292] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...570] [ip4][..tcp] [.....172.16.0.1][34292] -> [..192.168.10.50][...80] - guessed: [...571] [ip4][..tcp] [.....172.16.0.1][34318] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...571] [ip4][..tcp] [.....172.16.0.1][34318] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...571] [ip4][..tcp] [.....172.16.0.1][34318] -> [..192.168.10.50][...80] - guessed: [...572] [ip4][..tcp] [.....172.16.0.1][34332] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...572] [ip4][..tcp] [.....172.16.0.1][34332] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...572] [ip4][..tcp] [.....172.16.0.1][34332] -> [..192.168.10.50][...80] - guessed: [...573] [ip4][..tcp] [.....172.16.0.1][34346] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...573] [ip4][..tcp] [.....172.16.0.1][34346] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...573] [ip4][..tcp] [.....172.16.0.1][34346] -> [..192.168.10.50][...80] new: [...646] [ip4][..tcp] [.....172.16.0.1][35668] -> [..192.168.10.50][...80] - detected: [...643] [ip4][..tcp] [.....172.16.0.1][35626] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + detected: [...643] [ip4][..tcp] [.....172.16.0.1][35626] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][205.174.165.68] RISK: HTTP Numeric IP Address new: [...647] [ip4][..tcp] [.....172.16.0.1][35682] -> [..192.168.10.50][...80] new: [...648] [ip4][..tcp] [.....172.16.0.1][35696] -> [..192.168.10.50][...80] @@ -2032,15 +2032,15 @@ [ENTROPIES...: 4.6,5.1,5.0,6.0,4.9,7.8,5.0,5.9,7.7,5.0,6.0,7.8,5.0,5.9,7.7,5.0,6.0,7.8,5.0,5.9,7.7,5.0,6.0,7.8,5.0,5.9,7.7,4.9,6.0,7.8,4.9,5.9] new: [...650] [ip4][..tcp] [.....172.16.0.1][35736] -> [..192.168.10.50][...80] new: [...651] [ip4][..tcp] [.....172.16.0.1][35762] -> [..192.168.10.50][...80] - guessed: [...574] [ip4][..tcp] [.....172.16.0.1][34372] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...574] [ip4][..tcp] [.....172.16.0.1][34372] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...574] [ip4][..tcp] [.....172.16.0.1][34372] -> [..192.168.10.50][...80] - guessed: [...575] [ip4][..tcp] [.....172.16.0.1][34386] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...575] [ip4][..tcp] [.....172.16.0.1][34386] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...575] [ip4][..tcp] [.....172.16.0.1][34386] -> [..192.168.10.50][...80] - guessed: [...576] [ip4][..tcp] [.....172.16.0.1][34412] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...576] [ip4][..tcp] [.....172.16.0.1][34412] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...576] [ip4][..tcp] [.....172.16.0.1][34412] -> [..192.168.10.50][...80] - guessed: [...577] [ip4][..tcp] [.....172.16.0.1][34426] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...577] [ip4][..tcp] [.....172.16.0.1][34426] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...577] [ip4][..tcp] [.....172.16.0.1][34426] -> [..192.168.10.50][...80] - guessed: [...578] [ip4][..tcp] [.....172.16.0.1][34440] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...578] [ip4][..tcp] [.....172.16.0.1][34440] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...578] [ip4][..tcp] [.....172.16.0.1][34440] -> [..192.168.10.50][...80] new: [...652] [ip4][..tcp] [.....172.16.0.1][35776] -> [..192.168.10.50][...80] new: [...653] [ip4][..tcp] [.....172.16.0.1][35790] -> [..192.168.10.50][...80] @@ -2048,175 +2048,175 @@ new: [...655] [ip4][..tcp] [.....172.16.0.1][35830] -> [..192.168.10.50][...80] new: [...656] [ip4][..tcp] [.....172.16.0.1][35856] -> [..192.168.10.50][...80] new: [...657] [ip4][..tcp] [.....172.16.0.1][35870] -> [..192.168.10.50][...80] - guessed: [...579] [ip4][..tcp] [.....172.16.0.1][34466] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...579] [ip4][..tcp] [.....172.16.0.1][34466] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...579] [ip4][..tcp] [.....172.16.0.1][34466] -> [..192.168.10.50][...80] - guessed: [...580] [ip4][..tcp] [.....172.16.0.1][34480] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...580] [ip4][..tcp] [.....172.16.0.1][34480] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...580] [ip4][..tcp] [.....172.16.0.1][34480] -> [..192.168.10.50][...80] - guessed: [...581] [ip4][..tcp] [.....172.16.0.1][34506] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...581] [ip4][..tcp] [.....172.16.0.1][34506] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...581] [ip4][..tcp] [.....172.16.0.1][34506] -> [..192.168.10.50][...80] - guessed: [...582] [ip4][..tcp] [.....172.16.0.1][34520] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...582] [ip4][..tcp] [.....172.16.0.1][34520] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...582] [ip4][..tcp] [.....172.16.0.1][34520] -> [..192.168.10.50][...80] - guessed: [...583] [ip4][..tcp] [.....172.16.0.1][34534] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...583] [ip4][..tcp] [.....172.16.0.1][34534] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...583] [ip4][..tcp] [.....172.16.0.1][34534] -> [..192.168.10.50][...80] - guessed: [...584] [ip4][..tcp] [.....172.16.0.1][34548] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...584] [ip4][..tcp] [.....172.16.0.1][34548] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...584] [ip4][..tcp] [.....172.16.0.1][34548] -> [..192.168.10.50][...80] - guessed: [...585] [ip4][..tcp] [.....172.16.0.1][34562] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...585] [ip4][..tcp] [.....172.16.0.1][34562] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...585] [ip4][..tcp] [.....172.16.0.1][34562] -> [..192.168.10.50][...80] new: [...658] [ip4][..tcp] [.....172.16.0.1][35884] -> [..192.168.10.50][...80] new: [...659] [ip4][..tcp] [.....172.16.0.1][35910] -> [..192.168.10.50][...80] new: [...660] [ip4][..tcp] [.....172.16.0.1][35924] -> [..192.168.10.50][...80] new: [...661] [ip4][..tcp] [.....172.16.0.1][35950] -> [..192.168.10.50][...80] - guessed: [...586] [ip4][..tcp] [.....172.16.0.1][34576] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...586] [ip4][..tcp] [.....172.16.0.1][34576] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...586] [ip4][..tcp] [.....172.16.0.1][34576] -> [..192.168.10.50][...80] - guessed: [...587] [ip4][..tcp] [.....172.16.0.1][34602] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...587] [ip4][..tcp] [.....172.16.0.1][34602] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...587] [ip4][..tcp] [.....172.16.0.1][34602] -> [..192.168.10.50][...80] - guessed: [...588] [ip4][..tcp] [.....172.16.0.1][34616] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...588] [ip4][..tcp] [.....172.16.0.1][34616] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...588] [ip4][..tcp] [.....172.16.0.1][34616] -> [..192.168.10.50][...80] - guessed: [...589] [ip4][..tcp] [.....172.16.0.1][34642] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...589] [ip4][..tcp] [.....172.16.0.1][34642] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...589] [ip4][..tcp] [.....172.16.0.1][34642] -> [..192.168.10.50][...80] - guessed: [...590] [ip4][..tcp] [.....172.16.0.1][34656] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...590] [ip4][..tcp] [.....172.16.0.1][34656] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...590] [ip4][..tcp] [.....172.16.0.1][34656] -> [..192.168.10.50][...80] - guessed: [...591] [ip4][..tcp] [.....172.16.0.1][34670] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...591] [ip4][..tcp] [.....172.16.0.1][34670] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...591] [ip4][..tcp] [.....172.16.0.1][34670] -> [..192.168.10.50][...80] - guessed: [...592] [ip4][..tcp] [.....172.16.0.1][34696] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...592] [ip4][..tcp] [.....172.16.0.1][34696] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...592] [ip4][..tcp] [.....172.16.0.1][34696] -> [..192.168.10.50][...80] - guessed: [...593] [ip4][..tcp] [.....172.16.0.1][34710] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...593] [ip4][..tcp] [.....172.16.0.1][34710] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...593] [ip4][..tcp] [.....172.16.0.1][34710] -> [..192.168.10.50][...80] - guessed: [...594] [ip4][..tcp] [.....172.16.0.1][34724] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...594] [ip4][..tcp] [.....172.16.0.1][34724] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...594] [ip4][..tcp] [.....172.16.0.1][34724] -> [..192.168.10.50][...80] - guessed: [...595] [ip4][..tcp] [.....172.16.0.1][34738] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...595] [ip4][..tcp] [.....172.16.0.1][34738] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...595] [ip4][..tcp] [.....172.16.0.1][34738] -> [..192.168.10.50][...80] - guessed: [...596] [ip4][..tcp] [.....172.16.0.1][34752] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...596] [ip4][..tcp] [.....172.16.0.1][34752] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...596] [ip4][..tcp] [.....172.16.0.1][34752] -> [..192.168.10.50][...80] - guessed: [...597] [ip4][..tcp] [.....172.16.0.1][34766] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...597] [ip4][..tcp] [.....172.16.0.1][34766] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...597] [ip4][..tcp] [.....172.16.0.1][34766] -> [..192.168.10.50][...80] - guessed: [...598] [ip4][..tcp] [.....172.16.0.1][34792] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...598] [ip4][..tcp] [.....172.16.0.1][34792] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...598] [ip4][..tcp] [.....172.16.0.1][34792] -> [..192.168.10.50][...80] - guessed: [...599] [ip4][..tcp] [.....172.16.0.1][34806] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...599] [ip4][..tcp] [.....172.16.0.1][34806] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...599] [ip4][..tcp] [.....172.16.0.1][34806] -> [..192.168.10.50][...80] - guessed: [...600] [ip4][..tcp] [.....172.16.0.1][34832] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...600] [ip4][..tcp] [.....172.16.0.1][34832] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...600] [ip4][..tcp] [.....172.16.0.1][34832] -> [..192.168.10.50][...80] - guessed: [...601] [ip4][..tcp] [.....172.16.0.1][34846] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...601] [ip4][..tcp] [.....172.16.0.1][34846] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...601] [ip4][..tcp] [.....172.16.0.1][34846] -> [..192.168.10.50][...80] - guessed: [...602] [ip4][..tcp] [.....172.16.0.1][34860] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...602] [ip4][..tcp] [.....172.16.0.1][34860] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...602] [ip4][..tcp] [.....172.16.0.1][34860] -> [..192.168.10.50][...80] - guessed: [...603] [ip4][..tcp] [.....172.16.0.1][34886] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...603] [ip4][..tcp] [.....172.16.0.1][34886] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...603] [ip4][..tcp] [.....172.16.0.1][34886] -> [..192.168.10.50][...80] - guessed: [...604] [ip4][..tcp] [.....172.16.0.1][34900] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...604] [ip4][..tcp] [.....172.16.0.1][34900] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...604] [ip4][..tcp] [.....172.16.0.1][34900] -> [..192.168.10.50][...80] - guessed: [...605] [ip4][..tcp] [.....172.16.0.1][34926] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...605] [ip4][..tcp] [.....172.16.0.1][34926] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...605] [ip4][..tcp] [.....172.16.0.1][34926] -> [..192.168.10.50][...80] end: [...606] [ip4][..tcp] [.....172.16.0.1][34940] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address - guessed: [...607] [ip4][..tcp] [.....172.16.0.1][34954] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...607] [ip4][..tcp] [.....172.16.0.1][34954] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...607] [ip4][..tcp] [.....172.16.0.1][34954] -> [..192.168.10.50][...80] - guessed: [...608] [ip4][..tcp] [.....172.16.0.1][34980] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...608] [ip4][..tcp] [.....172.16.0.1][34980] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...608] [ip4][..tcp] [.....172.16.0.1][34980] -> [..192.168.10.50][...80] - guessed: [...609] [ip4][..tcp] [.....172.16.0.1][34994] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...609] [ip4][..tcp] [.....172.16.0.1][34994] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...609] [ip4][..tcp] [.....172.16.0.1][34994] -> [..192.168.10.50][...80] - guessed: [...610] [ip4][..tcp] [.....172.16.0.1][35020] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...610] [ip4][..tcp] [.....172.16.0.1][35020] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...610] [ip4][..tcp] [.....172.16.0.1][35020] -> [..192.168.10.50][...80] - guessed: [...611] [ip4][..tcp] [.....172.16.0.1][35034] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...611] [ip4][..tcp] [.....172.16.0.1][35034] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...611] [ip4][..tcp] [.....172.16.0.1][35034] -> [..192.168.10.50][...80] - guessed: [...612] [ip4][..tcp] [.....172.16.0.1][35048] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...612] [ip4][..tcp] [.....172.16.0.1][35048] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...612] [ip4][..tcp] [.....172.16.0.1][35048] -> [..192.168.10.50][...80] - guessed: [...613] [ip4][..tcp] [.....172.16.0.1][35074] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...613] [ip4][..tcp] [.....172.16.0.1][35074] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...613] [ip4][..tcp] [.....172.16.0.1][35074] -> [..192.168.10.50][...80] - guessed: [...614] [ip4][..tcp] [.....172.16.0.1][35088] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...614] [ip4][..tcp] [.....172.16.0.1][35088] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...614] [ip4][..tcp] [.....172.16.0.1][35088] -> [..192.168.10.50][...80] - guessed: [...615] [ip4][..tcp] [.....172.16.0.1][35114] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...615] [ip4][..tcp] [.....172.16.0.1][35114] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...615] [ip4][..tcp] [.....172.16.0.1][35114] -> [..192.168.10.50][...80] - guessed: [...616] [ip4][..tcp] [.....172.16.0.1][35128] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...616] [ip4][..tcp] [.....172.16.0.1][35128] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...616] [ip4][..tcp] [.....172.16.0.1][35128] -> [..192.168.10.50][...80] - guessed: [...617] [ip4][..tcp] [.....172.16.0.1][35142] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...617] [ip4][..tcp] [.....172.16.0.1][35142] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...617] [ip4][..tcp] [.....172.16.0.1][35142] -> [..192.168.10.50][...80] - guessed: [...618] [ip4][..tcp] [.....172.16.0.1][35168] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...618] [ip4][..tcp] [.....172.16.0.1][35168] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...618] [ip4][..tcp] [.....172.16.0.1][35168] -> [..192.168.10.50][...80] - guessed: [...619] [ip4][..tcp] [.....172.16.0.1][35182] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...619] [ip4][..tcp] [.....172.16.0.1][35182] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...619] [ip4][..tcp] [.....172.16.0.1][35182] -> [..192.168.10.50][...80] - guessed: [...620] [ip4][..tcp] [.....172.16.0.1][35208] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...620] [ip4][..tcp] [.....172.16.0.1][35208] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...620] [ip4][..tcp] [.....172.16.0.1][35208] -> [..192.168.10.50][...80] - guessed: [...621] [ip4][..tcp] [.....172.16.0.1][35222] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...621] [ip4][..tcp] [.....172.16.0.1][35222] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...621] [ip4][..tcp] [.....172.16.0.1][35222] -> [..192.168.10.50][...80] - guessed: [...622] [ip4][..tcp] [.....172.16.0.1][35236] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...622] [ip4][..tcp] [.....172.16.0.1][35236] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...622] [ip4][..tcp] [.....172.16.0.1][35236] -> [..192.168.10.50][...80] - guessed: [...623] [ip4][..tcp] [.....172.16.0.1][35262] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...623] [ip4][..tcp] [.....172.16.0.1][35262] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...623] [ip4][..tcp] [.....172.16.0.1][35262] -> [..192.168.10.50][...80] - guessed: [...624] [ip4][..tcp] [.....172.16.0.1][35276] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...624] [ip4][..tcp] [.....172.16.0.1][35276] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...624] [ip4][..tcp] [.....172.16.0.1][35276] -> [..192.168.10.50][...80] - guessed: [...625] [ip4][..tcp] [.....172.16.0.1][35302] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...625] [ip4][..tcp] [.....172.16.0.1][35302] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...625] [ip4][..tcp] [.....172.16.0.1][35302] -> [..192.168.10.50][...80] - guessed: [...626] [ip4][..tcp] [.....172.16.0.1][35316] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...626] [ip4][..tcp] [.....172.16.0.1][35316] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...626] [ip4][..tcp] [.....172.16.0.1][35316] -> [..192.168.10.50][...80] - guessed: [...627] [ip4][..tcp] [.....172.16.0.1][35342] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...627] [ip4][..tcp] [.....172.16.0.1][35342] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...627] [ip4][..tcp] [.....172.16.0.1][35342] -> [..192.168.10.50][...80] - guessed: [...628] [ip4][..tcp] [.....172.16.0.1][35356] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...628] [ip4][..tcp] [.....172.16.0.1][35356] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...628] [ip4][..tcp] [.....172.16.0.1][35356] -> [..192.168.10.50][...80] - guessed: [...629] [ip4][..tcp] [.....172.16.0.1][35370] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...629] [ip4][..tcp] [.....172.16.0.1][35370] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...629] [ip4][..tcp] [.....172.16.0.1][35370] -> [..192.168.10.50][...80] - guessed: [...630] [ip4][..tcp] [.....172.16.0.1][35396] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...630] [ip4][..tcp] [.....172.16.0.1][35396] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...630] [ip4][..tcp] [.....172.16.0.1][35396] -> [..192.168.10.50][...80] - guessed: [...631] [ip4][..tcp] [.....172.16.0.1][35410] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...631] [ip4][..tcp] [.....172.16.0.1][35410] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...631] [ip4][..tcp] [.....172.16.0.1][35410] -> [..192.168.10.50][...80] - guessed: [...632] [ip4][..tcp] [.....172.16.0.1][35436] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...632] [ip4][..tcp] [.....172.16.0.1][35436] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...632] [ip4][..tcp] [.....172.16.0.1][35436] -> [..192.168.10.50][...80] - guessed: [...633] [ip4][..tcp] [.....172.16.0.1][35450] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...633] [ip4][..tcp] [.....172.16.0.1][35450] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...633] [ip4][..tcp] [.....172.16.0.1][35450] -> [..192.168.10.50][...80] - guessed: [...634] [ip4][..tcp] [.....172.16.0.1][35464] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...634] [ip4][..tcp] [.....172.16.0.1][35464] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...634] [ip4][..tcp] [.....172.16.0.1][35464] -> [..192.168.10.50][...80] - guessed: [...635] [ip4][..tcp] [.....172.16.0.1][35490] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...635] [ip4][..tcp] [.....172.16.0.1][35490] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...635] [ip4][..tcp] [.....172.16.0.1][35490] -> [..192.168.10.50][...80] - guessed: [...636] [ip4][..tcp] [.....172.16.0.1][35504] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...636] [ip4][..tcp] [.....172.16.0.1][35504] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...636] [ip4][..tcp] [.....172.16.0.1][35504] -> [..192.168.10.50][...80] - guessed: [...637] [ip4][..tcp] [.....172.16.0.1][35518] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...637] [ip4][..tcp] [.....172.16.0.1][35518] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...637] [ip4][..tcp] [.....172.16.0.1][35518] -> [..192.168.10.50][...80] - guessed: [...638] [ip4][..tcp] [.....172.16.0.1][35532] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...638] [ip4][..tcp] [.....172.16.0.1][35532] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...638] [ip4][..tcp] [.....172.16.0.1][35532] -> [..192.168.10.50][...80] - guessed: [...639] [ip4][..tcp] [.....172.16.0.1][35546] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...639] [ip4][..tcp] [.....172.16.0.1][35546] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...639] [ip4][..tcp] [.....172.16.0.1][35546] -> [..192.168.10.50][...80] - guessed: [...640] [ip4][..tcp] [.....172.16.0.1][35560] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...640] [ip4][..tcp] [.....172.16.0.1][35560] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...640] [ip4][..tcp] [.....172.16.0.1][35560] -> [..192.168.10.50][...80] - guessed: [...641] [ip4][..tcp] [.....172.16.0.1][35586] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...641] [ip4][..tcp] [.....172.16.0.1][35586] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...641] [ip4][..tcp] [.....172.16.0.1][35586] -> [..192.168.10.50][...80] - guessed: [...642] [ip4][..tcp] [.....172.16.0.1][35600] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...642] [ip4][..tcp] [.....172.16.0.1][35600] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...642] [ip4][..tcp] [.....172.16.0.1][35600] -> [..192.168.10.50][...80] idle: [...643] [ip4][..tcp] [.....172.16.0.1][35626] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address - guessed: [...644] [ip4][..tcp] [.....172.16.0.1][35640] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...644] [ip4][..tcp] [.....172.16.0.1][35640] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...644] [ip4][..tcp] [.....172.16.0.1][35640] -> [..192.168.10.50][...80] - guessed: [...645] [ip4][..tcp] [.....172.16.0.1][35654] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...645] [ip4][..tcp] [.....172.16.0.1][35654] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...645] [ip4][..tcp] [.....172.16.0.1][35654] -> [..192.168.10.50][...80] - guessed: [...646] [ip4][..tcp] [.....172.16.0.1][35668] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...646] [ip4][..tcp] [.....172.16.0.1][35668] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...646] [ip4][..tcp] [.....172.16.0.1][35668] -> [..192.168.10.50][...80] - guessed: [...647] [ip4][..tcp] [.....172.16.0.1][35682] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...647] [ip4][..tcp] [.....172.16.0.1][35682] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...647] [ip4][..tcp] [.....172.16.0.1][35682] -> [..192.168.10.50][...80] - guessed: [...648] [ip4][..tcp] [.....172.16.0.1][35696] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...648] [ip4][..tcp] [.....172.16.0.1][35696] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...648] [ip4][..tcp] [.....172.16.0.1][35696] -> [..192.168.10.50][...80] - guessed: [...649] [ip4][..tcp] [.....172.16.0.1][35722] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...649] [ip4][..tcp] [.....172.16.0.1][35722] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...649] [ip4][..tcp] [.....172.16.0.1][35722] -> [..192.168.10.50][...80] - guessed: [...650] [ip4][..tcp] [.....172.16.0.1][35736] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...650] [ip4][..tcp] [.....172.16.0.1][35736] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...650] [ip4][..tcp] [.....172.16.0.1][35736] -> [..192.168.10.50][...80] - guessed: [...651] [ip4][..tcp] [.....172.16.0.1][35762] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...651] [ip4][..tcp] [.....172.16.0.1][35762] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...651] [ip4][..tcp] [.....172.16.0.1][35762] -> [..192.168.10.50][...80] - guessed: [...652] [ip4][..tcp] [.....172.16.0.1][35776] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...652] [ip4][..tcp] [.....172.16.0.1][35776] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...652] [ip4][..tcp] [.....172.16.0.1][35776] -> [..192.168.10.50][...80] - guessed: [...653] [ip4][..tcp] [.....172.16.0.1][35790] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...653] [ip4][..tcp] [.....172.16.0.1][35790] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...653] [ip4][..tcp] [.....172.16.0.1][35790] -> [..192.168.10.50][...80] - guessed: [...654] [ip4][..tcp] [.....172.16.0.1][35816] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...654] [ip4][..tcp] [.....172.16.0.1][35816] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...654] [ip4][..tcp] [.....172.16.0.1][35816] -> [..192.168.10.50][...80] - guessed: [...655] [ip4][..tcp] [.....172.16.0.1][35830] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...655] [ip4][..tcp] [.....172.16.0.1][35830] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...655] [ip4][..tcp] [.....172.16.0.1][35830] -> [..192.168.10.50][...80] - guessed: [...656] [ip4][..tcp] [.....172.16.0.1][35856] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...656] [ip4][..tcp] [.....172.16.0.1][35856] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...656] [ip4][..tcp] [.....172.16.0.1][35856] -> [..192.168.10.50][...80] - guessed: [...657] [ip4][..tcp] [.....172.16.0.1][35870] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...657] [ip4][..tcp] [.....172.16.0.1][35870] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...657] [ip4][..tcp] [.....172.16.0.1][35870] -> [..192.168.10.50][...80] - guessed: [...658] [ip4][..tcp] [.....172.16.0.1][35884] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...658] [ip4][..tcp] [.....172.16.0.1][35884] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] end: [...658] [ip4][..tcp] [.....172.16.0.1][35884] -> [..192.168.10.50][...80] - guessed: [...659] [ip4][..tcp] [.....172.16.0.1][35910] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...659] [ip4][..tcp] [.....172.16.0.1][35910] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] idle: [...659] [ip4][..tcp] [.....172.16.0.1][35910] -> [..192.168.10.50][...80] - guessed: [...660] [ip4][..tcp] [.....172.16.0.1][35924] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...660] [ip4][..tcp] [.....172.16.0.1][35924] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] idle: [...660] [ip4][..tcp] [.....172.16.0.1][35924] -> [..192.168.10.50][...80] - guessed: [...661] [ip4][..tcp] [.....172.16.0.1][35950] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] + guessed: [...661] [ip4][..tcp] [.....172.16.0.1][35950] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable][] idle: [...661] [ip4][..tcp] [.....172.16.0.1][35950] -> [..192.168.10.50][...80] end: [...569] [ip4][..tcp] [.....172.16.0.1][34278] -> [..192.168.10.50][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address diff --git a/test/results/flow-info/agora-sd-rtn.pcap.out b/test/results/flow-info/agora-sd-rtn.pcap.out index d1cd61928..10881fcc6 100644 --- a/test/results/flow-info/agora-sd-rtn.pcap.out +++ b/test/results/flow-info/agora-sd-rtn.pcap.out @@ -2,28 +2,28 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.2.100][35778] -> [.23.248.186.179][.8130] - detected: [.....1] [ip4][..udp] [..192.168.2.100][35778] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] + detected: [.....1] [ip4][..udp] [..192.168.2.100][35778] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable][23-248-186-179.edge.agora.io] new: [.....2] [ip4][..udp] [..192.168.2.100][35778] -> [.104.166.161.75][.8130] - detected: [.....2] [ip4][..udp] [..192.168.2.100][35778] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.2.100][35778] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable][104-166-161-75.edge.agora.io] new: [.....3] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.75][.8130] - detected: [.....3] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] + detected: [.....3] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable][104-166-161-75.edge.agora.io] new: [.....4] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.19][.8130] - detected: [.....4] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.19][.8130] [SD-RTN][Media][Acceptable] + detected: [.....4] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.19][.8130] [SD-RTN][Media][Acceptable][104-166-161-19.edge.agora.io] update: [.....2] [ip4][..udp] [..192.168.2.100][35778] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] update: [.....1] [ip4][..udp] [..192.168.2.100][35778] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] new: [.....5] [ip4][..udp] [..192.168.2.100][44131] -> [....128.1.77.66][.8130] - detected: [.....5] [ip4][..udp] [..192.168.2.100][44131] -> [....128.1.77.66][.8130] [SD-RTN][Media][Acceptable] + detected: [.....5] [ip4][..udp] [..192.168.2.100][44131] -> [....128.1.77.66][.8130] [SD-RTN][Media][Acceptable][128-1-77-66.edge.agora.io] new: [.....6] [ip4][..udp] [..192.168.2.100][44131] -> [.23.248.186.179][.8130] - detected: [.....6] [ip4][..udp] [..192.168.2.100][44131] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] + detected: [.....6] [ip4][..udp] [..192.168.2.100][44131] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable][23-248-186-179.edge.agora.io] new: [.....7] [ip4][..udp] [..192.168.2.100][46798] -> [.23.248.186.179][.8130] - detected: [.....7] [ip4][..udp] [..192.168.2.100][46798] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] + detected: [.....7] [ip4][..udp] [..192.168.2.100][46798] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable][23-248-186-179.edge.agora.io] update: [.....2] [ip4][..udp] [..192.168.2.100][35778] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] update: [.....3] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] update: [.....4] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.19][.8130] [SD-RTN][Media][Acceptable] update: [.....1] [ip4][..udp] [..192.168.2.100][35778] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] update: [.....5] [ip4][..udp] [..192.168.2.100][44131] -> [....128.1.77.66][.8130] [SD-RTN][Media][Acceptable] new: [.....8] [ip4][..udp] [..192.168.2.100][44131] -> [.23.248.186.180][.8130] - detected: [.....8] [ip4][..udp] [..192.168.2.100][44131] -> [.23.248.186.180][.8130] [SD-RTN][Media][Acceptable] + detected: [.....8] [ip4][..udp] [..192.168.2.100][44131] -> [.23.248.186.180][.8130] [SD-RTN][Media][Acceptable][23-248-186-180.edge.agora.io] idle: [.....2] [ip4][..udp] [..192.168.2.100][35778] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] idle: [.....1] [ip4][..udp] [..192.168.2.100][35778] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] update: [.....3] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] @@ -34,11 +34,11 @@ DAEMON-EVENT: [Processed: 120 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 6 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 12] new: [.....9] [ip4][..udp] [..192.168.2.100][40393] -> [.23.248.186.179][.8130] - detected: [.....9] [ip4][..udp] [..192.168.2.100][40393] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] + detected: [.....9] [ip4][..udp] [..192.168.2.100][40393] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable][23-248-186-179.edge.agora.io] new: [....10] [ip4][..udp] [..192.168.2.100][47453] -> [.23.248.186.179][.8130] - detected: [....10] [ip4][..udp] [..192.168.2.100][47453] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] + detected: [....10] [ip4][..udp] [..192.168.2.100][47453] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable][23-248-186-179.edge.agora.io] new: [....11] [ip4][..udp] [..192.168.2.100][40393] -> [.104.166.161.75][.8130] - detected: [....11] [ip4][..udp] [..192.168.2.100][40393] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] + detected: [....11] [ip4][..udp] [..192.168.2.100][40393] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable][104-166-161-75.edge.agora.io] idle: [.....4] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.19][.8130] [SD-RTN][Media][Acceptable] idle: [.....3] [ip4][..udp] [..192.168.2.100][44131] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] idle: [.....8] [ip4][..udp] [..192.168.2.100][44131] -> [.23.248.186.180][.8130] [SD-RTN][Media][Acceptable] @@ -46,11 +46,11 @@ idle: [.....5] [ip4][..udp] [..192.168.2.100][44131] -> [....128.1.77.66][.8130] [SD-RTN][Media][Acceptable] idle: [.....7] [ip4][..udp] [..192.168.2.100][46798] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] new: [....12] [ip4][..udp] [..192.168.2.100][55322] -> [.104.166.161.75][.8130] - detected: [....12] [ip4][..udp] [..192.168.2.100][55322] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] + detected: [....12] [ip4][..udp] [..192.168.2.100][55322] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable][104-166-161-75.edge.agora.io] new: [....13] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.233.218][.8130] - detected: [....13] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.233.218][.8130] [SD-RTN][Media][Acceptable] + detected: [....13] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.233.218][.8130] [SD-RTN][Media][Acceptable][128-1-233-218.edge.agora.io] new: [....14] [ip4][..udp] [..192.168.2.100][55322] -> [.193.118.52.182][.8130] - detected: [....14] [ip4][..udp] [..192.168.2.100][55322] -> [.193.118.52.182][.8130] [SD-RTN][Media][Acceptable] + detected: [....14] [ip4][..udp] [..192.168.2.100][55322] -> [.193.118.52.182][.8130] [SD-RTN][Media][Acceptable][193-118-52-182.edge.agora.io] update: [....10] [ip4][..udp] [..192.168.2.100][47453] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] update: [....11] [ip4][..udp] [..192.168.2.100][40393] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] update: [.....9] [ip4][..udp] [..192.168.2.100][40393] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] @@ -63,15 +63,15 @@ idle: [....14] [ip4][..udp] [..192.168.2.100][55322] -> [.193.118.52.182][.8130] [SD-RTN][Media][Acceptable] update: [....12] [ip4][..udp] [..192.168.2.100][55322] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] new: [....15] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.193.223][.8130] - detected: [....15] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable] + detected: [....15] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable][128-1-193-223.edge.agora.io] new: [....16] [ip4][..udp] [..192.168.2.100][55322] -> [.23.248.186.180][.8130] - detected: [....16] [ip4][..udp] [..192.168.2.100][55322] -> [.23.248.186.180][.8130] [SD-RTN][Media][Acceptable] + detected: [....16] [ip4][..udp] [..192.168.2.100][55322] -> [.23.248.186.180][.8130] [SD-RTN][Media][Acceptable][23-248-186-180.edge.agora.io] update: [....12] [ip4][..udp] [..192.168.2.100][55322] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] new: [....17] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.193.224][.8130] - detected: [....17] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.193.224][.8130] [SD-RTN][Media][Acceptable] + detected: [....17] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.193.224][.8130] [SD-RTN][Media][Acceptable][128-1-193-224.edge.agora.io] update: [....15] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable] new: [....18] [ip4][..udp] [..192.168.2.100][55322] -> [.23.248.186.179][.8130] - detected: [....18] [ip4][..udp] [..192.168.2.100][55322] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] + detected: [....18] [ip4][..udp] [..192.168.2.100][55322] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable][23-248-186-179.edge.agora.io] idle: [....16] [ip4][..udp] [..192.168.2.100][55322] -> [.23.248.186.180][.8130] [SD-RTN][Media][Acceptable] idle: [....15] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable] idle: [....12] [ip4][..udp] [..192.168.2.100][55322] -> [.104.166.161.75][.8130] [SD-RTN][Media][Acceptable] @@ -79,27 +79,27 @@ DAEMON-EVENT: [Processed: 285 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 18|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 19] new: [....19] [ip4][..udp] [..192.168.2.100][47805] -> [..128.1.193.223][.8130] - detected: [....19] [ip4][..udp] [..192.168.2.100][47805] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable] + detected: [....19] [ip4][..udp] [..192.168.2.100][47805] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable][128-1-193-223.edge.agora.io] new: [....20] [ip4][..udp] [..192.168.2.100][47805] -> [.202.226.25.166][.8130] - detected: [....20] [ip4][..udp] [..192.168.2.100][47805] -> [.202.226.25.166][.8130] [SD-RTN][Media][Acceptable] + detected: [....20] [ip4][..udp] [..192.168.2.100][47805] -> [.202.226.25.166][.8130] [SD-RTN][Media][Acceptable][202-226-25-166.edge.agora.io] idle: [....18] [ip4][..udp] [..192.168.2.100][55322] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] idle: [....17] [ip4][..udp] [..192.168.2.100][55322] -> [..128.1.193.224][.8130] [SD-RTN][Media][Acceptable] new: [....21] [ip4][..udp] [..192.168.2.100][47805] -> [103.104.168.244][.8130] - detected: [....21] [ip4][..udp] [..192.168.2.100][47805] -> [103.104.168.244][.8130] [SD-RTN][Media][Acceptable] + detected: [....21] [ip4][..udp] [..192.168.2.100][47805] -> [103.104.168.244][.8130] [SD-RTN][Media][Acceptable][103-104-168-244.edge.agora.io] new: [....22] [ip4][..udp] [..192.168.2.100][47805] -> [.199.190.44.135][.8130] - detected: [....22] [ip4][..udp] [..192.168.2.100][47805] -> [.199.190.44.135][.8130] [SD-RTN][Media][Acceptable] + detected: [....22] [ip4][..udp] [..192.168.2.100][47805] -> [.199.190.44.135][.8130] [SD-RTN][Media][Acceptable][199-190-44-135.edge.agora.io] new: [....23] [ip4][..udp] [..192.168.2.100][47805] -> [..128.1.193.224][.8130] - detected: [....23] [ip4][..udp] [..192.168.2.100][47805] -> [..128.1.193.224][.8130] [SD-RTN][Media][Acceptable] + detected: [....23] [ip4][..udp] [..192.168.2.100][47805] -> [..128.1.193.224][.8130] [SD-RTN][Media][Acceptable][128-1-193-224.edge.agora.io] new: [....24] [ip4][..udp] [..192.168.2.100][47805] -> [.23.248.186.179][.8130] - detected: [....24] [ip4][..udp] [..192.168.2.100][47805] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable] + detected: [....24] [ip4][..udp] [..192.168.2.100][47805] -> [.23.248.186.179][.8130] [SD-RTN][Media][Acceptable][23-248-186-179.edge.agora.io] new: [....25] [ip4][..udp] [..192.168.2.100][55094] -> [..128.1.193.223][.8130] - detected: [....25] [ip4][..udp] [..192.168.2.100][55094] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable] + detected: [....25] [ip4][..udp] [..192.168.2.100][55094] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable][128-1-193-223.edge.agora.io] update: [....22] [ip4][..udp] [..192.168.2.100][47805] -> [.199.190.44.135][.8130] [SD-RTN][Media][Acceptable] update: [....21] [ip4][..udp] [..192.168.2.100][47805] -> [103.104.168.244][.8130] [SD-RTN][Media][Acceptable] update: [....19] [ip4][..udp] [..192.168.2.100][47805] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable] update: [....20] [ip4][..udp] [..192.168.2.100][47805] -> [.202.226.25.166][.8130] [SD-RTN][Media][Acceptable] new: [....26] [ip4][..udp] [..192.168.2.100][47805] -> [.23.248.186.180][.8130] - detected: [....26] [ip4][..udp] [..192.168.2.100][47805] -> [.23.248.186.180][.8130] [SD-RTN][Media][Acceptable] + detected: [....26] [ip4][..udp] [..192.168.2.100][47805] -> [.23.248.186.180][.8130] [SD-RTN][Media][Acceptable][23-248-186-180.edge.agora.io] DAEMON-EVENT: [Processed: 400 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 8 / 26|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 23] idle: [....25] [ip4][..udp] [..192.168.2.100][55094] -> [..128.1.193.223][.8130] [SD-RTN][Media][Acceptable] diff --git a/test/results/flow-info/aimini-http.pcap.out b/test/results/flow-info/aimini-http.pcap.out index f5db44c4c..fc1e3b9c9 100644 --- a/test/results/flow-info/aimini-http.pcap.out +++ b/test/results/flow-info/aimini-http.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] - detected: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] + detected: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun][www.aimini.net] new: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] - detected: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] + detected: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun][www.aimini.com] analyse: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.001| 0.000| 0.000| 0.129| 3.400] @@ -16,9 +16,9 @@ [PKTLENS.....: 48,48,48,48,46,635,46,635,1500,1500,1500,1500,1500,1500,1500,276,1500,1500,46,1500,1500,46,1500,1500,46,1500,276,46,46,46,1500,1500] [ENTROPIES...: 3.9,4.1,4.3,4.5,3.8,6.0,4.0,6.0,7.7,7.9,7.7,7.9,7.8,7.8,7.9,7.0,7.7,7.9,3.8,7.7,7.9,3.8,7.8,7.8,3.8,7.9,7.0,4.0,4.0,4.0,5.8,4.5] new: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] - detected: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] + detected: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun][www.aimini.net] new: [.....4] [ip4][..tcp] [.....10.101.0.2][28504] -> [.....10.102.0.2][...80] - detected: [.....4] [ip4][..tcp] [.....10.101.0.2][28504] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] + detected: [.....4] [ip4][..tcp] [.....10.101.0.2][28504] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun][www.aimini.com] end: [.....1] [ip4][..tcp] [.....10.101.0.2][28501] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] end: [.....2] [ip4][..tcp] [.....10.101.0.2][28502] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] end: [.....3] [ip4][..tcp] [.....10.101.0.2][28503] -> [.....10.102.0.2][...80] [HTTP.Aimini][Download][Fun] diff --git a/test/results/flow-info/alexa-app.pcapng.out b/test/results/flow-info/alexa-app.pcapng.out index 07c93a4c3..5fd9611e8 100644 --- a/test/results/flow-info/alexa-app.pcapng.out +++ b/test/results/flow-info/alexa-app.pcapng.out @@ -8,119 +8,119 @@ new: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] detected: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][android-1c1335ec95a27318] new: [.....4] [ip4][..udp] [....172.16.42.1][...67] -> [..172.16.42.216][...68] - detected: [.....4] [ip4][..udp] [....172.16.42.1][...67] -> [..172.16.42.216][...68] [DHCP][Network][Acceptable] + detected: [.....4] [ip4][..udp] [....172.16.42.1][...67] -> [..172.16.42.216][...68] [DHCP][Network][Acceptable][] new: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] detected: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Network][Acceptable] new: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] - detected: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable] - detection-update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable] + detected: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable][connectivitycheck.android.com] + detection-update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable][connectivitycheck.android.com] new: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] - detected: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable] - detection-update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable] + detected: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable][connectivitycheck.android.com] + detection-update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable][connectivitycheck.android.com] new: [.....8] [ip4][..tcp] [..172.16.42.216][60246] -> [..172.217.9.142][...80] - detected: [.....8] [ip4][..tcp] [..172.16.42.216][60246] -> [..172.217.9.142][...80] [HTTP.Google][ConnCheck][Acceptable] + detected: [.....8] [ip4][..tcp] [..172.16.42.216][60246] -> [..172.217.9.142][...80] [HTTP.Google][ConnCheck][Acceptable][connectivitycheck.android.com] new: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] - detected: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Web][Acceptable] + detected: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Web][Acceptable][mtalk.google.com] new: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] - detected: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Web][Acceptable] + detected: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable][www.google.com] + detection-update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable][www.google.com] + detection-update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Web][Acceptable][mtalk.google.com] new: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228] - detected: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228] [TLS.GoogleServices][Web][Acceptable] + detected: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228] [TLS.GoogleServices][Web][Acceptable][mtalk.google.com] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228] [TLS.GoogleServices][Web][Acceptable] + detection-update: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228] [TLS.GoogleServices][Web][Acceptable][mtalk.google.com] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS new: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] - detected: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable] + detected: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable][www.google.com] + detection-update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable][www.google.com] new: [....13] [ip4][..tcp] [..172.16.42.216][35540] -> [..172.217.9.142][...80] - detected: [....13] [ip4][..tcp] [..172.16.42.216][35540] -> [..172.217.9.142][...80] [HTTP.Google][ConnCheck][Acceptable] + detected: [....13] [ip4][..tcp] [..172.16.42.216][35540] -> [..172.217.9.142][...80] [HTTP.Google][ConnCheck][Acceptable][connectivitycheck.android.com] new: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] detected: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Network][Acceptable] new: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] - detected: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][www.amazon.com] new: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] - detected: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable] + detected: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] - detected: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][mads.amazon-adsystem.com] + detection-update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][mads.amazon-adsystem.com] new: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] - detected: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] [TLS.Amazon][Web][Acceptable] + detected: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] [TLS.Amazon][Web][Acceptable][mads.amazon-adsystem.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] [TLS.Amazon][Web][Acceptable][mads.amazon-adsystem.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] [TLS.Amazon][Web][Acceptable][mads.amazon-adsystem.com] RISK: TLS (probably) Not Carrying HTTPS new: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] - detected: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][firs-ta-g7g.amazon.com] + detection-update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][firs-ta-g7g.amazon.com] new: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] - detected: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] [TLS.Amazon][Web][Acceptable] + detected: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] [TLS.Amazon][Web][Acceptable][firs-ta-g7g.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] [TLS.Amazon][Web][Acceptable][firs-ta-g7g.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] [TLS.Amazon][Web][Acceptable][firs-ta-g7g.amazon.com] RISK: TLS (probably) Not Carrying HTTPS new: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] - detected: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] - detection-update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] + detected: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] + detection-update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] new: [....22] [ip4][..tcp] [..172.16.42.216][49572] -> [..52.94.232.134][...80] - detected: [....22] [ip4][..tcp] [..172.16.42.216][49572] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] + detected: [....22] [ip4][..tcp] [..172.16.42.216][49572] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] new: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] detected: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] - detected: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] - detection-update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] + detected: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] new: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] - detected: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] new: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] - detected: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] new: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] - detected: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][pitangui.amazon.com] new: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] - detected: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [....29] [ip4][..tcp] [..172.16.42.216][45662] -> [..52.94.232.134][..443] new: [....30] [ip4][..tcp] [..172.16.42.216][45663] -> [..52.94.232.134][..443] new: [....31] [ip4][..tcp] [..172.16.42.216][40200] -> [.10.201.126.241][.8080] new: [....32] [ip4][..tcp] [..172.16.42.216][38391] -> [...192.168.11.1][.8080] - detected: [....29] [ip4][..tcp] [..172.16.42.216][45662] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....30] [ip4][..tcp] [..172.16.42.216][45663] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....30] [ip4][..tcp] [..172.16.42.216][45663] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....29] [ip4][..tcp] [..172.16.42.216][45662] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....30] [ip4][..tcp] [..172.16.42.216][45663] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....30] [ip4][..tcp] [..172.16.42.216][45663] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....29] [ip4][..tcp] [..172.16.42.216][45662] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....29] [ip4][..tcp] [..172.16.42.216][45662] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [....33] [ip4][..tcp] [..172.16.42.216][40202] -> [.10.201.126.241][.8080] new: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] - detected: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] + detected: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] new: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] - detected: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] + detected: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] new: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] - detection-update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detection-update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][www.amazon.com] new: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] new: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] - detected: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detected: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] + detected: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detected: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] new: [....39] [ip4][..tcp] [..172.16.42.216][54413] -> [..52.85.209.216][..443] - detected: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] + detected: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] analyse: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.091| 0.022| 0.031| 964.249| 3.600] @@ -131,11 +131,11 @@ [IATS(ms)....: 47.0,53.0,0.3,73.2,0.1,18.9,0.4,0.3,0.4,88.2,0.3,0.7,0.2,8.1,32.8,75.3,63.7,49.4,70.9,0.8,90.5,2.0,0.4,0.5,0.4,0.5,0.7,0.0,5.3,0.3,1.1] [PKTLENS.....: 60,60,52,254,52,52,1500,1500,1500,819,52,52,52,52,178,1082,294,52,52,1500,1500,52,1500,1500,1500,450,1500,1112,86,52,52,52] [ENTROPIES...: 4.6,5.3,5.1,5.6,5.0,5.0,6.9,7.2,7.5,7.6,5.0,5.0,5.0,5.0,6.3,7.8,7.0,5.1,5.0,7.9,7.9,5.0,7.9,7.9,7.9,7.5,7.9,7.8,5.8,5.0,5.0,4.9] - detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] new: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] - detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][fls-na.amazon.com] ERROR-EVENT: Unknown packet type analyse: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy @@ -147,41 +147,41 @@ [IATS(ms)....: 55.7,59.3,1.4,66.6,0.4,0.1,64.1,4.8,0.3,2.7,66.9,3.1,100.8,8.3,108.4,5.9,66.9,500.8,354.1,941.1,3.0,88.7,111.8,176.5,0.2,64.7,9.2,104.2,1015.9,966.5,45.6] [PKTLENS.....: 60,48,40,247,1500,1500,385,40,40,40,366,46,99,40,1122,46,941,40,1106,1106,46,493,40,1154,46,877,40,40,46,40,46,40] [ENTROPIES...: 4.6,5.1,4.8,5.5,6.8,7.3,7.4,4.8,4.8,4.7,7.3,4.7,6.0,4.9,7.8,4.5,7.8,4.8,7.8,7.8,4.6,7.6,4.8,7.8,4.6,7.7,4.9,4.9,4.5,4.8,4.5,4.8] - detection-update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detection-update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][fls-na.amazon.com] new: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] new: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] - detected: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] - detected: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] + detected: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detected: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] new: [....43] [ip4][..tcp] [..172.16.42.216][45673] -> [..52.94.232.134][..443] new: [....44] [ip4][..tcp] [..172.16.42.216][45674] -> [..52.94.232.134][..443] - detected: [....43] [ip4][..tcp] [..172.16.42.216][45673] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....44] [ip4][..tcp] [..172.16.42.216][45674] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....43] [ip4][..tcp] [..172.16.42.216][45673] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....43] [ip4][..tcp] [..172.16.42.216][45673] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....44] [ip4][..tcp] [..172.16.42.216][45674] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....43] [ip4][..tcp] [..172.16.42.216][45673] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....44] [ip4][..tcp] [..172.16.42.216][45674] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....44] [ip4][..tcp] [..172.16.42.216][45674] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [....45] [ip4][..tcp] [..172.16.42.216][49589] -> [..52.94.232.134][...80] new: [....46] [ip4][..tcp] [..172.16.42.216][45676] -> [..52.94.232.134][..443] new: [....47] [ip4][..tcp] [..172.16.42.216][45677] -> [..52.94.232.134][..443] new: [....48] [ip4][..tcp] [..172.16.42.216][45678] -> [..52.94.232.134][..443] new: [....49] [ip4][..tcp] [..172.16.42.216][45679] -> [..52.94.232.134][..443] - detected: [....45] [ip4][..tcp] [..172.16.42.216][49589] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] - detected: [....46] [ip4][..tcp] [..172.16.42.216][45676] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....47] [ip4][..tcp] [..172.16.42.216][45677] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....48] [ip4][..tcp] [..172.16.42.216][45678] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....49] [ip4][..tcp] [..172.16.42.216][45679] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....47] [ip4][..tcp] [..172.16.42.216][45677] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....45] [ip4][..tcp] [..172.16.42.216][49589] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] + detected: [....46] [ip4][..tcp] [..172.16.42.216][45676] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....47] [ip4][..tcp] [..172.16.42.216][45677] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....48] [ip4][..tcp] [..172.16.42.216][45678] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....49] [ip4][..tcp] [..172.16.42.216][45679] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....47] [ip4][..tcp] [..172.16.42.216][45677] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....46] [ip4][..tcp] [..172.16.42.216][45676] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....46] [ip4][..tcp] [..172.16.42.216][45676] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....49] [ip4][..tcp] [..172.16.42.216][45679] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....49] [ip4][..tcp] [..172.16.42.216][45679] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....48] [ip4][..tcp] [..172.16.42.216][45678] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....48] [ip4][..tcp] [..172.16.42.216][45678] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] analyse: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.836| 0.167| 0.244| 59552.047| 3.700] @@ -192,27 +192,27 @@ [IATS(ms)....: 54.2,55.4,0.5,50.3,258.9,520.1,785.3,3.8,0.2,0.1,0.0,60.8,0.3,0.1,0.1,52.1,11.0,287.0,223.9,2.7,139.2,0.2,171.9,179.9,0.1,402.7,22.4,216.5,783.8,835.9,50.5] [PKTLENS.....: 60,48,40,245,46,245,245,46,1500,1500,1500,674,40,40,40,40,166,1500,91,468,46,46,466,40,1500,1196,46,343,40,40,46,40] [ENTROPIES...: 4.6,5.1,4.9,5.6,4.5,5.6,5.6,4.6,7.1,7.3,7.4,7.6,4.8,4.9,4.8,4.8,6.3,7.9,5.9,7.5,4.6,4.6,7.5,4.8,7.9,7.8,4.6,7.4,4.9,4.9,4.6,4.9] - detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] new: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] - detected: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [....51] [ip4][..tcp] [..172.16.42.216][34033] -> [..54.239.24.186][..443] new: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] - detected: [....51] [ip4][..tcp] [..172.16.42.216][34033] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....51] [ip4][..tcp] [..172.16.42.216][34033] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] new: [....53] [ip4][..tcp] [..172.16.42.216][45683] -> [..52.94.232.134][..443] - detected: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....51] [ip4][..tcp] [..172.16.42.216][34033] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detected: [....53] [ip4][..tcp] [..172.16.42.216][45683] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....53] [ip4][..tcp] [..172.16.42.216][45683] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [....51] [ip4][..tcp] [..172.16.42.216][34033] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detected: [....53] [ip4][..tcp] [..172.16.42.216][45683] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [....53] [ip4][..tcp] [..172.16.42.216][45683] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] new: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] - detected: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - detected: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] + detected: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detected: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] analyse: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.352| 0.044| 0.079| 6215.196| 3.500] @@ -224,44 +224,44 @@ [PKTLENS.....: 60,48,40,299,46,46,196,40,91,806,46,550,1500,1425,1500,1500,1500,1500,1500,1500,69,46,46,46,1500,46,46,1500,1500,46,46,1500] [ENTROPIES...: 4.7,5.1,4.8,6.0,4.6,4.5,6.4,4.8,5.3,7.7,4.6,7.6,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,5.7,4.5,4.5,4.5,7.9,4.6,4.6,7.9,7.9,4.6,4.6,7.9] new: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] - detected: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] + detected: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [....56] [ip4][..tcp] [..172.16.42.216][42144] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] ERROR-EVENT: Unknown packet type new: [....57] [ip4][..tcp] [..172.16.42.216][45687] -> [..52.94.232.134][..443] - detected: [....57] [ip4][..tcp] [..172.16.42.216][45687] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....57] [ip4][..tcp] [..172.16.42.216][45687] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....57] [ip4][..tcp] [..172.16.42.216][45687] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....57] [ip4][..tcp] [..172.16.42.216][45687] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [....58] [ip4][....2] [........0.0.0.0] -> [......224.0.0.1] detected: [....58] [ip4][....2] [........0.0.0.0] -> [......224.0.0.1] [IGMP][Network][Acceptable] new: [....59] [ip4][..tcp] [..172.16.42.216][45688] -> [..52.94.232.134][..443] - detected: [....59] [ip4][..tcp] [..172.16.42.216][45688] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....59] [ip4][..tcp] [..172.16.42.216][45688] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....59] [ip4][..tcp] [..172.16.42.216][45688] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....59] [ip4][..tcp] [..172.16.42.216][45688] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [....60] [ip4][..tcp] [..172.16.42.216][34041] -> [..54.239.24.186][..443] - detected: [....60] [ip4][..tcp] [..172.16.42.216][34041] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....60] [ip4][..tcp] [..172.16.42.216][34041] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....60] [ip4][..tcp] [..172.16.42.216][34041] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [....60] [ip4][..tcp] [..172.16.42.216][34041] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] update: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Network][Acceptable] update: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2] [ICMPV6][Network][Acceptable] update: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] update: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Network][Acceptable] new: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] new: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] - detected: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detected: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][www.amazon.com] + detected: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][www.amazon.com] new: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] - detection-update: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable] - detected: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detected: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] new: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] - detected: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][api.amazon.com] + detection-update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][api.amazon.com] new: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] - detected: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable] + detected: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable][api.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable][api.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable][api.amazon.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy @@ -283,41 +283,41 @@ [IATS(ms)....: 92.4,95.4,2.4,97.4,1.9,14.1,0.3,0.1,113.4,0.3,0.2,49.6,132.6,83.3,183.9,0.3,326.1,293.1,272.4,0.1,443.7,0.4,0.5,0.0,276.5,199.2,0.5,0.0,0.7,486.1,0.4] [PKTLENS.....: 60,48,40,261,46,46,1500,1500,450,40,40,40,166,91,40,1500,533,46,1500,46,46,1500,1500,1500,211,1500,1500,1500,211,1500,1500,1500] [ENTROPIES...: 4.7,5.1,4.7,5.4,4.6,4.6,7.2,7.3,7.4,4.8,4.8,4.8,6.6,5.8,4.7,7.9,7.6,4.7,7.9,4.5,4.5,7.8,7.9,7.9,7.0,7.8,7.9,7.9,7.0,7.8,7.8,7.9] - detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][Web][Acceptable][api.amazon.com] RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..tcp] [..172.16.42.216][49606] -> [..52.94.232.134][...80] new: [....67] [ip4][..tcp] [..172.16.42.216][45693] -> [..52.94.232.134][..443] new: [....68] [ip4][..tcp] [..172.16.42.216][45694] -> [..52.94.232.134][..443] new: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] - detected: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] - detected: [....66] [ip4][..tcp] [..172.16.42.216][49606] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] + detected: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] + detected: [....66] [ip4][..tcp] [..172.16.42.216][49606] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] new: [....70] [ip4][..tcp] [..172.16.42.216][45695] -> [..52.94.232.134][..443] - detected: [....68] [ip4][..tcp] [..172.16.42.216][45694] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....67] [ip4][..tcp] [..172.16.42.216][45693] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....68] [ip4][..tcp] [..172.16.42.216][45694] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....67] [ip4][..tcp] [..172.16.42.216][45693] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] new: [....71] [ip4][..tcp] [..172.16.42.216][45696] -> [..52.94.232.134][..443] new: [....72] [ip4][..tcp] [..172.16.42.216][45697] -> [..52.94.232.134][..443] - detection-update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] + detection-update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] new: [....73] [ip4][..tcp] [..172.16.42.216][59698] -> [..52.94.232.134][..443] - detection-update: [....68] [ip4][..tcp] [..172.16.42.216][45694] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....68] [ip4][..tcp] [..172.16.42.216][45694] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detected: [....71] [ip4][..tcp] [..172.16.42.216][45696] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....70] [ip4][..tcp] [..172.16.42.216][45695] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....72] [ip4][..tcp] [..172.16.42.216][45697] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....67] [ip4][..tcp] [..172.16.42.216][45693] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....71] [ip4][..tcp] [..172.16.42.216][45696] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....70] [ip4][..tcp] [..172.16.42.216][45695] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....72] [ip4][..tcp] [..172.16.42.216][45697] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....67] [ip4][..tcp] [..172.16.42.216][45693] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detected: [....73] [ip4][..tcp] [..172.16.42.216][59698] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....73] [ip4][..tcp] [..172.16.42.216][59698] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [....71] [ip4][..tcp] [..172.16.42.216][45696] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....71] [ip4][..tcp] [..172.16.42.216][45696] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....70] [ip4][..tcp] [..172.16.42.216][45695] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....70] [ip4][..tcp] [..172.16.42.216][45695] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....73] [ip4][..tcp] [..172.16.42.216][59698] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....73] [ip4][..tcp] [..172.16.42.216][59698] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [....74] [ip4][..tcp] [..172.16.42.216][45698] -> [..52.94.232.134][..443] - detected: [....74] [ip4][..tcp] [..172.16.42.216][45698] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....74] [ip4][..tcp] [..172.16.42.216][45698] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....74] [ip4][..tcp] [..172.16.42.216][45698] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....74] [ip4][..tcp] [..172.16.42.216][45698] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....72] [ip4][..tcp] [..172.16.42.216][45697] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....72] [ip4][..tcp] [..172.16.42.216][45697] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher update: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Web][Acceptable] @@ -328,20 +328,20 @@ update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable] update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable] new: [....75] [ip4][..tcp] [..172.16.42.216][37113] -> [..52.94.232.134][..443] - detected: [....75] [ip4][..tcp] [..172.16.42.216][37113] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....75] [ip4][..tcp] [..172.16.42.216][37113] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....75] [ip4][..tcp] [..172.16.42.216][37113] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....75] [ip4][..tcp] [..172.16.42.216][37113] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....76] [ip4][..tcp] [..172.16.42.216][49613] -> [..52.94.232.134][...80] - detected: [....76] [ip4][..tcp] [..172.16.42.216][49613] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] + detected: [....76] [ip4][..tcp] [..172.16.42.216][49613] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] new: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] - detected: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] + detection-update: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com] new: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] new: [....79] [ip4][..tcp] [..172.16.42.216][34054] -> [..54.239.24.186][..443] - detected: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] @@ -353,34 +353,34 @@ new: [....83] [ip4][..tcp] [..172.16.42.216][40242] -> [.10.201.126.241][.8080] new: [....84] [ip4][..tcp] [..172.16.42.216][45707] -> [..52.94.232.134][..443] new: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080] - detected: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....81] [ip4][..tcp] [..172.16.42.216][45704] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....81] [ip4][..tcp] [..172.16.42.216][45704] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....81] [ip4][..tcp] [..172.16.42.216][45704] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....81] [ip4][..tcp] [..172.16.42.216][45704] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detected: [....82] [ip4][..tcp] [..172.16.42.216][45705] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....82] [ip4][..tcp] [..172.16.42.216][45705] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....82] [ip4][..tcp] [..172.16.42.216][45705] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [....82] [ip4][..tcp] [..172.16.42.216][45705] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [....86] [ip4][..tcp] [..172.16.42.216][45709] -> [..52.94.232.134][..443] new: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] - detected: [....86] [ip4][..tcp] [..172.16.42.216][45709] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [....86] [ip4][..tcp] [..172.16.42.216][45709] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] new: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] new: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] new: [....90] [ip4][..tcp] [..172.16.42.216][49627] -> [..52.94.232.134][...80] new: [....91] [ip4][..tcp] [..172.16.42.216][45714] -> [..52.94.232.134][..443] new: [....92] [ip4][..tcp] [..172.16.42.216][45715] -> [..52.94.232.134][..443] new: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] - detection-update: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....86] [ip4][..tcp] [..172.16.42.216][45709] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....86] [ip4][..tcp] [..172.16.42.216][45709] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detected: [....92] [ip4][..tcp] [..172.16.42.216][45715] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....91] [ip4][..tcp] [..172.16.42.216][45714] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] + detected: [....92] [ip4][..tcp] [..172.16.42.216][45715] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....91] [ip4][..tcp] [..172.16.42.216][45714] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] analyse: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.570| 0.289| 0.417| 173871.694| 3.700] @@ -391,21 +391,21 @@ [IATS(ms)....: 325.4,332.9,0.3,247.7,0.2,241.3,0.3,0.3,23.8,0.3,429.9,0.1,1569.5,1485.9,353.0,706.9,73.8,0.3,358.8,0.4,256.6,3.7,0.2,956.2,948.6,95.3,235.6,1.1,0.1,275.4,23.7] [PKTLENS.....: 60,48,40,279,125,93,40,40,99,1500,174,46,46,174,46,717,40,1500,238,46,525,40,1500,206,525,40,1500,46,557,46,40,1500] [ENTROPIES...: 4.7,5.2,4.8,5.8,6.1,6.1,4.8,4.8,5.9,7.9,6.9,4.6,4.5,6.9,4.6,7.7,4.8,7.9,7.1,4.7,7.6,4.8,7.9,7.0,7.6,4.8,7.9,4.7,7.6,4.7,4.7,7.9] - detection-update: [....92] [ip4][..tcp] [..172.16.42.216][45715] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....92] [ip4][..tcp] [..172.16.42.216][45715] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [....91] [ip4][..tcp] [..172.16.42.216][45714] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....91] [ip4][..tcp] [..172.16.42.216][45714] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [....94] [ip4][..tcp] [..172.16.42.216][34069] -> [..54.239.24.186][..443] - detected: [....94] [ip4][..tcp] [..172.16.42.216][34069] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....94] [ip4][..tcp] [..172.16.42.216][34069] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] new: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] - detected: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] - detection-update: [....94] [ip4][..tcp] [..172.16.42.216][34069] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] + detected: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] + detection-update: [....94] [ip4][..tcp] [..172.16.42.216][34069] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] new: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] new: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443] - detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] analyse: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.192| 0.160| 0.282| 79548.359| 3.500] @@ -416,8 +416,8 @@ [IATS(ms)....: 214.4,219.1,3.7,1161.8,1191.6,0.1,0.0,75.9,170.4,0.4,119.0,9.7,7.9,105.5,90.0,79.1,135.4,22.4,255.4,0.3,202.3,1.2,199.7,0.1,0.1,204.8,0.0,11.4,221.9,0.1,253.2] [PKTLENS.....: 60,48,40,279,279,46,125,93,40,46,178,40,99,1500,46,206,46,46,1133,1500,254,46,541,1500,270,162,46,46,525,1500,190,46] [ENTROPIES...: 4.7,5.1,4.8,5.9,5.9,4.6,6.1,6.0,4.7,4.6,6.5,4.7,5.9,7.9,4.6,6.9,4.6,4.6,7.8,7.9,7.1,4.6,7.5,7.9,7.2,6.6,4.5,4.6,7.6,7.9,6.8,4.6] - detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] + detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] analyse: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.080| 0.209| 0.303| 92031.574| 3.700] @@ -429,12 +429,12 @@ [PKTLENS.....: 60,60,48,40,279,48,40,125,93,40,40,99,1500,254,46,46,46,541,1500,206,46,701,1500,238,46,557,40,1500,206,46,1500,46] [ENTROPIES...: 4.7,4.6,5.1,4.8,5.9,5.1,4.9,6.0,6.1,4.8,4.9,5.8,7.9,7.2,4.7,4.6,4.6,7.6,7.9,7.0,4.7,7.7,7.9,7.1,4.6,7.6,4.9,7.9,6.9,4.5,7.9,4.5] new: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] - detected: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][dp-gw-na-js.amazon.com] + detection-update: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][dp-gw-na-js.amazon.com] new: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] - detected: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][Web][Acceptable] + detected: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][Web][Acceptable][dp-gw-na-js.amazon.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][Web][Acceptable][dp-gw-na-js.amazon.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] @@ -445,32 +445,32 @@ update: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Network][Acceptable] update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] - detection-update: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [...100] [ip4][..tcp] [..172.16.42.216][34073] -> [..54.239.24.186][..443] new: [...101] [ip4][..tcp] [..172.16.42.216][34074] -> [..54.239.24.186][..443] new: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] - detected: [...101] [ip4][..tcp] [..172.16.42.216][34074] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detected: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [...101] [ip4][..tcp] [..172.16.42.216][34074] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [...101] [ip4][..tcp] [..172.16.42.216][34074] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detected: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] + detection-update: [...101] [ip4][..tcp] [..172.16.42.216][34074] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] + detection-update: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com] update: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] - detected: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][skills-store.amazon.com] + detection-update: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][skills-store.amazon.com] new: [...104] [ip4][..tcp] [..172.16.42.216][40853] -> [..54.239.29.253][..443] new: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] new: [...106] [ip4][..tcp] [..172.16.42.216][40855] -> [..54.239.29.253][..443] new: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] - detected: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - detected: [...104] [ip4][..tcp] [..172.16.42.216][40853] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - detected: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] + detected: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] + detected: [...104] [ip4][..tcp] [..172.16.42.216][40853] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] + detected: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] + detection-update: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] RISK: Weak TLS Cipher - detection-update: [...104] [ip4][..tcp] [..172.16.42.216][40853] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...104] [ip4][..tcp] [..172.16.42.216][40853] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] RISK: Weak TLS Cipher - detection-update: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] RISK: Weak TLS Cipher analyse: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy @@ -512,41 +512,41 @@ [IATS(ms)....: 123.6,128.0,5.4,470.5,0.6,0.6,0.0,1232.5,1.5,5.0,0.7,0.7,10.0,973.2,0.5,0.1,0.0,190.9,73.2,0.3,171.9,0.1,117.0,408.2,413.7,66.7,140.9,83.3,0.1,166.3,19096.2] [PKTLENS.....: 60,48,40,232,46,1500,1500,522,232,232,40,40,40,166,46,46,46,85,40,1500,276,46,198,104,278,233,232,46,46,258,40,342] [ENTROPIES...: 4.7,5.1,4.8,5.5,4.6,7.2,7.3,7.6,5.5,5.5,4.8,4.9,4.7,6.3,4.5,4.5,4.8,5.6,4.8,7.9,7.2,4.5,6.8,6.0,7.1,7.0,6.9,4.5,4.6,7.0,4.8,7.3] - detection-update: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][Web][Acceptable][dp-gw-na-js.amazon.com] RISK: TLS (probably) Not Carrying HTTPS new: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] - detected: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][pitangui.amazon.com] new: [...109] [ip4][..tcp] [..172.16.42.216][45728] -> [..52.94.232.134][..443] new: [...110] [ip4][..tcp] [..172.16.42.216][45729] -> [..52.94.232.134][..443] new: [...111] [ip4][..tcp] [..172.16.42.216][45730] -> [..52.94.232.134][..443] new: [...112] [ip4][..tcp] [..172.16.42.216][45731] -> [..52.94.232.134][..443] new: [...113] [ip4][..tcp] [..172.16.42.216][45732] -> [..52.94.232.134][..443] - detected: [...110] [ip4][..tcp] [..172.16.42.216][45729] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [...109] [ip4][..tcp] [..172.16.42.216][45728] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [...111] [ip4][..tcp] [..172.16.42.216][45730] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [...112] [ip4][..tcp] [..172.16.42.216][45731] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detected: [...113] [ip4][..tcp] [..172.16.42.216][45732] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...110] [ip4][..tcp] [..172.16.42.216][45729] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [...110] [ip4][..tcp] [..172.16.42.216][45729] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [...109] [ip4][..tcp] [..172.16.42.216][45728] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [...111] [ip4][..tcp] [..172.16.42.216][45730] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [...112] [ip4][..tcp] [..172.16.42.216][45731] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [...113] [ip4][..tcp] [..172.16.42.216][45732] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [...110] [ip4][..tcp] [..172.16.42.216][45729] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [...111] [ip4][..tcp] [..172.16.42.216][45730] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...111] [ip4][..tcp] [..172.16.42.216][45730] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [...109] [ip4][..tcp] [..172.16.42.216][45728] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...109] [ip4][..tcp] [..172.16.42.216][45728] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [...112] [ip4][..tcp] [..172.16.42.216][45731] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...112] [ip4][..tcp] [..172.16.42.216][45731] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [...113] [ip4][..tcp] [..172.16.42.216][45732] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...113] [ip4][..tcp] [..172.16.42.216][45732] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] - detected: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] - detection-update: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] + detected: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] new: [...115] [ip4][..tcp] [..172.16.42.216][37551] -> [..54.239.24.180][..443] new: [...116] [ip4][..tcp] [..172.16.42.216][37552] -> [..54.239.24.180][..443] - detected: [...115] [ip4][..tcp] [..172.16.42.216][37551] -> [..54.239.24.180][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [...115] [ip4][..tcp] [..172.16.42.216][37551] -> [..54.239.24.180][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [...115] [ip4][..tcp] [..172.16.42.216][37551] -> [..54.239.24.180][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [...115] [ip4][..tcp] [..172.16.42.216][37551] -> [..54.239.24.180][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] update: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Web][Acceptable] update: [.....4] [ip4][..udp] [....172.16.42.1][...67] -> [..172.16.42.216][...68] [DHCP][Network][Acceptable] @@ -555,24 +555,24 @@ update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable] update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable] new: [...117] [ip4][..tcp] [..172.16.42.216][40864] -> [..54.239.29.253][..443] - detected: [...117] [ip4][..tcp] [..172.16.42.216][40864] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...117] [ip4][..tcp] [..172.16.42.216][40864] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] + detected: [...117] [ip4][..tcp] [..172.16.42.216][40864] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] + detection-update: [...117] [ip4][..tcp] [..172.16.42.216][40864] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] RISK: Weak TLS Cipher new: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] - detected: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][ecx.images-amazon.com] + detection-update: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][ecx.images-amazon.com] new: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] new: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] new: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] new: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] new: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] new: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] - detected: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] + detected: [...123] [ip4][..tcp] [..172.16.42.216][51989] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...122] [ip4][..tcp] [..172.16.42.216][51988] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] analyse: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.295| 0.052| 0.098| 9533.209| 3.000] @@ -584,8 +584,8 @@ [PKTLENS.....: 60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,52,52,1500,427,52,52,52,52,52,52,52,599,599,427,64,592,1500,1500,52,52] [ENTROPIES...: 4.7,5.2,5.0,6.0,5.1,7.1,7.8,7.8,7.9,7.8,7.8,7.8,5.0,5.0,7.8,6.5,5.0,5.0,5.0,5.0,5.0,5.0,5.0,6.0,6.0,6.5,5.0,5.9,7.5,7.8,5.0,5.0] new: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] - detected: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] + detected: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] + detection-update: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] RISK: Weak TLS Cipher analyse: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy @@ -603,12 +603,12 @@ new: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] new: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] new: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] - detected: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...128] [ip4][..tcp] [..172.16.42.216][51994] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] - detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] + detected: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...128] [ip4][..tcp] [..172.16.42.216][51994] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...127] [ip4][..tcp] [..172.16.42.216][51993] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] + detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable][ecx.images-amazon.com] analyse: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.179| 0.023| 0.044| 1924.322| 3.100] @@ -646,12 +646,12 @@ [PKTLENS.....: 60,60,52,599,52,52,1500,1500,1500,1500,1500,1500,1500,1500,52,52,52,52,1500,1295,52,52,52,52,52,52,599,1295,64,599,1500,1500] [ENTROPIES...: 4.7,5.2,5.1,6.0,5.0,5.0,7.1,7.8,7.8,7.8,7.8,7.8,7.8,7.8,5.0,5.0,4.9,5.0,7.8,7.6,5.0,5.0,5.0,5.0,5.0,5.0,6.0,7.6,5.2,6.0,7.1,7.8] new: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] - detected: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable] + detected: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] + detection-update: [...132] [ip4][..tcp] [..172.16.42.216][40878] -> [..54.239.29.253][..443] [TLS.Amazon][Web][Acceptable][skills-store.amazon.com] RISK: Weak TLS Cipher new: [...133] [ip4][..tcp] [..172.16.42.216][45750] -> [..52.94.232.134][..443] - detected: [...133] [ip4][..tcp] [..172.16.42.216][45750] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...133] [ip4][..tcp] [..172.16.42.216][45750] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [...133] [ip4][..tcp] [..172.16.42.216][45750] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [...133] [ip4][..tcp] [..172.16.42.216][45750] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher idle: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] idle: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2] [ICMPV6][Network][Acceptable] @@ -665,11 +665,11 @@ [IATS(ms)....: 77.1,79.5,13.2,60.9,0.4,0.6,0.1,48.6,1.8,3.6,177.8,227.4,44.5,20.0,267.2,445.6,122.6,0.1,0.0,0.0,282.5,8.7,270.5,1.6,407.0,0.1,164.1,0.1,290.0,120002.8,0.1] [PKTLENS.....: 60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52] [ENTROPIES...: 4.7,5.3,5.0,5.4,5.1,7.0,7.2,7.6,5.0,5.1,5.0,6.6,7.2,5.0,7.9,7.9,5.1,7.9,7.3,6.1,5.8,5.1,5.1,7.9,7.8,5.1,5.1,7.9,5.9,5.1,5.6,5.1] - detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] RISK: TLS (probably) Not Carrying HTTPS new: [...134] [ip4][..tcp] [..172.16.42.216][45751] -> [..52.94.232.134][..443] - detected: [...134] [ip4][..tcp] [..172.16.42.216][45751] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...134] [ip4][..tcp] [..172.16.42.216][45751] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [...134] [ip4][..tcp] [..172.16.42.216][45751] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [...134] [ip4][..tcp] [..172.16.42.216][45751] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher end: [....22] [ip4][..tcp] [..172.16.42.216][49572] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] idle: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Network][Acceptable] @@ -679,16 +679,16 @@ update: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] update: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] new: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] - detected: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] - detection-update: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] + detected: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] + detection-update: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] new: [...136] [ip4][..tcp] [..172.16.42.216][39750] -> [..52.94.232.134][..443] - detected: [...136] [ip4][..tcp] [..172.16.42.216][39750] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [...136] [ip4][..tcp] [..172.16.42.216][39750] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [...136] [ip4][..tcp] [..172.16.42.216][39750] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [...136] [ip4][..tcp] [..172.16.42.216][39750] -> [..52.94.232.134][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [...137] [ip4][..tcp] [..172.16.42.216][45752] -> [..52.94.232.134][..443] - detected: [...137] [ip4][..tcp] [..172.16.42.216][45752] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...137] [ip4][..tcp] [..172.16.42.216][45752] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] + detected: [...137] [ip4][..tcp] [..172.16.42.216][45752] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [...137] [ip4][..tcp] [..172.16.42.216][45752] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher end: [....45] [ip4][..tcp] [..172.16.42.216][49589] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] end: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] @@ -725,7 +725,7 @@ end: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] end: [....51] [ip4][..tcp] [..172.16.42.216][34033] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] end: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] - guessed: [....32] [ip4][..tcp] [..172.16.42.216][38391] -> [...192.168.11.1][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [....32] [ip4][..tcp] [..172.16.42.216][38391] -> [...192.168.11.1][.8080] [HTTP_Proxy][Web][Acceptable][] end: [....32] [ip4][..tcp] [..172.16.42.216][38391] -> [...192.168.11.1][.8080] end: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][Cloud][Acceptable] update: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] @@ -740,20 +740,20 @@ update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] new: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] - detected: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][pitangui.amazon.com] new: [...139] [ip4][..tcp] [..172.16.42.216][50796] -> [..54.239.28.178][..443] new: [...140] [ip4][..tcp] [..172.16.42.216][50797] -> [..54.239.28.178][..443] new: [...141] [ip4][..tcp] [..172.16.42.216][50798] -> [..54.239.28.178][..443] - detected: [...139] [ip4][..tcp] [..172.16.42.216][50796] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] - detected: [...140] [ip4][..tcp] [..172.16.42.216][50797] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] + detected: [...139] [ip4][..tcp] [..172.16.42.216][50796] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detected: [...140] [ip4][..tcp] [..172.16.42.216][50797] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] new: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] - detection-update: [...139] [ip4][..tcp] [..172.16.42.216][50796] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...139] [ip4][..tcp] [..172.16.42.216][50796] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detection-update: [...140] [ip4][..tcp] [..172.16.42.216][50797] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...140] [ip4][..tcp] [..172.16.42.216][50797] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detected: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] + detected: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher end: [....57] [ip4][..tcp] [..172.16.42.216][45687] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] RISK: Weak TLS Cipher @@ -762,19 +762,19 @@ end: [....60] [ip4][..tcp] [..172.16.42.216][34041] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] update: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] new: [...143] [ip4][..tcp] [..172.16.42.216][50800] -> [..54.239.28.178][..443] - detected: [...143] [ip4][..tcp] [..172.16.42.216][50800] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...143] [ip4][..tcp] [..172.16.42.216][50800] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] + detected: [...143] [ip4][..tcp] [..172.16.42.216][50800] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] + detection-update: [...143] [ip4][..tcp] [..172.16.42.216][50800] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher new: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] - detected: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] - detection-update: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable] + detected: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] new: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] - detected: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] new: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] - detected: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] - detection-update: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable] + detected: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] + detection-update: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][VirtAssistant][Acceptable][alexa.amazon.com] new: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] analyse: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] min| max| avg| stddev| variance| entropy @@ -786,28 +786,28 @@ [IATS(ms)....: 133.8,140.4,3.2,141.6,1.3,0.1,137.2,0.3,0.1,2.7,82.2,0.2,95.7,0.4,359.1,405.4,633.6,688.6,100.8,373.1,50.8,202.6,7767.1,1.6,8001.1,353.8,410.1,314.8,108.3,0.2,84.0] [PKTLENS.....: 60,48,40,247,1500,1500,385,40,40,40,366,46,99,1500,190,46,1500,99,40,1500,46,669,40,1500,286,46,40,46,1500,46,46,40] [ENTROPIES...: 4.7,5.2,4.8,5.6,6.8,7.3,7.4,4.7,4.8,4.9,7.4,4.6,6.0,7.9,6.9,4.6,7.9,6.0,4.8,7.9,4.7,7.7,4.8,7.9,7.3,4.5,4.8,4.5,7.9,4.6,4.6,4.9] - detection-update: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][pitangui.amazon.com] RISK: Weak TLS Cipher - detected: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS.Amazon][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] - detected: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][www.amazon.com] new: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] new: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] - detected: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS.PlayStore][SoftwareUpdate][Safe] - detected: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS.PlayStore][SoftwareUpdate][Safe] + detected: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] + detected: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] + detection-update: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] new: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] - detected: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][SoftwareUpdate][Safe] + detected: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][SoftwareUpdate][Safe] + detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][SoftwareUpdate][Safe] + detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] min| max| avg| stddev| variance| entropy @@ -819,26 +819,26 @@ [IATS(ms)....: 42.7,43.7,0.7,45.0,4.0,0.5,0.6,0.3,50.6,0.8,0.3,1.1,7.3,12.7,0.3,65.6,42.6,4.2,48.9,0.4,25.2,76.4,106.0,0.2,0.6,0.6,0.3,0.0,102.0,2.9,1.9] [PKTLENS.....: 60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52] [ENTROPIES...: 4.7,5.2,5.0,5.6,5.0,6.9,7.2,7.5,7.6,5.1,4.9,5.0,4.9,6.3,7.9,7.7,5.2,6.3,7.9,5.1,7.1,5.0,5.0,7.9,7.9,7.9,7.7,7.6,6.3,5.0,6.5,4.8] - detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable][www.amazon.com] new: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] - detected: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - detection-update: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] new: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] new: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] new: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] - detected: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] - detected: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] - detected: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] + detected: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detected: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detected: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] new: [...156] [ip4][..tcp] [..172.16.42.216][58048] -> [..54.239.28.178][..443] - detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] - detected: [...156] [ip4][..tcp] [..172.16.42.216][58048] -> [..54.239.28.178][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detected: [...156] [ip4][..tcp] [..172.16.42.216][58048] -> [..54.239.28.178][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [...156] [ip4][..tcp] [..172.16.42.216][58048] -> [..54.239.28.178][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [...156] [ip4][..tcp] [..172.16.42.216][58048] -> [..54.239.28.178][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....66] [ip4][..tcp] [..172.16.42.216][49606] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] end: [....67] [ip4][..tcp] [..172.16.42.216][45693] -> [..52.94.232.134][..443] [TLS.Amazon][Web][Acceptable] @@ -866,11 +866,11 @@ update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] new: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] - detected: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] min| max| avg| stddev| variance| entropy @@ -882,7 +882,7 @@ [IATS(ms)....: 16.7,17.9,1.6,27.3,5.3,0.5,0.5,0.3,32.5,0.3,12.9,0.3,0.1,39.0,52.8,61.9,0.5,0.3,0.1,35.1,0.7,5.1,216.8,261.8,0.2,39.4,7.5,74.2,66.6,42.1,0.4] [PKTLENS.....: 60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1329,1500,1500,756,86,52,52,1294,1294,848,86,52,1305,86,64,1500,1500] [ENTROPIES...: 4.7,5.2,5.0,5.7,5.0,7.1,7.3,7.5,7.6,5.1,5.1,5.1,5.0,6.3,7.2,7.8,7.9,7.9,7.7,5.8,4.9,4.9,7.8,7.8,7.7,5.8,4.9,7.8,5.8,4.9,7.9,7.9] - detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] analyse: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.241| 0.031| 0.057| 3274.655| 3.400] @@ -894,7 +894,7 @@ [PKTLENS.....: 60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500] [ENTROPIES...: 4.7,5.2,5.1,5.4,5.2,7.0,7.3,7.7,5.0,5.1,5.1,6.6,6.1,7.7,7.7,6.1,5.1,5.2,7.8,7.4,7.1,7.7,7.8,7.5,7.9,6.8,7.6,7.9,7.9,7.9,7.9,7.9] new: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] - detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][fls-na.amazon.com] analyse: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.264| 0.057| 0.086| 7393.244| 3.600] @@ -905,10 +905,10 @@ [IATS(ms)....: 22.8,24.0,0.9,22.8,6.6,0.6,0.6,0.3,39.7,0.1,0.1,0.2,6.8,37.6,46.2,226.7,213.1,3.9,222.3,264.1,0.1,55.3,103.4,0.1,10.4,183.9,242.5,1.0,0.1,38.6,0.1] [PKTLENS.....: 60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52] [ENTROPIES...: 4.7,5.3,5.1,5.7,5.1,7.1,7.3,7.5,7.6,5.1,5.0,5.1,5.0,6.4,7.2,7.9,7.2,5.0,7.9,7.9,7.8,5.8,5.8,5.1,5.1,5.1,7.8,7.9,7.9,7.5,5.1,5.1] - detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] + detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][Web][Acceptable][images-na.ssl-images-amazon.com] + detection-update: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable][fls-na.amazon.com] new: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] - detected: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] + detected: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] new: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] analyse: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] min| max| avg| stddev| variance| entropy @@ -920,12 +920,12 @@ [IATS(ms)....: 168.5,171.2,1.5,108.9,4.4,1.7,0.7,112.7,0.3,4.1,0.2,6.2,0.1,10.4,13.1,1.1,0.3,290.4,0.0,0.0,0.1,299.4,0.7,529.3,1065.9,2114.2,3665.4,7470.6,595.2,595.1,1817.1] [PKTLENS.....: 60,48,40,267,46,46,1500,1500,40,40,1500,655,40,40,166,1500,1424,360,46,46,91,46,40,1424,1424,1424,1424,40,46,1424,46,46] [ENTROPIES...: 4.6,5.1,4.8,5.7,4.6,4.5,7.1,7.3,4.8,4.8,7.4,7.6,4.9,4.8,6.3,7.9,7.9,7.3,4.4,4.3,5.9,4.4,4.7,7.9,7.9,7.9,7.9,4.8,4.3,7.9,4.5,4.5] - detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detected: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] + detected: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] + detection-update: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][Web][Acceptable][fls-na.amazon.com] idle: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] idle: [...139] [ip4][..tcp] [..172.16.42.216][50796] -> [..54.239.28.178][..443] idle: [...140] [ip4][..tcp] [..172.16.42.216][50797] -> [..54.239.28.178][..443] @@ -950,7 +950,7 @@ idle: [....58] [ip4][....2] [........0.0.0.0] -> [......224.0.0.1] [IGMP][Network][Acceptable] end: [....76] [ip4][..tcp] [..172.16.42.216][49613] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] idle: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] - guessed: [....90] [ip4][..tcp] [..172.16.42.216][49627] -> [..52.94.232.134][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + guessed: [....90] [ip4][..tcp] [..172.16.42.216][49627] -> [..52.94.232.134][...80] [HTTP.AmazonAWS][Cloud][Acceptable][] end: [....90] [ip4][..tcp] [..172.16.42.216][49627] -> [..52.94.232.134][...80] end: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][Cloud][Acceptable] end: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][VirtAssistant][Acceptable] @@ -1056,12 +1056,12 @@ idle: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn idle: [.....8] [ip4][..tcp] [..172.16.42.216][60246] -> [..172.217.9.142][...80] [HTTP.Google][ConnCheck][Acceptable] - guessed: [....31] [ip4][..tcp] [..172.16.42.216][40200] -> [.10.201.126.241][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [....31] [ip4][..tcp] [..172.16.42.216][40200] -> [.10.201.126.241][.8080] [HTTP_Proxy][Web][Acceptable][] end: [....31] [ip4][..tcp] [..172.16.42.216][40200] -> [.10.201.126.241][.8080] - guessed: [....33] [ip4][..tcp] [..172.16.42.216][40202] -> [.10.201.126.241][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [....33] [ip4][..tcp] [..172.16.42.216][40202] -> [.10.201.126.241][.8080] [HTTP_Proxy][Web][Acceptable][] end: [....33] [ip4][..tcp] [..172.16.42.216][40202] -> [.10.201.126.241][.8080] idle: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - guessed: [....83] [ip4][..tcp] [..172.16.42.216][40242] -> [.10.201.126.241][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [....83] [ip4][..tcp] [..172.16.42.216][40242] -> [.10.201.126.241][.8080] [HTTP_Proxy][Web][Acceptable][] idle: [....83] [ip4][..tcp] [..172.16.42.216][40242] -> [.10.201.126.241][.8080] end: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] guessed: [....79] [ip4][..tcp] [..172.16.42.216][34054] -> [..54.239.24.186][..443] [TLS.AmazonAWS][Cloud][Acceptable] @@ -1075,7 +1075,7 @@ idle: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][ConnCheck][Acceptable] idle: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Web][Acceptable] idle: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Web][Acceptable] - guessed: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080] [HTTP_Proxy][Web][Acceptable][] end: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080] idle: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228] [TLS.GoogleServices][Web][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow-info/android.pcap.out b/test/results/flow-info/android.pcap.out index f6be9c78d..b77b73c45 100644 --- a/test/results/flow-info/android.pcap.out +++ b/test/results/flow-info/android.pcap.out @@ -8,7 +8,7 @@ new: [.....3] [ip4][..tcp] [..17.248.176.75][..443] -> [...192.168.2.17][50580] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [..17.248.176.75][..443] -> [...192.168.2.17][50580] [TLS.Apple][Web][Safe] new: [.....4] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [.....4] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....4] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][lucas-imac] new: [.....5] [ip4][..tcp] [..17.248.185.10][..443] -> [...192.168.2.17][50702] [MIDSTREAM] detected: [.....5] [ip4][..tcp] [..17.248.185.10][..443] -> [...192.168.2.17][50702] [TLS.Apple][Web][Safe] new: [.....6] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] @@ -16,13 +16,13 @@ new: [.....7] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] detected: [.....7] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable] new: [.....8] [ip4][..udp] [169.254.225.216][.5353] -> [....224.0.0.251][.5353] - detected: [.....8] [ip4][..udp] [169.254.225.216][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....8] [ip4][..udp] [169.254.225.216][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_spotify-connect._tcp.local] new: [.....9] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] - detected: [.....9] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....9] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_spotify-connect._tcp.local] new: [....10] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] - detected: [....10] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....10] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....11] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] - detected: [....11] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....11] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] update: [.....4] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] update: [.....6] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] update: [.....7] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable] @@ -31,7 +31,7 @@ new: [....13] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] detected: [....13] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [....14] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.16][...68] - detected: [....14] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.16][...68] [DHCP][Network][Acceptable] + detected: [....14] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.16][...68] [DHCP][Network][Acceptable][] new: [....15] [ip6][..udp] [..............fe80::4e6a:f6ff:fe9f:f627][..546] -> [..............................ff02::1:2][..547] detected: [....15] [ip6][..udp] [..............fe80::4e6a:f6ff:fe9f:f627][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Network][Acceptable] new: [....16] [ip6][icmp6] [..............fe80::4e6a:f6ff:fe9f:f627] -> [...............................ff02::16] @@ -39,134 +39,134 @@ new: [....17] [ip6][icmp6] [..............fe80::4e6a:f6ff:fe9f:f627] -> [................................ff02::2] detected: [....17] [ip6][icmp6] [..............fe80::4e6a:f6ff:fe9f:f627] -> [................................ff02::2] [ICMPV6][Network][Acceptable] new: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] - detected: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS][ConnCheck][Acceptable] - detection-update: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS.Apple][ConnCheck][Safe] + detected: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS][ConnCheck][Acceptable][captive.apple.com] + detection-update: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS.Apple][ConnCheck][Safe][captive.apple.com] new: [....19] [ip4][..tcp] [...192.168.2.16][58338] -> [..17.253.53.201][...80] - detected: [....19] [ip4][..tcp] [...192.168.2.16][58338] -> [..17.253.53.201][...80] [HTTP.Apple][ConnCheck][Safe] + detected: [....19] [ip4][..tcp] [...192.168.2.16][58338] -> [..17.253.53.201][...80] [HTTP.Apple][ConnCheck][Safe][captive.apple.com] new: [....20] [ip4][..udp] [...192.168.2.16][35825] -> [....192.168.2.1][...53] - detected: [....20] [ip4][..udp] [...192.168.2.16][35825] -> [....192.168.2.1][...53] [DNS][Network][Acceptable] - detection-update: [....20] [ip4][..udp] [...192.168.2.16][35825] -> [....192.168.2.1][...53] [DNS][Network][Acceptable] + detected: [....20] [ip4][..udp] [...192.168.2.16][35825] -> [....192.168.2.1][...53] [DNS][Network][Acceptable][time.android.com] + detection-update: [....20] [ip4][..udp] [...192.168.2.16][35825] -> [....192.168.2.1][...53] [DNS][Network][Acceptable][time.android.com] new: [....21] [ip4][..udp] [...192.168.2.16][45863] -> [...216.239.35.8][..123] detected: [....21] [ip4][..udp] [...192.168.2.16][45863] -> [...216.239.35.8][..123] [NTP][System][Acceptable] new: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] - detected: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] + detected: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][clients1.google.com] + detection-update: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][clients1.google.com] new: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] new: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] - detected: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] - detected: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] + detected: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable][play.googleapis.com] + detected: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][clients1.google.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] - detection-update: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] + detection-update: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable][play.googleapis.com] + detection-update: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][clients1.google.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] + detection-update: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][clients1.google.com] RISK: TLS (probably) Not Carrying HTTPS new: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] - detected: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Web][Acceptable] + detected: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Web][Acceptable][play.googleapis.com] new: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] - detected: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS][ConnCheck][Acceptable] - detection-update: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Web][Acceptable] - detection-update: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Web][Acceptable] - detection-update: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS.Google][ConnCheck][Acceptable] + detected: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS][ConnCheck][Acceptable][connectivitycheck.gstatic.com] + detection-update: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Web][Acceptable][play.googleapis.com] + detection-update: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Web][Acceptable][play.googleapis.com] + detection-update: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS.Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com] new: [....27] [ip4][..tcp] [...192.168.2.16][36888] -> [...172.217.18.3][..443] new: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] - detected: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable] + detected: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com] new: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] - detected: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS][Network][Acceptable] - detection-update: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS][Network][Acceptable] - detection-update: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable] - detection-update: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable] - detected: [....27] [ip4][..tcp] [...192.168.2.16][36888] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable] - detection-update: [....27] [ip4][..tcp] [...192.168.2.16][36888] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable] + detected: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS][Network][Acceptable][app-measurement.com] + detection-update: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS][Network][Acceptable][app-measurement.com] + detection-update: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com] + detection-update: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com] + detected: [....27] [ip4][..tcp] [...192.168.2.16][36888] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com] + detection-update: [....27] [ip4][..tcp] [...192.168.2.16][36888] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com] new: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] - detected: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] - detection-update: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] + detected: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable][mtalk.google.com] + detection-update: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable][mtalk.google.com] new: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] - detected: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Web][Acceptable] + detected: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Web][Acceptable][app-measurement.com] new: [....32] [ip4][..tcp] [...192.168.2.16][49510] -> [.216.239.38.120][.5228] - detection-update: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Web][Acceptable] - detection-update: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Advertisement][Acceptable] + detection-update: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Web][Acceptable][app-measurement.com] + detection-update: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Advertisement][Acceptable][app-measurement.com] new: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] - detected: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS.PlayStore][SoftwareUpdate][Safe] - detection-update: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS.PlayStore][SoftwareUpdate][Safe] + detected: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] + detection-update: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] new: [....34] [ip4][..tcp] [...192.168.2.16][32986] -> [.216.239.38.120][..443] new: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] - detected: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] + detected: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][check.googlezip.net] new: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] - detected: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] + detected: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][datasaver.googleapis.com] new: [....37] [ip4][..tcp] [...192.168.2.16][32988] -> [.216.239.38.120][..443] new: [....38] [ip4][..tcp] [...192.168.2.16][32990] -> [.216.239.38.120][..443] - detection-update: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] + detection-update: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][check.googlezip.net] new: [....39] [ip4][..tcp] [...192.168.2.16][36834] -> [.173.194.79.114][...80] - detection-update: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] + detection-update: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][datasaver.googleapis.com] new: [....40] [ip4][..tcp] [...192.168.2.16][51928] -> [.172.217.21.202][..443] - detected: [....38] [ip4][..tcp] [...192.168.2.16][32990] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe] + detected: [....38] [ip4][..tcp] [...192.168.2.16][32990] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....34] [ip4][..tcp] [...192.168.2.16][32986] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe] + detected: [....34] [ip4][..tcp] [...192.168.2.16][32986] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS new: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] - detected: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] - detected: [....39] [ip4][..tcp] [...192.168.2.16][36834] -> [.173.194.79.114][...80] [HTTP.DataSaver][Web][Fun] - detection-update: [....38] [ip4][..tcp] [...192.168.2.16][32990] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe] + detected: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][www.google.com] + detection-update: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][www.google.com] + detected: [....39] [ip4][..tcp] [...192.168.2.16][36834] -> [.173.194.79.114][...80] [HTTP.DataSaver][Web][Fun][check.googlezip.net] + detection-update: [....38] [ip4][..tcp] [...192.168.2.16][32990] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....34] [ip4][..tcp] [...192.168.2.16][32986] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe] + detection-update: [....34] [ip4][..tcp] [...192.168.2.16][32986] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....40] [ip4][..tcp] [...192.168.2.16][51928] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun] + detected: [....40] [ip4][..tcp] [...192.168.2.16][51928] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun][datasaver.googleapis.com] new: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] - detection-update: [....40] [ip4][..tcp] [...192.168.2.16][51928] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun] - detected: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] - detected: [....37] [ip4][..tcp] [...192.168.2.16][32988] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe] + detection-update: [....40] [ip4][..tcp] [...192.168.2.16][51928] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun][datasaver.googleapis.com] + detected: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][www.google.com] + detected: [....37] [ip4][..tcp] [...192.168.2.16][32988] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] - detection-update: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] - detection-update: [....37] [ip4][..tcp] [...192.168.2.16][32988] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe] + detection-update: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][www.google.com] + detection-update: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][www.google.com] + detection-update: [....37] [ip4][..tcp] [...192.168.2.16][32988] -> [.216.239.38.120][..443] [TLS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] RISK: TLS (probably) Not Carrying HTTPS new: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] - detected: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] + detected: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][accounts.google.com] + detection-update: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][accounts.google.com] new: [....44] [ip4][..tcp] [...192.168.2.16][32998] -> [.216.239.38.120][..443] - detected: [....44] [ip4][..tcp] [...192.168.2.16][32998] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] + detected: [....44] [ip4][..tcp] [...192.168.2.16][32998] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][accounts.google.com] new: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] - detected: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] - detection-update: [....44] [ip4][..tcp] [...192.168.2.16][32998] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] - detection-update: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] + detected: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable][semanticlocation-pa.googleapis.com] + detection-update: [....44] [ip4][..tcp] [...192.168.2.16][32998] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][accounts.google.com] + detection-update: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable][semanticlocation-pa.googleapis.com] new: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] - detected: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] - detection-update: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] + detected: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][proxy.googlezip.net] + detection-update: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][proxy.googlezip.net] new: [....47] [ip4][..tcp] [...192.168.2.16][43634] -> [..172.217.20.76][..443] new: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] - detected: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] - detected: [....47] [ip4][..tcp] [...192.168.2.16][43634] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun] + detected: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][accounts.google.com] + detection-update: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][accounts.google.com] + detected: [....47] [ip4][..tcp] [...192.168.2.16][43634] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun][proxy.googlezip.net] new: [....49] [ip4][..tcp] [...192.168.2.16][33002] -> [.216.239.38.120][..443] - detection-update: [....47] [ip4][..tcp] [...192.168.2.16][43634] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun] - detected: [....49] [ip4][..tcp] [...192.168.2.16][33002] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] + detection-update: [....47] [ip4][..tcp] [...192.168.2.16][43634] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun][proxy.googlezip.net] + detected: [....49] [ip4][..tcp] [...192.168.2.16][33002] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][accounts.google.com] new: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] - detected: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] - detection-update: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] - detection-update: [....49] [ip4][..tcp] [...192.168.2.16][33002] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] + detected: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][check.googlezip.net] + detection-update: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][check.googlezip.net] + detection-update: [....49] [ip4][..tcp] [...192.168.2.16][33002] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][accounts.google.com] new: [....51] [ip4][..tcp] [...192.168.2.16][52514] -> [..172.217.20.74][..443] new: [....52] [ip4][..tcp] [...192.168.2.16][36848] -> [.173.194.79.114][...80] new: [....53] [ip4][..tcp] [...192.168.2.16][36850] -> [.173.194.79.114][...80] new: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] - detected: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] - detection-update: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] + detected: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][datasaver.googleapis.com] + detection-update: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][datasaver.googleapis.com] new: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] - detected: [....52] [ip4][..tcp] [...192.168.2.16][36848] -> [.173.194.79.114][...80] [HTTP.DataSaver][Web][Fun] + detected: [....52] [ip4][..tcp] [...192.168.2.16][36848] -> [.173.194.79.114][...80] [HTTP.DataSaver][Web][Fun][check.googlezip.net] new: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] - detected: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] - detection-update: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] + detected: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][proxy.googlezip.net] + detection-update: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][proxy.googlezip.net] new: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] - detected: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] + detected: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][www.google.com] + detection-update: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][www.google.com] new: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] new: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] - detected: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun] - detected: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] + detected: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun][datasaver.googleapis.com] + detected: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][www.google.com] new: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] - detected: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] - detected: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun] + detected: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable][android.googleapis.com] + detected: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun][proxy.googlezip.net] analyse: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.405| 0.048| 0.104| 10866.215| 3.000] @@ -177,19 +177,19 @@ [IATS(ms)....: 13.7,15.0,32.7,47.5,16.6,0.0,34.5,0.3,386.5,404.6,19.7,197.6,221.1,19.2,15.0,27.7,41.8,1.7,0.0,0.0,1.0,1.6,0.1,0.0,0.0,1.2,0.0,1.2,2.7,0.0,0.0] [PKTLENS.....: 60,60,52,232,52,1470,1188,52,52,145,344,52,564,52,86,52,641,52,1470,1470,1407,1470,52,1470,382,88,52,52,52,52,52,52] [ENTROPIES...: 4.7,5.3,5.1,5.5,5.1,7.2,7.4,5.1,5.1,6.1,7.1,5.0,7.5,4.9,5.4,5.0,7.6,5.0,7.9,7.8,7.9,7.8,5.1,7.8,7.4,5.6,5.1,5.1,5.1,5.1,5.0,5.0] - detection-update: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable] - detection-update: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun] - detection-update: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable] - detection-update: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun] + detection-update: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] [TLS.Google][Web][Acceptable][www.google.com] + detection-update: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] [TLS.DataSaver][Web][Fun][datasaver.googleapis.com] + detection-update: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Web][Acceptable][android.googleapis.com] + detection-update: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Web][Fun][proxy.googlezip.net] new: [....61] [ip4][..tcp] [...192.168.2.16][44374] -> [..172.217.22.10][..443] - detected: [....61] [ip4][..tcp] [...192.168.2.16][44374] -> [..172.217.22.10][..443] [TLS.GoogleServices][Web][Acceptable] + detected: [....61] [ip4][..tcp] [...192.168.2.16][44374] -> [..172.217.22.10][..443] [TLS.GoogleServices][Web][Acceptable][android.googleapis.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....51] [ip4][..tcp] [...192.168.2.16][52514] -> [..172.217.20.74][..443] [TLS.GoogleServices][Web][Acceptable] + detected: [....51] [ip4][..tcp] [...192.168.2.16][52514] -> [..172.217.20.74][..443] [TLS.GoogleServices][Web][Acceptable][semanticlocation-pa.googleapis.com] new: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] - detected: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] - detection-update: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] + detected: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][proxy.googlezip.net] + detection-update: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun][proxy.googlezip.net] new: [....63] [ip4][..tcp] [...192.168.2.16][43652] -> [..172.217.20.76][..443] - detection-update: [....61] [ip4][..tcp] [...192.168.2.16][44374] -> [..172.217.22.10][..443] [TLS.GoogleServices][Web][Acceptable] + detection-update: [....61] [ip4][..tcp] [...192.168.2.16][44374] -> [..172.217.22.10][..443] [TLS.GoogleServices][Web][Acceptable][android.googleapis.com] RISK: TLS (probably) Not Carrying HTTPS end: [.....3] [ip4][..tcp] [..17.248.176.75][..443] -> [...192.168.2.17][50580] [TLS.Apple][Web][Safe] end: [.....2] [ip4][..tcp] [..17.248.176.75][..443] -> [...192.168.2.17][50584] [TLS.Apple][Web][Safe] @@ -232,7 +232,7 @@ idle: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS.DataSaver][Web][Fun] end: [....39] [ip4][..tcp] [...192.168.2.16][36834] -> [.173.194.79.114][...80] [HTTP.DataSaver][Web][Fun] idle: [....52] [ip4][..tcp] [...192.168.2.16][36848] -> [.173.194.79.114][...80] [HTTP.DataSaver][Web][Fun] - guessed: [....53] [ip4][..tcp] [...192.168.2.16][36850] -> [.173.194.79.114][...80] [HTTP.Google][Web][Acceptable] + guessed: [....53] [ip4][..tcp] [...192.168.2.16][36850] -> [.173.194.79.114][...80] [HTTP.Google][Web][Acceptable][] idle: [....53] [ip4][..tcp] [...192.168.2.16][36850] -> [.173.194.79.114][...80] idle: [.....7] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable] idle: [....27] [ip4][..tcp] [...192.168.2.16][36888] -> [...172.217.18.3][..443] [TLS.Google][ConnCheck][Acceptable] diff --git a/test/results/flow-info/anyconnect-vpn.pcap.out b/test/results/flow-info/anyconnect-vpn.pcap.out index ac9c398c1..47aed2ee2 100644 --- a/test/results/flow-info/anyconnect-vpn.pcap.out +++ b/test/results/flow-info/anyconnect-vpn.pcap.out @@ -17,31 +17,31 @@ new: [.....8] [ip4][....2] [.....10.0.0.149] -> [239.255.255.250] detected: [.....8] [ip4][....2] [.....10.0.0.149] -> [239.255.255.250] [IGMP][Network][Acceptable] new: [.....9] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.76.76][...53] - detected: [.....9] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] - detection-update: [.....9] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] + detected: [.....9] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.76.76][...53] [DNS][Network][Acceptable][vco.pandion.viasat.com] + detection-update: [.....9] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.76.76][...53] [DNS][Network][Acceptable][vco.pandion.viasat.com] new: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] - detected: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detected: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][vco.pandion.viasat.com] + detection-update: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][vco.pandion.viasat.com] new: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] - detected: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] - detection-update: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] + detected: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] [DNS][Network][Acceptable][vco.pandion.viasat.com] + detection-update: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] [DNS][Network][Acceptable][vco.pandion.viasat.com] new: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] - detected: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detected: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Missing SNI TLS Extn - detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Weak TLS Cipher, Missing SNI TLS Extn - detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Weak TLS Cipher, Missing SNI TLS Extn new: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [MIDSTREAM] detected: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [TLS.AmazonAWS][Cloud][Acceptable] new: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] [MIDSTREAM] detected: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] [TLS.AmazonAWS][Cloud][Acceptable] new: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] - detected: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detected: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Missing SNI TLS Extn - detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Weak TLS Cipher, Missing SNI TLS Extn - detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Weak TLS Cipher, Missing SNI TLS Extn analyse: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] min| max| avg| stddev| variance| entropy @@ -53,63 +53,63 @@ [IATS(ms)....: 39.5,39.5,0.4,43.7,1.2,44.5,40.9,0.0,40.9,0.0,38.2,0.0,38.3,0.0,33.2,0.0,71.5,0.0,38.3,6.1,35.1,41.2,0.2,42.3,2.9,0.0,0.0,44.9,0.1] [PKTLENS.....: 64,56,52,219,52,1500,52,1500,1500,52,52,1500,1167,52,52,1500,1500,1319,52,52,663,52,127,52,1161,52,345,697,105,52,52,52] [ENTROPIES...: 4.3,5.1,4.8,5.5,4.8,7.3,4.8,7.1,7.2,4.9,4.8,7.4,5.9,4.8,4.8,6.8,7.2,7.5,4.7,4.8,7.6,4.7,6.2,4.8,7.8,4.9,7.3,7.7,5.8,4.9,4.8,4.8] - detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Weak TLS Cipher, Missing SNI TLS Extn new: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] - detected: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] - detection-update: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] + detected: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Network][Acceptable][local] + detection-update: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Network][Acceptable][local] new: [....17] [ip4][.icmp] [.....10.0.0.227] -> [....75.75.76.76] detected: [....17] [ip4][.icmp] [.....10.0.0.227] -> [....75.75.76.76] [ICMP][Network][Acceptable] new: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] - detected: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_companion-link._tcp.local] new: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] - detected: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_companion-link._tcp.local] new: [....20] [ip4][....2] [.....10.0.0.213] -> [......224.0.0.2] detected: [....20] [ip4][....2] [.....10.0.0.213] -> [......224.0.0.2] [IGMP][Network][Acceptable] new: [....21] [ip4][....2] [.....10.0.0.213] -> [....224.0.0.251] detected: [....21] [ip4][....2] [.....10.0.0.213] -> [....224.0.0.251] [IGMP][Network][Acceptable] new: [....22] [ip4][..udp] [.....10.0.0.227][.5353] -> [.....10.0.0.213][.5353] - detected: [....22] [ip4][..udp] [.....10.0.0.227][.5353] -> [.....10.0.0.213][.5353] [MDNS][Network][Acceptable] + detected: [....22] [ip4][..udp] [.....10.0.0.227][.5353] -> [.....10.0.0.213][.5353] [MDNS][Network][Acceptable][_companion-link._tcp.local] new: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] detected: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [MIDSTREAM] new: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [MIDSTREAM] new: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] - detected: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] - detection-update: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] + detected: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] [DNS][Network][Acceptable][print.viasat.com] + detection-update: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] [DNS][Network][Acceptable][print.viasat.com] new: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] - detected: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Collaborative][Acceptable] - detection-update: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Collaborative][Acceptable] + detected: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Collaborative][Acceptable][slack.com] + detection-update: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Collaborative][Acceptable][slack.com] new: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] - detected: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][Collaborative][Acceptable] - detection-update: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][Collaborative][Acceptable] + detected: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][Collaborative][Acceptable][slack.com] + detection-update: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][Collaborative][Acceptable][slack.com] new: [....29] [ip4][..tcp] [.....10.0.0.227][56910] -> [...35.201.124.9][..443] [MIDSTREAM] detected: [....29] [ip4][..tcp] [.....10.0.0.227][56910] -> [...35.201.124.9][..443] [TLS.GoogleCloud][Cloud][Acceptable] new: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] - detected: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] + detected: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] + detection-update: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] - detected: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detected: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][lb._dns-sd._udp.0.128.28.172.in-addr.arpa] new: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] - detected: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detected: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][lb._dns-sd._udp.0.0.0.10.in-addr.arpa] + detection-update: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][lb._dns-sd._udp.0.128.28.172.in-addr.arpa] + detection-update: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][lb._dns-sd._udp.0.0.0.10.in-addr.arpa] new: [....33] [ip4][..udp] [.....10.0.0.227][57261] -> [....75.75.75.75][...53] - detected: [....33] [ip4][..udp] [.....10.0.0.227][57261] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detected: [....33] [ip4][..udp] [.....10.0.0.227][57261] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][vcacrashplan01.hq.corp.viasat.com] new: [....34] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.75.75][...53] - detected: [....34] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....33] [ip4][..udp] [.....10.0.0.227][57261] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....34] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - detection-update: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....34] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][vcacrashplan01.hq.corp.viasat.com] + detection-update: [....33] [ip4][..udp] [.....10.0.0.227][57261] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][vcacrashplan01.hq.corp.viasat.com] + detection-update: [....34] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][vcacrashplan01.hq.corp.viasat.com] + detection-update: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] + detection-update: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] new: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] - detected: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detected: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][lp-rkerur-osx.hsd1.ca.comcast.net] new: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] - detected: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detected: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][lp-rkerur-osx.hsd1.ca.comcast.net] + detection-update: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][lp-rkerur-osx.hsd1.ca.comcast.net] + detection-update: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][lp-rkerur-osx.hsd1.ca.comcast.net] analyse: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.385| 0.079| 0.122| 14784.686| 3.700] @@ -122,11 +122,11 @@ [ENTROPIES...: 4.3,5.0,4.8,5.4,5.1,7.4,4.9,7.6,4.9,5.9,4.8,7.5,5.0,7.5,4.9,7.3,5.0,6.5,5.0,7.7,5.0,7.9,4.9,7.8,4.9,6.1,5.0,6.2,4.9,6.0,5.1,6.1] new: [....37] [ip4][..tcp] [.....10.0.0.227][56881] -> [.162.222.43.153][..443] [MIDSTREAM] new: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] - detected: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detected: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] min| max| avg| stddev| variance| entropy @@ -138,59 +138,59 @@ [IATS(ms)....: 42.4,42.4,2.0,46.9,1.2,46.1,40.3,0.0,40.3,0.0,37.2,0.0,37.2,0.0,97.2,138.0,40.9,1.2,43.3,9.0,0.0,0.0,0.0,0.0,0.0,0.0,51.2] [PKTLENS.....: 64,56,52,204,52,1500,52,1500,1500,52,52,1500,1167,52,52,406,127,52,1017,52,1500,209,1500,209,1500,209,1500,209,52,52,52,52] [ENTROPIES...: 4.2,5.0,4.7,5.5,4.7,7.3,4.7,7.1,7.2,4.8,4.8,7.4,5.9,4.8,4.8,7.4,6.2,4.8,7.8,4.9,7.9,6.9,7.9,6.9,7.9,6.7,7.8,6.8,4.8,4.8,4.8,4.8] - detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] + detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe][] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [....39] [ip4][..tcp] [.....10.0.0.227][56865] -> [.....10.0.0.149][.8008] [MIDSTREAM] new: [....40] [ip4][..tcp] [.....10.0.0.227][56866] -> [.....10.0.0.151][.8060] [MIDSTREAM] new: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] - detected: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detected: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][mozilla.org] new: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] - detected: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][ConnCheck][Acceptable] - detected: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable] - detected: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable] - detection-update: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][ConnCheck][Acceptable] + detected: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][ConnCheck][Acceptable][detectportal.firefox.com] + detected: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable][detectportal.firefox.com] + detected: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable][detectportal.firefox.com] + detection-update: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][mozilla.org] + detection-update: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][ConnCheck][Acceptable][detectportal.firefox.com] new: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [MIDSTREAM] detected: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [TLS.AmazonAWS][Cloud][Acceptable] new: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [MIDSTREAM] new: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] - detected: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Web][Safe] + detected: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Web][Safe][www.apple.com] new: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] - detected: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] + detected: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable][1-courier.push.apple.com] new: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] - detected: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] + detected: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable][1-courier.sandbox.push.apple.com] new: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] - detected: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] + detected: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable][24-courier.push.apple.com] new: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] - detected: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Web][Safe] - detection-update: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] - detection-update: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] + detected: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][mail.viasat.com] + detection-update: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Web][Safe][www.apple.com] + detection-update: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable][1-courier.sandbox.push.apple.com] + detection-update: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable][1-courier.push.apple.com] detected: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [TLS.Apple][Web][Safe] RISK: Known Proto on Non Std Port - detection-update: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] + detection-update: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable][24-courier.push.apple.com] new: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] - detected: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detected: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][apple.com] new: [....51] [ip4][..tcp] [.....10.0.0.227][56871] -> [...8.37.103.196][..443] [MIDSTREAM] - detection-update: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detection-update: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][apple.com] + detection-update: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][mail.viasat.com] new: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] - detected: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] - detection-update: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] + detected: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][www.outlook.com] + detection-update: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Network][Acceptable][www.outlook.com] new: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443] [MIDSTREAM] new: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] - detected: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328] - detected: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328] [SSDP][System][Acceptable] + detected: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328] [SSDP][System][Acceptable][] new: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328] - detected: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328] [SSDP][System][Acceptable] + detected: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328] [SSDP][System][Acceptable][] new: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] - detected: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] detected: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) new: [....59] [ip4][..udp] [.....10.0.0.149][50081] -> [.....10.0.0.227][57547] - detected: [....59] [ip4][..udp] [.....10.0.0.149][50081] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] + detected: [....59] [ip4][..udp] [.....10.0.0.149][50081] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable][] detection-update: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) analyse: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] @@ -205,33 +205,33 @@ [ENTROPIES...: 5.5,4.4,5.9,6.0,5.5,6.4,6.3,6.4,7.0,6.7,6.7,6.7,6.5,6.2,6.4,7.3,7.1,6.5,6.8,6.4,6.3,7.1,6.4,7.1,6.6,7.3,6.7,7.1,6.5,6.6,6.5,7.3] new: [....60] [ip4][..udp] [.....10.0.0.227][52595] -> [.......10.0.0.1][..192] new: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] - detected: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] + detected: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable][] new: [....62] [ip4][..tcp] [.....10.0.0.227][56954] -> [.....10.0.0.149][.8008] new: [....63] [ip4][..tcp] [.....10.0.0.227][56955] -> [.....10.0.0.151][.8060] - detected: [....62] [ip4][..tcp] [.....10.0.0.227][56954] -> [.....10.0.0.149][.8008] [HTTP][Web][Acceptable] + detected: [....62] [ip4][..tcp] [.....10.0.0.227][56954] -> [.....10.0.0.149][.8008] [HTTP][Web][Acceptable][10.0.0.149] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address - detected: [....63] [ip4][..tcp] [.....10.0.0.227][56955] -> [.....10.0.0.151][.8060] [HTTP][Web][Acceptable] + detected: [....63] [ip4][..tcp] [.....10.0.0.227][56955] -> [.....10.0.0.151][.8060] [HTTP][Web][Acceptable][10.0.0.151] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....64] [ip4][..udp] [.....10.0.0.149][49816] -> [.....10.0.0.227][57547] - detected: [....64] [ip4][..udp] [.....10.0.0.149][49816] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] + detected: [....64] [ip4][..udp] [.....10.0.0.149][49816] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable][] new: [....65] [ip4][..udp] [.....10.0.0.149][48166] -> [.....10.0.0.227][57547] - detected: [....65] [ip4][..udp] [.....10.0.0.149][48166] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] + detected: [....65] [ip4][..udp] [.....10.0.0.149][48166] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable][] new: [....66] [ip4][..udp] [.....10.0.0.149][51382] -> [.....10.0.0.227][57547] - detected: [....66] [ip4][..udp] [.....10.0.0.149][51382] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] + detected: [....66] [ip4][..udp] [.....10.0.0.149][51382] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable][] new: [....67] [ip4][..udp] [.....10.0.0.227][..137] -> [.....10.0.0.255][..137] - detected: [....67] [ip4][..udp] [.....10.0.0.227][..137] -> [.....10.0.0.255][..137] [NetBIOS][System][Acceptable] + detected: [....67] [ip4][..udp] [.....10.0.0.227][..137] -> [.....10.0.0.255][..137] [NetBIOS][System][Acceptable][lp-rkerur-osx] update: [.....5] [ip6][icmp6] [..............fe80::2e7e:81ff:feb0:4aa1] -> [................................ff02::1] [ICMPV6][Network][Acceptable] update: [....17] [ip4][.icmp] [.....10.0.0.227] -> [....75.75.76.76] [ICMP][Network][Acceptable] update: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] - detected: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_googlezone._tcp.local] + detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local] + detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_googlezone._tcp.local] new: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] detected: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] [ICMP][Network][Acceptable] idle: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] idle: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable] - guessed: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] [HTTP][Web][Acceptable] + guessed: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] [HTTP][Web][Acceptable][] end: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] idle: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] idle: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable] diff --git a/test/results/flow-info/anydesk.pcapng.out b/test/results/flow-info/anydesk.pcapng.out index f20038436..2fa3e9b24 100644 --- a/test/results/flow-info/anydesk.pcapng.out +++ b/test/results/flow-info/anydesk.pcapng.out @@ -5,11 +5,11 @@ detected: [.....1] [ip4][..tcp] [192.168.149.129][36351] -> [..51.83.239.144][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing new: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] - detected: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] + detected: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing - detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] + detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing - detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] + detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing analyse: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] min| max| avg| stddev| variance| entropy @@ -21,29 +21,29 @@ [IATS(ms)....: 164.8,164.9,0.6,1.1,165.0,165.4,0.5,0.5,0.3,0.3,1.8,2.0,164.9,165.2,0.2,0.2,0.2,0.3,218.6,218.7,0.6,0.9,1215.5,1216.3,0.0,0.1,0.9,0.0,0.0,1602.9,0.1] [PKTLENS.....: 60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180] [ENTROPIES...: 4.8,4.9,4.8,5.4,4.4,7.5,4.8,7.8,4.8,4.6,4.7,7.6,4.4,5.8,4.8,5.8,4.8,6.7,4.4,6.8,4.8,6.3,4.4,6.4,7.9,7.9,7.8,4.4,4.4,4.4,7.9,7.8] - detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] + detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing DAEMON-EVENT: [Processed: 6963 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] new: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] - detected: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][RemoteAccess][Acceptable] - detection-update: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][RemoteAccess][Acceptable] + detected: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][RemoteAccess][Acceptable][relay-3185a847.net.anydesk.com] + detection-update: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][RemoteAccess][Acceptable][relay-3185a847.net.anydesk.com] new: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] - detected: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][RemoteAccess][Acceptable] - detection-update: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][RemoteAccess][Acceptable] + detected: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][RemoteAccess][Acceptable][relay-9b6827f2.net.anydesk.com] + detection-update: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][RemoteAccess][Acceptable][relay-9b6827f2.net.anydesk.com] idle: [.....1] [ip4][..tcp] [192.168.149.129][36351] -> [..51.83.239.144][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, Desktop/File Sharing idle: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][RemoteAccess][Acceptable] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing new: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] - detected: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS][Web][Safe] + detected: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing new: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] - detected: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS][Web][Safe] + detected: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable][] RISK: Known Proto on Non Std Port, Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing analyse: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][RemoteAccess][Acceptable] min| max| avg| stddev| variance| entropy @@ -58,11 +58,11 @@ DAEMON-EVENT: [Processed: 9484 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] - detected: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS][Web][Safe] + detected: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS][Web][Safe][] RISK: Missing SNI TLS Extn - detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS][Web][Safe] + detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS][Web][Safe][] RISK: Missing SNI TLS Extn - detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][RemoteAccess][Acceptable] + detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][RemoteAccess][Acceptable][] RISK: Missing SNI TLS Extn, Desktop/File Sharing analyse: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][RemoteAccess][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/bad-dns-traffic.pcap.out b/test/results/flow-info/bad-dns-traffic.pcap.out index f17ace4dc..f2d4e321d 100644 --- a/test/results/flow-info/bad-dns-traffic.pcap.out +++ b/test/results/flow-info/bad-dns-traffic.pcap.out @@ -2,24 +2,24 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] - detected: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detected: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name - detection-update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detection-update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name - detection-update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detection-update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name, Risky Domain Name new: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] - detected: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name - detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name - detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name - detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name - detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name - detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name, Risky Domain Name analyse: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] min| max| avg| stddev| variance| entropy @@ -38,9 +38,9 @@ update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name new: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] - detected: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detected: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name - detection-update: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] + detection-update: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Network][Acceptable][a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] RISK: Suspicious DGA Domain name, Risky Domain Name idle: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Network][Acceptable] RISK: Suspicious DGA Domain name, Risky Domain Name diff --git a/test/results/flow-info/bot.pcap.out b/test/results/flow-info/bot.pcap.out index c450bcc22..9c4022112 100644 --- a/test/results/flow-info/bot.pcap.out +++ b/test/results/flow-info/bot.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] - detected: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP.Azure][Cloud][Acceptable] + detected: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP.Azure][Cloud][Acceptable][atlanteditorino.it] analyse: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP.Azure][Cloud][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.114| 0.014| 0.036| 1309.010| 2.200] diff --git a/test/results/flow-info/cachefly.pcapng.out b/test/results/flow-info/cachefly.pcapng.out index 1793c3f2b..1b5be1ebc 100644 --- a/test/results/flow-info/cachefly.pcapng.out +++ b/test/results/flow-info/cachefly.pcapng.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][43766] - detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][43766] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][43766] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][43766] [TLS.Cachefly][Cloud][Acceptable] + detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][43766] [TLS][Web][Safe][apptv.cachefly.net] + detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][43766] [TLS][Web][Safe][apptv.cachefly.net] + detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][43766] [TLS.Cachefly][Cloud][Acceptable][apptv.cachefly.net] idle: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][43766] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/capwap.pcap.out b/test/results/flow-info/capwap.pcap.out index 2f61aca04..34ad8950f 100644 --- a/test/results/flow-info/capwap.pcap.out +++ b/test/results/flow-info/capwap.pcap.out @@ -4,7 +4,7 @@ new: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] detected: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Network][Acceptable] new: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] - detected: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Network][Acceptable][cisco-capwap-controller] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type diff --git a/test/results/flow-info/chrome.pcap.out b/test/results/flow-info/chrome.pcap.out index b56fdf619..9be520c65 100644 --- a/test/results/flow-info/chrome.pcap.out +++ b/test/results/flow-info/chrome.pcap.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] new: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] - detected: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.629| 0.057| 0.154| 23802.585| 2.400] @@ -16,15 +16,15 @@ [IATS(ms)....: 28.8,28.9,0.3,29.8,7.0,0.2,36.6,0.5,0.5,13.6,0.3,42.3,0.0,0.2,0.0,28.6,0.0,627.9,1.2,629.0,0.1,0.2,0.3,0.1,0.3,0.3,1.1,131.1,160.1,5.6,0.1] [PKTLENS.....: 64,60,52,569,52,1492,1492,52,758,52,132,802,52,52,355,355,52,52,1492,1492,52,1492,1492,52,1492,1471,52,52,703,52,1492,1492] [ENTROPIES...: 4.4,5.2,4.9,4.4,5.0,7.8,7.9,5.0,7.7,5.1,6.2,7.7,5.1,5.1,7.4,7.4,5.0,5.1,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,5.0,7.7,5.1,7.9,7.9] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] new: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] new: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] new: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] new: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] - detected: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detected: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detected: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detected: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detected: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detected: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detected: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.469| 0.038| 0.110| 12173.627| 2.300] @@ -35,11 +35,11 @@ [IATS(ms)....: 28.5,28.6,0.6,28.4,2.8,30.5,2.0,28.4,0.1,26.4,441.8,468.8,1.7,1.4,30.2,0.1,0.1,0.2,0.1,0.1,0.2,0.1,0.1,0.3,0.2,0.3,0.5,0.8,26.0,25.3,1.8] [PKTLENS.....: 64,60,52,687,52,312,52,132,52,355,52,769,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,52,1015,52,756] [ENTROPIES...: 4.4,5.3,4.9,7.1,5.1,6.9,5.0,6.3,5.2,7.4,5.1,7.7,5.1,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,4.9,7.9,7.9,5.0,7.9,7.9,5.0,4.9,7.8,5.0,7.7] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.035| 0.006| 0.011| 126.441| 3.100] @@ -50,7 +50,7 @@ [IATS(ms)....: 26.8,26.8,1.3,28.2,6.8,1.3,0.0,35.0,0.0,0.4,0.3,27.6,0.0,26.9,1.4,1.4,1.1,0.0,1.1,0.1,0.2,0.2,0.4,0.1,0.1,0.0,0.3,0.0,0.7,1.7] [PKTLENS.....: 64,60,52,569,52,1492,1492,758,52,52,132,758,52,355,52,52,355,52,1492,1492,52,52,1492,1492,52,1492,1492,398,52,52,52,806] [ENTROPIES...: 4.4,5.3,5.0,4.4,5.1,7.9,7.9,7.7,5.0,5.0,6.2,7.7,5.0,7.4,5.1,5.0,7.3,5.0,7.9,7.9,5.0,4.9,7.9,7.9,5.0,7.9,7.9,7.5,4.9,5.0,4.9,7.8] - detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][64411] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.031| 0.008| 0.012| 146.160| 3.400] @@ -61,7 +61,7 @@ [IATS(ms)....: 29.3,29.3,0.9,29.0,2.5,30.7,0.6,0.3,26.2,1.1,2.3,28.7,1.8,0.2,2.0,0.4,0.5,0.9,0.1,0.1,0.2,0.1,0.1,0.3,0.1,0.9,26.9,0.1,26.2,1.5,0.1] [PKTLENS.....: 64,60,52,687,52,312,52,132,758,52,52,355,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,52,1492,1492,52,1492,1492] [ENTROPIES...: 4.5,5.3,5.1,7.1,5.1,7.0,5.0,6.3,7.7,5.1,5.1,7.4,5.1,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,5.1,7.9,4.9,7.9,7.9,5.0,7.9,7.9] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][64409] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.038| 0.007| 0.012| 150.077| 3.200] @@ -72,7 +72,7 @@ [IATS(ms)....: 28.7,28.7,1.3,29.9,9.6,0.1,0.0,38.3,0.0,0.5,0.2,28.0,0.1,0.1,0.0,27.5,0.0,1.2,1.3,2.5,0.1,0.1,0.2,0.1,0.1,0.2,0.2,0.2,0.4,0.4,25.3] [PKTLENS.....: 64,60,52,569,52,1492,1492,758,52,52,132,758,52,52,355,355,52,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,52,1492,52,1492] [ENTROPIES...: 4.5,5.2,5.1,4.4,5.1,7.8,7.9,7.7,5.0,5.0,6.2,7.7,5.0,5.1,7.4,7.4,5.0,5.0,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,5.1,7.9,4.9,7.9,5.1,7.9] - detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][64410] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.032| 0.008| 0.013| 163.814| 3.300] @@ -83,7 +83,7 @@ [IATS(ms)....: 29.8,29.8,1.1,30.0,2.5,31.5,0.4,0.2,32.0,0.0,0.0,31.5,1.0,0.1,1.1,0.1,0.2,0.1,0.1,0.1,0.1,0.2,0.5,0.1,0.6,0.1,1.5,27.3,0.1,26.1,4.6] [PKTLENS.....: 64,60,52,687,52,312,52,132,758,52,355,52,52,1492,1492,52,1492,52,1492,52,1492,1492,52,1492,1492,52,1492,52,1492,785,52,761] [ENTROPIES...: 4.4,5.3,5.0,7.1,5.1,6.9,5.0,6.2,7.7,5.0,7.4,5.1,4.9,7.9,7.9,5.0,7.8,4.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,4.9,7.9,7.7,5.0,7.7] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] end: [.....1] [ip4][..tcp] [..192.168.1.178][64393] -> [...146.48.58.18][..443] [TLS][Web][Safe] end: [.....2] [ip4][..tcp] [..192.168.1.178][64394] -> [...146.48.58.18][..443] [TLS][Web][Safe] end: [.....3] [ip4][..tcp] [..192.168.1.178][64408] -> [...146.48.58.18][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/cloudflare-warp.pcap.out b/test/results/flow-info/cloudflare-warp.pcap.out index 642e4eacb..6178665af 100644 --- a/test/results/flow-info/cloudflare-warp.pcap.out +++ b/test/results/flow-info/cloudflare-warp.pcap.out @@ -5,19 +5,19 @@ new: [.....2] [ip4][..tcp] [.......10.8.0.1][42344] -> [..159.138.85.48][.5223] detected: [.....2] [ip4][..tcp] [.......10.8.0.1][42344] -> [..159.138.85.48][.5223] [Jabber][Web][Acceptable] new: [.....3] [ip4][..tcp] [.......10.8.0.1][40214] -> [..157.240.16.32][..443] - detected: [.....3] [ip4][..tcp] [.......10.8.0.1][40214] -> [..157.240.16.32][..443] [TLS.Messenger][Chat][Acceptable] + detected: [.....3] [ip4][..tcp] [.......10.8.0.1][40214] -> [..157.240.16.32][..443] [TLS.Messenger][Chat][Acceptable][mqtt-mini.facebook.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][40214] -> [..157.240.16.32][..443] [TLS.Messenger][Chat][Acceptable] + detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][40214] -> [..157.240.16.32][..443] [TLS.Messenger][Chat][Acceptable][mqtt-mini.facebook.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....4] [ip4][..tcp] [..10.158.134.93][40454] -> [..216.58.196.68][..443] [MIDSTREAM] new: [.....5] [ip4][..tcp] [.......10.8.0.1][45606] -> [..104.18.47.234][..443] - detected: [.....5] [ip4][..tcp] [.......10.8.0.1][45606] -> [..104.18.47.234][..443] [TLS.CloudflareWarp][VPN][Acceptable] + detected: [.....5] [ip4][..tcp] [.......10.8.0.1][45606] -> [..104.18.47.234][..443] [TLS.CloudflareWarp][VPN][Acceptable][api.cloudflareclient.com] new: [.....6] [ip4][..tcp] [.......10.8.0.1][45610] -> [..104.18.47.234][..443] - detected: [.....6] [ip4][..tcp] [.......10.8.0.1][45610] -> [..104.18.47.234][..443] [TLS.CloudflareWarp][VPN][Acceptable] - detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][45606] -> [..104.18.47.234][..443] [TLS.CloudflareWarp][VPN][Acceptable] + detected: [.....6] [ip4][..tcp] [.......10.8.0.1][45610] -> [..104.18.47.234][..443] [TLS.CloudflareWarp][VPN][Acceptable][api.cloudflareclient.com] + detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][45606] -> [..104.18.47.234][..443] [TLS.CloudflareWarp][VPN][Acceptable][api.cloudflareclient.com] new: [.....7] [ip4][..tcp] [.......10.8.0.1][51296] -> [142.250.183.163][..443] - detected: [.....7] [ip4][..tcp] [.......10.8.0.1][51296] -> [142.250.183.163][..443] [TLS.GoogleServices][Web][Acceptable] - detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][45610] -> [..104.18.47.234][..443] [TLS.CloudflareWarp][VPN][Acceptable] + detected: [.....7] [ip4][..tcp] [.......10.8.0.1][51296] -> [142.250.183.163][..443] [TLS.GoogleServices][Web][Acceptable][crashlyticsreports-pa.googleapis.com] + detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][45610] -> [..104.18.47.234][..443] [TLS.CloudflareWarp][VPN][Acceptable][api.cloudflareclient.com] new: [.....8] [ip4][..tcp] [.......10.8.0.1][43600] -> [172.217.194.188][.5228] guessed: [.....8] [ip4][..tcp] [.......10.8.0.1][43600] -> [172.217.194.188][.5228] [Google][Web][Acceptable] idle: [.....8] [ip4][..tcp] [.......10.8.0.1][43600] -> [172.217.194.188][.5228] diff --git a/test/results/flow-info/collectd.pcap.out b/test/results/flow-info/collectd.pcap.out index 1deed6e9f..a1ddb0ca4 100644 --- a/test/results/flow-info/collectd.pcap.out +++ b/test/results/flow-info/collectd.pcap.out @@ -2,28 +2,28 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [......127.0.0.1][36576] -> [......127.0.0.1][25826] - detected: [.....1] [ip4][..udp] [......127.0.0.1][36576] -> [......127.0.0.1][25826] [collectd][System][Acceptable] + detected: [.....1] [ip4][..udp] [......127.0.0.1][36576] -> [......127.0.0.1][25826] [collectd][System][Acceptable][devlap.fritz.box] new: [.....2] [ip4][..udp] [......127.0.0.1][36320] -> [......127.0.0.1][25826] new: [.....3] [ip4][..udp] [......127.0.0.1][36064] -> [......127.0.0.1][25826] - detected: [.....3] [ip4][..udp] [......127.0.0.1][36064] -> [......127.0.0.1][25826] [collectd][System][Acceptable] + detected: [.....3] [ip4][..udp] [......127.0.0.1][36064] -> [......127.0.0.1][25826] [collectd][System][Acceptable][devlap.fritz.box] DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....4] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] new: [.....5] [ip4][..udp] [.192.168.178.35][39577] -> [..239.192.74.66][25826] idle: [.....3] [ip4][..udp] [......127.0.0.1][36064] -> [......127.0.0.1][25826] [collectd][System][Acceptable] - guessed: [.....2] [ip4][..udp] [......127.0.0.1][36320] -> [......127.0.0.1][25826] [collectd][System][Acceptable] + guessed: [.....2] [ip4][..udp] [......127.0.0.1][36320] -> [......127.0.0.1][25826] [collectd][System][Acceptable][] idle: [.....2] [ip4][..udp] [......127.0.0.1][36320] -> [......127.0.0.1][25826] idle: [.....1] [ip4][..udp] [......127.0.0.1][36576] -> [......127.0.0.1][25826] [collectd][System][Acceptable] DAEMON-EVENT: [Processed: 5 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 5|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0] new: [.....6] [ip4][..udp] [......127.0.0.1][54138] -> [......127.0.0.1][25826] - detected: [.....6] [ip4][..udp] [......127.0.0.1][54138] -> [......127.0.0.1][25826] [collectd][System][Acceptable] - guessed: [.....4] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] [collectd][System][Acceptable] + detected: [.....6] [ip4][..udp] [......127.0.0.1][54138] -> [......127.0.0.1][25826] [collectd][System][Acceptable][devlap.fritz.box] + guessed: [.....4] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] [collectd][System][Acceptable][] idle: [.....4] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] - guessed: [.....5] [ip4][..udp] [.192.168.178.35][39577] -> [..239.192.74.66][25826] [collectd][System][Acceptable] + guessed: [.....5] [ip4][..udp] [.192.168.178.35][39577] -> [..239.192.74.66][25826] [collectd][System][Acceptable][] idle: [.....5] [ip4][..udp] [.192.168.178.35][39577] -> [..239.192.74.66][25826] new: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] - detected: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] + detected: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable][devlap.fritz.box] update: [.....6] [ip4][..udp] [......127.0.0.1][54138] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....6] [ip4][..udp] [......127.0.0.1][54138] -> [......127.0.0.1][25826] [collectd][System][Acceptable] @@ -46,7 +46,7 @@ update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] new: [.....8] [ip4][..udp] [......127.0.0.1][36832] -> [......127.0.0.1][25826] - detected: [.....8] [ip4][..udp] [......127.0.0.1][36832] -> [......127.0.0.1][25826] [collectd][System][Acceptable] + detected: [.....8] [ip4][..udp] [......127.0.0.1][36832] -> [......127.0.0.1][25826] [collectd][System][Acceptable][devlap.fritz.box] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....8] [ip4][..udp] [......127.0.0.1][36832] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] @@ -55,7 +55,7 @@ update: [.....8] [ip4][..udp] [......127.0.0.1][36832] -> [......127.0.0.1][25826] [collectd][System][Acceptable] update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] new: [.....9] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] - detected: [.....9] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] [collectd][System][Acceptable] + detected: [.....9] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] [collectd][System][Acceptable][] idle: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][System][Acceptable] idle: [.....8] [ip4][..udp] [......127.0.0.1][36832] -> [......127.0.0.1][25826] [collectd][System][Acceptable] idle: [.....9] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] [collectd][System][Acceptable] diff --git a/test/results/flow-info/dazn.pcapng.out b/test/results/flow-info/dazn.pcapng.out index 7e8f3d20d..28e62af41 100644 --- a/test/results/flow-info/dazn.pcapng.out +++ b/test/results/flow-info/dazn.pcapng.out @@ -2,14 +2,14 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][Streaming][Fun] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][Streaming][Fun] + detected: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][Streaming][Fun][www.dazn.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] [TLS.Dazn][Streaming][Fun][www.dazn.com] new: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] - detected: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][Streaming][Fun] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][Streaming][Fun] + detected: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][Streaming][Fun][user-profile.ar.indazn.com] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] [TLS.Dazn][Streaming][Fun][user-profile.ar.indazn.com] new: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] - detected: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][Streaming][Fun] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][Streaming][Fun] + detected: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][Streaming][Fun][subscriptions-service.dazn-api.com] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] [TLS.Dazn][Streaming][Fun][subscriptions-service.dazn-api.com] idle: [.....2] [ip4][..tcp] [..192.168.1.128][46036] -> [..13.226.244.27][..443] idle: [.....1] [ip4][..tcp] [..192.168.1.128][54020] -> [...52.84.223.58][..443] idle: [.....3] [ip4][..tcp] [..192.168.1.128][40882] -> [..13.226.244.30][..443] diff --git a/test/results/flow-info/dhcp-fuzz.pcapng.out b/test/results/flow-info/dhcp-fuzz.pcapng.out index 6f255c5ba..a26f35386 100644 --- a/test/results/flow-info/dhcp-fuzz.pcapng.out +++ b/test/results/flow-info/dhcp-fuzz.pcapng.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [192.168.155.104][...68] -> [255.255.255.255][...67] - guessed: [.....1] [ip4][..udp] [192.168.155.104][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + guessed: [.....1] [ip4][..udp] [192.168.155.104][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][] idle: [.....1] [ip4][..udp] [192.168.155.104][...68] -> [255.255.255.255][...67] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/discord.pcap.out b/test/results/flow-info/discord.pcap.out index 5887d91fc..7645030c4 100644 --- a/test/results/flow-info/discord.pcap.out +++ b/test/results/flow-info/discord.pcap.out @@ -1,8 +1,8 @@ DAEMON-EVENT: init new: [.....1] [ip4][..tcp] [......10.0.2.15][42834] -> [162.159.128.233][..443] - detected: [.....1] [ip4][..tcp] [......10.0.2.15][42834] -> [162.159.128.233][..443] [TLS.Discord][Collaborative][Fun] - detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][42834] -> [162.159.128.233][..443] [TLS.Discord][Collaborative][Fun] - detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][42834] -> [162.159.128.233][..443] [TLS.Discord][Collaborative][Fun] + detected: [.....1] [ip4][..tcp] [......10.0.2.15][42834] -> [162.159.128.233][..443] [TLS.Discord][Collaborative][Fun][discord.com] + detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][42834] -> [162.159.128.233][..443] [TLS.Discord][Collaborative][Fun][discord.com] + detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][42834] -> [162.159.128.233][..443] [TLS.Discord][Collaborative][Fun][discord.com] RISK: TLS Cert Expired DAEMON-EVENT: [Processed: 7 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] diff --git a/test/results/flow-info/dns-invalid-chars.pcap.out b/test/results/flow-info/dns-invalid-chars.pcap.out index 69c116067..74643ae7e 100644 --- a/test/results/flow-info/dns-invalid-chars.pcap.out +++ b/test/results/flow-info/dns-invalid-chars.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] - detected: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Network][Acceptable] - detection-update: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Network][Acceptable] + detected: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Network][Acceptable][www.allyourba???arebelongto.cn] + detection-update: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Network][Acceptable][www.allyourbasesare???ongto.cn] idle: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns-tunnel-iodine.pcap.out b/test/results/flow-info/dns-tunnel-iodine.pcap.out index 96f2b3993..d7ac5332a 100644 --- a/test/results/flow-info/dns-tunnel-iodine.pcap.out +++ b/test/results/flow-info/dns-tunnel-iodine.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] - detected: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable] - detection-update: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable] + detected: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable][vaaaakardli.pirate.sea] + detection-update: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable][vaaaakardli.pirate.sea] RISK: Suspicious DNS Traffic analyse: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Network][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/dns_ambiguous_names.pcap.out b/test/results/flow-info/dns_ambiguous_names.pcap.out index 6a168bf05..fca1e0778 100644 --- a/test/results/flow-info/dns_ambiguous_names.pcap.out +++ b/test/results/flow-info/dns_ambiguous_names.pcap.out @@ -2,35 +2,35 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] - detected: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS.ApplePush][Cloud][Acceptable] - detection-update: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS.ApplePush][Cloud][Acceptable] + detected: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS.ApplePush][Cloud][Acceptable][41-courier.push.apple.com] + detection-update: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS.ApplePush][Cloud][Acceptable][41-courier.push.apple.com] new: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] - detected: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe] + detected: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe][teams.skype.com] + detection-update: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe][teams.skype.com] new: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] - detected: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe] + detected: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe][api.teams.skype.com] + detection-update: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe][api.teams.skype.com] new: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] - detected: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS.GoogleServices][Web][Acceptable] - detection-update: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS.GoogleServices][Web][Acceptable] + detected: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS.GoogleServices][Web][Acceptable][alt2-mtalk.google.com] + detection-update: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS.GoogleServices][Web][Acceptable][alt2-mtalk.google.com] new: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] - detected: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][SoftwareUpdate][Safe] - detection-update: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][SoftwareUpdate][Safe] + detected: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] + detection-update: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] new: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] - detected: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe] + detected: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe][_.teams.microsoft.com] + detection-update: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe][_.teams.microsoft.com] new: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] - detected: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + detected: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][wide-youtube.l.google.com] + detection-update: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][wide-youtube.l.google.com] new: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] - detected: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS.AppleSiri][VirtAssistant][Acceptable] - detection-update: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS.AppleSiri][VirtAssistant][Acceptable] + detected: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS.AppleSiri][VirtAssistant][Acceptable][guzzoni.apple.com] + detection-update: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS.AppleSiri][VirtAssistant][Acceptable][guzzoni.apple.com] new: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] - detected: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS.QQ][Chat][Fun] - detection-update: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS.QQ][Chat][Fun] + detected: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS.QQ][Chat][Fun][short.weixin.qq.com] + detection-update: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS.QQ][Chat][Fun][short.weixin.qq.com] new: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] - detected: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] - detection-update: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] + detected: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun][instagram.faae1-1.fna.fbcdn.net] + detection-update: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun][instagram.faae1-1.fna.fbcdn.net] idle: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS.Teams][Collaborative][Safe] idle: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][SoftwareUpdate][Safe] idle: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS.QQ][Chat][Fun] diff --git a/test/results/flow-info/dns_doh.pcap.out b/test/results/flow-info/dns_doh.pcap.out index 1de92abe0..5085c8244 100644 --- a/test/results/flow-info/dns_doh.pcap.out +++ b/test/results/flow-info/dns_doh.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] - detected: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun][mozilla.cloudflare-dns.com] + detection-update: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun][mozilla.cloudflare-dns.com] analyse: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Network][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.535| 0.064| 0.132| 17379.013| 3.000] diff --git a/test/results/flow-info/dns_dot.pcap.out b/test/results/flow-info/dns_dot.pcap.out index 322e51ce7..56a55c943 100644 --- a/test/results/flow-info/dns_dot.pcap.out +++ b/test/results/flow-info/dns_dot.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.185][58290] -> [........8.8.8.8][..853] - detected: [.....1] [ip4][..tcp] [..192.168.1.185][58290] -> [........8.8.8.8][..853] [TLS.Google][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.1.185][58290] -> [........8.8.8.8][..853] [TLS.Google][Web][Acceptable][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....1] [ip4][..tcp] [..192.168.1.185][58290] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.185][58290] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Network][Fun][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn idle: [.....1] [ip4][..tcp] [..192.168.1.185][58290] -> [........8.8.8.8][..853] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_exfiltration.pcap.out b/test/results/flow-info/dns_exfiltration.pcap.out index 8332eb8b6..619622eec 100644 --- a/test/results/flow-info/dns_exfiltration.pcap.out +++ b/test/results/flow-info/dns_exfiltration.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] - detected: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] + detected: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable][e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02] RISK: Suspicious DGA Domain name - detection-update: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] + detection-update: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable][e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02] RISK: Suspicious DGA Domain name, Risky Domain Name analyse: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Network][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/dns_fragmented.pcap.out b/test/results/flow-info/dns_fragmented.pcap.out index e340b04f8..7e84099fb 100644 --- a/test/results/flow-info/dns_fragmented.pcap.out +++ b/test/results/flow-info/dns_fragmented.pcap.out @@ -2,45 +2,45 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] - detected: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable] + detected: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][weberlab.de] + detection-update: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][weberlab.de] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] - detected: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] - detection-update: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] + detected: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][pa.weberlab.de] + detection-update: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][pa.weberlab.de] ERROR-EVENT: nDPI IPv6/L4 payload detection failed new: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] - detected: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] - detection-update: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] + detected: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de] + detection-update: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de] ERROR-EVENT: nDPI IPv6/L4 payload detection failed new: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] - detected: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable] + detected: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][fg2.weberlab.de] + detection-update: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][fg2.weberlab.de] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] - detected: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] - detection-update: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] + detected: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de] + detection-update: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de] new: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] - detected: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable] + detected: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][weberlab.de] + detection-update: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable][weberlab.de] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] - detected: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] - detection-update: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] + detected: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de] + detection-update: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2.weberlab.de] DAEMON-EVENT: [Processed: 14 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 7 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0] new: [.....8] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][47634] -> [..................2001:470:765b::a25:53][...53] - detected: [.....8] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][47634] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] - detection-update: [.....8] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][47634] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] + detected: [.....8] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][47634] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2-mgmt.weberlab.de] + detection-update: [.....8] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][47634] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2-mgmt.weberlab.de] new: [.....9] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][33592] -> [..................2001:470:765b::a25:53][...53] - detected: [.....9] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][33592] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] - detection-update: [.....9] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][33592] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] + detected: [.....9] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][33592] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2-mgmt.weberlab.de] + detection-update: [.....9] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][33592] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2-mgmt.weberlab.de] new: [....10] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46316] -> [..................2001:470:765b::a25:53][...53] - detected: [....10] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46316] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] - detection-update: [....10] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46316] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] + detected: [....10] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46316] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2-mgmt.weberlab.de] + detection-update: [....10] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46316] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2-mgmt.weberlab.de] new: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] - detected: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] - detection-update: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] + detected: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2-mgmt.weberlab.de] + detection-update: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][fg2-mgmt.weberlab.de] idle: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS.Google][Web][Acceptable] idle: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] idle: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] @@ -51,41 +51,41 @@ DAEMON-EVENT: [Processed: 22 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 11|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 0] new: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] - detected: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable] - detection-update: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable] + detected: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][sigok.verteiltesysteme.net] + detection-update: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][sigok.verteiltesysteme.net] new: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] - detected: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable] - detection-update: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable] + detected: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][sigfail.verteiltesysteme.net] + detection-update: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][sigfail.verteiltesysteme.net] new: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] - detected: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] [DNS][Network][Acceptable] - detection-update: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] [DNS][Network][Acceptable] + detected: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] [DNS][Network][Acceptable][formel1.de] + detection-update: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] [DNS][Network][Acceptable][formel1.de] idle: [.....8] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][47634] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] idle: [.....9] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][33592] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] idle: [....10] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46316] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] idle: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] new: [....15] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46709] -> [............................2620:fe::fe][...53] - detected: [....15] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46709] -> [............................2620:fe::fe][...53] [DNS][Network][Acceptable] - detection-update: [....15] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46709] -> [............................2620:fe::fe][...53] [DNS][Network][Acceptable] + detected: [....15] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46709] -> [............................2620:fe::fe][...53] [DNS][Network][Acceptable][erfpop.de] + detection-update: [....15] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46709] -> [............................2620:fe::fe][...53] [DNS][Network][Acceptable][erfpop.de] new: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] - detected: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] - detection-update: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] + detected: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][weberlab.de] + detection-update: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable][weberlab.de] ERROR-EVENT: nDPI IPv6/L4 payload detection failed new: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53] - detected: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53] [DNS][Network][Acceptable] - detection-update: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53] [DNS][Network][Acceptable] + detected: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53] [DNS][Network][Acceptable][weberlab.de] + detection-update: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53] [DNS][Network][Acceptable][weberlab.de] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] - detected: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable] - detection-update: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable] + detected: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][ns2.weberdns.de] + detection-update: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][ns2.weberdns.de] new: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] - detected: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] [DNS][Network][Acceptable] - detection-update: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] [DNS][Network][Acceptable] + detected: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] [DNS][Network][Acceptable][weberlab.de] + detection-update: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] [DNS][Network][Acceptable][weberlab.de] new: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] - detected: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable] - detection-update: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable] + detected: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][ns2.weberdns.de] + detection-update: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable][ns2.weberdns.de] new: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] - detected: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Network][Acceptable] - detection-update: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Network][Acceptable] + detected: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Network][Acceptable][weberlab.de] + detection-update: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Network][Acceptable][weberlab.de] idle: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Network][Acceptable] end: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Network][Acceptable] idle: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] [DNS][Network][Acceptable] diff --git a/test/results/flow-info/dns_invert_query.pcapng.out b/test/results/flow-info/dns_invert_query.pcapng.out index 2d00bf896..5b1431cbd 100644 --- a/test/results/flow-info/dns_invert_query.pcapng.out +++ b/test/results/flow-info/dns_invert_query.pcapng.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [173.147.108.174][18427] -> [...244.187.95.1][...53] - detected: [.....1] [ip4][..udp] [173.147.108.174][18427] -> [...244.187.95.1][...53] [DNS][Network][Acceptable] + detected: [.....1] [ip4][..udp] [173.147.108.174][18427] -> [...244.187.95.1][...53] [DNS][Network][Acceptable][216.58.202.4] idle: [.....1] [ip4][..udp] [173.147.108.174][18427] -> [...244.187.95.1][...53] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_long_domainname.pcap.out b/test/results/flow-info/dns_long_domainname.pcap.out index 5ca786129..1bac00482 100644 --- a/test/results/flow-info/dns_long_domainname.pcap.out +++ b/test/results/flow-info/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.1.168][65311] -> [........8.8.8.8][...53] - detected: [.....1] [ip4][..udp] [..192.168.1.168][65311] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....1] [ip4][..udp] [..192.168.1.168][65311] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + detected: [.....1] [ip4][..udp] [..192.168.1.168][65311] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com] + detection-update: [.....1] [ip4][..udp] [..192.168.1.168][65311] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com] idle: [.....1] [ip4][..udp] [..192.168.1.168][65311] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dnscrypt-v2-doh.pcap.out b/test/results/flow-info/dnscrypt-v2-doh.pcap.out index aed3b318d..02c510b7c 100644 --- a/test/results/flow-info/dnscrypt-v2-doh.pcap.out +++ b/test/results/flow-info/dnscrypt-v2-doh.pcap.out @@ -2,117 +2,117 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.......10.0.0.1][53674] -> [..139.99.222.72][..443] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [.......10.0.0.1][53674] -> [..139.99.222.72][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][53674] -> [..139.99.222.72][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....1] [ip4][..tcp] [.......10.0.0.1][53674] -> [..139.99.222.72][..443] [TLS.DoH_DoT][Network][Fun][doh-2.seby.io] + detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][53674] -> [..139.99.222.72][..443] [TLS.DoH_DoT][Network][Fun][doh-2.seby.io] new: [.....2] [ip4][..tcp] [.......10.0.0.1][53676] -> [..139.99.222.72][..443] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [.......10.0.0.1][53676] -> [..139.99.222.72][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....2] [ip4][..tcp] [.......10.0.0.1][53676] -> [..139.99.222.72][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....2] [ip4][..tcp] [.......10.0.0.1][53676] -> [..139.99.222.72][..443] [TLS.DoH_DoT][Network][Fun][doh-2.seby.io] + detection-update: [.....2] [ip4][..tcp] [.......10.0.0.1][53676] -> [..139.99.222.72][..443] [TLS.DoH_DoT][Network][Fun][doh-2.seby.io] new: [.....3] [ip4][..tcp] [.......10.0.0.1][50614] -> [..185.95.218.42][..443] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [.......10.0.0.1][50614] -> [..185.95.218.42][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....3] [ip4][..tcp] [.......10.0.0.1][50614] -> [..185.95.218.42][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....3] [ip4][..tcp] [.......10.0.0.1][50614] -> [..185.95.218.42][..443] [TLS.DoH_DoT][Network][Fun][dns.digitale-gesellschaft.ch] + detection-update: [.....3] [ip4][..tcp] [.......10.0.0.1][50614] -> [..185.95.218.42][..443] [TLS.DoH_DoT][Network][Fun][dns.digitale-gesellschaft.ch] new: [.....4] [ip4][..tcp] [.......10.0.0.1][55962] -> [..51.158.147.50][..443] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [.......10.0.0.1][55962] -> [..51.158.147.50][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....4] [ip4][..tcp] [.......10.0.0.1][55962] -> [..51.158.147.50][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....4] [ip4][..tcp] [.......10.0.0.1][55962] -> [..51.158.147.50][..443] [TLS.DoH_DoT][Network][Fun][resolver-eu.lelux.fi] + detection-update: [.....4] [ip4][..tcp] [.......10.0.0.1][55962] -> [..51.158.147.50][..443] [TLS.DoH_DoT][Network][Fun][resolver-eu.lelux.fi] new: [.....5] [ip4][..tcp] [.......10.0.0.1][59404] -> [.185.253.154.66][..443] [MIDSTREAM] - detected: [.....5] [ip4][..tcp] [.......10.0.0.1][59404] -> [.185.253.154.66][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....5] [ip4][..tcp] [.......10.0.0.1][59404] -> [.185.253.154.66][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....5] [ip4][..tcp] [.......10.0.0.1][59404] -> [.185.253.154.66][..443] [TLS.DoH_DoT][Network][Fun][dnses.alekberg.net] + detection-update: [.....5] [ip4][..tcp] [.......10.0.0.1][59404] -> [.185.253.154.66][..443] [TLS.DoH_DoT][Network][Fun][dnses.alekberg.net] new: [.....6] [ip4][..tcp] [.......10.0.0.1][40938] -> [..172.104.93.80][..443] [MIDSTREAM] - detected: [.....6] [ip4][..tcp] [.......10.0.0.1][40938] -> [..172.104.93.80][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....6] [ip4][..tcp] [.......10.0.0.1][40938] -> [..172.104.93.80][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....6] [ip4][..tcp] [.......10.0.0.1][40938] -> [..172.104.93.80][..443] [TLS.DoH_DoT][Network][Fun][jp.tiar.app] + detection-update: [.....6] [ip4][..tcp] [.......10.0.0.1][40938] -> [..172.104.93.80][..443] [TLS.DoH_DoT][Network][Fun][jp.tiar.app] new: [.....7] [ip4][..tcp] [.......10.0.0.1][37530] -> [167.114.220.125][..453] [MIDSTREAM] - detected: [.....7] [ip4][..tcp] [.......10.0.0.1][37530] -> [167.114.220.125][..453] [TLS.DoH_DoT][Network][Fun] + detected: [.....7] [ip4][..tcp] [.......10.0.0.1][37530] -> [167.114.220.125][..453] [TLS.DoH_DoT][Network][Fun][dns1.dnscrypt.ca] RISK: Known Proto on Non Std Port - detection-update: [.....7] [ip4][..tcp] [.......10.0.0.1][37530] -> [167.114.220.125][..453] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....7] [ip4][..tcp] [.......10.0.0.1][37530] -> [167.114.220.125][..453] [TLS.DoH_DoT][Network][Fun][dns1.dnscrypt.ca] RISK: Known Proto on Non Std Port new: [.....8] [ip4][..tcp] [.......10.0.0.1][38186] -> [...185.43.135.1][..443] [MIDSTREAM] - detected: [.....8] [ip4][..tcp] [.......10.0.0.1][38186] -> [...185.43.135.1][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....8] [ip4][..tcp] [.......10.0.0.1][38186] -> [...185.43.135.1][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....8] [ip4][..tcp] [.......10.0.0.1][38186] -> [...185.43.135.1][..443] [TLS.DoH_DoT][Network][Fun][odvr.nic.cz] + detection-update: [.....8] [ip4][..tcp] [.......10.0.0.1][38186] -> [...185.43.135.1][..443] [TLS.DoH_DoT][Network][Fun][odvr.nic.cz] RISK: TLS Cert Expired new: [.....9] [ip4][..tcp] [.......10.0.0.1][51770] -> [.......9.9.9.10][..443] [MIDSTREAM] - detected: [.....9] [ip4][..tcp] [.......10.0.0.1][51770] -> [.......9.9.9.10][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....9] [ip4][..tcp] [.......10.0.0.1][51770] -> [.......9.9.9.10][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....9] [ip4][..tcp] [.......10.0.0.1][51770] -> [.......9.9.9.10][..443] [TLS.DoH_DoT][Network][Fun][dns10.quad9.net] + detection-update: [.....9] [ip4][..tcp] [.......10.0.0.1][51770] -> [.......9.9.9.10][..443] [TLS.DoH_DoT][Network][Fun][dns10.quad9.net] new: [....10] [ip4][..tcp] [.......10.0.0.1][55322] -> [.185.134.196.55][..443] [MIDSTREAM] - detected: [....10] [ip4][..tcp] [.......10.0.0.1][55322] -> [.185.134.196.55][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....10] [ip4][..tcp] [.......10.0.0.1][55322] -> [.185.134.196.55][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....10] [ip4][..tcp] [.......10.0.0.1][55322] -> [.185.134.196.55][..443] [TLS.DoH_DoT][Network][Fun][rdns.faelix.net] + detection-update: [....10] [ip4][..tcp] [.......10.0.0.1][55322] -> [.185.134.196.55][..443] [TLS.DoH_DoT][Network][Fun][rdns.faelix.net] new: [....11] [ip4][..tcp] [.......10.0.0.1][52386] -> [..51.15.124.208][..443] [MIDSTREAM] - detected: [....11] [ip4][..tcp] [.......10.0.0.1][52386] -> [..51.15.124.208][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....11] [ip4][..tcp] [.......10.0.0.1][52386] -> [..51.15.124.208][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....11] [ip4][..tcp] [.......10.0.0.1][52386] -> [..51.15.124.208][..443] [TLS.DoH_DoT][Network][Fun][dnsnl.alekberg.net] + detection-update: [....11] [ip4][..tcp] [.......10.0.0.1][52386] -> [..51.15.124.208][..443] [TLS.DoH_DoT][Network][Fun][dnsnl.alekberg.net] new: [....12] [ip4][..tcp] [.......10.0.0.1][41720] -> [116.203.179.248][..443] [MIDSTREAM] - detected: [....12] [ip4][..tcp] [.......10.0.0.1][41720] -> [116.203.179.248][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....12] [ip4][..tcp] [.......10.0.0.1][41720] -> [116.203.179.248][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....12] [ip4][..tcp] [.......10.0.0.1][41720] -> [116.203.179.248][..443] [TLS.DoH_DoT][Network][Fun][rumpelsepp.org] + detection-update: [....12] [ip4][..tcp] [.......10.0.0.1][41720] -> [116.203.179.248][..443] [TLS.DoH_DoT][Network][Fun][rumpelsepp.org] new: [....13] [ip4][..tcp] [.......10.0.0.1][60026] -> [...195.30.94.28][..443] [MIDSTREAM] - detected: [....13] [ip4][..tcp] [.......10.0.0.1][60026] -> [...195.30.94.28][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....13] [ip4][..tcp] [.......10.0.0.1][60026] -> [...195.30.94.28][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....13] [ip4][..tcp] [.......10.0.0.1][60026] -> [...195.30.94.28][..443] [TLS.DoH_DoT][Network][Fun][doh.ffmuc.net] + detection-update: [....13] [ip4][..tcp] [.......10.0.0.1][60026] -> [...195.30.94.28][..443] [TLS.DoH_DoT][Network][Fun][doh.ffmuc.net] new: [....14] [ip4][..tcp] [.......10.0.0.1][46658] -> [185.233.106.232][..443] [MIDSTREAM] - detected: [....14] [ip4][..tcp] [.......10.0.0.1][46658] -> [185.233.106.232][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....14] [ip4][..tcp] [.......10.0.0.1][46658] -> [185.233.106.232][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....14] [ip4][..tcp] [.......10.0.0.1][46658] -> [185.233.106.232][..443] [TLS.DoH_DoT][Network][Fun][dns.dnshome.de] + detection-update: [....14] [ip4][..tcp] [.......10.0.0.1][46658] -> [185.233.106.232][..443] [TLS.DoH_DoT][Network][Fun][dns.dnshome.de] new: [....15] [ip4][..tcp] [.......10.0.0.1][36012] -> [..149.56.228.45][..453] [MIDSTREAM] - detected: [....15] [ip4][..tcp] [.......10.0.0.1][36012] -> [..149.56.228.45][..453] [TLS.DoH_DoT][Network][Fun] + detected: [....15] [ip4][..tcp] [.......10.0.0.1][36012] -> [..149.56.228.45][..453] [TLS.DoH_DoT][Network][Fun][dns2.dnscrypt.ca] RISK: Known Proto on Non Std Port - detection-update: [....15] [ip4][..tcp] [.......10.0.0.1][36012] -> [..149.56.228.45][..453] [TLS.DoH_DoT][Network][Fun] + detection-update: [....15] [ip4][..tcp] [.......10.0.0.1][36012] -> [..149.56.228.45][..453] [TLS.DoH_DoT][Network][Fun][dns2.dnscrypt.ca] RISK: Known Proto on Non Std Port new: [....16] [ip4][..tcp] [.......10.0.0.1][38018] -> [..45.153.187.96][..443] [MIDSTREAM] - detected: [....16] [ip4][..tcp] [.......10.0.0.1][38018] -> [..45.153.187.96][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....16] [ip4][..tcp] [.......10.0.0.1][38018] -> [..45.153.187.96][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....16] [ip4][..tcp] [.......10.0.0.1][38018] -> [..45.153.187.96][..443] [TLS.DoH_DoT][Network][Fun][dnsse.alekberg.net] + detection-update: [....16] [ip4][..tcp] [.......10.0.0.1][38018] -> [..45.153.187.96][..443] [TLS.DoH_DoT][Network][Fun][dnsse.alekberg.net] new: [....17] [ip4][..tcp] [.......10.0.0.1][44640] -> [...185.235.81.1][..443] [MIDSTREAM] - detected: [....17] [ip4][..tcp] [.......10.0.0.1][44640] -> [...185.235.81.1][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....17] [ip4][..tcp] [.......10.0.0.1][44640] -> [...185.235.81.1][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....17] [ip4][..tcp] [.......10.0.0.1][44640] -> [...185.235.81.1][..443] [TLS.DoH_DoT][Network][Fun][doh.dnslify.com] + detection-update: [....17] [ip4][..tcp] [.......10.0.0.1][44640] -> [...185.235.81.1][..443] [TLS.DoH_DoT][Network][Fun][doh.dnslify.com] new: [....18] [ip4][..tcp] [.......10.0.0.1][43106] -> [.116.202.176.26][..443] [MIDSTREAM] - detected: [....18] [ip4][..tcp] [.......10.0.0.1][43106] -> [.116.202.176.26][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....18] [ip4][..tcp] [.......10.0.0.1][43106] -> [.116.202.176.26][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....18] [ip4][..tcp] [.......10.0.0.1][43106] -> [.116.202.176.26][..443] [TLS.DoH_DoT][Network][Fun][doh.libredns.gr] + detection-update: [....18] [ip4][..tcp] [.......10.0.0.1][43106] -> [.116.202.176.26][..443] [TLS.DoH_DoT][Network][Fun][doh.libredns.gr] new: [....19] [ip4][..tcp] [.......10.0.0.1][59026] -> [....85.5.93.230][..443] [MIDSTREAM] - detected: [....19] [ip4][..tcp] [.......10.0.0.1][59026] -> [....85.5.93.230][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....19] [ip4][..tcp] [.......10.0.0.1][59026] -> [....85.5.93.230][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....19] [ip4][..tcp] [.......10.0.0.1][59026] -> [....85.5.93.230][..443] [TLS.DoH_DoT][Network][Fun][ibksturm.synology.me] + detection-update: [....19] [ip4][..tcp] [.......10.0.0.1][59026] -> [....85.5.93.230][..443] [TLS.DoH_DoT][Network][Fun][ibksturm.synology.me] new: [....20] [ip4][..tcp] [.......10.0.0.1][33724] -> [...104.28.28.34][..443] [MIDSTREAM] - detected: [....20] [ip4][..tcp] [.......10.0.0.1][33724] -> [...104.28.28.34][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....20] [ip4][..tcp] [.......10.0.0.1][33724] -> [...104.28.28.34][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....20] [ip4][..tcp] [.......10.0.0.1][33724] -> [...104.28.28.34][..443] [TLS.DoH_DoT][Network][Fun][jp.tiarap.org] + detection-update: [....20] [ip4][..tcp] [.......10.0.0.1][33724] -> [...104.28.28.34][..443] [TLS.DoH_DoT][Network][Fun][jp.tiarap.org] new: [....21] [ip4][..tcp] [.......10.0.0.1][53802] -> [........1.0.0.1][..443] [MIDSTREAM] - detected: [....21] [ip4][..tcp] [.......10.0.0.1][53802] -> [........1.0.0.1][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....21] [ip4][..tcp] [.......10.0.0.1][53802] -> [........1.0.0.1][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....21] [ip4][..tcp] [.......10.0.0.1][53802] -> [........1.0.0.1][..443] [TLS.DoH_DoT][Network][Fun][dns.cloudflare.com] + detection-update: [....21] [ip4][..tcp] [.......10.0.0.1][53802] -> [........1.0.0.1][..443] [TLS.DoH_DoT][Network][Fun][dns.cloudflare.com] new: [....22] [ip4][..tcp] [.......10.0.0.1][33338] -> [.....45.90.28.0][..443] [MIDSTREAM] - detected: [....22] [ip4][..tcp] [.......10.0.0.1][33338] -> [.....45.90.28.0][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....22] [ip4][..tcp] [.......10.0.0.1][33338] -> [.....45.90.28.0][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....22] [ip4][..tcp] [.......10.0.0.1][33338] -> [.....45.90.28.0][..443] [TLS.DoH_DoT][Network][Fun][dns.nextdns.io] + detection-update: [....22] [ip4][..tcp] [.......10.0.0.1][33338] -> [.....45.90.28.0][..443] [TLS.DoH_DoT][Network][Fun][dns.nextdns.io] new: [....23] [ip4][..tcp] [.......10.0.0.1][52176] -> [136.144.215.158][..443] [MIDSTREAM] - detected: [....23] [ip4][..tcp] [.......10.0.0.1][52176] -> [136.144.215.158][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....23] [ip4][..tcp] [.......10.0.0.1][52176] -> [136.144.215.158][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....23] [ip4][..tcp] [.......10.0.0.1][52176] -> [136.144.215.158][..443] [TLS.DoH_DoT][Network][Fun][doh.powerdns.org] + detection-update: [....23] [ip4][..tcp] [.......10.0.0.1][52176] -> [136.144.215.158][..443] [TLS.DoH_DoT][Network][Fun][doh.powerdns.org] new: [....24] [ip4][..tcp] [.......10.0.0.1][39214] -> [...104.28.0.106][..443] [MIDSTREAM] - detected: [....24] [ip4][..tcp] [.......10.0.0.1][39214] -> [...104.28.0.106][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....24] [ip4][..tcp] [.......10.0.0.1][39214] -> [...104.28.0.106][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....24] [ip4][..tcp] [.......10.0.0.1][39214] -> [...104.28.0.106][..443] [TLS.DoH_DoT][Network][Fun][doh.crypto.sx] + detection-update: [....24] [ip4][..tcp] [.......10.0.0.1][39214] -> [...104.28.0.106][..443] [TLS.DoH_DoT][Network][Fun][doh.crypto.sx] new: [....25] [ip4][..tcp] [.......10.0.0.1][52028] -> [...45.76.113.31][.8443] [MIDSTREAM] - detected: [....25] [ip4][..tcp] [.......10.0.0.1][52028] -> [...45.76.113.31][.8443] [TLS.DoH_DoT][Network][Fun] + detected: [....25] [ip4][..tcp] [.......10.0.0.1][52028] -> [...45.76.113.31][.8443] [TLS.DoH_DoT][Network][Fun][doh.seby.io] RISK: Known Proto on Non Std Port - detection-update: [....25] [ip4][..tcp] [.......10.0.0.1][52028] -> [...45.76.113.31][.8443] [TLS.DoH_DoT][Network][Fun] + detection-update: [....25] [ip4][..tcp] [.......10.0.0.1][52028] -> [...45.76.113.31][.8443] [TLS.DoH_DoT][Network][Fun][doh.seby.io] RISK: Known Proto on Non Std Port new: [....26] [ip4][..tcp] [.......10.0.0.1][34036] -> [..217.169.20.23][..443] [MIDSTREAM] - detected: [....26] [ip4][..tcp] [.......10.0.0.1][34036] -> [..217.169.20.23][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....26] [ip4][..tcp] [.......10.0.0.1][34036] -> [..217.169.20.23][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....26] [ip4][..tcp] [.......10.0.0.1][34036] -> [..217.169.20.23][..443] [TLS.DoH_DoT][Network][Fun][dns.aa.net.uk] + detection-update: [....26] [ip4][..tcp] [.......10.0.0.1][34036] -> [..217.169.20.23][..443] [TLS.DoH_DoT][Network][Fun][dns.aa.net.uk] new: [....27] [ip4][..tcp] [.......10.0.0.1][43718] -> [..146.255.56.98][..443] [MIDSTREAM] - detected: [....27] [ip4][..tcp] [.......10.0.0.1][43718] -> [..146.255.56.98][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....27] [ip4][..tcp] [.......10.0.0.1][43718] -> [..146.255.56.98][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....27] [ip4][..tcp] [.......10.0.0.1][43718] -> [..146.255.56.98][..443] [TLS.DoH_DoT][Network][Fun][doh.appliedprivacy.net] + detection-update: [....27] [ip4][..tcp] [.......10.0.0.1][43718] -> [..146.255.56.98][..443] [TLS.DoH_DoT][Network][Fun][doh.appliedprivacy.net] new: [....28] [ip4][..tcp] [.......10.0.0.1][54164] -> [...193.70.85.11][..443] [MIDSTREAM] - detected: [....28] [ip4][..tcp] [.......10.0.0.1][54164] -> [...193.70.85.11][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....28] [ip4][..tcp] [.......10.0.0.1][54164] -> [...193.70.85.11][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....28] [ip4][..tcp] [.......10.0.0.1][54164] -> [...193.70.85.11][..443] [TLS.DoH_DoT][Network][Fun][doh.bortzmeyer.fr] + detection-update: [....28] [ip4][..tcp] [.......10.0.0.1][54164] -> [...193.70.85.11][..443] [TLS.DoH_DoT][Network][Fun][doh.bortzmeyer.fr] new: [....29] [ip4][..tcp] [.......10.0.0.1][35714] -> [.209.250.241.25][..443] [MIDSTREAM] - detected: [....29] [ip4][..tcp] [.......10.0.0.1][35714] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....29] [ip4][..tcp] [.......10.0.0.1][35714] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....29] [ip4][..tcp] [.......10.0.0.1][35714] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....29] [ip4][..tcp] [.......10.0.0.1][35714] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun][jarjar.meganerd.nl] + detection-update: [....29] [ip4][..tcp] [.......10.0.0.1][35714] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun][jarjar.meganerd.nl] + detection-update: [....29] [ip4][..tcp] [.......10.0.0.1][35714] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun][jarjar.meganerd.nl] RISK: TLS Cert Expired new: [....30] [ip4][..tcp] [.......10.0.0.1][43888] -> [.95.216.229.153][..443] [MIDSTREAM] - detected: [....30] [ip4][..tcp] [.......10.0.0.1][43888] -> [.95.216.229.153][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....30] [ip4][..tcp] [.......10.0.0.1][43888] -> [.95.216.229.153][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....30] [ip4][..tcp] [.......10.0.0.1][43888] -> [.95.216.229.153][..443] [TLS.DoH_DoT][Network][Fun][fi.doh.dns.snopyta.org] + detection-update: [....30] [ip4][..tcp] [.......10.0.0.1][43888] -> [.95.216.229.153][..443] [TLS.DoH_DoT][Network][Fun][fi.doh.dns.snopyta.org] new: [....31] [ip4][..tcp] [.......10.0.0.1][57058] -> [..46.227.200.54][..443] [MIDSTREAM] - detected: [....31] [ip4][..tcp] [.......10.0.0.1][57058] -> [..46.227.200.54][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....31] [ip4][..tcp] [.......10.0.0.1][57058] -> [..46.227.200.54][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....31] [ip4][..tcp] [.......10.0.0.1][57058] -> [..46.227.200.54][..443] [TLS.DoH_DoT][Network][Fun][rdns.faelix.net] + detection-update: [....31] [ip4][..tcp] [.......10.0.0.1][57058] -> [..46.227.200.54][..443] [TLS.DoH_DoT][Network][Fun][rdns.faelix.net] new: [....32] [ip4][..tcp] [.......10.0.0.1][51846] -> [.......9.9.9.10][..443] [MIDSTREAM] - detected: [....32] [ip4][..tcp] [.......10.0.0.1][51846] -> [.......9.9.9.10][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....32] [ip4][..tcp] [.......10.0.0.1][51846] -> [.......9.9.9.10][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....32] [ip4][..tcp] [.......10.0.0.1][51846] -> [.......9.9.9.10][..443] [TLS.DoH_DoT][Network][Fun][dns10.quad9.net] + detection-update: [....32] [ip4][..tcp] [.......10.0.0.1][51846] -> [.......9.9.9.10][..443] [TLS.DoH_DoT][Network][Fun][dns10.quad9.net] new: [....33] [ip4][..tcp] [.......10.0.0.1][44704] -> [...185.235.81.1][..443] [MIDSTREAM] - detected: [....33] [ip4][..tcp] [.......10.0.0.1][44704] -> [...185.235.81.1][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....33] [ip4][..tcp] [.......10.0.0.1][44704] -> [...185.235.81.1][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....33] [ip4][..tcp] [.......10.0.0.1][44704] -> [...185.235.81.1][..443] [TLS.DoH_DoT][Network][Fun][doh.dnslify.com] + detection-update: [....33] [ip4][..tcp] [.......10.0.0.1][44704] -> [...185.235.81.1][..443] [TLS.DoH_DoT][Network][Fun][doh.dnslify.com] new: [....34] [ip4][..tcp] [.......10.0.0.1][35742] -> [.209.250.241.25][..443] [MIDSTREAM] - detected: [....34] [ip4][..tcp] [.......10.0.0.1][35742] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....34] [ip4][..tcp] [.......10.0.0.1][35742] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [....34] [ip4][..tcp] [.......10.0.0.1][35742] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun] + detected: [....34] [ip4][..tcp] [.......10.0.0.1][35742] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun][jarjar.meganerd.nl] + detection-update: [....34] [ip4][..tcp] [.......10.0.0.1][35742] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun][jarjar.meganerd.nl] + detection-update: [....34] [ip4][..tcp] [.......10.0.0.1][35742] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun][jarjar.meganerd.nl] RISK: TLS Cert Expired idle: [....29] [ip4][..tcp] [.......10.0.0.1][35714] -> [.209.250.241.25][..443] [TLS.DoH_DoT][Network][Fun] RISK: TLS Cert Expired diff --git a/test/results/flow-info/doq.pcapng.out b/test/results/flow-info/doq.pcapng.out index 9168bed8a..abeb47f42 100644 --- a/test/results/flow-info/doq.pcapng.out +++ b/test/results/flow-info/doq.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [....................................::1][47826] -> [....................................::1][..784] - detected: [.....1] [ip6][..udp] [....................................::1][47826] -> [....................................::1][..784] [QUIC.DoH_DoT][Network][Fun] + detected: [.....1] [ip6][..udp] [....................................::1][47826] -> [....................................::1][..784] [QUIC.DoH_DoT][Network][Fun][] RISK: Missing SNI TLS Extn new: [.....2] [ip6][icmp6] [....................................::1] -> [....................................::1] detected: [.....2] [ip6][icmp6] [....................................::1] -> [....................................::1] [ICMPV6][Network][Acceptable] diff --git a/test/results/flow-info/doq_adguard.pcapng.out b/test/results/flow-info/doq_adguard.pcapng.out index 1bbbdf5d1..263261721 100644 --- a/test/results/flow-info/doq_adguard.pcapng.out +++ b/test/results/flow-info/doq_adguard.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] - detected: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Network][Fun] + detected: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Network][Fun][dns.adguard.com] analyse: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Network][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.885| 0.161| 0.453| 205274.628| 2.400] diff --git a/test/results/flow-info/dos_win98_smb_netbeui.pcap.out b/test/results/flow-info/dos_win98_smb_netbeui.pcap.out index 470c9cb9a..ae553abfd 100644 --- a/test/results/flow-info/dos_win98_smb_netbeui.pcap.out +++ b/test/results/flow-info/dos_win98_smb_netbeui.pcap.out @@ -10,17 +10,17 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137] - detected: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137] [NetBIOS][System][Acceptable] + detected: [.....1] [ip4][..udp] [192.168.239.129][..137] -> [..192.168.239.2][..137] [NetBIOS][System][Acceptable][mdjr98] new: [.....2] [ip4][.icmp] [192.168.239.129] -> [......224.0.0.2] detected: [.....2] [ip4][.icmp] [192.168.239.129] -> [......224.0.0.2] [ICMP][Network][Acceptable] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] - detected: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable] + detected: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][System][Acceptable][mdjr98] ERROR-EVENT: Unknown packet type new: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] - detected: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [.....4] [ip4][..udp] [192.168.239.129][..138] -> [192.168.239.255][..138] [NetBIOS.SMBv1][System][Dangerous][mdjr98] RISK: Unsafe Protocol ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type diff --git a/test/results/flow-info/dropbox.pcap.out b/test/results/flow-info/dropbox.pcap.out index ebfc6bf20..59d118b11 100644 --- a/test/results/flow-info/dropbox.pcap.out +++ b/test/results/flow-info/dropbox.pcap.out @@ -52,29 +52,29 @@ DAEMON-EVENT: [Processed: 800 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] - detected: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] - detection-update: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] + detected: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][client.dropbox.com] + detection-update: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][client.dropbox.com] new: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] - detected: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] + detected: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][client-cf.dropbox.com] new: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] - detected: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] - detection-update: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] - detection-update: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] + detected: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][d.dropbox.com] + detection-update: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][client-cf.dropbox.com] + detection-update: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][d.dropbox.com] idle: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] idle: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] idle: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] idle: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable] new: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] - detected: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] - detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] - detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] + detected: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][log.getdropbox.com] + detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][log.getdropbox.com] + detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][log.getdropbox.com] new: [.....9] [ip4][..udp] [..192.168.1.105][17500] -> [255.255.255.255][17500] detected: [.....9] [ip4][..udp] [..192.168.1.105][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable] new: [....10] [ip4][..udp] [..192.168.1.105][17500] -> [..192.168.1.255][17500] detected: [....10] [ip4][..udp] [..192.168.1.105][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable] new: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] - detected: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] - detection-update: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable] + detected: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][notify.dropbox.com] + detection-update: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Cloud][Acceptable][notify.dropbox.com] DAEMON-EVENT: [Processed: 836 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 7 / 11|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0] new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] diff --git a/test/results/flow-info/emotet.pcap.out b/test/results/flow-info/emotet.pcap.out index 0af7f09a8..f33289e81 100644 --- a/test/results/flow-info/emotet.pcap.out +++ b/test/results/flow-info/emotet.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] - detected: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Email][Acceptable] + detected: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Email][Acceptable][opmta1mto02nd1] analyse: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Email][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.056| 0.539| 0.774| 599161.176| 3.700] @@ -16,7 +16,7 @@ DAEMON-EVENT: [Processed: 626 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] - detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Web][Acceptable][fkl.co.ke] analyse: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.204| 0.029| 0.060| 3581.477| 2.700] @@ -31,8 +31,8 @@ DAEMON-EVENT: [Processed: 834 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] - detected: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] - detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable][gandhitoday.org] + detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable][gandhitoday.org] RISK: Binary App Transfer analyse: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy @@ -48,9 +48,9 @@ DAEMON-EVENT: [Processed: 1663 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] - detected: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Web][Acceptable] + detected: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Web][Acceptable][filmmogzivota.rs] RISK: HTTP Suspicious User-Agent - detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Download][Acceptable] + detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Download][Acceptable][filmmogzivota.rs] RISK: Binary App Transfer, HTTP Suspicious User-Agent analyse: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Download][Acceptable] min| max| avg| stddev| variance| entropy @@ -65,9 +65,9 @@ end: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Web][Acceptable] RISK: Binary App Transfer new: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] - detected: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe] + detected: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe] + detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe][] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] min| max| avg| stddev| variance| entropy @@ -79,12 +79,12 @@ [IATS(ms)....: 109.4,109.6,14.1,123.8,13.2,122.9,52.7,132.9,80.3,6.5,151.9,1117.1,0.1,0.2,1262.5,0.1,2.9,0.1,3.1,96.9,0.1,96.9,3.1,0.1,0.2,0.1,3.3,0.1,2.9,0.1] [PKTLENS.....: 52,52,46,189,46,1418,46,133,282,46,520,46,1428,1428,1428,46,46,1428,1428,52,1428,1428,60,1428,1428,1428,1428,60,60,60,1428,1428] [ENTROPIES...: 4.7,4.9,4.5,5.4,4.6,7.5,4.6,5.9,7.1,4.5,7.5,4.5,7.9,7.9,7.9,4.5,4.5,7.9,7.9,5.0,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,5.1,5.1,7.8,7.9] - detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe] + detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Web][Safe][] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] - detected: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Web][Safe] + detected: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Web][Safe] + detection-update: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn end: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer, HTTP Suspicious User-Agent diff --git a/test/results/flow-info/encrypted_sni.pcap.out b/test/results/flow-info/encrypted_sni.pcap.out index 05ce4f637..1bf78124b 100644 --- a/test/results/flow-info/encrypted_sni.pcap.out +++ b/test/results/flow-info/encrypted_sni.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [TLS.Cloudflare][Web][Acceptable][] new: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [TLS.Cloudflare][Web][Acceptable][] new: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS.Cloudflare][Web][Acceptable][] idle: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] idle: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] idle: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] diff --git a/test/results/flow-info/exe_download.pcap.out b/test/results/flow-info/exe_download.pcap.out index 414130a36..75785019a 100644 --- a/test/results/flow-info/exe_download.pcap.out +++ b/test/results/flow-info/exe_download.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] - detected: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Web][Acceptable][144.91.69.195] RISK: HTTP Suspicious User-Agent, HTTP Numeric IP Address - detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Download][Acceptable] + detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Download][Acceptable][144.91.69.195] RISK: Binary App Transfer, HTTP Suspicious User-Agent, HTTP Numeric IP Address analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Download][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/exe_download_as_png.pcap.out b/test/results/flow-info/exe_download_as_png.pcap.out index 8f1e980e2..b229ca9e5 100644 --- a/test/results/flow-info/exe_download_as_png.pcap.out +++ b/test/results/flow-info/exe_download_as_png.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] - detected: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable][185.98.87.185] RISK: HTTP Numeric IP Address - detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable] + detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable][185.98.87.185] RISK: Binary App Transfer, HTTP Numeric IP Address analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/facebook.pcap.out b/test/results/flow-info/facebook.pcap.out index 7497132a1..359095a8f 100644 --- a/test/results/flow-info/facebook.pcap.out +++ b/test/results/flow-info/facebook.pcap.out @@ -2,12 +2,12 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.43.18][52066] -> [..66.220.156.68][..443] - detected: [.....1] [ip4][..tcp] [..192.168.43.18][52066] -> [..66.220.156.68][..443] [TLS.Facebook][SocialNetwork][Fun] - detection-update: [.....1] [ip4][..tcp] [..192.168.43.18][52066] -> [..66.220.156.68][..443] [TLS.Facebook][SocialNetwork][Fun] - detection-update: [.....1] [ip4][..tcp] [..192.168.43.18][52066] -> [..66.220.156.68][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [.....1] [ip4][..tcp] [..192.168.43.18][52066] -> [..66.220.156.68][..443] [TLS.Facebook][SocialNetwork][Fun][facebook.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.43.18][52066] -> [..66.220.156.68][..443] [TLS.Facebook][SocialNetwork][Fun][facebook.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.43.18][52066] -> [..66.220.156.68][..443] [TLS.Facebook][SocialNetwork][Fun][facebook.com] new: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] - detected: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] - detection-update: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun][www.facebook.com] + detection-update: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun][www.facebook.com] analyse: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.155| 0.037| 0.058| 3352.274| 3.300] diff --git a/test/results/flow-info/firefox.pcap.out b/test/results/flow-info/firefox.pcap.out index 9d247d46f..a1d6cd789 100644 --- a/test/results/flow-info/firefox.pcap.out +++ b/test/results/flow-info/firefox.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] new: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] analyse: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy @@ -16,10 +16,10 @@ [PKTLENS.....: 64,60,52,569,52,1492,1492,52,758,52,132,438,52,52,355,355,52,52,1492,1492,52,1492,1492,52,1492,1471,52,52,417,52,1492,1492] [ENTROPIES...: 4.4,5.3,5.0,5.2,5.2,7.8,7.9,5.0,7.7,5.1,6.3,7.4,5.1,5.0,7.3,7.4,5.0,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,5.0,7.4,5.1,7.8,7.9] new: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] - detected: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detected: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detected: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] new: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] new: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] new: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] @@ -33,9 +33,9 @@ [IATS(ms)....: 34.4,34.5,3.3,32.3,1.5,30.5,4.2,18.6,31.6,0.0,8.9,18.5,3.0,0.1,21.6,203.5,231.0,1.0,0.2,0.0,28.7,0.2,0.2,0.9,0.1,1.0,0.1,0.4,0.0,0.0,0.5] [PKTLENS.....: 64,60,52,732,52,312,52,132,402,52,355,52,52,1492,1028,52,433,52,1492,1492,1492,52,1492,52,1492,1492,52,1492,1492,1492,1492,52] [ENTROPIES...: 4.5,5.2,5.0,7.2,5.1,7.0,5.0,6.3,7.3,5.0,7.4,5.0,5.1,7.9,7.8,5.0,7.5,5.0,7.9,7.9,7.9,5.0,7.9,5.0,7.9,7.9,5.0,7.9,7.9,7.9,7.9,5.0] - detected: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detected: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detected: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detected: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detected: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.221| 0.023| 0.050| 2549.799| 3.100] @@ -46,10 +46,10 @@ [IATS(ms)....: 27.4,27.4,16.2,42.1,1.2,27.2,10.1,34.7,0.0,24.7,195.8,221.4,1.8,27.4,3.4,28.7,1.1,0.2,26.6,1.0,0.1,1.1,0.1,0.1,0.2,0.1,0.1,0.3,0.3,0.2,0.5] [PKTLENS.....: 64,60,52,732,52,312,52,132,52,355,52,419,52,1392,52,422,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52] [ENTROPIES...: 4.5,5.1,5.0,7.2,5.0,6.9,5.0,6.3,5.0,7.4,5.0,7.4,5.0,7.9,4.9,7.4,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,5.0] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.030| 0.007| 0.010| 104.605| 3.700] @@ -60,7 +60,7 @@ [IATS(ms)....: 26.8,26.8,3.3,29.2,2.4,28.4,2.9,12.8,29.6,0.0,13.9,11.4,1.7,0.1,13.2,0.1,0.3,1.0,0.8,0.1,0.2,0.1,0.1,0.2,0.1,0.3,0.1,0.3,12.0,12.2,0.1] [PKTLENS.....: 64,60,52,732,52,312,52,132,422,52,355,52,52,1492,1492,52,1492,52,1492,52,1492,52,1492,52,1492,1492,52,52,1492,1492,52,1492] [ENTROPIES...: 4.4,5.2,5.0,7.2,5.0,7.0,5.0,6.3,7.4,5.1,7.3,5.0,5.0,7.9,7.9,5.0,7.9,4.9,7.9,5.1,7.8,4.9,7.9,5.0,7.9,7.9,5.0,4.9,7.9,7.9,5.0,7.9] - detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][51600] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.009| 0.012| 154.305| 3.600] @@ -71,7 +71,7 @@ [IATS(ms)....: 28.1,28.2,5.5,31.7,1.1,27.2,20.3,4.0,45.6,1.3,22.6,2.8,3.1,0.1,6.1,0.1,0.2,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.2,0.4,0.3,1.5,18.6,0.0,17.4] [PKTLENS.....: 64,60,52,732,52,312,52,132,422,52,355,52,52,1492,1492,52,1492,52,1492,52,1492,52,1492,52,1492,1492,52,1492,52,1492,785,52] [ENTROPIES...: 4.4,5.2,5.0,7.2,5.1,7.0,5.0,6.2,7.5,5.0,7.4,5.0,5.1,7.8,7.9,5.0,7.9,4.9,7.9,5.1,7.8,4.9,7.9,5.1,7.9,7.9,5.0,7.9,4.9,7.9,7.7,5.0] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][51599] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] analyse: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.037| 0.010| 0.013| 180.101| 3.600] @@ -82,7 +82,7 @@ [IATS(ms)....: 28.6,28.7,7.7,37.4,1.5,31.1,2.2,13.0,31.0,0.1,15.9,15.4,0.5,0.1,16.0,0.3,0.4,0.6,0.1,0.2,0.0,0.4,0.0,0.2,0.5,36.5,0.1,0.1,36.1,0.2,0.4] [PKTLENS.....: 64,60,52,732,52,312,52,132,422,52,355,52,52,1492,1492,52,1492,1492,52,1492,1492,398,52,52,52,431,52,1492,1492,52,52,1492] [ENTROPIES...: 4.5,5.2,5.0,7.2,5.1,7.0,5.0,6.2,7.6,5.1,7.4,5.0,5.1,7.9,7.9,5.0,7.9,7.9,5.0,7.9,7.9,7.4,5.0,4.9,4.9,7.4,5.0,7.9,7.9,5.0,4.9,7.9] - detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][51601] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] idle: [.....1] [ip4][..tcp] [..192.168.1.178][51577] -> [...146.48.58.18][..443] [TLS][Web][Safe] idle: [.....2] [ip4][..tcp] [..192.168.1.178][51583] -> [...146.48.58.18][..443] [TLS][Web][Safe] idle: [.....3] [ip4][..tcp] [..192.168.1.178][51588] -> [...146.48.58.18][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/forticlient.pcap.out b/test/results/flow-info/forticlient.pcap.out index d0dce6def..2c21361ad 100644 --- a/test/results/flow-info/forticlient.pcap.out +++ b/test/results/flow-info/forticlient.pcap.out @@ -2,39 +2,39 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.178][61805] -> [....82.81.46.13][10443] - detected: [.....1] [ip4][..tcp] [..192.168.1.178][61805] -> [....82.81.46.13][10443] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [..192.168.1.178][61805] -> [....82.81.46.13][10443] [TLS][Web][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][61805] -> [....82.81.46.13][10443] [TLS][Web][Safe] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][61805] -> [....82.81.46.13][10443] [TLS][Web][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][61805] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][61805] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS new: [.....2] [ip4][..tcp] [..192.168.1.178][61806] -> [....82.81.46.13][10443] - detected: [.....2] [ip4][..tcp] [..192.168.1.178][61806] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detected: [.....2] [ip4][..tcp] [..192.168.1.178][61806] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][61806] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][61806] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][61806] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][61806] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS new: [.....3] [ip4][..tcp] [..192.168.1.178][61811] -> [....82.81.46.13][10443] - detected: [.....3] [ip4][..tcp] [..192.168.1.178][61811] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detected: [.....3] [ip4][..tcp] [..192.168.1.178][61811] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][61811] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][61811] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][61811] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][61811] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS new: [.....4] [ip4][..tcp] [..192.168.1.178][61812] -> [....82.81.46.13][10443] - detected: [.....4] [ip4][..tcp] [..192.168.1.178][61812] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detected: [.....4] [ip4][..tcp] [..192.168.1.178][61812] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][61812] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][61812] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][61812] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][61812] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS new: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] - detected: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detected: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe][82.81.46.13] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS analyse: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][VPN][Safe] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out index 75820a1b4..72f7921dd 100644 --- a/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-info/fuzz-2006-06-26-2594.pcap.out @@ -2,44 +2,44 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] - detected: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][eci_domain] new: [.....2] [ip4][..udp] [....217.168.1.2][..137] -> [..192.168.1.255][..137] new: [.....3] [ip4][..udp] [....192.168.1.2][.2712] -> [....192.168.1.1][...53] - detected: [.....3] [ip4][..udp] [....192.168.1.2][.2712] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....3] [ip4][..udp] [....192.168.1.2][.2712] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk] new: [.....4] [ip4][..udp] [....192.168.1.2][.2712] -> [...192.37.115.0][...53] - detected: [.....4] [ip4][..udp] [....192.168.1.2][.2712] -> [...192.37.115.0][...53] [DNS][Network][Acceptable] + detected: [.....4] [ip4][..udp] [....192.168.1.2][.2712] -> [...192.37.115.0][...53] [DNS][Network][Acceptable][sip.cybercrty.dk] new: [.....5] [ip4][..udp] [....192.168.1.2][.2712] -> [....192.168.1.1][49973] new: [.....6] [ip4][..udp] [....192.168.1.3][...53] -> [....192.168.1.2][.2712] - detected: [.....6] [ip4][..udp] [....192.168.1.3][...53] -> [....192.168.1.2][.2712] [DNS][Network][Acceptable] + detected: [.....6] [ip4][..udp] [....192.168.1.3][...53] -> [....192.168.1.2][.2712] [DNS][Network][Acceptable][sip.cybercity.dk] new: [.....7] [ip4][..udp] [....192.168.1.2][.2713] -> [....192.168.1.1][...53] - detected: [.....7] [ip4][..udp] [....192.168.1.2][.2713] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....7] [ip4][..udp] [....192.168.1.2][.2713] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] new: [.....8] [ip4][..udp] [..192.168.1.110][.2713] -> [....192.168.1.1][...53] - detected: [.....8] [ip4][..udp] [..192.168.1.110][.2713] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....8] [ip4][..udp] [..192.168.1.110][.2713] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet ERROR-EVENT: Unknown packet type new: [.....9] [ip4][..udp] [....192.168.1.2][.2597] -> [....192.168.1.1][29440] - detection-update: [.....7] [ip4][..udp] [....192.168.1.2][.2713] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [.....7] [ip4][..udp] [....192.168.1.2][.2713] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....10] [ip4][..udp] [....192.168.1.2][.2714] -> [....192.168.1.1][...53] - detected: [....10] [ip4][..udp] [....192.168.1.2][.2714] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....10] [ip4][..udp] [....192.168.1.2][.2714] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....10] [ip4][..udp] [....192.168.1.2][.2714] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [....10] [ip4][..udp] [....192.168.1.2][.2714] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....11] [ip4][..udp] [...192.168.1.52][.5060] -> [..212.242.33.35][.5060] detected: [....11] [ip4][..udp] [...192.168.1.52][.5060] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] new: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] detected: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] new: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] - detected: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: Unknown packet type - detection-update: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyber?ity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] - detected: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....15] [ip4][..udp] [....192.168.1.1][.9587] -> [....192.168.1.2][..156] ERROR-EVENT: Unknown packet type new: [....16] [ip4][..udp] [..208.242.33.35][.5060] -> [....192.168.1.2][.5060] detected: [....16] [ip4][..udp] [..208.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] new: [....17] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.251][..138] - detected: [....17] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.251][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....17] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.251][..138] [NetBIOS.SMBv1][System][Dangerous][] RISK: Unsafe Protocol update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] update: [.....2] [ip4][..udp] [....217.168.1.2][..137] -> [..192.168.1.255][..137] @@ -58,10 +58,10 @@ update: [.....9] [ip4][..udp] [....192.168.1.2][.2597] -> [....192.168.1.1][29440] update: [.....5] [ip4][..udp] [....192.168.1.2][.2712] -> [....192.168.1.1][49973] new: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53] - detected: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][ftp.ecite?e.com] new: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] - detected: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][ftp.ecitele.com] + detection-update: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [....23] [ip4][..tcp] [....192.168.1.2][.2720] -> [..147.234.1.253][...21] ERROR-EVENT: Unknown L3 protocol @@ -94,9 +94,9 @@ update: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] update: [....15] [ip4][..udp] [....192.168.1.1][.9587] -> [....192.168.1.2][..156] new: [....44] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.136.1.1][...53] - detected: [....44] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.136.1.1][...53] [DNS][Network][Acceptable] + detected: [....44] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.136.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....45] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.168.1.1][...53] - detected: [....45] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....45] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed update: [.....4] [ip4][..udp] [....192.168.1.2][.2712] -> [...192.37.115.0][...53] update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] @@ -113,17 +113,17 @@ update: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] update: [.....9] [ip4][..udp] [....192.168.1.2][.2597] -> [....192.168.1.1][29440] update: [.....5] [ip4][..udp] [....192.168.1.2][.2712] -> [....192.168.1.1][49973] - detection-update: [....45] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....45] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....46] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2723] - detected: [....46] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2723] [DNS][Network][Acceptable] + detected: [....46] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2723] [DNS][Network][Acceptable][1.0.0.127.in-adds.arpa] new: [....47] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][.9587] new: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] - detected: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp._s?.cybercity.dk] + detection-update: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [....49] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][25481] new: [....50] [ip4][..udp] [....192.168.1.2][.2724] -> [...192.168.17.1][...53] - detected: [....50] [ip4][..udp] [....192.168.1.2][.2724] -> [...192.168.17.1][...53] [DNS][Network][Acceptable] + detected: [....50] [ip4][..udp] [....192.168.1.2][.2724] -> [...192.168.17.1][...53] [DNS][Network][Acceptable][_zip._udp.sip.cybercity.dk] update: [....16] [ip4][..udp] [..208.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] update: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] update: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] @@ -131,13 +131,13 @@ update: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53] update: [....15] [ip4][..udp] [....192.168.1.1][.9587] -> [....192.168.1.2][..156] new: [....51] [ip4][..udp] [....192.168.1.2][.2725] -> [....192.168.1.1][...53] - detected: [....51] [ip4][..udp] [....192.168.1.2][.2725] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....51] [ip4][..udp] [....192.168.1.2][.2725] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....51] [ip4][..udp] [....192.168.1.2][.2725] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [....51] [ip4][..udp] [....192.168.1.2][.2725] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....52] [ip4][..udp] [...192.168.1.46][...53] -> [....192.168.1.2][.2726] - detected: [....52] [ip4][..udp] [...192.168.1.46][...53] -> [....192.168.1.2][.2726] [DNS][Network][Acceptable] + detected: [....52] [ip4][..udp] [...192.168.1.46][...53] -> [....192.168.1.2][.2726] [DNS][Network][Acceptable][sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed idle: [.....4] [ip4][..udp] [....192.168.1.2][.2712] -> [...192.37.115.0][...53] - guessed: [.....2] [ip4][..udp] [....217.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + guessed: [.....2] [ip4][..udp] [....217.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][] idle: [.....2] [ip4][..udp] [....217.168.1.2][..137] -> [..192.168.1.255][..137] idle: [.....3] [ip4][..udp] [....192.168.1.2][.2712] -> [....192.168.1.1][...53] update: [....47] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][.9587] @@ -195,10 +195,10 @@ update: [....49] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][25481] update: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53] new: [....53] [ip4][..udp] [..192.168.1.202][..137] -> [..192.168.1.255][..137] - detected: [....53] [ip4][..udp] [..192.168.1.202][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [....53] [ip4][..udp] [..192.168.1.202][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][eci_dom] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [....54] [ip4][..udp] [....192.168.1.2][.2732] -> [....192.168.1.1][...53] - detected: [....54] [ip4][..udp] [....192.168.1.2][.2732] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....54] [ip4][..udp] [....192.168.1.2][.2732] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed idle: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] RISK: Malformed Packet @@ -217,26 +217,26 @@ update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170] new: [....55] [ip4][..udp] [....192.168.1.2][43690] -> [192.170.170.170][43690] new: [....56] [ip4][..udp] [....192.168.1.2][.2733] -> [..192.168.115.1][...53] - detected: [....56] [ip4][..udp] [....192.168.1.2][.2733] -> [..192.168.115.1][...53] [DNS][Network][Acceptable] + detected: [....56] [ip4][..udp] [....192.168.1.2][.2733] -> [..192.168.115.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arqa] new: [....57] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] - detected: [....57] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Network][Acceptable] + detected: [....57] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....58] [ip4][..120] [....192.168.1.2] -> [..212.242.33.35] new: [....59] [ip4][..udp] [....192.168.1.2][.2734] -> [....192.168.1.1][...53] - detected: [....59] [ip4][..udp] [....192.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....59] [ip4][..udp] [....192.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....60] [ip4][..udp] [....172.168.1.2][.2734] -> [....192.168.1.1][...53] - detected: [....60] [ip4][..udp] [....172.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....60] [ip4][..udp] [....172.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] idle: [....44] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.136.1.1][...53] - detection-update: [....59] [ip4][..udp] [....192.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....59] [ip4][..udp] [....192.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....59] [ip4][..udp] [....192.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyberxity.dk] + detection-update: [....59] [ip4][..udp] [....192.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53] - detected: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-adds.arpa] new: [....62] [ip4][..udp] [....253.168.1.1][...53] -> [....192.168.1.2][.2735] - detected: [....62] [ip4][..udp] [....253.168.1.1][...53] -> [....192.168.1.2][.2735] [DNS][Network][Acceptable] + detected: [....62] [ip4][..udp] [....253.168.1.1][...53] -> [....192.168.1.2][.2735] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] not-detected: [....47] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][.9587] [Unknown][Unrated] idle: [....47] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][.9587] idle: [....45] [ip4][..udp] [....192.168.1.2][.2722] -> [....192.168.1.1][...53] idle: [....46] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2723] [DNS][Network][Acceptable] - guessed: [....49] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][25481] [NetBIOS][System][Acceptable] + guessed: [....49] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][25481] [NetBIOS][System][Acceptable][] idle: [....49] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][25481] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169] @@ -245,13 +245,13 @@ update: [....53] [ip4][..udp] [..192.168.1.202][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] update: [....54] [ip4][..udp] [....192.168.1.2][.2732] -> [....192.168.1.1][...53] new: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] - detected: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53] - detected: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.dybercity.dk] ERROR-EVENT: Unknown packet type new: [....66] [ip4][..udp] [....192.168.1.2][.2736] -> [...192.168.1.17][...53] - detected: [....66] [ip4][..udp] [....192.168.1.2][.2736] -> [...192.168.1.17][...53] [DNS][Network][Acceptable] - detection-update: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....66] [ip4][..udp] [....192.168.1.2][.2736] -> [...192.168.1.17][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet idle: [....51] [ip4][..udp] [....192.168.1.2][.2725] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] idle: [....52] [ip4][..udp] [...192.168.1.46][...53] -> [....192.168.1.2][.2726] [DNS][Network][Acceptable] @@ -268,38 +268,38 @@ update: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53] update: [....62] [ip4][..udp] [....253.168.1.1][...53] -> [....192.168.1.2][.2735] [DNS][Network][Acceptable] new: [....67] [ip4][..udp] [....192.168.1.2][.2737] -> [....192.168.1.1][...53] - detected: [....67] [ip4][..udp] [....192.168.1.2][.2737] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....67] [ip4][..udp] [....192.168.1.2][.2737] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....67] [ip4][..udp] [....192.168.1.2][.2737] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [....67] [ip4][..udp] [....192.168.1.2][.2737] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....68] [ip4][..udp] [....192.168.1.2][20932] -> [..212.242.33.35][.5060] detected: [....68] [ip4][..udp] [....192.168.1.2][20932] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] new: [....69] [ip4][..udp] [....192.168.1.2][.2738] -> [...192.168.84.1][...53] - detected: [....69] [ip4][..udp] [....192.168.1.2][.2738] -> [...192.168.84.1][...53] [DNS][Network][Acceptable] + detected: [....69] [ip4][..udp] [....192.168.1.2][.2738] -> [...192.168.84.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercitu.dk] new: [....70] [ip4][..udp] [....192.168.1.2][.2738] -> [....192.168.1.1][...53] - detected: [....70] [ip4][..udp] [....192.168.1.2][.2738] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....70] [ip4][..udp] [....192.168.1.2][.2738] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....71] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] - detected: [....71] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....71] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] - detected: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] - detected: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyberci_s] + detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: Unknown packet type - detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet new: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] new: [....75] [ip4][..udp] [....192.168.1.2][.2741] -> [....192.168.1.1][...53] - detected: [....75] [ip4][..udp] [....192.168.1.2][.2741] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....75] [ip4][..udp] [....192.168.1.2][.2741] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....76] [ip4][..udp] [..192.168.130.1][...53] -> [....192.168.1.2][.2741] - detected: [....76] [ip4][..udp] [..192.168.130.1][...53] -> [....192.168.1.2][.2741] [DNS][Network][Acceptable] + detected: [....76] [ip4][..udp] [..192.168.130.1][...53] -> [....192.168.1.2][.2741] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] update: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53] update: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] update: [....66] [ip4][..udp] [....192.168.1.2][.2736] -> [...192.168.1.17][...53] new: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] - detected: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....78] [ip4][..udp] [....192.168.1.2][.2730] -> [....192.168.1.1][43690] - detection-update: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] update: [....55] [ip4][..udp] [....192.168.1.2][43690] -> [192.170.170.170][43690] update: [....68] [ip4][..udp] [....192.168.1.2][20932] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] @@ -320,15 +320,15 @@ update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170] ERROR-EVENT: Unknown packet type new: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] - detected: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] update: [....58] [ip4][..120] [....192.168.1.2] -> [..212.242.33.35] update: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] new: [....80] [ip4][..udp] [....192.168.1.2][.2744] -> [....192.168.1.1][...53] - detected: [....80] [ip4][..udp] [....192.168.1.2][.2744] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....80] [ip4][..udp] [....192.168.1.2][.2744] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....81] [ip4][..udp] [....192.168.1.2][...88] -> [..192.168.1.255][..137] - detected: [....81] [ip4][..udp] [....192.168.1.2][...88] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [....81] [ip4][..udp] [....192.168.1.2][...88] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][eci_domain] not-detected: [....55] [ip4][..udp] [....192.168.1.2][43690] -> [192.170.170.170][43690] [Unknown][Unrated] idle: [....55] [ip4][..udp] [....192.168.1.2][43690] -> [192.170.170.170][43690] idle: [....53] [ip4][..udp] [..192.168.1.202][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] @@ -341,12 +341,12 @@ update: [....76] [ip4][..udp] [..192.168.130.1][...53] -> [....192.168.1.2][.2741] [DNS][Network][Acceptable] new: [....82] [ip4][..udp] [..192.168.1.170][43690] -> [170.170.170.170][43690] new: [....83] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2745] - detected: [....83] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2745] [DNS][Network][Acceptable] + detected: [....83] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2745] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....84] [ip4][..udp] [....192.168.1.2][.2746] -> [....192.168.1.1][...53] - detected: [....84] [ip4][..udp] [....192.168.1.2][.2746] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....84] [ip4][..udp] [....192.168.1.2][.2746] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.voip.brujula.net] new: [....85] [ip4][..240] [....192.168.1.2] -> [....192.168.1.1] new: [....86] [ip4][..udp] [...192.168.1.34][.2746] -> [....192.168.1.1][...53] - detected: [....86] [ip4][..udp] [...192.168.1.34][.2746] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....86] [ip4][..udp] [...192.168.1.34][.2746] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp._s?p.brvjula.net] idle: [....60] [ip4][..udp] [....172.168.1.2][.2734] -> [....192.168.1.1][...53] idle: [....57] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Network][Acceptable] idle: [....56] [ip4][..udp] [....192.168.1.2][.2733] -> [..192.168.115.1][...53] @@ -364,20 +364,20 @@ update: [....62] [ip4][..udp] [....253.168.1.1][...53] -> [....192.168.1.2][.2735] [DNS][Network][Acceptable] update: [....78] [ip4][..udp] [....192.168.1.2][.2730] -> [....192.168.1.1][43690] new: [....87] [ip4][..udp] [....192.168.1.2][.2747] -> [.....67.168.1.1][...53] - detected: [....87] [ip4][..udp] [....192.168.1.2][.2747] -> [.....67.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....87] [ip4][..udp] [....192.168.1.2][.2747] -> [.....67.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....88] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2747] - detected: [....88] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2747] [DNS][Network][Acceptable] + detected: [....88] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2747] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....89] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.4932] detected: [....89] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.4932] [SIP][VoIP][Acceptable] new: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] - detected: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....91] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] - detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] detected: [....91] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] - detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet - guessed: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169] [NetBIOS][System][Acceptable] + guessed: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169] [NetBIOS][System][Acceptable][] idle: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169] idle: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53] idle: [....62] [ip4][..udp] [....253.168.1.1][...53] -> [....192.168.1.2][.2735] [DNS][Network][Acceptable] @@ -385,18 +385,18 @@ update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] update: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] new: [....92] [ip4][..udp] [....192.168.1.2][.2749] -> [....192.168.1.1][...53] - detected: [....92] [ip4][..udp] [....192.168.1.2][.2749] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....92] [ip4][..udp] [....192.168.1.2][.2749] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [....93] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] - detected: [....93] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Network][Acceptable] + detected: [....93] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] ERROR-EVENT: Unknown packet type new: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] - detected: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.voip.brujula.net] new: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53] - detected: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.voip.brujula.net] + detection-update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.voip.brujula.net] RISK: Malformed Packet - detection-update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.vo_s] RISK: Malformed Packet update: [....81] [ip4][..udp] [....192.168.1.2][...88] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] update: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] @@ -407,23 +407,23 @@ update: [....76] [ip4][..udp] [..192.168.130.1][...53] -> [....192.168.1.2][.2741] [DNS][Network][Acceptable] update: [....80] [ip4][..udp] [....192.168.1.2][.2744] -> [....192.168.1.1][...53] new: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] - detected: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] - detected: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Network][Acceptable] + detected: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] - detected: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [....99] [ip4][..udp] [....192.168.1.2][.4292] -> [..200.68.37.115][.5060] detected: [....99] [ip4][..udp] [....192.168.1.2][.4292] -> [..200.68.37.115][.5060] [SIP][VoIP][Acceptable] new: [...100] [ip4][..udp] [....192.168.1.2][.4901] -> [..200.68.120.81][29440] detected: [...100] [ip4][..udp] [....192.168.1.2][.4901] -> [..200.68.120.81][29440] [SIP][VoIP][Acceptable] RISK: Known Proto on Non Std Port new: [...101] [ip4][..udp] [....192.168.1.2][.2752] -> [....102.168.1.1][...53] - detected: [...101] [ip4][..udp] [....192.168.1.2][.2752] -> [....102.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...101] [ip4][..udp] [....192.168.1.2][.2752] -> [....102.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...102] [ip4][..udp] [.....192.98.1.2][.2752] -> [.....25.168.1.1][...53] - detected: [...102] [ip4][..udp] [.....192.98.1.2][.2752] -> [.....25.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...102] [ip4][..udp] [.....192.98.1.2][.2752] -> [.....25.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] update: [....82] [ip4][..udp] [..192.168.1.170][43690] -> [170.170.170.170][43690] update: [....68] [ip4][..udp] [....192.168.1.2][20932] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] @@ -440,8 +440,8 @@ new: [...103] [ip4][..udp] [....192.169.1.2][.5060] -> [..200.68.120.81][.5060] detected: [...103] [ip4][..udp] [....192.169.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] new: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] - detected: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.tn-addr.arpa] + detection-update: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.527.in-addr.arpa] new: [...105] [ip4][..udp] [.....192.86.1.2][.5060] -> [..200.68.120.99][.5060] update: [....87] [ip4][..udp] [....192.168.1.2][.2747] -> [.....67.168.1.1][...53] update: [....88] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2747] [DNS][Network][Acceptable] @@ -451,7 +451,7 @@ ERROR-EVENT: Unknown packet type new: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] new: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] - detected: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyberciwy.dk] idle: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53] idle: [....66] [ip4][..udp] [....192.168.1.2][.2736] -> [...192.168.1.17][...53] idle: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] @@ -463,8 +463,8 @@ update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] update: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53] new: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53] - detected: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] idle: [....68] [ip4][..udp] [....192.168.1.2][20932] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] idle: [....67] [ip4][..udp] [....192.168.1.2][.2737] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] idle: [....69] [ip4][..udp] [....192.168.1.2][.2738] -> [...192.168.84.1][...53] @@ -474,8 +474,8 @@ update: [....76] [ip4][..udp] [..192.168.130.1][...53] -> [....192.168.1.2][.2741] [DNS][Network][Acceptable] update: [....80] [ip4][..udp] [....192.168.1.2][.2744] -> [....192.168.1.1][...53] new: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] - detected: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] + detection-update: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] idle: [....71] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] idle: [....70] [ip4][..udp] [....192.168.1.2][.2738] -> [....192.168.1.1][...53] update: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] @@ -485,10 +485,10 @@ DAEMON-EVENT: [Processed: 241 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 63 / 109|skipped: 0|!detected: 6|guessed: 4|detection-updates: 26|updates: 178] new: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] - detected: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - guessed: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] [NetBIOS][System][Acceptable] + detected: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_?ip._udp.sip.cybercit?.dk] + detection-update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + guessed: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] [NetBIOS][System][Acceptable][] idle: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] idle: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] idle: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] @@ -515,8 +515,8 @@ update: [...103] [ip4][..udp] [....192.169.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] update: [....78] [ip4][..udp] [....192.168.1.2][.2730] -> [....192.168.1.1][43690] new: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] - detected: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.v.0.127.in-addr.arpa] + detection-update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet analyse: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] min| max| avg| stddev| variance| entropy @@ -538,14 +538,14 @@ update: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53] update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] new: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] - detected: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] - detected: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._tdp.sip.cybercity.dk] new: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53] new: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] - detected: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.gybercity.dk] idle: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] not-detected: [....78] [ip4][..udp] [....192.168.1.2][.2730] -> [....192.168.1.1][43690] [Unknown][Unrated] idle: [....78] [ip4][..udp] [....192.168.1.2][.2730] -> [....192.168.1.1][43690] @@ -558,7 +558,7 @@ update: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] update: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] new: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] - detected: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.sn-addr.arpa] new: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] idle: [....79] [ip4][..udp] [....192.168.1.2][.2743] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] update: [....85] [ip4][..240] [....192.168.1.2] -> [....192.168.1.1] @@ -566,11 +566,11 @@ ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53] new: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] - detected: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip.eudp.sip.cybercity.dk] ERROR-EVENT: Unknown packet type ERROR-EVENT: nDPI IPv4/L4 payload detection failed ERROR-EVENT: Unknown packet type - detection-update: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] idle: [....81] [ip4][..udp] [....192.168.1.2][...88] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] idle: [....80] [ip4][..udp] [....192.168.1.2][.2744] -> [....192.168.1.1][...53] update: [....82] [ip4][..udp] [..192.168.1.170][43690] -> [170.170.170.170][43690] @@ -600,12 +600,12 @@ update: [...102] [ip4][..udp] [.....192.98.1.2][.2752] -> [.....25.168.1.1][...53] update: [...103] [ip4][..udp] [....192.169.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] new: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] - detected: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] - detected: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet - detection-update: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.sk] RISK: Malformed Packet ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown L3 protocol @@ -618,15 +618,15 @@ update: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] ERROR-EVENT: Unknown packet type new: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] - detected: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Network][Acceptable] + detected: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] RISK: Malformed Packet ERROR-EVENT: Unknown packet type new: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] - detected: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: Unknown packet type new: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690] - detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.s?p.cibercity.dk] + detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet idle: [....87] [ip4][..udp] [....192.168.1.2][.2747] -> [.....67.168.1.1][...53] idle: [....84] [ip4][..udp] [....192.168.1.2][.2746] -> [....192.168.1.1][...53] @@ -643,18 +643,18 @@ update: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] update: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] new: [...125] [ip4][..udp] [..192.168.1.110][.2765] -> [....192.168.1.1][...53] - detected: [...125] [ip4][..udp] [..192.168.1.110][.2765] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...125] [ip4][..udp] [..192.168.1.110][.2765] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...126] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2765] - detected: [...126] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2765] [DNS][Network][Acceptable] + detected: [...126] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2765] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...127] [ip4][..udp] [..192.168.1.172][.2766] -> [....192.168.1.1][...53] - detected: [...127] [ip4][..udp] [..192.168.1.172][.2766] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...127] [ip4][..udp] [..192.168.1.172][.2766] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53] - detected: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybe0city.dk] ERROR-EVENT: Unknown packet type new: [...129] [ip4][..udp] [....192.168.1.2][14798] -> [....192.168.1.1][...53] - detected: [...129] [ip4][..udp] [....192.168.1.2][14798] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...129] [ip4][..udp] [....192.168.1.2][14798] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] idle: [....93] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Network][Acceptable] idle: [....92] [ip4][..udp] [....192.168.1.2][.2749] -> [....192.168.1.1][...53] idle: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53] @@ -676,15 +676,15 @@ update: [...102] [ip4][..udp] [.....192.98.1.2][.2752] -> [.....25.168.1.1][...53] update: [...103] [ip4][..udp] [....192.169.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][VoIP][Acceptable] new: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] - detected: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] - detected: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] - detected: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4] - detection-update: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet idle: [....99] [ip4][..udp] [....192.168.1.2][.4292] -> [..200.68.37.115][.5060] [SIP][VoIP][Acceptable] idle: [...100] [ip4][..udp] [....192.168.1.2][.4901] -> [..200.68.120.81][29440] [SIP][VoIP][Acceptable] @@ -702,7 +702,7 @@ update: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] update: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] new: [...134] [ip4][..udp] [....192.168.1.2][.2769] -> [....192.168.1.1][...53] - detected: [...134] [ip4][..udp] [....192.168.1.2][.2769] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...134] [ip4][..udp] [....192.168.1.2][.2769] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...135] [ip4][..udp] [....192.168.1.1][..117] -> [....192.168.1.2][.2769] guessed: [...105] [ip4][..udp] [.....192.86.1.2][.5060] -> [..200.68.120.99][.5060] [SIP][VoIP][Acceptable] idle: [...105] [ip4][..udp] [.....192.86.1.2][.5060] -> [..200.68.120.99][.5060] @@ -717,13 +717,13 @@ ERROR-EVENT: Unknown packet type new: [...136] [ip4][..127] [....192.168.1.2] -> [....192.168.1.1] new: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] - detected: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137] - detected: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137] [NetBIOS][System][Acceptable][eci_doma] ERROR-EVENT: Unknown packet type - detection-update: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet idle: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53] idle: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] @@ -746,27 +746,27 @@ update: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53] update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170] new: [...139] [ip4][..udp] [...192.168.1.57][.2771] -> [....192.168.1.1][...53] - detected: [...139] [ip4][..udp] [...192.168.1.57][.2771] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...139] [ip4][..udp] [...192.168.1.57][.2771] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] new: [...140] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2771] - detected: [...140] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2771] [DNS][Network][Acceptable] + detected: [...140] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2771] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] - detected: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][d002465] RISK: Unsafe Protocol idle: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] update: [....58] [ip4][..120] [....192.168.1.2] -> [..212.242.33.35] update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] update: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] new: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] - detected: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet - detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet - detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip] RISK: Malformed Packet new: [...143] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.184.1.1][...53] - detected: [...143] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.184.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...143] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.184.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet idle: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] update: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690] @@ -784,7 +784,7 @@ update: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] update: [...135] [ip4][..udp] [....192.168.1.1][..117] -> [....192.168.1.2][.2769] new: [...144] [ip4][..udp] [....192.168.1.2][.2773] -> [....192.168.1.1][...53] - detected: [...144] [ip4][..udp] [....192.168.1.2][.2773] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...144] [ip4][..udp] [....192.168.1.2][.2773] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.il-addr.arpa] ERROR-EVENT: nDPI IPv4/L4 payload detection failed idle: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] idle: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] @@ -807,17 +807,17 @@ update: [...128] [ip4][..udp] [....192.168.1.2][.2766] -> [....192.168.1.1][...53] update: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] new: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] - detected: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet - detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet - detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] - detected: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet - guessed: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53] [DNS][Network][Acceptable] + guessed: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet idle: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53] idle: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] @@ -828,18 +828,18 @@ update: [...139] [ip4][..udp] [...192.168.1.57][.2771] -> [....192.168.1.1][...53] update: [...140] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2771] [DNS][Network][Acceptable] new: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] - detected: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-aqd?.arpa] + detection-update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] idle: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] new: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] - detected: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet ERROR-EVENT: Unknown packet type - detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet - guessed: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + guessed: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet idle: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53] idle: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] @@ -858,10 +858,10 @@ update: [...135] [ip4][..udp] [....192.168.1.1][..117] -> [....192.168.1.2][.2769] new: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] new: [...150] [ip4][..udp] [...192.168.33.2][.2782] -> [....192.168.1.1][...53] - detected: [...150] [ip4][..udp] [...192.168.33.2][.2782] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...150] [ip4][..udp] [...192.168.33.2][.2782] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782] - detected: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782] [DNS][Network][Acceptable] + detected: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...152] [ip4][..udp] [....192.168.1.6][.5060] -> [..212.242.33.35][.5060] ERROR-EVENT: Unknown packet type idle: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] @@ -878,12 +878,12 @@ update: [...137] [ip4][..udp] [....192.168.1.2][.2770] -> [....192.168.1.1][...53] update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] new: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] - detected: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: Unknown packet type new: [...154] [ip4][..udp] [......0.168.1.2][.2783] -> [....192.168.1.1][...53] - detected: [...154] [ip4][..udp] [......0.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...154] [ip4][..udp] [......0.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet not-detected: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690] [Unknown][Unrated] idle: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690] @@ -901,10 +901,10 @@ update: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] new: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] - detected: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...156] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.5.2][.2784] - detected: [...156] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.5.2][.2784] [DNS][Network][Acceptable] + detected: [...156] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.5.2][.2784] [DNS][Network][Acceptable][1.0.0.127.in-addr.aspa] ERROR-EVENT: Unknown packet type idle: [...129] [ip4][..udp] [....192.168.1.2][14798] -> [....192.168.1.1][...53] idle: [...126] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2765] [DNS][Network][Acceptable] @@ -922,10 +922,10 @@ update: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] new: [...157] [ip4][...19] [....192.168.1.2] -> [....192.168.1.1] new: [...158] [ip4][..udp] [....200.168.1.2][.2785] -> [....192.168.1.1][...53] - detected: [...158] [ip4][..udp] [....200.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...158] [ip4][..udp] [....200.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] new: [...160] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] - detected: [...160] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...160] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybevcity.dk] not-detected: [....58] [ip4][..120] [....192.168.1.2] -> [..212.242.33.35] [Unknown][Unrated] idle: [....58] [ip4][..120] [....192.168.1.2] -> [..212.242.33.35] idle: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] @@ -938,15 +938,15 @@ update: [...150] [ip4][..udp] [...192.168.33.2][.2782] -> [....192.168.1.1][...53] update: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782] [DNS][Network][Acceptable] new: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53] - detected: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53] [DNS][Network][Acceptable] + detected: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53] [DNS][Network][Acceptable][1.0.0.127.in-ad?r.arpa] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196] new: [...163] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.3.1][...53] - detected: [...163] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.3.1][...53] [DNS][Network][Acceptable] + detected: [...163] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.3.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] - detected: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.?ip.kybermity.dk] + detection-update: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] not-detected: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4] [Unknown][Unrated] idle: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4] idle: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] @@ -959,7 +959,7 @@ update: [...153] [ip4][..udp] [....192.168.1.2][.2783] -> [....192.168.1.1][...53] update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170] new: [...165] [ip4][..udp] [....192.168.1.2][.2788] -> [....192.168.1.1][...53] - detected: [...165] [ip4][..udp] [....192.168.1.2][.2788] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...165] [ip4][..udp] [....192.168.1.2][.2788] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2] analyse: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -974,12 +974,12 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] - detected: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet - detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet - detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet update: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] RISK: Unsafe Protocol @@ -991,20 +991,20 @@ update: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] update: [...156] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.5.2][.2784] [DNS][Network][Acceptable] new: [...168] [ip4][..udp] [....192.168.1.2][.2790] -> [....192.168.1.1][...53] - detected: [...168] [ip4][..udp] [....192.168.1.2][.2790] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...168] [ip4][..udp] [....192.168.1.2][.2790] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...169] [ip4][..udp] [..212.242.33.35][.5060] -> [...192.37.115.0][.5060] detected: [...169] [ip4][..udp] [..212.242.33.35][.5060] -> [...192.37.115.0][.5060] [SIP][VoIP][Acceptable] new: [...170] [ip4][..udp] [...192.168.79.2][.2791] -> [....192.168.1.1][...53] - detected: [...170] [ip4][..udp] [...192.168.79.2][.2791] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...170] [ip4][..udp] [...192.168.79.2][.2791] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53] - detected: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] - detected: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] [NetBIOS][System][Acceptable][eci_domain] new: [...173] [ip4][..udp] [170.170.170.170][43690] -> [170.170.170.170][43690] new: [...174] [ip4][..udp] [....192.168.1.2][.2791] -> [....192.168.1.1][...53] - detected: [...174] [ip4][..udp] [....192.168.1.2][.2791] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...174] [ip4][..udp] [....192.168.1.2][.2791] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] idle: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137] [NetBIOS][System][Acceptable] idle: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] RISK: Unsafe Protocol @@ -1024,12 +1024,12 @@ update: [...158] [ip4][..udp] [....200.168.1.2][.2785] -> [....192.168.1.1][...53] update: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] new: [...175] [ip4][..udp] [....192.168.1.2][.2791] -> [...192.168.67.1][...53] - detected: [...175] [ip4][..udp] [....192.168.1.2][.2791] -> [...192.168.67.1][...53] [DNS][Network][Acceptable] + detected: [...175] [ip4][..udp] [....192.168.1.2][.2791] -> [...192.168.67.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] - detected: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] - detected: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Network][Acceptable] + detected: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Network][Acceptable][1.0.0.127.in-a?dr.arpa] RISK: Malformed Packet ERROR-EVENT: nDPI IPv4/L4 payload detection failed update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] @@ -1067,9 +1067,9 @@ update: [...158] [ip4][..udp] [....200.168.1.2][.2785] -> [....192.168.1.1][...53] update: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] new: [...178] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.112][..137] - detected: [...178] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.112][..137] [NetBIOS][System][Acceptable] + detected: [...178] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.112][..137] [NetBIOS][System][Acceptable][eci_domain] new: [...179] [ip4][..udp] [....192.136.1.2][..137] -> [..192.168.1.255][..137] - detected: [...179] [ip4][..udp] [....192.136.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...179] [ip4][..udp] [....192.136.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][5ci_dombin] guessed: [...152] [ip4][..udp] [....192.168.1.6][.5060] -> [..212.242.33.35][.5060] [SIP][VoIP][Acceptable] idle: [...152] [ip4][..udp] [....192.168.1.6][.5060] -> [..212.242.33.35][.5060] idle: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] @@ -1118,7 +1118,7 @@ idle: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53] idle: [...163] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.3.1][...53] idle: [...158] [ip4][..udp] [....200.168.1.2][.2785] -> [....192.168.1.1][...53] - guessed: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] [NetBIOS][System][Acceptable] + guessed: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] [NetBIOS][System][Acceptable][] idle: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] update: [...169] [ip4][..udp] [..212.242.33.35][.5060] -> [...192.37.115.0][.5060] [SIP][VoIP][Acceptable] update: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2] @@ -1143,30 +1143,30 @@ RISK: Malformed Packet update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170] new: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] - detected: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][lab111] RISK: Unsafe Protocol new: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] - detected: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][workg] new: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] - detected: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][workgroup] new: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] - detected: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] [NetBIOS][System][Acceptable][workgroup] new: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137] - detected: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][workgroup] ERROR-EVENT: nDPI IPv4/L4 payload detection failed idle: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] idle: [...165] [ip4][..udp] [....192.168.1.2][.2788] -> [....192.168.1.1][...53] idle: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] new: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] - detected: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] [NetBIOS][System][Acceptable] + detected: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] [NetBIOS][System][Acceptable][workgroup] idle: [...169] [ip4][..udp] [..212.242.33.35][.5060] -> [...192.37.115.0][.5060] [SIP][VoIP][Acceptable] idle: [...168] [ip4][..udp] [....192.168.1.2][.2790] -> [....192.168.1.1][...53] idle: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53] idle: [...170] [ip4][..udp] [...192.168.79.2][.2791] -> [....192.168.1.1][...53] new: [...186] [ip4][..udp] [....192.168.1.2][43690] -> [192.168.170.170][43690] new: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] - detected: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][System][Acceptable][eci_domain] not-detected: [...173] [ip4][..udp] [170.170.170.170][43690] -> [170.170.170.170][43690] [Unknown][Unrated] idle: [...173] [ip4][..udp] [170.170.170.170][43690] -> [170.170.170.170][43690] idle: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] [NetBIOS][System][Acceptable] @@ -1180,7 +1180,7 @@ update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Network][Acceptable] RISK: Malformed Packet new: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] - detected: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] [DHCP][Network][Acceptable] + detected: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] [DHCP][Network][Acceptable][d002465] new: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] idle: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] idle: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] @@ -1203,12 +1203,12 @@ DAEMON-EVENT: [Processed: 409 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 40 / 189|skipped: 0|!detected: 16|guessed: 10|detection-updates: 55|updates: 489] new: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] - detected: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][re-.sippstar.com] + detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][reg.sip?star.com] ERROR-EVENT: nDPI IPv4/L4 payload detection failed - detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][reg.sippstar.com] new: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] - detected: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] [DNS][Network][Acceptable] + detected: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk] idle: [...178] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.112][..137] [NetBIOS][System][Acceptable] idle: [...179] [ip4][..udp] [....192.136.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] update: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] @@ -1222,46 +1222,46 @@ RISK: Unsafe Protocol update: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] new: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] - detected: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk] new: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53] - detected: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed - detection-update: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk] + detection-update: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk] new: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] - detected: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.ak] + detection-update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] - detection-update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet ERROR-EVENT: nDPI IPv4/L4 payload detection failed update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] update: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][System][Acceptable] update: [...186] [ip4][..udp] [....192.168.1.2][43690] -> [192.168.170.170][43690] new: [...196] [ip4][..udp] [....192.168.1.2][.2796] -> [..192.168.1.129][...53] - detected: [...196] [ip4][..udp] [....192.168.1.2][.2796] -> [..192.168.1.129][...53] [DNS][Network][Acceptable] + detected: [...196] [ip4][..udp] [....192.168.1.2][.2796] -> [..192.168.1.129][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] - detected: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arp_] + detection-update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] detected: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] - detected: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] update: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2] update: [...157] [ip4][...19] [....192.168.1.2] -> [....192.168.1.1] update: [...136] [ip4][..127] [....192.168.1.2] -> [....192.168.1.1] update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170] ERROR-EVENT: Unknown packet type new: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53] - detected: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...201] [ip4][..udp] [....192.168.1.1][...53] -> [..192.168.119.2][.2799] - detected: [...201] [ip4][..udp] [....192.168.1.1][...53] -> [..192.168.119.2][.2799] [DNS][Network][Acceptable] + detected: [...201] [ip4][..udp] [....192.168.1.1][...53] -> [..192.168.119.2][.2799] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] - detected: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_s?p._udp.sip.cybercity.dk] + detection-update: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] ERROR-EVENT: Unknown packet type update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] @@ -1277,16 +1277,16 @@ update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] update: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] new: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] - detected: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...205] [ip4][....0] [....192.168.1.2] -> [..212.242.33.35] new: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] - detected: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] - detected: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53] - detected: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyhercity.dk] update: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] update: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][System][Acceptable] @@ -1296,12 +1296,12 @@ update: [...196] [ip4][..udp] [....192.168.1.2][.2796] -> [..192.168.1.129][...53] update: [...186] [ip4][..udp] [....192.168.1.2][43690] -> [192.168.170.170][43690] new: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] - detected: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] - detected: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: Unknown L3 protocol - detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyberc?ty.dk] idle: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] [NetBIOS][System][Acceptable] idle: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] idle: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] @@ -1310,19 +1310,19 @@ update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] update: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] - detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: Unknown packet type ERROR-EVENT: nDPI IPv4/L4 payload detection failed idle: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] [NetBIOS][System][Acceptable] new: [...211] [ip4][..udp] [....192.168.1.2][.2805] -> [....192.168.1.1][...51] new: [...212] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2805] - detected: [...212] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2805] [DNS][Network][Acceptable] + detected: [...212] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2805] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] - detected: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sim._udp.sip.c_ber_itm.dk] + detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.c4bercity.dk] + detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cxbercity.dk] + detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.qk] idle: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] idle: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][System][Acceptable] not-detected: [...186] [ip4][..udp] [....192.168.1.2][43690] -> [192.168.170.170][43690] [Unknown][Unrated] @@ -1337,12 +1337,12 @@ update: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] ERROR-EVENT: Unknown packet type new: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] - detected: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Network][Acceptable] + detected: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...215] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][38709] new: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] - detected: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] update: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53] update: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] @@ -1356,23 +1356,23 @@ update: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] ERROR-EVENT: Unknown packet type new: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] - detected: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] - detected: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...219] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][17860] new: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] - detected: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] - detected: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udq.sip.mybercity.dk] + detection-update: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.nybercity.dk] new: [...222] [ip4][..udp] [....128.168.1.2][.2810] -> [....192.168.1.1][...53] not-detected: [...136] [ip4][..127] [....192.168.1.2] -> [....192.168.1.1] [Unknown][Unrated] idle: [...136] [ip4][..127] [....192.168.1.2] -> [....192.168.1.1] idle: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] [DHCP][Network][Acceptable] - guessed: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] [NetBIOS][System][Acceptable] + guessed: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] [NetBIOS][System][Acceptable][] idle: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][VoIP][Acceptable] update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] @@ -1380,10 +1380,10 @@ update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] new: [...223] [ip4][..udp] [....192.168.1.2][.2811] -> [....192.168.1.1][...53] - detected: [...223] [ip4][..udp] [....192.168.1.2][.2811] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...223] [ip4][..udp] [....192.168.1.2][.2811] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...224] [ip4][..udp] [..192.168.233.1][...53] -> [....192.168.1.2][.2811] - detected: [...224] [ip4][..udp] [..192.168.233.1][...53] -> [....192.168.1.2][.2811] [DNS][Network][Acceptable] + detected: [...224] [ip4][..udp] [..192.168.233.1][...53] -> [....192.168.1.2][.2811] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905] @@ -1398,8 +1398,8 @@ update: [...212] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2805] [DNS][Network][Acceptable] update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] new: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] - detected: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyaercity.dk] + detection-update: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed idle: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] idle: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] @@ -1433,20 +1433,20 @@ update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170] update: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] new: [...227] [ip4][..udp] [....192.168.1.2][.2813] -> [....192.168.1.1][...53] - detected: [...227] [ip4][..udp] [....192.168.1.2][.2813] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...227] [ip4][..udp] [....192.168.1.2][.2813] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127?in-ad_r?arpa???] RISK: Malformed Packet ERROR-EVENT: nDPI IPv4/L4 payload detection failed ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] - detected: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet ERROR-EVENT: nDPI IPv4/L4 payload detection failed ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137] - detected: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137] [NetBIOS][System][Acceptable] + detected: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137] [NetBIOS][System][Acceptable][] ERROR-EVENT: nDPI IPv4/L4 payload detection failed - detection-update: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sib._udp.sip.cybercity.dk] RISK: Malformed Packet not-detected: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] [Unknown][Unrated] idle: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] @@ -1466,14 +1466,14 @@ update: [...224] [ip4][..udp] [..192.168.233.1][...53] -> [....192.168.1.2][.2811] [DNS][Network][Acceptable] update: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905] new: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] - detected: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] - detected: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][?sip._udp.shp.cybercity.dk] new: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] detected: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] [SIP][VoIP][Acceptable] - detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udq.sip.cybercity.dk] new: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] detected: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] [RTP][Media][Acceptable] new: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] @@ -1485,21 +1485,21 @@ new: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] detected: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Media][Acceptable] ERROR-EVENT: Unknown packet type - detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed idle: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] idle: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] update: [...205] [ip4][....0] [....192.168.1.2] -> [..212.242.33.35] new: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] - detected: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.1?7.in-addr.arpa] new: [...239] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.234.33.35][.5060] detected: [...239] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.234.33.35][.5060] [SIP][VoIP][Acceptable] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] - detected: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed - detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] not-detected: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] [Unknown][Unrated] idle: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] not-detected: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] [Unknown][Unrated] @@ -1528,14 +1528,14 @@ update: [...219] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][17860] update: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] new: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] - detected: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] - detected: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] + detection-update: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet - detection-update: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet idle: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53] idle: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] @@ -1552,11 +1552,11 @@ update: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137] [NetBIOS][System][Acceptable] update: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905] new: [...243] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] - detected: [...243] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [...243] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][d00] RISK: Unsafe Protocol new: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] - detected: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.?.0.127.in-addr.arpa] + detection-update: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] idle: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] idle: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] update: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] [SIP][VoIP][Acceptable] @@ -1569,12 +1569,12 @@ update: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] [RTP][Media][Acceptable] update: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] [RTP][Media][Acceptable] new: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53] - detected: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53] [DNS][Network][Acceptable] + detected: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] new: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] - detected: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercimy.v?] ERROR-EVENT: Unknown packet type new: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53] - detected: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53] [DNS][Network][Acceptable] + detected: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cyberc?ty.dk] ERROR-EVENT: Unknown L3 protocol not-detected: [...157] [ip4][...19] [....192.168.1.2] -> [....192.168.1.1] [Unknown][Unrated] idle: [...157] [ip4][...19] [....192.168.1.2] -> [....192.168.1.1] @@ -1587,14 +1587,14 @@ update: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] new: [...248] [ip4][..udp] [....192.168.1.2][.2828] -> [....192.168.1.1][...53] - detected: [...248] [ip4][..udp] [....192.168.1.2][.2828] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...248] [ip4][..udp] [....192.168.1.2][.2828] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [...249] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2572] - detected: [...249] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2572] [DNS][Network][Acceptable] + detected: [...249] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2572] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...250] [ip4][..udp] [....192.168.1.2][...11] -> [..192.168.1.255][..137] - detected: [...250] [ip4][..udp] [....192.168.1.2][...11] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...250] [ip4][..udp] [....192.168.1.2][...11] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][eci_domain] new: [...251] [ip4][..udp] [.....62.168.1.2][..137] -> [..192.168.1.255][..137] - detected: [...251] [ip4][..udp] [.....62.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [...251] [ip4][..udp] [.....62.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][eci_domain] not-detected: [...215] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][38709] [Unknown][Unrated] idle: [...215] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][38709] idle: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] @@ -1613,16 +1613,16 @@ update: [...219] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][17860] update: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] new: [...252] [ip4][..udp] [....192.168.1.2][.2829] -> [....192.168.1.1][...53] - detected: [...252] [ip4][..udp] [....192.168.1.2][.2829] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...252] [ip4][..udp] [....192.168.1.2][.2829] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...253] [ip4][..udp] [...192.168.54.2][.2829] -> [....192.168.1.1][...53] - detected: [...253] [ip4][..udp] [...192.168.54.2][.2829] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...253] [ip4][..udp] [...192.168.54.2][.2829] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet new: [...254] [ip4][..udp] [....192.168.1.2][.2830] -> [....192.168.1.1][...53] - detected: [...254] [ip4][..udp] [....192.168.1.2][.2830] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...254] [ip4][..udp] [....192.168.1.2][.2830] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...254] [ip4][..udp] [....192.168.1.2][.2830] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk] + detection-update: [...254] [ip4][..udp] [....192.168.1.2][.2830] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk] new: [...255] [ip4][..udp] [....116.168.1.2][.2829] -> [....192.168.1.1][...53] - detected: [...255] [ip4][..udp] [....116.168.1.2][.2829] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...255] [ip4][..udp] [....116.168.1.2][.2829] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] not-detected: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2] [Unknown][Unrated] idle: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2] idle: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] @@ -1649,18 +1649,18 @@ update: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Media][Acceptable] update: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] [RTP][Media][Acceptable] update: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] [RTP][Media][Acceptable] - detection-update: [...254] [ip4][..udp] [....192.168.1.2][.2830] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [...254] [ip4][..udp] [....192.168.1.2][.2830] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][sip.cybercity.dk] new: [...256] [ip4][..udp] [....192.168.1.2][.2831] -> [....192.168.1.1][...53] - detected: [...256] [ip4][..udp] [....192.168.1.2][.2831] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [...256] [ip4][..udp] [....192.168.1.2][.2831] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - guessed: [...222] [ip4][..udp] [....128.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...256] [ip4][..udp] [....192.168.1.2][.2831] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + detection-update: [...256] [ip4][..udp] [....192.168.1.2][.2831] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][1.0.0.127.in-addr.arpa] + guessed: [...222] [ip4][..udp] [....128.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][] RISK: Malformed Packet idle: [...222] [ip4][..udp] [....128.168.1.2][.2810] -> [....192.168.1.1][...53] update: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53] update: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] ERROR-EVENT: nDPI IPv4/L4 payload detection failed new: [...257] [ip4][..udp] [....192.168.1.2][.2832] -> [....192.168.1.1][...53] - detected: [...257] [ip4][..udp] [....192.168.1.2][.2832] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [...257] [ip4][..udp] [....192.168.1.2][.2832] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][_sip._udp.sip.cybercity.dk] guessed: [....26] [ip4][..tcp] [..147.234.1.253][...21] -> [......192.2.1.2][.2720] [FTP_CONTROL][Download][Unsafe] RISK: Unsafe Protocol idle: [....26] [ip4][..tcp] [..147.234.1.253][...21] -> [......192.2.1.2][.2720] @@ -1718,14 +1718,14 @@ not-detected: [....40] [ip4][..tcp] [...37.115.0.253][58999] -> [....192.168.1.2][.2721] [Unknown][Unrated] idle: [....40] [ip4][..tcp] [...37.115.0.253][58999] -> [....192.168.1.2][.2721] idle: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137] [NetBIOS][System][Acceptable] - guessed: [....20] [ip4][..tcp] [...192.168.1.71][.2718] -> [.147.137.21.122][..139] [NetBIOS][System][Acceptable] + guessed: [....20] [ip4][..tcp] [...192.168.1.71][.2718] -> [.147.137.21.122][..139] [NetBIOS][System][Acceptable][] idle: [....20] [ip4][..tcp] [...192.168.1.71][.2718] -> [.147.137.21.122][..139] - guessed: [....19] [ip4][..tcp] [....192.168.1.2][.2718] -> [..147.137.21.94][..139] [NetBIOS][System][Acceptable] + guessed: [....19] [ip4][..tcp] [....192.168.1.2][.2718] -> [..147.137.21.94][..139] [NetBIOS][System][Acceptable][] idle: [....19] [ip4][..tcp] [....192.168.1.2][.2718] -> [..147.137.21.94][..139] guessed: [....35] [ip4][..tcp] [..147.234.1.253][...21] -> [.....84.168.1.2][.2720] [FTP_CONTROL][Download][Unsafe] RISK: Unsafe Protocol idle: [....35] [ip4][..tcp] [..147.234.1.253][...21] -> [.....84.168.1.2][.2720] - guessed: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905] [NetBIOS][System][Acceptable] + guessed: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905] [NetBIOS][System][Acceptable][] idle: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905] guessed: [....25] [ip4][..tcp] [....192.168.1.2][.2679] -> [..147.234.1.253][...21] [FTP_CONTROL][Download][Unsafe] RISK: Unsafe Protocol diff --git a/test/results/flow-info/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-info/fuzz-2006-09-29-28586.pcap.out index d09679cfd..a01bf89d5 100644 --- a/test/results/flow-info/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/flow-info/fuzz-2006-09-29-28586.pcap.out @@ -5,20 +5,20 @@ new: [.....1] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2600] [MIDSTREAM] ERROR-EVENT: Unknown packet type new: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601] - detected: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601] [HTTP][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601] [HTTP][Web][Acceptable][] new: [.....3] [ip4][..tcp] [....172.20.3.13][...81] -> [.....172.20.3.5][.2601] [MIDSTREAM] new: [.....4] [ip4][..tcp] [......0.20.3.13][...80] -> [.....172.20.3.5][.2601] [MIDSTREAM] ERROR-EVENT: Unknown packet type new: [.....5] [ip4][..tcp] [....172.20.3.13][53132] -> [.....172.20.3.5][...80] new: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] [MIDSTREAM] - detected: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] [HTTP][Web][Acceptable] + detected: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] [HTTP][Web][Acceptable][] new: [.....7] [ip4][..tcp] [.....172.20.3.5][...80] -> [....172.57.3.13][53132] [MIDSTREAM] new: [.....8] [ip4][..tcp] [......172.6.3.5][...80] -> [....172.20.3.13][53132] [MIDSTREAM] new: [.....9] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.21.3.13][...80] ERROR-EVENT: Unknown packet type new: [....10] [ip4][..170] [170.170.170.170] -> [170.170.170.170] new: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [MIDSTREAM] - detected: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] + detected: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13] RISK: HTTP Numeric IP Address new: [....12] [ip4][..tcp] [....172.20.3.88][...80] -> [....172.20.3.82][.2601] [MIDSTREAM] new: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] @@ -27,88 +27,88 @@ new: [....16] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.82.5][.2603] [MIDSTREAM] new: [....17] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....68.37.115.0][...80] [MIDSTREAM] new: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80] - detected: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] + detected: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13] RISK: HTTP Numeric IP Address ERROR-EVENT: Unknown packet type new: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] [MIDSTREAM] new: [....20] [ip4][..tcp] [.....172.20.3.5][.2605] -> [....172.20.3.13][...80] - detected: [....20] [ip4][..tcp] [.....172.20.3.5][.2605] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] + detected: [....20] [ip4][..tcp] [.....172.20.3.5][.2605] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13] RISK: HTTP Numeric IP Address new: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] [MIDSTREAM] new: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069] [MIDSTREAM] new: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [MIDSTREAM] - detected: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [HTTP][Web][Acceptable] + detected: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] [HTTP][Web][Acceptable][] ERROR-EVENT: Unknown L3 protocol new: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690] new: [....25] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2639] [MIDSTREAM] new: [....26] [ip4][..tcp] [....172.52.3.13][...80] -> [.....172.20.3.5][.2093] [MIDSTREAM] new: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] - detected: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] + detected: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13] RISK: HTTP Numeric IP Address ERROR-EVENT: Unknown L3 protocol new: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] [MIDSTREAM] - detected: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] [HTTP][Web][Acceptable] - detection-update: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] + detected: [....28] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.72.5][.2606] [HTTP][Web][Acceptable][] + detection-update: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][172.20.3.13] RISK: HTTP Numeric IP Address new: [....29] [ip4][..tcp] [.....172.20.3.5][.2607] -> [....172.20.3.13][...80] new: [....30] [ip4][..tcp] [.....172.20.3.5][.9587] -> [....172.20.3.13][...80] [MIDSTREAM] - detected: [....30] [ip4][..tcp] [.....172.20.3.5][.9587] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] + detected: [....30] [ip4][..tcp] [.....172.20.3.5][.9587] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][] new: [....31] [ip4][..tcp] [....172.20.2.13][...80] -> [.....172.20.3.5][.2607] [MIDSTREAM] - detected: [....31] [ip4][..tcp] [....172.20.2.13][...80] -> [.....172.20.3.5][.2607] [HTTP][Web][Acceptable] + detected: [....31] [ip4][..tcp] [....172.20.2.13][...80] -> [.....172.20.3.5][.2607] [HTTP][Web][Acceptable][] new: [....32] [ip4][..tcp] [....172.20.3.13][53193] -> [.....172.20.3.5][...80] new: [....33] [ip4][..tcp] [.....172.20.3.5][...80] -> [...172.20.35.13][53136] new: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [MIDSTREAM] - detected: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable] + detected: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable][] new: [....35] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.70.3.5][...80] [MIDSTREAM] new: [....36] [ip4][..tcp] [...172.20.67.13][53136] -> [.....172.20.3.5][...80] [MIDSTREAM] ERROR-EVENT: Unknown packet type new: [....37] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2608] - detected: [....37] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2608] [HTTP][Web][Acceptable] + detected: [....37] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2608] [HTTP][Web][Acceptable][] new: [....38] [ip4][..tcp] [....172.20.3.13][...80] -> [...172.20.148.5][.2608] [MIDSTREAM] new: [....39] [ip4][..115] [....172.20.3.13] -> [.....172.20.3.5] idle: [.....6] [ip4][..tcp] [.....172.20.3.1][...80] -> [....172.20.3.13][53132] - guessed: [.....5] [ip4][..tcp] [....172.20.3.13][53132] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable] + guessed: [.....5] [ip4][..tcp] [....172.20.3.13][53132] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable][] end: [.....5] [ip4][..tcp] [....172.20.3.13][53132] -> [.....172.20.3.5][...80] - guessed: [....36] [ip4][..tcp] [...172.20.67.13][53136] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable] + guessed: [....36] [ip4][..tcp] [...172.20.67.13][53136] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable][] idle: [....36] [ip4][..tcp] [...172.20.67.13][53136] -> [.....172.20.3.5][...80] end: [....34] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable] - guessed: [....33] [ip4][..tcp] [.....172.20.3.5][...80] -> [...172.20.35.13][53136] [HTTP][Web][Acceptable] + guessed: [....33] [ip4][..tcp] [.....172.20.3.5][...80] -> [...172.20.35.13][53136] [HTTP][Web][Acceptable][] idle: [....33] [ip4][..tcp] [.....172.20.3.5][...80] -> [...172.20.35.13][53136] - guessed: [....32] [ip4][..tcp] [....172.20.3.13][53193] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable] + guessed: [....32] [ip4][..tcp] [....172.20.3.13][53193] -> [.....172.20.3.5][...80] [HTTP][Web][Acceptable][] idle: [....32] [ip4][..tcp] [....172.20.3.13][53193] -> [.....172.20.3.5][...80] not-detected: [....39] [ip4][..115] [....172.20.3.13] -> [.....172.20.3.5] [Unknown][Unrated] idle: [....39] [ip4][..115] [....172.20.3.13] -> [.....172.20.3.5] - guessed: [....26] [ip4][..tcp] [....172.52.3.13][...80] -> [.....172.20.3.5][.2093] [HTTP][Web][Acceptable] + guessed: [....26] [ip4][..tcp] [....172.52.3.13][...80] -> [.....172.20.3.5][.2093] [HTTP][Web][Acceptable][] end: [....26] [ip4][..tcp] [....172.52.3.13][...80] -> [.....172.20.3.5][.2093] not-detected: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690] [Unknown][Unrated] idle: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690] - guessed: [.....4] [ip4][..tcp] [......0.20.3.13][...80] -> [.....172.20.3.5][.2601] [HTTP][Web][Acceptable] + guessed: [.....4] [ip4][..tcp] [......0.20.3.13][...80] -> [.....172.20.3.5][.2601] [HTTP][Web][Acceptable][] idle: [.....4] [ip4][..tcp] [......0.20.3.13][...80] -> [.....172.20.3.5][.2601] - guessed: [.....8] [ip4][..tcp] [......172.6.3.5][...80] -> [....172.20.3.13][53132] [HTTP][Web][Acceptable] + guessed: [.....8] [ip4][..tcp] [......172.6.3.5][...80] -> [....172.20.3.13][53132] [HTTP][Web][Acceptable][] idle: [.....8] [ip4][..tcp] [......172.6.3.5][...80] -> [....172.20.3.13][53132] - guessed: [....35] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.70.3.5][...80] [HTTP.Cloudflare][Web][Acceptable] + guessed: [....35] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.70.3.5][...80] [HTTP.Cloudflare][Web][Acceptable][] idle: [....35] [ip4][..tcp] [....172.20.3.13][53136] -> [.....172.70.3.5][...80] idle: [....23] [ip4][..tcp] [....172.20.3.13][...80] -> [......44.20.3.5][.2605] - guessed: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + guessed: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] [HTTP.AmazonAWS][Cloud][Acceptable][] idle: [....21] [ip4][..tcp] [......51.20.3.5][.2605] -> [....172.20.3.13][...80] - guessed: [....15] [ip4][..tcp] [.....172.20.3.5][.2603] -> [.....72.20.3.13][...80] [HTTP][Web][Acceptable] + guessed: [....15] [ip4][..tcp] [.....172.20.3.5][.2603] -> [.....72.20.3.13][...80] [HTTP][Web][Acceptable][] end: [....15] [ip4][..tcp] [.....172.20.3.5][.2603] -> [.....72.20.3.13][...80] - guessed: [.....1] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2600] [HTTP][Web][Acceptable] + guessed: [.....1] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2600] [HTTP][Web][Acceptable][] end: [.....1] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2600] - guessed: [....12] [ip4][..tcp] [....172.20.3.88][...80] -> [....172.20.3.82][.2601] [HTTP][Web][Acceptable] + guessed: [....12] [ip4][..tcp] [....172.20.3.88][...80] -> [....172.20.3.82][.2601] [HTTP][Web][Acceptable][] idle: [....12] [ip4][..tcp] [....172.20.3.88][...80] -> [....172.20.3.82][.2601] end: [.....2] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2601] end: [....11] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address not-detected: [.....3] [ip4][..tcp] [....172.20.3.13][...81] -> [.....172.20.3.5][.2601] [Unknown][Unrated] idle: [.....3] [ip4][..tcp] [....172.20.3.13][...81] -> [.....172.20.3.5][.2601] - guessed: [....16] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.82.5][.2603] [HTTP][Web][Acceptable] + guessed: [....16] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.82.5][.2603] [HTTP][Web][Acceptable][] idle: [....16] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.82.5][.2603] - guessed: [....14] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.77][...80] [HTTP][Web][Acceptable] + guessed: [....14] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.77][...80] [HTTP][Web][Acceptable][] idle: [....14] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.77][...80] - guessed: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] + guessed: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][] end: [....13] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....172.20.3.13][...80] - guessed: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] [HTTP][Web][Acceptable] + guessed: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] [HTTP][Web][Acceptable][] end: [....19] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.68.5][.2604] end: [....18] [ip4][..tcp] [.....172.20.3.5][.2604] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address @@ -117,22 +117,22 @@ end: [....27] [ip4][..tcp] [.....172.20.3.5][.2606] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] RISK: HTTP Numeric IP Address idle: [....31] [ip4][..tcp] [....172.20.2.13][...80] -> [.....172.20.3.5][.2607] - guessed: [....29] [ip4][..tcp] [.....172.20.3.5][.2607] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable] + guessed: [....29] [ip4][..tcp] [.....172.20.3.5][.2607] -> [....172.20.3.13][...80] [HTTP][Web][Acceptable][] idle: [....29] [ip4][..tcp] [.....172.20.3.5][.2607] -> [....172.20.3.13][...80] - guessed: [....38] [ip4][..tcp] [....172.20.3.13][...80] -> [...172.20.148.5][.2608] [HTTP][Web][Acceptable] + guessed: [....38] [ip4][..tcp] [....172.20.3.13][...80] -> [...172.20.148.5][.2608] [HTTP][Web][Acceptable][] idle: [....38] [ip4][..tcp] [....172.20.3.13][...80] -> [...172.20.148.5][.2608] idle: [....37] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2608] - guessed: [....25] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2639] [HTTP][Web][Acceptable] + guessed: [....25] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2639] [HTTP][Web][Acceptable][] idle: [....25] [ip4][..tcp] [....172.20.3.13][...80] -> [.....172.20.3.5][.2639] - guessed: [....17] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....68.37.115.0][...80] [HTTP][Web][Acceptable] + guessed: [....17] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....68.37.115.0][...80] [HTTP][Web][Acceptable][] idle: [....17] [ip4][..tcp] [.....172.20.3.5][.2603] -> [....68.37.115.0][...80] - guessed: [.....9] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.21.3.13][...80] [HTTP][Web][Acceptable] + guessed: [.....9] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.21.3.13][...80] [HTTP][Web][Acceptable][] idle: [.....9] [ip4][..tcp] [.....172.20.3.5][.2602] -> [....172.21.3.13][...80] not-detected: [....10] [ip4][..170] [170.170.170.170] -> [170.170.170.170] [Unknown][Unrated] idle: [....10] [ip4][..170] [170.170.170.170] -> [170.170.170.170] - guessed: [.....7] [ip4][..tcp] [.....172.20.3.5][...80] -> [....172.57.3.13][53132] [HTTP][Web][Acceptable] + guessed: [.....7] [ip4][..tcp] [.....172.20.3.5][...80] -> [....172.57.3.13][53132] [HTTP][Web][Acceptable][] idle: [.....7] [ip4][..tcp] [.....172.20.3.5][...80] -> [....172.57.3.13][53132] idle: [....30] [ip4][..tcp] [.....172.20.3.5][.9587] -> [....172.20.3.13][...80] - guessed: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069] [HTTP][Web][Acceptable] + guessed: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069] [HTTP][Web][Acceptable][] idle: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/gnutella.pcap.out b/test/results/flow-info/gnutella.pcap.out index b3f592cc9..2091c43d9 100644 --- a/test/results/flow-info/gnutella.pcap.out +++ b/test/results/flow-info/gnutella.pcap.out @@ -9,42 +9,42 @@ new: [.....4] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [................................ff02::1] detected: [.....4] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [................................ff02::1] [ICMPV6][Network][Acceptable] new: [.....5] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [.....5] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....5] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][msedgewin10] new: [.....6] [ip4][..udp] [.......10.0.2.2][...67] -> [......10.0.2.15][...68] - detected: [.....6] [ip4][..udp] [.......10.0.2.2][...67] -> [......10.0.2.15][...68] [DHCP][Network][Acceptable] + detected: [.....6] [ip4][..udp] [.......10.0.2.2][...67] -> [......10.0.2.15][...68] [DHCP][Network][Acceptable][] new: [.....7] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][..546] -> [..............................ff02::1:2][..547] detected: [.....7] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Network][Acceptable] new: [.....8] [ip4][....2] [......10.0.2.15] -> [.....224.0.0.22] detected: [.....8] [ip4][....2] [......10.0.2.15] -> [.....224.0.0.22] [IGMP][Network][Acceptable] new: [.....9] [ip4][..udp] [......10.0.2.15][.5353] -> [....224.0.0.251][.5353] - detected: [.....9] [ip4][..udp] [......10.0.2.15][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....9] [ip4][..udp] [......10.0.2.15][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][msedgewin10.local] new: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] - detected: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][msedgewin10.local] new: [....11] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63717] -> [..............................ff02::1:3][.5355] detected: [....11] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63717] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] - detection-update: [.....9] [ip4][..udp] [......10.0.2.15][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detection-update: [.....9] [ip4][..udp] [......10.0.2.15][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][msedgewin10.local] new: [....12] [ip4][..udp] [......10.0.2.15][63717] -> [....224.0.0.252][.5355] detected: [....12] [ip4][..udp] [......10.0.2.15][63717] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] - detection-update: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detection-update: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][msedgewin10.local] new: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] - detected: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][System][Acceptable] + detected: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][System][Acceptable][msedgewin10] new: [....14] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] detected: [....14] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Network][Acceptable] new: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] detected: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] [WSD][Network][Acceptable] new: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] - detected: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] - detected: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][System][Acceptable] + detected: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][System][Acceptable][[ff02::c]:1900] new: [....18] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63965] -> [................................ff02::c][.3702] detected: [....18] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63965] -> [................................ff02::c][.3702] [WSD][Network][Acceptable] new: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702] detected: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702] [WSD][Network][Acceptable] new: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] - detected: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][System][Dangerous][msedgewin10] RISK: Unsafe Protocol new: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] - detected: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....22] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][62539] -> [..............................ff02::1:3][.5355] detected: [....22] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][62539] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] new: [....23] [ip4][..udp] [......10.0.2.15][62539] -> [....224.0.0.252][.5355] @@ -96,7 +96,7 @@ new: [....52] [ip4][..tcp] [......10.0.2.15][50212] -> [...95.17.124.40][.6776] new: [....53] [ip4][..tcp] [......10.0.2.15][50213] -> [...85.117.153.7][50138] new: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] - detected: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] detected: [....51] [ip4][..tcp] [......10.0.2.15][50211] -> [...14.199.10.60][23458] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol new: [....55] [ip4][..tcp] [......10.0.2.15][50214] -> [.80.193.171.146][53808] @@ -465,7 +465,7 @@ RISK: Unsafe Protocol detected: [...277] [ip4][..tcp] [......10.0.2.15][50301] -> [..87.123.54.234][54130] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol - detected: [...290] [ip4][..tcp] [......10.0.2.15][50314] -> [...80.7.252.192][.6888] [TLS][Web][Safe] + detected: [...290] [ip4][..tcp] [......10.0.2.15][50314] -> [...80.7.252.192][.6888] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detected: [...274] [ip4][..tcp] [......10.0.2.15][50298] -> [.46.128.114.107][.6578] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -477,7 +477,7 @@ new: [...301] [ip4][..udp] [......10.0.2.15][28681] -> [..188.61.52.183][11852] detected: [...271] [ip4][..tcp] [......10.0.2.15][50295] -> [.38.142.119.234][49732] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol - detection-update: [...290] [ip4][..tcp] [......10.0.2.15][50314] -> [...80.7.252.192][.6888] [TLS][Web][Safe] + detection-update: [...290] [ip4][..tcp] [......10.0.2.15][50314] -> [...80.7.252.192][.6888] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Self-signed Cert, TLS Cert Expired, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [...302] [ip4][..udp] [......10.0.2.15][28681] -> [.185.187.74.173][53489] new: [...303] [ip4][..udp] [......10.0.2.15][28681] -> [.142.132.165.13][30566] @@ -633,14 +633,14 @@ update: [....41] [ip4][..udp] [......10.0.2.15][57622] -> [.......10.0.2.2][.5351] new: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] new: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] - detected: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Download][Potentially Dangerous] + detected: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Download][Potentially Dangerous][69.118.162.229] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, Unsafe Protocol - detected: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Download][Potentially Dangerous] + detected: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Download][Potentially Dangerous][189.147.72.83] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, Unsafe Protocol new: [...335] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][37058] - detection-update: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Media][Potentially Dangerous] + detection-update: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Media][Potentially Dangerous][69.118.162.229] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, Unsafe Protocol - detection-update: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Media][Potentially Dangerous] + detection-update: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Media][Potentially Dangerous][189.147.72.83] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, Unsafe Protocol new: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] detected: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Download][Potentially Dangerous] @@ -761,7 +761,7 @@ [PKTLENS.....: 52,44,40,578,40,846,1500,326,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132] [ENTROPIES...: 4.6,4.8,4.7,5.9,4.6,5.9,7.8,7.3,4.7,7.8,7.8,4.8,7.8,7.8,4.8,7.9,7.8,4.7,7.9,7.8,4.8,7.8,7.8,4.7,7.9,7.8,4.8,7.9,7.8,4.8,7.8,7.8] new: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] - detected: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] [HTTP.Gnutella][Download][Potentially Dangerous] + detected: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] [HTTP.Gnutella][Download][Potentially Dangerous][69.118.162.229] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, Unsafe Protocol new: [...346] [ip4][..udp] [......10.0.2.15][28681] -> [..76.226.85.105][.6346] detected: [...346] [ip4][..udp] [......10.0.2.15][28681] -> [..76.226.85.105][.6346] [Gnutella][Download][Potentially Dangerous] @@ -982,7 +982,7 @@ update: [...326] [ip4][..udp] [......10.0.2.15][28681] -> [..100.1.231.138][56558] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol new: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] - detected: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] update: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] update: [...335] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][37058] update: [...349] [ip4][.icmp] [...84.197.97.94] -> [......10.0.2.15] [ICMP][Network][Acceptable] @@ -2033,7 +2033,7 @@ RISK: Unsafe Protocol update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] new: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] - detected: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] idle: [...320] [ip4][..udp] [......10.0.2.15][28681] -> [185.236.200.137][48142] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol idle: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][Download][Potentially Dangerous] @@ -3617,7 +3617,7 @@ detected: [...757] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol new: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] - detected: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] detected: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -3809,7 +3809,7 @@ RISK: Unsafe Protocol update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] new: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] - detected: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][System][Dangerous][msedgewin10] RISK: Unsafe Protocol new: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] new: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] @@ -5135,7 +5135,7 @@ update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] new: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] - detected: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] @@ -5338,7 +5338,7 @@ update: [...312] [ip4][..udp] [......10.0.2.15][28681] -> [..24.167.201.53][47282] [Gnutella][Download][Potentially Dangerous] RISK: Unsafe Protocol new: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] - detected: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [...799] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] detected: [...799] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Network][Acceptable] new: [...800] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] diff --git a/test/results/flow-info/googledns_android10.pcap.out b/test/results/flow-info/googledns_android10.pcap.out index d8fdd5105..65a06c24c 100644 --- a/test/results/flow-info/googledns_android10.pcap.out +++ b/test/results/flow-info/googledns_android10.pcap.out @@ -4,24 +4,24 @@ new: [.....1] [ip4][..tcp] [........8.8.8.8][..853] -> [..192.168.1.159][55856] [MIDSTREAM] new: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] new: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] - detected: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detected: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Network][Fun] + detected: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS new: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] - detected: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detected: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] min| max| avg| stddev| variance| entropy @@ -38,9 +38,9 @@ new: [.....6] [ip4][..tcp] [........8.8.4.4][..853] -> [..192.168.1.159][47968] [MIDSTREAM] update: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Network][Acceptable] new: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] - detected: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detected: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] min| max| avg| stddev| variance| entropy @@ -63,11 +63,11 @@ end: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] RISK: TLS (probably) Not Carrying HTTPS new: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] - detected: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detected: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun][dns.google] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Network][Fun] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/gquic.pcap.out b/test/results/flow-info/gquic.pcap.out index aaa634674..166ac40e0 100644 --- a/test/results/flow-info/gquic.pcap.out +++ b/test/results/flow-info/gquic.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.....10.44.5.25][61097] -> [.216.58.213.163][..443] - detected: [.....1] [ip4][..udp] [.....10.44.5.25][61097] -> [.216.58.213.163][..443] [QUIC.Google][Web][Acceptable] + detected: [.....1] [ip4][..udp] [.....10.44.5.25][61097] -> [.216.58.213.163][..443] [QUIC.Google][Web][Acceptable][www.gstatic.com] idle: [.....1] [ip4][..udp] [.....10.44.5.25][61097] -> [.216.58.213.163][..443] [QUIC.Google][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/h323-overflow.pcap.out b/test/results/flow-info/h323-overflow.pcap.out index 4e28296f9..6342e78f9 100644 --- a/test/results/flow-info/h323-overflow.pcap.out +++ b/test/results/flow-info/h323-overflow.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....192.168.1.1][31337] -> [....192.168.1.2][...80] [MIDSTREAM] - guessed: [.....1] [ip4][..tcp] [....192.168.1.1][31337] -> [....192.168.1.2][...80] [HTTP][Web][Acceptable] + guessed: [.....1] [ip4][..tcp] [....192.168.1.1][31337] -> [....192.168.1.2][...80] [HTTP][Web][Acceptable][] idle: [.....1] [ip4][..tcp] [....192.168.1.1][31337] -> [....192.168.1.2][...80] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/hangout.pcap.out b/test/results/flow-info/hangout.pcap.out index 34c37a222..026aa91aa 100644 --- a/test/results/flow-info/hangout.pcap.out +++ b/test/results/flow-info/hangout.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.74.125.134.127][19305] -> [....10.89.61.13][56406] - detected: [.....1] [ip4][..udp] [.74.125.134.127][19305] -> [....10.89.61.13][56406] [STUN.GoogleHangoutDuo][VoIP][Acceptable] + detected: [.....1] [ip4][..udp] [.74.125.134.127][19305] -> [....10.89.61.13][56406] [STUN.GoogleHangoutDuo][VoIP][Acceptable][] RISK: Known Proto on Non Std Port idle: [.....1] [ip4][..udp] [.74.125.134.127][19305] -> [....10.89.61.13][56406] [STUN.GoogleHangoutDuo][VoIP][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/http-crash-content-disposition.pcap.out b/test/results/flow-info/http-crash-content-disposition.pcap.out index 9c65a0f6a..504281a49 100644 --- a/test/results/flow-info/http-crash-content-disposition.pcap.out +++ b/test/results/flow-info/http-crash-content-disposition.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.0.103][51171] -> [...174.129.0.10][...80] - detected: [.....1] [ip4][..tcp] [..192.168.0.103][51171] -> [...174.129.0.10][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.0.103][51171] -> [...174.129.0.10][...80] [HTTP.AmazonAWS][Cloud][Acceptable][khu.sh] idle: [.....1] [ip4][..tcp] [..192.168.0.103][51171] -> [...174.129.0.10][...80] [HTTP.AmazonAWS][Cloud][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/http-lines-split.pcap.out b/test/results/flow-info/http-lines-split.pcap.out index 8508e4bda..26523ffe1 100644 --- a/test/results/flow-info/http-lines-split.pcap.out +++ b/test/results/flow-info/http-lines-split.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....192.168.0.1][39236] -> [...192.168.0.20][31337] - detected: [.....1] [ip4][..tcp] [....192.168.0.1][39236] -> [...192.168.0.20][31337] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [....192.168.0.1][39236] -> [...192.168.0.20][31337] [HTTP][Web][Acceptable][toni.lan] RISK: Known Proto on Non Std Port end: [.....1] [ip4][..tcp] [....192.168.0.1][39236] -> [...192.168.0.20][31337] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/http-manipulated.pcap.out b/test/results/flow-info/http-manipulated.pcap.out index 30520a457..ed73ba914 100644 --- a/test/results/flow-info/http-manipulated.pcap.out +++ b/test/results/flow-info/http-manipulated.pcap.out @@ -2,12 +2,12 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.0.20][33632] -> [....192.168.0.7][.8080] - detected: [.....1] [ip4][..tcp] [...192.168.0.20][33632] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [...192.168.0.20][33632] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable][wwww.lan] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 10 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [...192.168.0.20][33684] -> [....192.168.0.7][.8080] - detected: [.....2] [ip4][..tcp] [...192.168.0.20][33684] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [...192.168.0.20][33684] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable][www.lan] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..tcp] [...192.168.0.20][33684] -> [....192.168.0.7][.8080] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/http-proxy.pcapng.out b/test/results/flow-info/http-proxy.pcapng.out index 7edf86ead..c61745bde 100644 --- a/test/results/flow-info/http-proxy.pcapng.out +++ b/test/results/flow-info/http-proxy.pcapng.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.103][.1241] -> [..192.168.1.146][.8080] - detected: [.....1] [ip4][..tcp] [..192.168.1.103][.1241] -> [..192.168.1.146][.8080] [HTTP_Proxy][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.1.103][.1241] -> [..192.168.1.146][.8080] [HTTP_Proxy][Web][Acceptable][http.com] end: [.....1] [ip4][..tcp] [..192.168.1.103][.1241] -> [..192.168.1.146][.8080] [HTTP_Proxy][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/http_auth.pcap.out b/test/results/flow-info/http_auth.pcap.out index f5497f955..be288fc85 100644 --- a/test/results/flow-info/http_auth.pcap.out +++ b/test/results/flow-info/http_auth.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] - detected: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Web][Acceptable][browserspy.dk] analyse: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 4.862| 0.405| 1.194| 1424465.723| 2.200] diff --git a/test/results/flow-info/http_connect.pcap.out b/test/results/flow-info/http_connect.pcap.out index 391408a9d..82d8315da 100644 --- a/test/results/flow-info/http_connect.pcap.out +++ b/test/results/flow-info/http_connect.pcap.out @@ -2,13 +2,13 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.103][.1714] -> [..192.168.1.146][.8080] - detected: [.....1] [ip4][..tcp] [..192.168.1.103][.1714] -> [..192.168.1.146][.8080] [HTTP_Connect][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.1.103][.1714] -> [..192.168.1.146][.8080] [HTTP_Connect][Web][Acceptable][apache.org] new: [.....2] [ip4][..udp] [..192.168.1.146][47767] -> [....192.168.1.2][...53] - detected: [.....2] [ip4][..udp] [..192.168.1.146][47767] -> [....192.168.1.2][...53] [DNS][Network][Acceptable] - detection-update: [.....2] [ip4][..udp] [..192.168.1.146][47767] -> [....192.168.1.2][...53] [DNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.1.146][47767] -> [....192.168.1.2][...53] [DNS][Network][Acceptable][apache.org] + detection-update: [.....2] [ip4][..udp] [..192.168.1.146][47767] -> [....192.168.1.2][...53] [DNS][Network][Acceptable][apache.org] new: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] - detected: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] + detected: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe][apache.org] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe][apache.org] analyse: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.016| 0.003| 0.005| 23.691| 3.400] diff --git a/test/results/flow-info/http_ipv6.pcap.out b/test/results/flow-info/http_ipv6.pcap.out index 6f9e25ff3..a14377896 100644 --- a/test/results/flow-info/http_ipv6.pcap.out +++ b/test/results/flow-info/http_ipv6.pcap.out @@ -5,7 +5,7 @@ new: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] [MIDSTREAM] detected: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] [TLS][Web][Safe] new: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] - detected: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Web][Acceptable] + detected: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Web][Acceptable][www.google.it] new: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [MIDSTREAM] new: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] analyse: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Web][Acceptable] @@ -20,35 +20,35 @@ [ENTROPIES...: 4.7,7.9,5.3,7.8,5.2,7.6,5.4,6.9,5.2,5.4,7.5,5.4,4.9,6.9,5.2,7.7,5.6,5.5,5.2,7.0,4.9,7.6,5.5,6.9,5.3,7.6,5.5,6.9,5.2,7.6,5.4,7.0] new: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] new: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] - detected: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] - detected: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] - detection-update: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] - detection-update: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] - detection-update: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] + detected: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detected: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] RISK: TLS Cert Mismatch - detection-update: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] + detection-update: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] RISK: TLS Cert Mismatch new: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] - detected: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] - detection-update: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] - detection-update: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] + detected: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] RISK: TLS Cert Mismatch new: [.....9] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][60124] -> [..................2a02:26f0:ad:1a1::eed][..443] [MIDSTREAM] new: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [MIDSTREAM] new: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [MIDSTREAM] new: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] - detected: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] - detection-update: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] - detection-update: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe] + detected: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] + detection-update: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Network][Safe][www.ntop.org] RISK: TLS Cert Mismatch new: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] [MIDSTREAM] new: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] new: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] - detected: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun] - detected: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun] - detection-update: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun] - detection-update: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun] - detection-update: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun][s-static.ak.facebook.com] + detected: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun][s-static.ak.facebook.com] + detection-update: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun][s-static.ak.facebook.com] + detection-update: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun][s-static.ak.facebook.com] + detection-update: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] [TLS.Facebook][SocialNetwork][Fun][s-static.ak.facebook.com] idle: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] idle: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] idle: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] diff --git a/test/results/flow-info/http_on_sip_port.pcap.out b/test/results/flow-info/http_on_sip_port.pcap.out index 0f555617c..3bbaea7f9 100644 --- a/test/results/flow-info/http_on_sip_port.pcap.out +++ b/test/results/flow-info/http_on_sip_port.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.82.178.111.221][.5060] -> [....45.58.148.2][.8888] - detected: [.....1] [ip4][..tcp] [.82.178.111.221][.5060] -> [....45.58.148.2][.8888] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [.82.178.111.221][.5060] -> [....45.58.148.2][.8888] [HTTP][Web][Acceptable][45.58.148.2] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address idle: [.....1] [ip4][..tcp] [.82.178.111.221][.5060] -> [....45.58.148.2][.8888] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address diff --git a/test/results/flow-info/instagram.pcap.out b/test/results/flow-info/instagram.pcap.out index 4a0f79e12..602c8eb92 100644 --- a/test/results/flow-info/instagram.pcap.out +++ b/test/results/flow-info/instagram.pcap.out @@ -4,9 +4,9 @@ new: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] new: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] [MIDSTREAM] detected: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] [TLS.Facebook][SocialNetwork][Fun] - detected: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] [TLS.Instagram][SocialNetwork][Fun] + detected: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] [TLS.Instagram][SocialNetwork][Fun][telegraph-ash.instagram.com] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] [TLS.Instagram][SocialNetwork][Fun] + detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] [TLS.Instagram][SocialNetwork][Fun][telegraph-ash.instagram.com] RISK: Obsolete TLS (v1.1 or older) analyse: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] min| max| avg| stddev| variance| entropy @@ -20,13 +20,13 @@ [ENTROPIES...: 7.9,5.1,7.7,5.0,7.8,5.0,7.9,5.1,6.7,5.1,7.9,5.1,7.8,5.1,7.9,5.0,7.8,5.1,7.9,5.1,7.8,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.1] detection-update: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] [TLS.Facebook][SocialNetwork][Fun] new: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][SocialNetwork][Fun] + detected: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][SocialNetwork][Fun][photos-h.ak.instagram.com] new: [.....4] [ip4][..tcp] [..192.168.0.103][57936] -> [...82.85.26.162][...80] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [..192.168.0.103][57936] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] + detected: [.....4] [ip4][..tcp] [..192.168.0.103][57936] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun][photos-g.ak.instagram.com] new: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [MIDSTREAM] - detected: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][SocialNetwork][Fun] + detected: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][SocialNetwork][Fun][photos-e.ak.instagram.com] new: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [MIDSTREAM] - detected: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][SocialNetwork][Fun] + detected: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][SocialNetwork][Fun][photos-f.ak.instagram.com] analyse: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.033| 0.003| 0.008| 64.366| 2.900] @@ -47,8 +47,8 @@ [IATS(ms)....: 56.8,57.1,1.2,1.0,0.6,0.6,0.4,0.4,0.5,0.5,0.7,0.7,1.3,1.3,1.2,1.2,0.5,0.5,0.4,0.5,111.5,0.0,112.0,0.3,1.3,0.1,0.0,1.0,0.9,0.8,0.5] [PKTLENS.....: 305,1470,52,1431,52,1470,52,1470,52,1470,52,1470,52,172,52,1470,52,1470,52,1470,52,1470,1470,52,52,1470,1470,1470,52,1470,52,1470] [ENTROPIES...: 5.8,6.9,5.0,7.6,5.0,7.8,5.0,7.8,5.0,7.8,5.1,7.8,5.0,6.5,5.0,6.9,5.0,7.5,5.0,7.8,5.0,7.8,7.8,5.1,5.1,7.8,7.8,7.8,5.1,7.8,5.1,7.8] - detection-update: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][SocialNetwork][Fun] - detection-update: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][SocialNetwork][Fun] + detection-update: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][SocialNetwork][Fun][photos-f.ak.instagram.com] + detection-update: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][SocialNetwork][Fun][photos-e.ak.instagram.com] new: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [MIDSTREAM] analyse: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy @@ -61,7 +61,7 @@ [PKTLENS.....: 311,1470,80,1470,1470,80,80,1470,1470,80,80,1470,80,1470,1470,311,1470,52,1470,52,1460,52,1470,52,1470,52,1470,52,1470,52,1470,1470] [ENTROPIES...: 5.9,7.8,5.2,7.8,7.8,5.2,5.3,7.8,7.8,5.3,5.3,7.8,5.2,7.8,7.8,5.8,7.2,5.0,7.6,5.0,7.7,5.0,7.8,5.0,7.8,5.0,7.8,5.0,7.8,5.0,7.8,7.8] new: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] [MIDSTREAM] - detected: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] [HTTP.Instagram][SocialNetwork][Fun] + detected: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] [HTTP.Instagram][SocialNetwork][Fun][photos-a.ak.instagram.com] new: [.....9] [ip4][..udp] [..192.168.0.106][17500] -> [255.255.255.255][17500] detected: [.....9] [ip4][..udp] [..192.168.0.106][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable] new: [....10] [ip4][..udp] [..192.168.0.106][17500] -> [..192.168.0.255][17500] @@ -86,51 +86,51 @@ [IATS(ms)....: 0.2,0.9,1.5,2.7,0.5,0.4,0.3,0.4,1.5,0.5,1.2,1.8,0.1,0.0,2.3,0.1,3.2,0.4,3.6,1.0,0.5,0.4,2.0,0.9,0.9,0.7,3.6,0.1,4.7,0.2,7321.5] [PKTLENS.....: 52,52,1470,1470,52,1470,1470,1470,1470,52,52,1470,1470,1470,1470,52,52,1470,1470,52,1470,1470,1470,52,1470,52,1470,1470,1323,52,52,52] [ENTROPIES...: 5.0,5.0,7.8,7.8,5.0,7.8,7.8,7.8,7.8,5.0,5.1,7.8,7.8,7.8,7.8,5.1,5.0,7.8,7.8,5.0,7.8,7.8,7.8,5.1,7.8,5.0,7.8,7.8,7.8,5.1,5.1,5.1] - guessed: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Web][Acceptable] - detected: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Web][Acceptable] + guessed: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Web][Acceptable][] + detected: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Web][Acceptable][] new: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] - detected: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] + detected: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun][igcdn-photos-h-a.akamaihd.net] new: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] - detected: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] + detected: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun][igcdn-photos-a-a.akamaihd.net] new: [....19] [ip4][..tcp] [..192.168.0.103][57966] -> [...82.85.26.185][...80] [MIDSTREAM] new: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] - detected: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] - detection-update: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] + detected: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun][igcdn-photos-g-a.akamaihd.net] + detection-update: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun][igcdn-photos-h-a.akamaihd.net] new: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] - detection-update: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] + detection-update: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun][igcdn-photos-a-a.akamaihd.net] new: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] new: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443] - detection-update: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] + detection-update: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun][igcdn-photos-g-a.akamaihd.net] new: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] - detected: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][SocialNetwork][Fun] + detected: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-h-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detected: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] [TLS.Instagram][SocialNetwork][Fun] + detected: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-g-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detected: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun] + detected: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-a-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detected: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun] + detected: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-a-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] [TLS.Instagram][SocialNetwork][Fun] + detection-update: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-g-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] [TLS.Instagram][SocialNetwork][Fun] + detection-update: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-g-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][SocialNetwork][Fun] + detection-update: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-h-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][SocialNetwork][Fun] + detection-update: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-h-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun] + detection-update: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-a-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun] + detection-update: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-a-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun] + detection-update: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-a-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun] + detection-update: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443] [TLS.Instagram][SocialNetwork][Fun][igcdn-photos-a-a.akamaihd.net] RISK: Obsolete TLS (v1.1 or older) new: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562] [MIDSTREAM] new: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [MIDSTREAM] - detected: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] + detected: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun][photos-g.ak.instagram.com] new: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [MIDSTREAM] - detected: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] + detected: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun][photos-g.ak.instagram.com] analyse: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.062| 0.005| 0.015| 225.668| 2.000] @@ -152,8 +152,8 @@ [IATS(ms)....: 0.4,1.5,1.6,0.5,0.5,0.8,1.5,0.1,0.0,1.6,2.2,2.1,0.4,0.2,0.6,0.4,1.3,1.7,0.5,0.2,0.6,0.6,1.0,1.7,0.3,0.5,0.9,0.8,0.3,1.0,0.7] [PKTLENS.....: 1450,52,1450,52,1450,1450,52,1450,1450,1450,52,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450] [ENTROPIES...: 7.8,5.0,7.5,5.0,7.9,7.9,5.0,7.8,7.4,7.5,5.0,7.9,5.0,7.8,7.9,5.0,7.8,7.8,5.0,7.2,7.8,5.0,7.8,7.9,5.0,7.8,7.8,5.0,7.4,7.9,5.0,7.9] - guessed: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP.Facebook][SocialNetwork][Fun] - detected: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP.Facebook][SocialNetwork][Fun] + guessed: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP.Facebook][SocialNetwork][Fun][] + detected: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP.Facebook][SocialNetwork][Fun][] update: [....14] [ip4][.icmp] [..192.168.0.103] -> [..192.168.0.103] [ICMP][Network][Acceptable] update: [.....9] [ip4][..udp] [..192.168.0.106][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable] update: [....10] [ip4][..udp] [..192.168.0.106][17500] -> [..192.168.0.255][17500] [Dropbox][Cloud][Acceptable] @@ -162,7 +162,7 @@ new: [....30] [ip4][..tcp] [..192.168.0.103][58690] -> [...46.33.70.159][..443] [MIDSTREAM] detected: [....30] [ip4][..tcp] [..192.168.0.103][58690] -> [...46.33.70.159][..443] [TLS][Web][Safe] new: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] - detected: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] + detected: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun][photos-b.ak.instagram.com] analyse: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.004| 0.001| 0.001| 1.362| 4.300] @@ -173,14 +173,14 @@ [IATS(ms)....: 0.1,2.1,0.4,3.4,0.0,3.2,2.3,0.4,0.9,1.9,0.2,2.6,1.8,3.8,0.1,3.8,0.2,1.3,1.3,0.4,0.2,0.2,0.3,0.5,0.5,0.9,0.9,2.1,2.1,2.0,0.1] [PKTLENS.....: 1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,1470] [ENTROPIES...: 7.8,5.1,7.8,7.8,5.1,5.1,7.8,5.1,7.8,7.7,5.0,5.1,7.7,5.1,7.7,7.8,5.2,5.1,7.7,5.2,7.8,5.2,7.8,5.2,7.8,5.1,7.8,5.1,7.8,5.1,7.8,7.8] - guessed: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Web][Acceptable] - detected: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Web][Acceptable] + guessed: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Web][Acceptable][] + detected: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Web][Acceptable][] new: [....32] [ip4][..tcp] [...46.33.70.150][...80] -> [..192.168.0.103][40855] DAEMON-EVENT: [Processed: 743 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 32 / 32|skipped: 0|!detected: 0|guessed: 3|detection-updates: 15|updates: 4] new: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] - detected: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - detection-update: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] + detected: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] + detection-update: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] analyse: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.017| 0.003| 0.006| 31.659| 3.300] @@ -194,12 +194,12 @@ new: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] new: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] new: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] - detected: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - detected: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - detected: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - detection-update: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - detection-update: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - detection-update: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] + detected: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] + detected: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] + detected: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] + detection-update: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] + detection-update: [....35] [ip4][..tcp] [...192.168.2.17][49358] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] + detection-update: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] analyse: [....36] [ip4][..tcp] [...192.168.2.17][49359] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.159| 0.012| 0.037| 1346.646| 2.300] @@ -226,7 +226,7 @@ idle: [.....4] [ip4][..tcp] [..192.168.0.103][57936] -> [...82.85.26.162][...80] [HTTP.Instagram][SocialNetwork][Fun] idle: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] idle: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] - guessed: [....19] [ip4][..tcp] [..192.168.0.103][57966] -> [...82.85.26.185][...80] [HTTP][Web][Acceptable] + guessed: [....19] [ip4][..tcp] [..192.168.0.103][57966] -> [...82.85.26.185][...80] [HTTP][Web][Acceptable][] end: [....19] [ip4][..tcp] [..192.168.0.103][57966] -> [...82.85.26.185][...80] end: [....30] [ip4][..tcp] [..192.168.0.103][58690] -> [...46.33.70.159][..443] [TLS][Web][Safe] end: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Web][Acceptable] @@ -238,10 +238,10 @@ idle: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] idle: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP.Facebook][SocialNetwork][Fun] idle: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] - guessed: [....32] [ip4][..tcp] [...46.33.70.150][...80] -> [..192.168.0.103][40855] [HTTP][Web][Acceptable] + guessed: [....32] [ip4][..tcp] [...46.33.70.150][...80] -> [..192.168.0.103][40855] [HTTP][Web][Acceptable][] idle: [....32] [ip4][..tcp] [...46.33.70.150][...80] -> [..192.168.0.103][40855] idle: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][SocialNetwork][Fun] - guessed: [....16] [ip4][..tcp] [..192.168.0.103][38817] -> [...46.33.70.160][...80] [HTTP][Web][Acceptable] + guessed: [....16] [ip4][..tcp] [..192.168.0.103][38817] -> [...46.33.70.160][...80] [HTTP][Web][Acceptable][] end: [....16] [ip4][..tcp] [..192.168.0.103][38817] -> [...46.33.70.160][...80] idle: [....10] [ip4][..udp] [..192.168.0.106][17500] -> [..192.168.0.255][17500] [Dropbox][Cloud][Acceptable] idle: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] @@ -256,14 +256,14 @@ idle: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS.Instagram][SocialNetwork][Fun] not-detected: [....11] [ip4][..udp] [....192.168.0.1][..520] -> [..192.168.0.255][..520] [Unknown][Unrated] idle: [....11] [ip4][..udp] [....192.168.0.1][..520] -> [..192.168.0.255][..520] - guessed: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562] [HTTP][Web][Acceptable] + guessed: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562] [HTTP][Web][Acceptable][] idle: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562] new: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] new: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] - detected: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - detected: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - detection-update: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] - detection-update: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] + detected: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] + detected: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] + detection-update: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] + detection-update: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] analyse: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.016| 0.003| 0.005| 22.312| 3.200] diff --git a/test/results/flow-info/iphone.pcap.out b/test/results/flow-info/iphone.pcap.out index 74d21bd44..9f455d667 100644 --- a/test/results/flow-info/iphone.pcap.out +++ b/test/results/flow-info/iphone.pcap.out @@ -4,135 +4,135 @@ new: [.....1] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] detected: [.....1] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] new: [.....2] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [.....2] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....2] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][lucas-imac] new: [.....3] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] - detected: [.....3] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....3] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][luca???s_imac._odisk._tcp.local] new: [.....4] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] - detected: [.....4] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [.....4] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][luca???s_imac._odisk._tcp.local] new: [.....5] [ip4][..udp] [169.254.225.216][.5353] -> [....224.0.0.251][.5353] - detected: [.....5] [ip4][..udp] [169.254.225.216][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....5] [ip4][..udp] [169.254.225.216][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][luca???s_imac._odisk._tcp.local] new: [.....6] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] detected: [.....6] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable] new: [.....7] [ip4][..udp] [....192.168.2.1][.5351] -> [......224.0.0.1][.5350] new: [.....8] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] - detected: [.....8] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....8] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [.....9] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] - detected: [.....9] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....9] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....10] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.17][...68] - detected: [....10] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.17][...68] [DHCP][Network][Acceptable] + detected: [....10] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.17][...68] [DHCP][Network][Acceptable][] new: [....11] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff98:a29c] detected: [....11] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff98:a29c] [ICMPV6][Network][Acceptable] new: [....12] [ip6][icmp6] [...............fe80::823:3f17:8298:a29c] -> [................................ff02::2] detected: [....12] [ip6][icmp6] [...............fe80::823:3f17:8298:a29c] -> [................................ff02::2] [ICMPV6][Network][Acceptable] new: [....13] [ip6][..udp] [...............fe80::823:3f17:8298:a29c][.5353] -> [...............................ff02::fb][.5353] - detected: [....13] [ip6][..udp] [...............fe80::823:3f17:8298:a29c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....13] [ip6][..udp] [...............fe80::823:3f17:8298:a29c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_homekit._tcp.local] new: [....14] [ip6][icmp6] [...............fe80::823:3f17:8298:a29c] -> [...............................ff02::16] detected: [....14] [ip6][icmp6] [...............fe80::823:3f17:8298:a29c] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] - detected: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable] + detected: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable][p26-keyvalueservice.icloud.com] new: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] - detected: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable] + detected: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable][p26-fmfmobile.icloud.com] new: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] - detected: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][gspe35-ssl.ls.apple.com] new: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] - detected: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][gsp85-ssl.ls.apple.com] new: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] - detected: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS][ConnCheck][Acceptable] - detection-update: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable] - detection-update: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable] - detection-update: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] - detection-update: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS][ConnCheck][Acceptable][captive.apple.com] + detection-update: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable][p26-fmfmobile.icloud.com] + detection-update: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable][p26-keyvalueservice.icloud.com] + detection-update: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][gspe35-ssl.ls.apple.com] + detection-update: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][gsp85-ssl.ls.apple.com] new: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] - detection-update: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS.Apple][ConnCheck][Safe] + detection-update: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS.Apple][ConnCheck][Safe][captive.apple.com] new: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] - detected: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][mesu.apple.com] new: [....22] [ip4][..udp] [...192.168.2.17][.5353] -> [....224.0.0.251][.5353] - detected: [....22] [ip4][..udp] [...192.168.2.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....22] [ip4][..udp] [...192.168.2.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_homekit._tcp.local] new: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] new: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] new: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] - detected: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] - detected: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Web][Safe] + detected: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Web][Acceptable][p26-fmfmobile.icloud.com] + detection-update: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][mesu.apple.com] + detected: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Web][Safe][gspe35-ssl.ls.apple.com] new: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] new: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] - detection-update: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Web][Safe] + detection-update: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Web][Safe][gspe35-ssl.ls.apple.com] new: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] - detected: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable] - detected: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] [HTTP.Apple][ConnCheck][Safe] - detected: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Web][Safe] - detected: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] [TLS.Apple][Web][Safe] - detected: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] [TLS.Apple][Web][Safe] - detection-update: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable] - detection-update: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] [TLS.Apple][Web][Safe] + detected: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable][gateway.icloud.com] + detected: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] [HTTP.Apple][ConnCheck][Safe][captive.apple.com] + detected: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Web][Safe][gsp85-ssl.ls.apple.com] + detected: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] [TLS.Apple][Web][Safe][mesu.apple.com] + detected: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] [TLS.Apple][Web][Safe][mesu.apple.com] + detection-update: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Web][Acceptable][p26-fmfmobile.icloud.com] + detection-update: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Web][Acceptable][p26-fmfmobile.icloud.com] + detection-update: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable][gateway.icloud.com] + detection-update: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] [TLS.Apple][Web][Safe][mesu.apple.com] new: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] - detection-update: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] [TLS.Apple][Web][Safe] - detection-update: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Web][Safe] - detection-update: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Web][Safe] + detection-update: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] [TLS.Apple][Web][Safe][mesu.apple.com] + detection-update: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Web][Safe][gsp85-ssl.ls.apple.com] + detection-update: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Web][Safe][gsp85-ssl.ls.apple.com] new: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] - detected: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable] + detected: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable][www.icloud.com] new: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] - detected: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][basejumper.apple.com] new: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] - detected: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][iphone-ld.apple.com] new: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] - detected: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][cl4.apple.com] new: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] - detected: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] + detected: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][bag.itunes.apple.com] new: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] - detected: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] + detected: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][play.itunes.apple.com] new: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] - detected: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] + detected: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][bag.itunes.apple.com] new: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] - detected: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] + detected: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][init.itunes.apple.com] new: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] - detected: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable] - detection-update: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] - detection-update: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] - detection-update: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] - detection-update: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] - detection-update: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] - detection-update: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] - detection-update: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable][gateway.icloud.com] + detection-update: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Web][Acceptable][www.icloud.com] + detection-update: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][iphone-ld.apple.com] + detection-update: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][basejumper.apple.com] + detection-update: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][bag.itunes.apple.com] + detection-update: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][bag.itunes.apple.com] + detection-update: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable][gateway.icloud.com] + detection-update: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][init.itunes.apple.com] + detection-update: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][play.itunes.apple.com] + detection-update: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][cl4.apple.com] new: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] - detection-update: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] + detection-update: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable][gateway.icloud.com] new: [....40] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] detected: [....40] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Network][Acceptable] new: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] - detected: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Web][Safe] - detected: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Web][Safe] - detected: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Web][Safe] - detection-update: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Web][Safe] - detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable] + detected: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Web][Safe][iphone-ld.apple.com] + detected: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable][p26-keyvalueservice.icloud.com] + detection-update: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443] [TLS.Apple][Web][Safe][iphone-ld.apple.com] + detected: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Web][Safe][cl4.apple.com] + detection-update: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Web][Safe][cl4.apple.com] + detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable][p26-keyvalueservice.icloud.com] + detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable][p26-keyvalueservice.icloud.com] new: [....42] [ip4][....2] [...192.168.2.17] -> [.....224.0.0.22] detected: [....42] [ip4][....2] [...192.168.2.17] -> [.....224.0.0.22] [IGMP][Network][Acceptable] new: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] - detected: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][gsa.apple.com] new: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] - detected: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] - detection-update: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] - detection-update: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][gsa.apple.com] + detection-update: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][gsa.apple.com] + detection-update: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][gsa.apple.com] new: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] - detected: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] + detected: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable][gateway.icloud.com] + detection-update: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable][gateway.icloud.com] + detection-update: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable][gateway.icloud.com] new: [....46] [ip4][..tcp] [...192.168.2.17][50585] -> [..17.137.166.35][..443] - detected: [....46] [ip4][..tcp] [...192.168.2.17][50585] -> [..17.137.166.35][..443] [TLS.Apple][Web][Safe] + detected: [....46] [ip4][..tcp] [...192.168.2.17][50585] -> [..17.137.166.35][..443] [TLS.Apple][Web][Safe][gsa.apple.com] new: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] - detected: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....46] [ip4][..tcp] [...192.168.2.17][50585] -> [..17.137.166.35][..443] [TLS.Apple][Web][Safe] - detection-update: [....46] [ip4][..tcp] [...192.168.2.17][50585] -> [..17.137.166.35][..443] [TLS.Apple][Web][Safe] - detection-update: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] - detection-update: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] + detected: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable][gateway.icloud.com] + detection-update: [....46] [ip4][..tcp] [...192.168.2.17][50585] -> [..17.137.166.35][..443] [TLS.Apple][Web][Safe][gsa.apple.com] + detection-update: [....46] [ip4][..tcp] [...192.168.2.17][50585] -> [..17.137.166.35][..443] [TLS.Apple][Web][Safe][gsa.apple.com] + detection-update: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable][gateway.icloud.com] + detection-update: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable][gateway.icloud.com] new: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] - detected: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] - detection-update: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] + detected: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][play.itunes.apple.com] + detection-update: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][play.itunes.apple.com] analyse: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.686| 0.087| 0.170| 29013.449| 3.100] @@ -144,8 +144,8 @@ [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1076,424,90,186,424,52,90,52,52,52,52,623,52] [ENTROPIES...: 4.4,5.0,5.0,4.5,4.9,6.7,7.5,7.5,7.3,4.9,4.9,6.0,5.5,6.0,5.0,4.9,5.7,5.6,5.5,7.8,7.4,5.3,6.6,7.4,4.9,5.4,5.0,5.0,4.9,5.1,7.7,5.0] new: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] - detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun] - detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun] + detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun][play.itunes.apple.com] + detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Streaming][Fun][play.itunes.apple.com] analyse: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.655| 0.067| 0.146| 21410.738| 2.900] @@ -176,13 +176,13 @@ [IATS(ms)....: 146.0,171.0,0.4,171.3,2.7,0.1,11.1,1.3,11.2,179.7,0.0,0.1,0.1,15.6,168.2,146.4,161.4,0.7,308.7,51.5,198.2,655.7,0.2,0.2,0.3,803.5,1.3,180.3,0.3,0.3,0.2] [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492] [ENTROPIES...: 4.4,5.0,4.9,4.7,5.0,6.2,4.6,7.1,7.5,7.5,4.9,4.9,4.9,4.8,6.0,5.6,5.0,7.8,7.2,5.1,7.8,4.9,7.8,7.9,7.9,7.9,5.0,5.0,7.9,7.9,7.9,7.8] - detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable] + detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable][p26-keyvalueservice.icloud.com] new: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] - detected: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] - detection-update: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun] + detected: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][sync.itunes.apple.com] + detection-update: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Streaming][Fun][sync.itunes.apple.com] new: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] - detected: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Streaming][Fun] - detection-update: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Streaming][Fun] + detected: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Streaming][Fun][sync.itunes.apple.com] + detection-update: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Streaming][Fun][sync.itunes.apple.com] idle: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] idle: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Web][Acceptable] idle: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Web][Acceptable] diff --git a/test/results/flow-info/ipp.pcap.out b/test/results/flow-info/ipp.pcap.out index a486de0e7..51e99031b 100644 --- a/test/results/flow-info/ipp.pcap.out +++ b/test/results/flow-info/ipp.pcap.out @@ -2,10 +2,10 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....10.10.10.49][55341] -> [...10.10.10.251][..631] - detected: [.....1] [ip4][..tcp] [....10.10.10.49][55341] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] + detected: [.....1] [ip4][..tcp] [....10.10.10.49][55341] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable][10.10.10.251] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] - detected: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] + detected: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable][10.10.10.251] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address analyse: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] min| max| avg| stddev| variance| entropy @@ -18,7 +18,7 @@ [PKTLENS.....: 60,60,52,196,200,52,77,52,2948,1500,52,2948,1572,52,1428,1596,52,1404,1620,52,1380,1644,52,1356,1668,52,1332,1692,52,1308,1716,52] [ENTROPIES...: 4.4,4.7,4.6,5.5,5.4,4.7,5.2,4.6,4.1,4.0,4.7,3.7,3.5,4.7,3.5,3.5,4.6,4.1,4.5,4.7,4.3,4.2,4.7,4.2,4.7,4.7,4.7,4.3,4.7,4.2,4.1,4.6] new: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631] - detected: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] + detected: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable][10.10.10.251] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address end: [.....1] [ip4][..tcp] [....10.10.10.49][55341] -> [...10.10.10.251][..631] [HTTP.IPP][System][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address diff --git a/test/results/flow-info/log4j-webapp-exploit.pcap.out b/test/results/flow-info/log4j-webapp-exploit.pcap.out index 38c4abd61..ed0efa625 100644 --- a/test/results/flow-info/log4j-webapp-exploit.pcap.out +++ b/test/results/flow-info/log4j-webapp-exploit.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...172.16.238.1][.1984] -> [..172.16.238.10][.8080] - detected: [.....1] [ip4][..tcp] [...172.16.238.1][.1984] -> [..172.16.238.10][.8080] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [...172.16.238.1][.1984] -> [..172.16.238.10][.8080] [HTTP][Web][Acceptable][192.168.13.31] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address ERROR-EVENT: Unknown L3 protocol ERROR-EVENT: Unknown L3 protocol @@ -10,9 +10,9 @@ detected: [.....2] [ip4][..tcp] [..172.16.238.10][57650] -> [..172.16.238.11][.1389] [LDAP][System][Acceptable] RISK: Known Proto on Non Std Port new: [.....3] [ip4][..tcp] [..172.16.238.10][48444] -> [..172.16.238.11][...80] - detected: [.....3] [ip4][..tcp] [..172.16.238.10][48444] -> [..172.16.238.11][...80] [HTTP][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [..172.16.238.10][48444] -> [..172.16.238.11][...80] [HTTP][Web][Acceptable][172.16.238.11] RISK: HTTP Numeric IP Address - detection-update: [.....3] [ip4][..tcp] [..172.16.238.10][48444] -> [..172.16.238.11][...80] [HTTP][Download][Acceptable] + detection-update: [.....3] [ip4][..tcp] [..172.16.238.10][48444] -> [..172.16.238.11][...80] [HTTP][Download][Acceptable][172.16.238.11] RISK: Binary App Transfer, HTTP Numeric IP Address new: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001] ERROR-EVENT: Unknown L3 protocol @@ -32,9 +32,9 @@ detected: [.....5] [ip4][..tcp] [..172.16.238.10][57742] -> [..172.16.238.11][.1389] [LDAP][System][Acceptable] RISK: Known Proto on Non Std Port new: [.....6] [ip4][..tcp] [..172.16.238.10][48534] -> [..172.16.238.11][...80] - detected: [.....6] [ip4][..tcp] [..172.16.238.10][48534] -> [..172.16.238.11][...80] [HTTP][Web][Acceptable] + detected: [.....6] [ip4][..tcp] [..172.16.238.10][48534] -> [..172.16.238.11][...80] [HTTP][Web][Acceptable][172.16.238.11] RISK: HTTP Numeric IP Address - detection-update: [.....6] [ip4][..tcp] [..172.16.238.10][48534] -> [..172.16.238.11][...80] [HTTP][Download][Acceptable] + detection-update: [.....6] [ip4][..tcp] [..172.16.238.10][48534] -> [..172.16.238.11][...80] [HTTP][Download][Acceptable][172.16.238.11] RISK: Binary App Transfer, HTTP Numeric IP Address new: [.....7] [ip4][..tcp] [..172.16.238.10][55498] -> [....10.10.10.31][.9001] end: [.....5] [ip4][..tcp] [..172.16.238.10][57742] -> [..172.16.238.11][.1389] [LDAP][System][Acceptable] diff --git a/test/results/flow-info/long_tls_certificate.pcap.out b/test/results/flow-info/long_tls_certificate.pcap.out index 8fb63b533..98039f1af 100644 --- a/test/results/flow-info/long_tls_certificate.pcap.out +++ b/test/results/flow-info/long_tls_certificate.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable][beacon-api.aliyuncs.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable][beacon-api.aliyuncs.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable][beacon-api.aliyuncs.com] analyse: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.371| 0.087| 0.130| 17024.252| 3.400] @@ -15,6 +15,6 @@ [IATS(ms)....: 370.8,370.9,9.4,360.9,2.8,0.1,0.1,354.4,0.1,0.1,0.1,0.1,8.1,8.1,5.8,200.3,194.6,174.3,0.0,174.3,0.0,2.3,0.1,0.1,0.1,0.1,94.1,91.5,274.6,0.0,0.0] [PKTLENS.....: 64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52] [ENTROPIES...: 4.4,4.3,4.7,4.4,4.6,6.2,4.7,4.7,4.6,6.8,4.7,7.5,4.6,7.5,4.7,6.3,6.2,4.9,5.9,6.2,4.7,4.7,5.7,5.7,5.2,6.0,5.3,6.1,4.8,5.1,5.0,5.1] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable][beacon-api.aliyuncs.com] end: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/malformed_dns.pcap.out b/test/results/flow-info/malformed_dns.pcap.out index fbdf943ee..1d7c53a6b 100644 --- a/test/results/flow-info/malformed_dns.pcap.out +++ b/test/results/flow-info/malformed_dns.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [......127.0.0.1][50435] -> [......127.0.0.1][...53] - detected: [.....1] [ip4][..udp] [......127.0.0.1][50435] -> [......127.0.0.1][...53] [DNS][Network][Acceptable] - detection-update: [.....1] [ip4][..udp] [......127.0.0.1][50435] -> [......127.0.0.1][...53] [DNS][Network][Acceptable] + detected: [.....1] [ip4][..udp] [......127.0.0.1][50435] -> [......127.0.0.1][...53] [DNS][Network][Acceptable][www.xt.com] + detection-update: [.....1] [ip4][..udp] [......127.0.0.1][50435] -> [......127.0.0.1][...53] [DNS][Network][Acceptable][www.xt.com] RISK: Malformed Packet idle: [.....1] [ip4][..udp] [......127.0.0.1][50435] -> [......127.0.0.1][...53] [DNS][Network][Acceptable] RISK: Malformed Packet diff --git a/test/results/flow-info/malware.pcap.out b/test/results/flow-info/malware.pcap.out index 7a5b16b4a..224790069 100644 --- a/test/results/flow-info/malware.pcap.out +++ b/test/results/flow-info/malware.pcap.out @@ -2,21 +2,21 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....192.168.7.7][42370] -> [........1.1.1.1][...53] - detected: [.....1] [ip4][..udp] [....192.168.7.7][42370] -> [........1.1.1.1][...53] [DNS][Network][Acceptable] - detection-update: [.....1] [ip4][..udp] [....192.168.7.7][42370] -> [........1.1.1.1][...53] [DNS][Network][Acceptable] + detected: [.....1] [ip4][..udp] [....192.168.7.7][42370] -> [........1.1.1.1][...53] [DNS][Network][Acceptable][www.internetbadguys.com] + detection-update: [.....1] [ip4][..udp] [....192.168.7.7][42370] -> [........1.1.1.1][...53] [DNS][Network][Acceptable][www.internetbadguys.com] new: [.....2] [ip4][.icmp] [....192.168.7.7] -> [144.139.247.220] detected: [.....2] [ip4][.icmp] [....192.168.7.7] -> [144.139.247.220] [ICMP][Network][Acceptable] new: [.....3] [ip4][..tcp] [....192.168.7.7][33706] -> [144.139.247.220][...80] DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....4] [ip4][..tcp] [....192.168.7.7][48394] -> [..67.215.92.210][...80] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [....192.168.7.7][48394] -> [..67.215.92.210][...80] [HTTP.OpenDNS][Web][Acceptable] + detected: [.....4] [ip4][..tcp] [....192.168.7.7][48394] -> [..67.215.92.210][...80] [HTTP.OpenDNS][Web][Acceptable][www.internetbadguys.com] new: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] - detected: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] [TLS.OpenDNS][Web][Acceptable] - detection-update: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] [TLS.OpenDNS][Web][Acceptable] - detection-update: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] [TLS.OpenDNS][Network][Acceptable] + detected: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] [TLS.OpenDNS][Web][Acceptable][www.internetbadguys.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] [TLS.OpenDNS][Web][Acceptable][www.internetbadguys.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] [TLS.OpenDNS][Network][Acceptable][www.internetbadguys.com] RISK: TLS Cert Mismatch - guessed: [.....3] [ip4][..tcp] [....192.168.7.7][33706] -> [144.139.247.220][...80] [HTTP][Web][Acceptable] + guessed: [.....3] [ip4][..tcp] [....192.168.7.7][33706] -> [144.139.247.220][...80] [HTTP][Web][Acceptable][] idle: [.....3] [ip4][..tcp] [....192.168.7.7][33706] -> [144.139.247.220][...80] end: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] idle: [.....2] [ip4][.icmp] [....192.168.7.7] -> [144.139.247.220] [ICMP][Network][Acceptable] diff --git a/test/results/flow-info/mpeg-dash.pcap.out b/test/results/flow-info/mpeg-dash.pcap.out index 886a951c9..8c063b14b 100644 --- a/test/results/flow-info/mpeg-dash.pcap.out +++ b/test/results/flow-info/mpeg-dash.pcap.out @@ -2,17 +2,17 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.84.1.81][60926] -> [.166.248.152.10][...80] - detected: [.....1] [ip4][..tcp] [.....10.84.1.81][60926] -> [.166.248.152.10][...80] [HTTP.MpegDash][Media][Acceptable] + detected: [.....1] [ip4][..tcp] [.....10.84.1.81][60926] -> [.166.248.152.10][...80] [HTTP.MpegDash][Media][Acceptable][gdl.news-cdn.site] RISK: Suspicious DGA Domain name DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] - detected: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] [HTTP.MpegDash][Media][Acceptable] + detected: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] [HTTP.MpegDash][Media][Acceptable][livesim.dashif.org] new: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][Media][Acceptable] - detection-update: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][Media][Acceptable] + detected: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][Media][Acceptable][] + detection-update: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] [HTTP.MpegDash][Media][Acceptable][] new: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [HTTP.MpegDash][Media][Acceptable] + detected: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] [HTTP.MpegDash][Media][Acceptable][livesim.dashif.org] idle: [.....2] [ip4][..tcp] [..192.168.2.105][59142] -> [..54.161.101.85][...80] idle: [.....3] [ip4][..tcp] [..54.161.101.85][...80] -> [..192.168.2.105][59144] idle: [.....4] [ip4][..tcp] [..192.168.2.105][59146] -> [..54.161.101.85][...80] diff --git a/test/results/flow-info/mpeg.pcap.out b/test/results/flow-info/mpeg.pcap.out index 5d1b7210c..58bd38168 100644 --- a/test/results/flow-info/mpeg.pcap.out +++ b/test/results/flow-info/mpeg.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] - detected: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][Network][Safe] - detection-update: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][Media][Safe] + detected: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][Network][Safe][luca.ntop.org] + detection-update: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][Media][Safe][luca.ntop.org] end: [.....1] [ip4][..tcp] [.192.168.80.160][55804] -> [.46.101.157.119][...80] [HTTP.ntop][Media][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/flow-info/ndpi_match_string_subprotocol__error.pcapng.out index 319abbc10..7f9fc026a 100644 --- a/test/results/flow-info/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/flow-info/ndpi_match_string_subprotocol__error.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [......10.3.9.19][40632] -> [..10.68.137.118][.8091] - detected: [.....1] [ip4][..tcp] [......10.3.9.19][40632] -> [..10.68.137.118][.8091] [HTTP.SOAP][RPC][Acceptable] + detected: [.....1] [ip4][..tcp] [......10.3.9.19][40632] -> [..10.68.137.118][.8091] [HTTP.SOAP][RPC][Acceptable][10.68.137.118] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address DAEMON-EVENT: [Processed: 7 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/nest_log_sink.pcap.out b/test/results/flow-info/nest_log_sink.pcap.out index 36f399f10..c43a6dd4e 100644 --- a/test/results/flow-info/nest_log_sink.pcap.out +++ b/test/results/flow-info/nest_log_sink.pcap.out @@ -19,8 +19,8 @@ DAEMON-EVENT: [Processed: 60 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] - detected: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] - detection-update: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable][weave-logsink.nest.com] + detection-update: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable][weave-logsink.nest.com] new: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] detected: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] @@ -60,8 +60,8 @@ DAEMON-EVENT: [Processed: 275 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 1|detection-updates: 1|updates: 2] new: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] - detected: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] - detection-update: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] + detected: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable][weave-logsink.nest.com] + detection-update: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable][weave-logsink.nest.com] new: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] detected: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] @@ -99,8 +99,8 @@ DAEMON-EVENT: [Processed: 452 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 9|skipped: 0|!detected: 0|guessed: 1|detection-updates: 2|updates: 4] new: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] - detected: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] - detection-update: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] + detected: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable][weave-logsink.nest.com] + detection-update: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable][weave-logsink.nest.com] new: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] detected: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] @@ -136,8 +136,8 @@ detected: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] end: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][Cloud][Acceptable] new: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] - detected: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] - detection-update: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable] + detected: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable][weave-logsink.nest.com] + detection-update: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Network][Acceptable][weave-logsink.nest.com] new: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] detected: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] analyse: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][Cloud][Acceptable] diff --git a/test/results/flow-info/netbios.pcap.out b/test/results/flow-info/netbios.pcap.out index d5322fa90..7beef9d16 100644 --- a/test/results/flow-info/netbios.pcap.out +++ b/test/results/flow-info/netbios.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] - detected: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] + detected: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable][xstream_hy] new: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] - detected: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] + detected: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable][ozi] new: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] - detected: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][System][Dangerous][nvr9] RISK: Unsafe Protocol new: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [MIDSTREAM] analyse: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] @@ -20,26 +20,26 @@ [PKTLENS.....: 78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78] [ENTROPIES...: 4.1,4.1,4.2,4.1,4.1,4.1,4.1,4.1,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.1,4.1,4.2,4.1,4.2,4.1,4.2,4.1,4.2,4.1,4.2,4.2,4.2,4.1,4.2,4.2,4.2] new: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] - detected: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] + detected: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable][*] new: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137] - detected: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] + detected: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable][muli] new: [.....7] [ip4][..udp] [.....10.0.4.165][..137] -> [.....10.0.5.255][..137] - detected: [.....7] [ip4][..udp] [.....10.0.4.165][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] + detected: [.....7] [ip4][..udp] [.....10.0.4.165][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable][gunnar] new: [.....8] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.4.165][..137] - detected: [.....8] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.4.165][..137] [NetBIOS][System][Acceptable] + detected: [.....8] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.4.165][..137] [NetBIOS][System][Acceptable][gunnar] new: [.....9] [ip4][..udp] [......10.0.4.66][..137] -> [.....10.0.5.255][..137] - detected: [.....9] [ip4][..udp] [......10.0.4.66][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] + detected: [.....9] [ip4][..udp] [......10.0.4.66][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable][guru] new: [....10] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.5.255][..137] - detected: [....10] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] + detected: [....10] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable][guru] new: [....11] [ip4][..udp] [.......10.0.5.1][..137] -> [......10.0.4.24][..137] - detected: [....11] [ip4][..udp] [.......10.0.5.1][..137] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] + detected: [....11] [ip4][..udp] [.......10.0.5.1][..137] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable][guru] new: [....12] [ip4][..udp] [......10.0.5.93][..138] -> [.....10.0.5.255][..138] - detected: [....12] [ip4][..udp] [......10.0.5.93][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....12] [ip4][..udp] [......10.0.5.93][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][System][Dangerous][bowie] RISK: Unsafe Protocol new: [....13] [ip4][..udp] [.....10.0.5.233][..137] -> [......10.0.4.24][..137] - detected: [....13] [ip4][..udp] [.....10.0.5.233][..137] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] + detected: [....13] [ip4][..udp] [.....10.0.5.233][..137] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable][*] new: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] - detected: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] + detected: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable][guru] analyse: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.749| 1.516| 0.995| 0.356| 126784.610| 4.900] @@ -51,7 +51,7 @@ [PKTLENS.....: 78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78] [ENTROPIES...: 3.9,3.9,3.9,3.9,3.8,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.8,3.9] new: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] - detected: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] + detected: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable][*] update: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] update: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable] update: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][System][Dangerous] @@ -72,6 +72,6 @@ RISK: Unsafe Protocol idle: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] idle: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable] - guessed: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [NetBIOS][System][Acceptable] + guessed: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [NetBIOS][System][Acceptable][] idle: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/netbios_wildcard_dns_query.pcap.out b/test/results/flow-info/netbios_wildcard_dns_query.pcap.out index 9b628d4ed..752541cfb 100644 --- a/test/results/flow-info/netbios_wildcard_dns_query.pcap.out +++ b/test/results/flow-info/netbios_wildcard_dns_query.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....10.1.67.250][41335] -> [.....10.1.66.20][...53] - detected: [.....1] [ip4][..udp] [....10.1.67.250][41335] -> [.....10.1.66.20][...53] [DNS][Network][Acceptable] + detected: [.....1] [ip4][..udp] [....10.1.67.250][41335] -> [.....10.1.66.20][...53] [DNS][Network][Acceptable][ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa] idle: [.....1] [ip4][..udp] [....10.1.67.250][41335] -> [.....10.1.66.20][...53] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/netflix.pcap.out b/test/results/flow-info/netflix.pcap.out index 0953d09ec..9952c782e 100644 --- a/test/results/flow-info/netflix.pcap.out +++ b/test/results/flow-info/netflix.pcap.out @@ -3,35 +3,35 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443] [MIDSTREAM] new: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] - detected: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ios.nccp.netflix.com] + detection-update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ios.nccp.netflix.com] + detection-update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ios.nccp.netflix.com] new: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] - detected: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ichnaea.us-west-2.prodaa.netflix.com] + detection-update: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ichnaea.us-west-2.prodaa.netflix.com] new: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] new: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] - detected: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - detected: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detected: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detected: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] new: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] - RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] - RISK: TLS (probably) Not Carrying HTTPS - detected: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] - detected: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] - detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] - detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] - detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] - detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] + detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detection-update: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] + RISK: TLS (probably) Not Carrying HTTPS + detected: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] + detected: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.7][53115] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] + detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] + detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] new: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] + detected: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy @@ -53,40 +53,40 @@ [IATS(ms)....: 45.5,51.8,0.3,66.4,0.5,13.8,75.5,25.6,26.5,15.6,0.3,0.2,61.0,0.4,44.1,5.1,0.2,57.7,67.8,0.2,2.7,131.0,13.8,8.4,10.0,8.1,2.4,2.3,141.1,1.2,199.9] [PKTLENS.....: 64,60,52,284,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,728,52,1500,415,1500,52,1116,52,261,52,101,52,1436,567,52] [ENTROPIES...: 4.6,5.3,5.2,5.9,5.2,7.2,7.3,5.2,7.1,5.1,6.3,5.1,6.0,5.1,6.0,5.2,7.9,7.7,5.2,7.9,7.5,7.9,5.2,7.8,5.1,7.1,5.1,6.1,5.2,7.9,7.6,5.2] - detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun] + detection-update: [.....7] [ip4][..tcp] [....192.168.1.7][53116] -> [...52.32.196.36][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] new: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] - detected: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] + detected: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] new: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] - detected: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] - detected: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] + detected: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] new: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] detected: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Network][Acceptable] new: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] - detected: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][api-global.latency.prodaa.netflix.com] + detection-update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][api-global.latency.prodaa.netflix.com] new: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] new: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] - detected: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detected: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detected: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] - detected: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detected: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] min| max| avg| stddev| variance| entropy @@ -98,15 +98,15 @@ [IATS(ms)....: 50.8,52.1,3.9,68.9,0.5,14.7,80.5,16.9,16.6,16.1,0.4,0.2,66.7,0.8,50.7,3.2,0.3,61.4,291.2,0.1,350.1,11.8,12.8,24.1,12.5,12.3,13.9,13.7,2.7,13.3,16.3] [PKTLENS.....: 64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52] [ENTROPIES...: 4.6,5.2,5.1,6.0,5.2,7.3,7.3,5.1,7.0,5.1,6.3,5.0,6.0,5.2,5.9,5.1,7.9,7.7,5.2,7.9,7.9,5.1,7.9,7.9,5.1,7.9,5.0,7.1,5.1,7.9,7.8,5.1] - detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] - detected: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][sha2.san.akam.nflximg.net] + detection-update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][sha2.san.akam.nflximg.net] new: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] - detected: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] - detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] - detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] + detected: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun][art-s.nflximg.net] + detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun][art-s.nflximg.net] + detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun][art-s.nflximg.net] analyse: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.040| 0.008| 0.010| 109.761| 3.900] @@ -127,17 +127,17 @@ [IATS(ms)....: 49.5,50.9,4.4,54.3,2.4,1.0,53.5,43.0,42.8,12.7,0.3,0.2,57.4,5.1,49.3,4.2,0.4,50.0,75.8,32.1,2.0,0.9,5.1,4.7,0.1,7402.2,0.1,7507.8,0.9,35.7,1.0] [PKTLENS.....: 64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474] [ENTROPIES...: 4.6,5.3,5.1,6.0,5.2,7.3,7.3,5.1,7.1,5.1,6.4,5.1,6.0,5.2,6.0,5.2,7.9,7.7,5.2,5.2,6.8,6.1,5.9,5.2,5.2,5.2,7.9,7.7,5.2,5.2,7.9,7.5] - detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] - detected: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][artwork.akam.nflximg.net] + detection-update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][artwork.akam.nflximg.net] new: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] new: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] - detected: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] - detected: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] + detected: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun][art-2.nflximg.net] + detected: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun][art-2.nflximg.net] new: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] - detected: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] + detected: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun][art-2.nflximg.net] analyse: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.007| 1.300| 0.097| 0.230| 52797.755| 3.400] @@ -149,10 +149,10 @@ [PKTLENS.....: 64,60,52,297,52,1500,1500,1500,52,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,80] [ENTROPIES...: 4.5,5.3,5.1,5.9,5.3,7.3,7.7,7.7,5.2,5.0,7.8,7.8,5.2,7.8,7.8,7.8,7.7,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.8,7.8,7.8,7.8,5.4] new: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] - detected: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][appboot.netflix.com] + detection-update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][appboot.netflix.com] new: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] - detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][Video][Fun] + detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][Video][Fun][appboot.netflix.com] analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.187| 0.029| 0.042| 1791.215| 4.000] @@ -164,12 +164,12 @@ [PKTLENS.....: 64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64] [ENTROPIES...: 4.5,5.3,5.2,5.7,6.0,6.1,5.3,5.3,5.3,6.0,5.7,5.1,6.1,5.2,5.9,5.0,5.8,5.8,5.2,5.8,5.2,5.8,5.8,5.2,5.8,5.8,5.8,5.8,5.8,5.8,5.8,5.2] new: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] - detected: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][Video][Fun] - detection-update: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][Video][Fun] + detected: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][Video][Fun][api-global.netflix.com] + detection-update: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][Video][Fun][api-global.netflix.com] new: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] - detected: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][a803.dscg.akamai.net] new: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] - detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ios.nccp.netflix.com] analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 6.031| 0.428| 1.232| 1516791.529| 2.300] @@ -180,21 +180,21 @@ [IATS(ms)....: 22.4,28.9,26.8,57.7,0.6,13.2,40.1,31.8,42.8,26.5,25.5,50.2,53.2,30.9,25.5,54.9,53.8,27.2,52.7,79.5,53.8,544.7,1520.0,11.6,27.4,27.3,28.8,635.4,3643.8,6030.9,1.1] [PKTLENS.....: 64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500] [ENTROPIES...: 4.6,5.2,5.1,5.9,5.3,7.5,7.8,5.1,7.8,5.0,7.8,7.8,5.2,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.9,7.9,5.4,5.2,5.3,5.4,5.3,5.2,5.2,5.8,7.2,7.8] - detection-update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][a803.dscg.akamai.net] new: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] - detection-update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detection-update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ios.nccp.netflix.com] new: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] - detected: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Video][Fun] - detected: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detected: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Video][Fun][tp.akam.nflximg.com] + detected: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Video][Fun] + detection-update: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Video][Fun][tp.akam.nflximg.com] RISK: HTTP Suspicious Content - detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] - detected: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP.NetFlix][Video][Fun] + detected: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP.NetFlix][Video][Fun][23.246.11.145] RISK: HTTP Numeric IP Address analyse: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy @@ -207,7 +207,7 @@ [PKTLENS.....: 64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500] [ENTROPIES...: 4.6,5.3,5.1,6.4,5.9,3.6,5.2,2.5,2.5,5.1,2.5,5.1,2.5,2.6,2.6,3.8,3.8,3.8,5.3,3.9,3.5,3.5,3.5,5.1,5.2,3.5,3.5,5.2,3.5,5.0,3.6,3.6] new: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] - detected: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP.NetFlix][Video][Fun] + detected: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP.NetFlix][Video][Fun][23.246.10.139] RISK: HTTP Numeric IP Address analyse: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy @@ -220,7 +220,7 @@ [PKTLENS.....: 64,60,52,408,568,1500,1500,52,1500,52,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,80,1500,80,1500,72,1500,64,52,1500,52,1500] [ENTROPIES...: 4.5,5.2,5.0,6.4,5.8,3.6,2.5,5.1,2.6,5.0,2.5,5.0,2.6,5.0,2.6,2.6,3.3,3.8,3.8,3.8,3.8,5.3,3.9,5.3,3.5,5.3,3.5,5.1,4.9,3.5,4.9,3.6] new: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] - detected: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun] + detected: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun][23.246.3.140] RISK: HTTP Numeric IP Address analyse: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy @@ -246,34 +246,34 @@ new: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] new: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] new: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] - detected: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] + detected: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun][23.246.11.133] RISK: HTTP Numeric IP Address new: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] new: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] new: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] new: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] new: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] - detected: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address - detected: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] + detected: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun][23.246.11.133] RISK: HTTP Numeric IP Address new: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] new: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] - detected: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address - detected: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address - detected: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address - detected: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address - detected: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address - detected: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address - detected: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address - detected: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address analyse: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy @@ -395,18 +395,18 @@ [IATS(ms)....: 47.0,48.4,1.7,53.1,2.6,1.0,62.3,11.1,6.0,10.8,0.3,0.3,60.3,3.4,50.1,4.4,0.9,0.6,55.9,50.5,0.3,42.7,4.0,5.1,5.2,0.1,57.7,0.3,30033.4,30086.0,0.8] [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52] [ENTROPIES...: 4.5,5.3,5.1,5.8,5.1,7.3,7.3,5.1,6.9,5.1,6.1,5.0,6.0,5.2,6.0,5.2,7.9,7.9,7.9,5.2,7.8,7.4,5.1,5.1,5.1,7.8,6.3,5.2,5.1,5.1,5.8,5.1] - detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] + detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] new: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] new: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] - detected: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address - detected: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun] + detected: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP.NetFlix][Video][Fun][23.246.3.140] RISK: HTTP Numeric IP Address new: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] new: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] new: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] - detected: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ichnaea.geo.netflix.com] + detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ichnaea.geo.netflix.com] new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] min| max| avg| stddev| variance| entropy @@ -418,22 +418,22 @@ [IATS(ms)....: 44.9,46.3,7.4,58.2,1.8,1.0,55.8,12.1,9.9,9.3,0.3,0.2,60.5,0.1,50.8,11.5,0.5,0.2,72.1,60.9,0.3,50.8,0.4,15.7,16.9,0.1,0.1,82.9,0.3,0.1,30431.5] [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52] [ENTROPIES...: 4.6,5.3,5.1,5.8,5.2,7.2,7.3,5.1,7.0,5.2,6.3,5.1,5.9,5.3,6.1,5.2,7.9,7.9,7.9,5.2,7.9,7.3,5.2,5.3,5.3,7.8,6.2,5.9,5.2,5.2,5.2,5.0] - detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun] - detected: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detected: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detected: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun] - detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detected: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun] - detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] + detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] analyse: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.266| 0.048| 0.057| 3291.764| 4.000] @@ -444,7 +444,7 @@ [IATS(ms)....: 53.4,54.6,4.5,73.7,0.5,53.6,123.5,11.6,72.5,62.7,1.5,55.8,52.4,2.2,0.2,0.4,0.2,96.3,96.4,0.2,0.1,0.1,82.6,81.7,0.9,0.2,0.2,38.2,40.6,146.6,266.1] [PKTLENS.....: 64,60,52,569,52,1500,1132,52,178,103,52,1044,106,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,72] [ENTROPIES...: 4.6,5.3,5.2,4.4,5.2,7.2,7.6,5.2,6.6,6.0,5.2,7.8,6.2,5.2,7.9,7.9,7.9,7.9,5.3,7.9,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,7.9,7.9,7.9,5.4] - detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] min| max| avg| stddev| variance| entropy @@ -456,7 +456,7 @@ [IATS(ms)....: 50.8,52.1,6.3,61.1,40.7,74.7,170.4,11.8,79.4,67.6,2.0,57.4,55.8,1.7,0.8,0.2,0.2,82.5,79.7,0.2,94.6,127.5,60.6,282.5,10.6,27.6,38.0,39.9,42.9,7.7,0.7] [PKTLENS.....: 64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52] [ENTROPIES...: 4.6,5.4,5.2,4.4,5.2,7.2,7.7,5.2,6.5,6.0,5.1,7.8,6.2,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.4,5.2,5.2,7.8,5.2,7.9,7.9,5.2,6.2,5.2,5.8,5.1] - detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] min| max| avg| stddev| variance| entropy @@ -468,7 +468,7 @@ [IATS(ms)....: 69.5,71.0,2.6,55.6,49.1,64.4,167.9,331.9,332.6,26.5,0.7,0.7,87.7,0.5,60.7,8.8,7.1,0.4,81.1,62.8,0.8,0.2,0.1,68.1,67.1,0.8,0.2,0.1,111.2,109.6,2.5] [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500] [ENTROPIES...: 4.6,5.3,5.2,5.8,5.1,7.2,7.3,5.2,6.9,5.2,6.2,5.1,6.1,5.2,6.0,5.2,7.9,7.9,7.9,5.2,7.9,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9] - detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][Video][Fun][ichnaea.netflix.com] analyse: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.003| 0.472| 0.093| 0.119| 14235.635| 4.100] @@ -490,7 +490,7 @@ [PKTLENS.....: 64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52] [ENTROPIES...: 4.5,5.2,5.2,6.2,5.8,3.9,5.1,6.2,5.7,3.2,5.1,7.9,7.8,7.8,5.3,5.2,5.1,7.8,7.8,5.1,7.8,5.0,5.9,7.8,5.1,7.8,5.0,7.8,5.0,5.2,5.1,5.1] new: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] - detected: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] + detected: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun][23.246.11.133] RISK: HTTP Numeric IP Address analyse: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy @@ -509,7 +509,7 @@ update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] new: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] - detected: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] + detected: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun][23.246.11.141] RISK: HTTP Numeric IP Address analyse: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy @@ -526,39 +526,39 @@ update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] new: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] - detected: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ios.nccp.netflix.com] + detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ios.nccp.netflix.com] + detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][ios.nccp.netflix.com] new: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] - detected: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun] + detected: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] - detected: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] - detection-update: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun] + detected: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][api-global.latency.prodaa.netflix.com] + detection-update: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS.NetFlix][Video][Fun][api-global.latency.prodaa.netflix.com] new: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] new: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] - detected: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] - detected: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun] + detected: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] + detected: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] - detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] - detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] + detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] + detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS new: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] new: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] - detected: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] + detected: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] + detected: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy @@ -571,12 +571,12 @@ [PKTLENS.....: 64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707] [ENTROPIES...: 4.5,5.3,5.1,6.0,5.2,6.5,5.1,5.2,6.0,7.9,7.6,5.1,5.2,7.9,7.0,7.8,5.1,7.6,5.1,7.8,5.2,7.5,5.1,7.8,5.2,7.9,5.1,7.7,5.1,7.8,5.1,7.7] new: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] - detected: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][a1907.dscg.akamai.net] + detection-update: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][a1907.dscg.akamai.net] new: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] new: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] - detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] - detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] + detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun][art-1.nflximg.net] + detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun][art-1.nflximg.net] analyse: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.501| 0.064| 0.122| 14766.799| 3.300] @@ -587,7 +587,7 @@ [IATS(ms)....: 58.3,61.2,1.8,70.6,2.9,1.0,71.3,11.6,12.3,13.1,0.1,0.1,65.7,0.8,52.3,3.6,0.2,91.6,51.8,0.3,140.2,3.7,3.4,3.9,5.5,6.4,5.0,437.2,0.9,500.9,291.9] [PKTLENS.....: 64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500] [ENTROPIES...: 4.6,5.3,5.2,4.1,5.0,7.3,7.3,5.2,7.0,5.2,6.3,5.1,6.0,5.1,6.0,5.2,7.9,7.8,5.2,7.9,7.5,5.2,7.6,5.1,7.7,5.2,6.0,5.2,7.9,7.7,5.0,7.9] - detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun] + detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][Video][Fun][api-global.netflix.com] analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 0.100| 0.036| 0.022| 464.586| 4.700] diff --git a/test/results/flow-info/nintendo.pcap.out b/test/results/flow-info/nintendo.pcap.out index fb07724a7..399f2a30a 100644 --- a/test/results/flow-info/nintendo.pcap.out +++ b/test/results/flow-info/nintendo.pcap.out @@ -23,34 +23,34 @@ [ENTROPIES...: 6.1,6.1,6.8,6.9,6.2,6.1,6.7,6.2,6.1,6.3,6.6,6.4,6.2,6.2,6.2,6.3,6.3,5.9,5.8,5.9,6.2,5.9,6.1,6.2,6.0,6.0,6.1,6.1,6.0,6.2,6.2,6.2] new: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343] new: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] - detected: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] - detection-update: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] + detected: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + detection-update: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] new: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] - detected: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][Game][Fun] + detected: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][Game][Fun] + detection-update: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][Game][Fun] + detection-update: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....9] [ip4][..tcp] [.192.168.12.114][11534] -> [..54.146.242.74][..443] [MIDSTREAM] new: [....10] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33334] new: [....11] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][10025] new: [....12] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33335] new: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] - detected: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] - detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] - detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] - detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] + detected: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun][g2df33d01-lp1.p.srv.nintendo.net] + detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun][g2df33d01-lp1.p.srv.nintendo.net] + detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun][g2df33d01-lp1.p.srv.nintendo.net] + detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun][g2df33d01-lp1.p.srv.nintendo.net] new: [....14] [ip4][..udp] [.192.168.12.114][55915] -> [..52.10.205.177][34343] new: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] - detected: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] - detection-update: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun] + detected: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + detection-update: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] new: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] - detected: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][Game][Fun] + detected: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][Game][Fun] + detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][Game][Fun] + detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS.AmazonAWS][Cloud][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/no_sni.pcap.out b/test/results/flow-info/no_sni.pcap.out index 74ffeba9f..92810268f 100644 --- a/test/results/flow-info/no_sni.pcap.out +++ b/test/results/flow-info/no_sni.pcap.out @@ -4,8 +4,8 @@ new: [.....1] [ip4][..tcp] [..192.168.1.119][51331] -> [.104.16.249.249][..443] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [..192.168.1.119][51331] -> [.104.16.249.249][..443] [TLS.Cloudflare][Web][Acceptable] new: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] - detected: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Network][Fun] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Network][Fun] + detected: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Network][Fun][mozilla.cloudflare-dns.com] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Network][Fun][mozilla.cloudflare-dns.com] new: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] analyse: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Network][Fun] min| max| avg| stddev| variance| entropy @@ -17,8 +17,8 @@ [IATS(ms)....: 137.9,138.0,4.7,0.3,0.1,180.3,3.0,178.2,0.2,0.0,0.1,2.3,6.4,1.4,5.5,15.4,0.1,0.7,0.1,1.4,74.0,13.5,4.2,2.9,0.0,76.8,0.1,5.4,2.5,0.0,8.0] [PKTLENS.....: 64,52,40,656,46,210,46,722,40,102,46,40,124,46,71,40,191,126,100,132,71,46,46,46,366,71,40,40,46,293,71,40] [ENTROPIES...: 4.4,4.9,4.5,7.1,4.6,7.0,4.4,7.7,4.6,6.1,4.5,4.6,6.3,4.4,5.6,4.5,6.8,6.4,6.2,6.4,5.5,4.4,4.4,4.4,7.3,5.7,4.6,4.6,4.5,7.3,5.6,4.6] - detected: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable][] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable][] analyse: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS.Cloudflare][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.473| 0.050| 0.107| 11455.737| 3.000] @@ -34,16 +34,16 @@ new: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] new: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] new: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] - detected: [.....4] [ip4][..tcp] [..192.168.1.119][51635] -> [..104.17.198.37][..443] [TLS.Cloudflare][Web][Acceptable] - detected: [.....5] [ip4][..tcp] [..192.168.1.119][51636] -> [..104.17.198.37][..443] [TLS.Cloudflare][Web][Acceptable] - detected: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] - detected: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] - detected: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.119][51635] -> [..104.17.198.37][..443] [TLS.Cloudflare][Web][Acceptable] - detection-update: [.....5] [ip4][..tcp] [..192.168.1.119][51636] -> [..104.17.198.37][..443] [TLS.Cloudflare][Web][Acceptable] - detection-update: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] - detection-update: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] - detection-update: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....4] [ip4][..tcp] [..192.168.1.119][51635] -> [..104.17.198.37][..443] [TLS.Cloudflare][Web][Acceptable][951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net] + detected: [.....5] [ip4][..tcp] [..192.168.1.119][51636] -> [..104.17.198.37][..443] [TLS.Cloudflare][Web][Acceptable][951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net] + detected: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable][] + detected: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable][] + detected: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable][] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.119][51635] -> [..104.17.198.37][..443] [TLS.Cloudflare][Web][Acceptable][951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.119][51636] -> [..104.17.198.37][..443] [TLS.Cloudflare][Web][Acceptable][951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable][] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable][] + detection-update: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable][] analyse: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS.Cloudflare][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.144| 0.032| 0.043| 1852.691| 3.800] diff --git a/test/results/flow-info/ocs.pcap.out b/test/results/flow-info/ocs.pcap.out index b655c807b..23cc2b7ba 100644 --- a/test/results/flow-info/ocs.pcap.out +++ b/test/results/flow-info/ocs.pcap.out @@ -3,34 +3,34 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.180.2][47699] -> [.64.233.184.188][.5228] new: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] - detected: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] [DNS.OCS][Media][Fun] + detected: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] [DNS.OCS][Media][Fun][ocu03.labgency.ws] new: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] - detected: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] [DNS.Crashlytics][DataTransfer][Acceptable] + detected: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] [DNS.Crashlytics][DataTransfer][Acceptable][settings.crashlytics.com] new: [.....4] [ip4][..udp] [..192.168.180.2][.1291] -> [........8.8.8.8][...53] - detected: [.....4] [ip4][..udp] [..192.168.180.2][.1291] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + detected: [.....4] [ip4][..udp] [..192.168.180.2][.1291] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][api.eu01.capptain.com] new: [.....5] [ip4][..tcp] [..192.168.180.2][48250] -> [.178.248.208.54][...80] new: [.....6] [ip4][..tcp] [..192.168.180.2][39263] -> [..23.21.230.199][..443] new: [.....7] [ip4][..tcp] [..192.168.180.2][53356] -> [137.135.129.206][...80] - detected: [.....5] [ip4][..tcp] [..192.168.180.2][48250] -> [.178.248.208.54][...80] [HTTP.OCS][Media][Fun] - detected: [.....7] [ip4][..tcp] [..192.168.180.2][53356] -> [137.135.129.206][...80] [HTTP.Azure][Cloud][Acceptable] + detected: [.....5] [ip4][..tcp] [..192.168.180.2][48250] -> [.178.248.208.54][...80] [HTTP.OCS][Media][Fun][ocu03.labgency.ws] + detected: [.....7] [ip4][..tcp] [..192.168.180.2][53356] -> [137.135.129.206][...80] [HTTP.Azure][Cloud][Acceptable][api.eu01.capptain.com] new: [.....8] [ip4][..tcp] [..192.168.180.2][44959] -> [137.135.129.206][...80] - detected: [.....8] [ip4][..tcp] [..192.168.180.2][44959] -> [137.135.129.206][...80] [HTTP.Azure][Cloud][Acceptable] + detected: [.....8] [ip4][..tcp] [..192.168.180.2][44959] -> [137.135.129.206][...80] [HTTP.Azure][Cloud][Acceptable][api.eu01.capptain.com] new: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] - detected: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] [DNS.PlayStore][SoftwareUpdate][Safe] + detected: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] [DNS.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] new: [....10] [ip4][..tcp] [..192.168.180.2][41223] -> [..216.58.208.46][..443] - detected: [....10] [ip4][..tcp] [..192.168.180.2][41223] -> [..216.58.208.46][..443] [TLS.Google][Web][Acceptable] + detected: [....10] [ip4][..tcp] [..192.168.180.2][41223] -> [..216.58.208.46][..443] [TLS.Google][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [.....6] [ip4][..tcp] [..192.168.180.2][39263] -> [..23.21.230.199][..443] [TLS.Crashlytics][DataTransfer][Acceptable] + detected: [.....6] [ip4][..tcp] [..192.168.180.2][39263] -> [..23.21.230.199][..443] [TLS.Crashlytics][DataTransfer][Acceptable][settings.crashlytics.com] RISK: Obsolete TLS (v1.1 or older) new: [....11] [ip4][..udp] [..192.168.180.2][.3621] -> [........8.8.8.8][...53] - detected: [....11] [ip4][..udp] [..192.168.180.2][.3621] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + detected: [....11] [ip4][..udp] [..192.168.180.2][.3621] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][xmpp.device06.eu01.capptain.com] new: [....12] [ip4][..tcp] [..192.168.180.2][46166] -> [.137.135.131.52][.5122] new: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] new: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] - detected: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] [DNS.OCS][Media][Fun] - detected: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] [HTTP.OCS][Media][Fun] + detected: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] [DNS.OCS][Media][Fun][ocs.labgency.ws] + detected: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] [HTTP.OCS][Media][Fun][ocu03.labgency.ws] new: [....15] [ip4][..tcp] [..192.168.180.2][36680] -> [.178.248.208.54][..443] - detected: [....15] [ip4][..tcp] [..192.168.180.2][36680] -> [.178.248.208.54][..443] [TLS.OCS][Media][Fun] + detected: [....15] [ip4][..tcp] [..192.168.180.2][36680] -> [.178.248.208.54][..443] [TLS.OCS][Media][Fun][ocs.labgency.ws] RISK: Obsolete TLS (v1.1 or older) analyse: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] [HTTP.OCS][Media][Fun] min| max| avg| stddev| variance| entropy @@ -43,12 +43,12 @@ [PKTLENS.....: 60,52,715,64,72,72,80,72,72,72,72,72,64,52,64,64,64,52,52,52,52,64,64,64,64,52,52,64,64,52,64,64] [ENTROPIES...: 4.5,5.1,6.0,5.1,5.2,5.2,5.2,5.2,5.3,5.2,5.2,5.2,5.2,5.1,5.2,5.2,5.1,5.2,5.1,5.1,5.0,5.1,5.2,5.1,5.2,5.1,5.2,5.2,5.2,5.0,5.1,5.1] new: [....16] [ip4][..tcp] [..192.168.180.2][32946] -> [.64.233.184.188][..443] - detected: [....16] [ip4][..tcp] [..192.168.180.2][32946] -> [.64.233.184.188][..443] [TLS.GoogleServices][Web][Acceptable] + detected: [....16] [ip4][..tcp] [..192.168.180.2][32946] -> [.64.233.184.188][..443] [TLS.GoogleServices][Web][Acceptable][mtalk.google.com] RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] - detected: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] [DNS.GoogleServices][Web][Acceptable] + detected: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] [DNS.GoogleServices][Web][Acceptable][play.googleapis.com] new: [....18] [ip4][..tcp] [..192.168.180.2][47803] -> [..64.233.166.95][..443] - detected: [....18] [ip4][..tcp] [..192.168.180.2][47803] -> [..64.233.166.95][..443] [TLS.Google][Web][Acceptable] + detected: [....18] [ip4][..tcp] [..192.168.180.2][47803] -> [..64.233.166.95][..443] [TLS.Google][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) update: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] update: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] @@ -57,9 +57,9 @@ update: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] update: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] new: [....19] [ip4][..udp] [..192.168.180.2][24245] -> [........8.8.8.8][...53] - detected: [....19] [ip4][..udp] [..192.168.180.2][24245] -> [........8.8.8.8][...53] [DNS.OCS][Media][Fun] + detected: [....19] [ip4][..udp] [..192.168.180.2][24245] -> [........8.8.8.8][...53] [DNS.OCS][Media][Fun][www.ocs.fr] new: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] - detected: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][Media][Fun] + detected: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][Media][Fun][www.ocs.fr] analyse: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.079| 0.027| 0.030| 875.550| 4.000] diff --git a/test/results/flow-info/ocsp.pcapng.out b/test/results/flow-info/ocsp.pcapng.out index e4392288b..b07021936 100644 --- a/test/results/flow-info/ocsp.pcapng.out +++ b/test/results/flow-info/ocsp.pcapng.out @@ -2,14 +2,14 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.227][49813] -> [.109.70.240.130][...80] - detected: [.....1] [ip4][..tcp] [..192.168.1.227][49813] -> [.109.70.240.130][...80] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.1.227][49813] -> [.109.70.240.130][...80] [HTTP][Web][Acceptable][ocsp07.actalis.it] DAEMON-EVENT: [Processed: 23 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] - detected: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Cloud][Safe] + detected: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Cloud][Safe][ocsp.pki.goog] end: [.....1] [ip4][..tcp] [..192.168.1.227][49813] -> [.109.70.240.130][...80] [HTTP][Web][Acceptable] new: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] - detected: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Network][Safe] + detected: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Network][Safe][r3.o.lencr.org] analyse: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.003| 10.243| 7.530| 4.272| 18250505.126| 4.500] @@ -31,15 +31,15 @@ [PKTLENS.....: 112,112,104,490,104,993,104,490,104,993,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104] [ENTROPIES...: 3.9,4.2,4.1,6.3,4.3,7.0,4.4,6.3,4.4,7.0,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.3,4.4,4.3,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.3] new: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] - detected: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] + detected: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe][geant.ocsp.sectigo.com] new: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] - detected: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] + detected: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe][ocsp.usertrust.com] end: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Network][Safe] end: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Cloud][Safe] DAEMON-EVENT: [Processed: 157 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] - detected: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Network][Safe] + detected: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Network][Safe][ocsp.digicert.com] end: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] end: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Network][Safe] analyse: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Network][Safe] @@ -55,9 +55,9 @@ DAEMON-EVENT: [Processed: 207 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] - detected: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][Network][Safe] + detected: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][Network][Safe][ocsp.sca1b.amazontrust.com] new: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] - detected: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Network][Safe] + detected: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Network][Safe][ocsp.globalsign.com] end: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Network][Safe] analyse: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Network][Safe] min| max| avg| stddev| variance| entropy @@ -82,11 +82,11 @@ DAEMON-EVENT: [Processed: 274 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] - detected: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Network][Safe] + detected: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Network][Safe][ocsp09.actalis.it] end: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Network][Safe] end: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][Network][Safe] new: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] - detected: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Network][Safe] + detected: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Network][Safe][ocsp.entrust.net] end: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Network][Safe] analyse: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Network][Safe] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/ookla.pcap.out b/test/results/flow-info/ookla.pcap.out index ab9aa8c5e..5431d151a 100644 --- a/test/results/flow-info/ookla.pcap.out +++ b/test/results/flow-info/ookla.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] - detected: [.....1] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Network][Safe] + detected: [.....1] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Network][Safe][] new: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] detected: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Network][Safe] analyse: [.....2] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Network][Safe] diff --git a/test/results/flow-info/os_detected.pcapng.out b/test/results/flow-info/os_detected.pcapng.out index b4425f1bf..1e93671f7 100644 --- a/test/results/flow-info/os_detected.pcapng.out +++ b/test/results/flow-info/os_detected.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] - detected: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] [QUIC.Google][Web][Acceptable] + detected: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] [QUIC.Google][Web][Acceptable][] RISK: Missing SNI TLS Extn idle: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] [QUIC.Google][Web][Acceptable] RISK: Missing SNI TLS Extn diff --git a/test/results/flow-info/pinterest.pcap.out b/test/results/flow-info/pinterest.pcap.out index 50fd28000..e6360ceb7 100644 --- a/test/results/flow-info/pinterest.pcap.out +++ b/test/results/flow-info/pinterest.pcap.out @@ -4,9 +4,9 @@ new: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33164] -> [.....................64:ff9b::9765:7854][..443] [MIDSTREAM] new: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] [MIDSTREAM] new: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] - detected: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] + detected: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun][www.pinterest.fr] + detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun][www.pinterest.fr] + detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun][www.pinterest.fr] analyse: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.172| 0.014| 0.033| 1083.758| 2.700] @@ -17,31 +17,31 @@ [IATS(ms)....: 17.6,17.7,0.5,40.0,1.7,0.0,0.0,41.2,0.0,0.0,0.2,0.0,0.2,0.0,0.0,7.0,0.3,0.4,41.6,0.0,0.0,33.9,0.5,0.0,0.5,0.2,42.0,172.4,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1120,1120,1120,72,72,72,1120,1120,154,72,72,72,165,171,437,72,72,330,72,138,72,72,110,72,1120,1120,549] [ENTROPIES...: 4.8,5.2,5.2,4.5,5.0,6.8,4.5,6.6,5.2,5.2,5.3,7.1,7.6,6.3,5.2,5.2,5.1,6.1,6.4,7.4,5.1,5.0,7.1,5.3,6.2,5.1,5.2,5.6,5.1,7.8,7.8,7.6] - detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] + detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun][www.pinterest.fr] new: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] new: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38514] -> [.......................2a04:4e42:1d::84][..443] new: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38516] -> [.......................2a04:4e42:1d::84][..443] new: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38518] -> [.......................2a04:4e42:1d::84][..443] new: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38520] -> [.......................2a04:4e42:1d::84][..443] new: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38522] -> [.......................2a04:4e42:1d::84][..443] - detected: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detected: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38518] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detected: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38516] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detected: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38514] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detected: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38522] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detected: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38520] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38518] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38518] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38516] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38522] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38522] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38514] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38516] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38514] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38520] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38520] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] + detected: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detected: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38518] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detected: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38516] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detected: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38514] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detected: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38522] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detected: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38520] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38518] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38518] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38516] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38522] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38522] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38514] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38516] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38514] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38520] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] + detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38520] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][s.pinimg.com] new: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33156] -> [.....................64:ff9b::9765:7854][..443] [MIDSTREAM] new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] [MIDSTREAM] new: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][34626] -> [.....................64:ff9b::acd9:13e2][..443] [MIDSTREAM] @@ -56,13 +56,13 @@ [PKTLENS.....: 80,80,72,589,72,1460,1460,1460,1230,72,72,72,72,165,171,363,383,350,1026,328,72,72,72,330,72,138,72,72,72,110,1460,72] [ENTROPIES...: 4.6,5.1,5.1,4.4,4.9,6.4,5.2,7.3,7.6,5.1,5.0,5.1,5.1,6.0,6.2,7.2,7.1,6.9,7.4,6.9,4.9,4.9,4.9,7.1,5.1,6.1,4.9,5.0,5.1,5.6,7.9,5.1] new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] - detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe] + detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe][sessions.bugsnag.com] new: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] - detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe] - detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Web][Acceptable] + detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe][sessions.bugsnag.com] + detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Web][Acceptable][www.google.com] new: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] - detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Web][Acceptable] - detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] + detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Web][Acceptable][www.google.com] + detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun][accounts.pinterest.com] analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.009| 0.014| 199.945| 3.400] @@ -73,8 +73,8 @@ [IATS(ms)....: 26.0,26.0,0.2,34.5,9.5,43.8,0.0,0.1,0.0,2.4,0.1,0.1,39.2,0.0,0.2,0.3,37.1,0.3,3.1,2.9,7.2,0.0,7.1,0.0,0.0,0.7,0.6,0.6,26.3] [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,289,72,136,164,395,72,72,72,652,72,103,103,72,493,818,267,72,72,72,111,72,111,72] [ENTROPIES...: 4.8,5.3,5.2,4.5,5.1,7.8,7.8,5.3,5.3,7.1,5.3,6.2,6.6,7.4,5.1,5.1,5.1,7.7,5.2,5.8,5.8,5.2,7.5,7.8,7.0,5.2,5.3,5.3,5.9,5.3,5.9,5.1] - detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] + detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun][accounts.pinterest.com] + detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun][accounts.pinterest.com] new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy @@ -86,9 +86,9 @@ [IATS(ms)....: 23.5,23.5,0.2,32.3,1.9,0.0,34.0,0.0,0.0,0.3,0.2,0.0,1.7,0.1,0.1,35.1,5.7,3.7,0.0,42.6,0.0,0.1,39.2,93.6,132.7,1.2,0.1,0.1] [PKTLENS.....: 80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571] [ENTROPIES...: 4.7,5.1,5.0,4.5,4.9,7.8,7.8,7.8,5.0,5.0,5.0,7.8,6.6,5.0,5.0,6.1,6.3,7.4,4.9,4.8,7.6,5.5,4.9,5.1,5.1,5.7,4.8,7.2,5.0,5.9,6.8,7.6] - detected: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Web][Safe] - detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Web][Safe] - detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Media][Safe] + detected: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Web][Safe][images.unsplash.com] + detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Web][Safe][images.unsplash.com] + detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Media][Safe][images.unsplash.com] analyse: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.090| 0.016| 0.023| 544.707| 3.300] @@ -99,7 +99,7 @@ [IATS(ms)....: 39.8,39.9,0.4,39.9,1.9,0.0,41.3,0.0,0.1,0.0,0.0,0.6,0.6,0.0,2.9,2.6,0.6,39.8,0.1,1.1,1.9,36.8,0.0,0.2,49.7,40.1,89.6] [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72] [ENTROPIES...: 4.8,5.1,5.1,4.6,5.0,6.8,4.4,5.2,5.1,6.6,7.1,5.2,5.2,7.6,6.2,5.2,5.2,6.1,6.3,7.3,5.0,5.0,5.0,7.0,6.2,5.2,5.2,5.6,5.0,7.5,6.9,5.2] - detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun] + detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][SocialNetwork][Fun][accounts.pinterest.com] analyse: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.050| 0.009| 0.016| 268.348| 2.900] @@ -110,16 +110,16 @@ [IATS(ms)....: 50.3,50.3,0.2,31.7,3.1,34.6,0.0,0.7,0.7,1.2,0.0,1.2,0.0,2.6,0.1,0.2,32.3,0.0,29.5,0.0,0.5,0.0,0.5,0.0,0.0,0.6] [PKTLENS.....: 80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460] [ENTROPIES...: 4.7,5.1,5.1,4.5,5.0,6.7,4.9,5.1,5.1,7.4,5.1,7.3,7.6,5.1,5.2,5.9,6.3,7.4,5.0,5.0,5.0,7.1,6.2,5.2,5.1,7.9,7.9,7.9,5.1,5.1,5.1,7.8] - detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Media][Safe] + detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Media][Safe][images.unsplash.com] new: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] - detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Web][Acceptable] + detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Web][Acceptable][www.gstatic.com] new: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] - detected: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Web][Acceptable] + detected: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Web][Acceptable][apis.google.com] new: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] - detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Web][Acceptable] - detected: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][SocialNetwork][Fun] - detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Web][Acceptable] - detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][SocialNetwork][Fun] + detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Web][Acceptable][www.gstatic.com] + detected: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][SocialNetwork][Fun][connect.facebook.net] + detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Web][Acceptable][apis.google.com] + detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][SocialNetwork][Fun][connect.facebook.net] analyse: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.077| 0.017| 0.027| 751.406| 2.800] @@ -151,11 +151,11 @@ [PKTLENS.....: 80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199] [ENTROPIES...: 5.1,5.4,5.4,4.6,5.3,7.8,7.8,5.5,5.5,6.2,6.5,7.3,7.3,5.3,5.2,5.3,7.0,6.4,5.9,7.6,5.4,5.4,5.4,5.4,7.5,7.9,6.1,5.4,5.4,5.4,5.9,6.7] new: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] - detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][SocialNetwork][Fun] + detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][SocialNetwork][Fun][www.facebook.com] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] - detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][SocialNetwork][Fun] - detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Web][Acceptable] - detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Web][Acceptable] + detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][SocialNetwork][Fun][www.facebook.com] + detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Web][Acceptable][content-autofill.googleapis.com] + detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Web][Acceptable][content-autofill.googleapis.com] new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [MIDSTREAM] detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Web][Safe] analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Web][Safe] @@ -169,8 +169,8 @@ [PKTLENS.....: 230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280] [ENTROPIES...: 6.9,6.7,5.1,5.1,7.0,7.9,5.2,7.8,7.8,7.8,7.8,5.1,5.1,7.8,7.8,5.2,7.9,7.8,7.8,7.9,5.2,5.2,7.8,7.8,6.9,5.8,6.7,5.1,7.8,7.8,7.8,7.8] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] - detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable] - detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable] + detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable][accounts.google.com] + detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Web][Acceptable][accounts.google.com] analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.486| 0.068| 0.273| 74793.992| 1.600] @@ -214,11 +214,11 @@ new: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40560] -> [...............2a00:1450:4007:816::2004][..443] [MIDSTREAM] new: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] - detected: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] - detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Advertisement][Acceptable] + detected: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][assets.pinterest.com] + detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Advertisement][Acceptable][www.google-analytics.com] + detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][assets.pinterest.com] + detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][assets.pinterest.com] + detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Advertisement][Acceptable][www.google-analytics.com] analyse: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.157| 0.019| 0.038| 1426.179| 2.700] @@ -239,11 +239,11 @@ [IATS(ms)....: 46.5,46.6,0.4,49.8,3.6,52.9,0.0,1.3,0.0,1.3,0.0,2.4,0.3,0.5,109.0,0.0,0.0,105.9,0.0,0.0,6.5,35.8,111.1,136.0,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460] [ENTROPIES...: 4.7,5.1,5.1,4.5,5.0,6.4,5.2,5.2,5.2,7.3,7.6,5.2,5.1,6.1,6.3,7.2,5.0,5.0,7.1,6.1,4.9,7.5,5.2,5.1,5.2,5.6,5.0,6.7,5.0,7.9,7.8,7.8] - detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun] + detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][SocialNetwork][Fun][assets.pinterest.com] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] - detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Web][Safe] - detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Web][Safe] - detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Media][Safe] + detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Web][Safe][js-agent.newrelic.com] + detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Web][Safe][js-agent.newrelic.com] + detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Media][Safe][js-agent.newrelic.com] analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.045| 0.007| 0.012| 147.627| 3.200] @@ -254,7 +254,7 @@ [IATS(ms)....: 21.0,21.0,0.5,37.1,8.9,0.0,45.5,0.0,2.0,0.0,0.0,0.0,2.0,0.0,0.0,0.0,0.1,0.0,7.8,0.5,0.4,31.0,0.0,0.4,0.0,22.8,0.0,0.4,8.3,2.6,0.0] [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120] [ENTROPIES...: 4.8,5.1,5.2,4.5,5.1,6.9,5.1,5.2,5.2,6.7,7.2,7.3,7.6,5.2,5.1,5.2,5.2,5.6,5.2,6.0,6.4,7.1,5.1,5.1,7.0,6.2,5.2,5.2,5.7,5.0,7.8,7.8] - detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Media][Safe] + detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS][Media][Safe][js-agent.newrelic.com] guessed: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] [TLS][Web][Safe] idle: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] idle: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/pluralsight.pcap.out b/test/results/flow-info/pluralsight.pcap.out index a7d33340b..744043b76 100644 --- a/test/results/flow-info/pluralsight.pcap.out +++ b/test/results/flow-info/pluralsight.pcap.out @@ -2,27 +2,27 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][Streaming][Fun] + detected: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][Streaming][Fun][pluralsight.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][Streaming][Fun][pluralsight.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][Streaming][Fun][pluralsight.com] new: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] new: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] - detected: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun] - detected: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun] + detected: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun][pluralsight2.imgix.net] + detected: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun][pluralsight.imgix.net] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun][pluralsight2.imgix.net] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun][pluralsight2.imgix.net] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun][pluralsight.imgix.net] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Streaming][Fun][pluralsight.imgix.net] new: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] - detected: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][Streaming][Fun] + detected: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][Streaming][Fun][stt.pluralsight.com] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][Streaming][Fun][stt.pluralsight.com] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][Streaming][Fun][stt.pluralsight.com] new: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] - detected: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] [TLS.Pluralsight][Streaming][Fun] + detected: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] [TLS.Pluralsight][Streaming][Fun][www.pluralsight.com] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] [TLS.Pluralsight][Streaming][Fun][www.pluralsight.com] new: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] - detected: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Streaming][Fun] - detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Streaming][Fun] + detected: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Streaming][Fun][zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Streaming][Fun][zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com] idle: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] idle: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] idle: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] diff --git a/test/results/flow-info/pps.pcap.out b/test/results/flow-info/pps.pcap.out index acb20cf1e..0bf74e912 100644 --- a/test/results/flow-info/pps.pcap.out +++ b/test/results/flow-info/pps.pcap.out @@ -93,98 +93,98 @@ [ENTROPIES...: 5.3,5.3,7.8,5.3,5.3,5.3,5.3,7.8,5.2,5.2,7.8,5.0,5.0,5.1,5.1,7.8,5.2,5.2,7.7,5.1,5.1,5.1,5.1,7.8,5.1,5.1,5.1,5.1,7.8,5.1,5.1,4.9] not-detected: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] [Unknown][Unrated] new: [....37] [ip4][..tcp] [..192.168.115.8][50463] -> [.101.227.200.11][...80] [MIDSTREAM] - detected: [....37] [ip4][..tcp] [..192.168.115.8][50463] -> [.101.227.200.11][...80] [HTTP.PPStream][Streaming][Fun] + detected: [....37] [ip4][..tcp] [..192.168.115.8][50463] -> [.101.227.200.11][...80] [HTTP.PPStream][Streaming][Fun][api.cupid.iqiyi.com] new: [....38] [ip4][..tcp] [..192.168.115.8][50464] -> [.123.125.112.49][...80] [MIDSTREAM] - detected: [....38] [ip4][..tcp] [..192.168.115.8][50464] -> [.123.125.112.49][...80] [HTTP][Web][Acceptable] + detected: [....38] [ip4][..tcp] [..192.168.115.8][50464] -> [.123.125.112.49][...80] [HTTP][Web][Acceptable][click.hm.baidu.com] new: [....39] [ip4][..tcp] [..192.168.115.8][50466] -> [..203.66.182.24][...80] [MIDSTREAM] - detected: [....39] [ip4][..tcp] [..192.168.115.8][50466] -> [..203.66.182.24][...80] [HTTP.Google][Web][Acceptable] + detected: [....39] [ip4][..tcp] [..192.168.115.8][50466] -> [..203.66.182.24][...80] [HTTP.Google][Web][Acceptable][clients1.google.com] new: [....40] [ip4][..tcp] [..192.168.115.8][50467] -> [.202.108.14.219][...80] [MIDSTREAM] - detected: [....40] [ip4][..tcp] [..192.168.115.8][50467] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] + detected: [....40] [ip4][..tcp] [..192.168.115.8][50467] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....41] [ip4][..tcp] [..192.168.115.8][50469] -> [.202.108.14.219][...80] [MIDSTREAM] - detected: [....41] [ip4][..tcp] [..192.168.115.8][50469] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] + detected: [....41] [ip4][..tcp] [..192.168.115.8][50469] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....42] [ip4][..tcp] [..192.168.115.8][50470] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....42] [ip4][..tcp] [..192.168.115.8][50470] -> [.202.108.14.236][...80] [HTTP.PPStream][Streaming][Fun] + detected: [....42] [ip4][..tcp] [..192.168.115.8][50470] -> [.202.108.14.236][...80] [HTTP.PPStream][Streaming][Fun][msg.iqiyi.com] new: [....43] [ip4][..tcp] [..192.168.115.8][50471] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....43] [ip4][..tcp] [..192.168.115.8][50471] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] + detected: [....43] [ip4][..tcp] [..192.168.115.8][50471] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....44] [ip4][..tcp] [..192.168.115.8][50474] -> [.202.108.14.221][...80] [MIDSTREAM] - detected: [....44] [ip4][..tcp] [..192.168.115.8][50474] -> [.202.108.14.221][...80] [HTTP.PPStream][Streaming][Fun] + detected: [....44] [ip4][..tcp] [..192.168.115.8][50474] -> [.202.108.14.221][...80] [HTTP.PPStream][Streaming][Fun][msg.iqiyi.com] new: [....45] [ip4][..tcp] [..192.168.115.8][50475] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....45] [ip4][..tcp] [..192.168.115.8][50475] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] + detected: [....45] [ip4][..tcp] [..192.168.115.8][50475] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....46] [ip4][..tcp] [..192.168.115.8][50473] -> [.202.108.14.219][...80] [MIDSTREAM] - detected: [....46] [ip4][..tcp] [..192.168.115.8][50473] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] + detected: [....46] [ip4][..tcp] [..192.168.115.8][50473] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....47] [ip4][..tcp] [..192.168.115.8][50476] -> [..101.227.32.39][...80] [MIDSTREAM] - detected: [....47] [ip4][..tcp] [..192.168.115.8][50476] -> [..101.227.32.39][...80] [HTTP.PPStream][Streaming][Fun] + detected: [....47] [ip4][..tcp] [..192.168.115.8][50476] -> [..101.227.32.39][...80] [HTTP.PPStream][Streaming][Fun][cache.video.iqiyi.com] new: [....48] [ip4][..tcp] [..192.168.115.8][50477] -> [.202.108.14.219][...80] [MIDSTREAM] - detected: [....48] [ip4][..tcp] [..192.168.115.8][50477] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] + detected: [....48] [ip4][..tcp] [..192.168.115.8][50477] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....49] [ip4][..tcp] [..117.79.81.135][...80] -> [..192.168.115.8][50443] [MIDSTREAM] - detected: [....49] [ip4][..tcp] [..117.79.81.135][...80] -> [..192.168.115.8][50443] [HTTP][Web][Acceptable] + detected: [....49] [ip4][..tcp] [..117.79.81.135][...80] -> [..192.168.115.8][50443] [HTTP][Web][Acceptable][] new: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [MIDSTREAM] - detected: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [HTTP][Web][Acceptable] + detected: [....50] [ip4][..tcp] [..192.168.115.8][50482] -> [.140.205.243.64][...80] [HTTP][Web][Acceptable][cmc.tanx.com] new: [....51] [ip4][..tcp] [..192.168.115.8][50483] -> [.202.108.14.219][...80] [MIDSTREAM] - detected: [....51] [ip4][..tcp] [..192.168.115.8][50483] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] + detected: [....51] [ip4][..tcp] [..192.168.115.8][50483] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....52] [ip4][..tcp] [..192.168.115.8][50484] -> [.202.108.14.219][...80] [MIDSTREAM] - detected: [....52] [ip4][..tcp] [..192.168.115.8][50484] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] + detected: [....52] [ip4][..tcp] [..192.168.115.8][50484] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....53] [ip4][..tcp] [..192.168.115.8][50485] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....53] [ip4][..tcp] [..192.168.115.8][50485] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] + detected: [....53] [ip4][..tcp] [..192.168.115.8][50485] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [MIDSTREAM] - detected: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [HTTP.Cybersec][Cybersecurity][Safe] + detected: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [HTTP.Cybersec][Cybersecurity][Safe][bcu.ff.avast.com] RISK: HTTP Suspicious User-Agent new: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] - detected: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....56] [ip4][..tcp] [..192.168.115.8][50487] -> [.202.108.14.219][...80] [MIDSTREAM] - detected: [....56] [ip4][..tcp] [..192.168.115.8][50487] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] + detected: [....56] [ip4][..tcp] [..192.168.115.8][50487] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....57] [ip4][..tcp] [..192.168.115.8][50488] -> [..223.26.106.20][...80] [MIDSTREAM] - detected: [....57] [ip4][..tcp] [..192.168.115.8][50488] -> [..223.26.106.20][...80] [HTTP][Web][Acceptable] + detected: [....57] [ip4][..tcp] [..192.168.115.8][50488] -> [..223.26.106.20][...80] [HTTP][Web][Acceptable][meta.video.qiyi.com] new: [....58] [ip4][..tcp] [..192.168.115.8][50489] -> [.119.188.13.188][...80] [MIDSTREAM] - detected: [....58] [ip4][..tcp] [..192.168.115.8][50489] -> [.119.188.13.188][...80] [HTTP][Web][Acceptable] + detected: [....58] [ip4][..tcp] [..192.168.115.8][50489] -> [.119.188.13.188][...80] [HTTP][Web][Acceptable][pdata.video.qiyi.com] new: [....59] [ip4][..tcp] [..192.168.115.8][50490] -> [.119.188.13.188][...80] [MIDSTREAM] - detected: [....59] [ip4][..tcp] [..192.168.115.8][50490] -> [.119.188.13.188][...80] [HTTP][Web][Acceptable] + detected: [....59] [ip4][..tcp] [..192.168.115.8][50490] -> [.119.188.13.188][...80] [HTTP][Web][Acceptable][pdata.video.qiyi.com] new: [....60] [ip4][..tcp] [..192.168.115.8][50491] -> [..223.26.106.66][...80] [MIDSTREAM] - detected: [....60] [ip4][..tcp] [..192.168.115.8][50491] -> [..223.26.106.66][...80] [HTTP][Web][Acceptable] + detected: [....60] [ip4][..tcp] [..192.168.115.8][50491] -> [..223.26.106.66][...80] [HTTP][Web][Acceptable][223.26.106.66] RISK: HTTP Numeric IP Address - detection-update: [....60] [ip4][..tcp] [..192.168.115.8][50491] -> [..223.26.106.66][...80] [HTTP][Web][Acceptable] + detection-update: [....60] [ip4][..tcp] [..192.168.115.8][50491] -> [..223.26.106.66][...80] [HTTP][Web][Acceptable][223.26.106.66] RISK: HTTP Numeric IP Address new: [....61] [ip4][..tcp] [..192.168.115.8][50492] -> [...111.206.13.3][...80] [MIDSTREAM] - detected: [....61] [ip4][..tcp] [..192.168.115.8][50492] -> [...111.206.13.3][...80] [HTTP][Web][Acceptable] + detected: [....61] [ip4][..tcp] [..192.168.115.8][50492] -> [...111.206.13.3][...80] [HTTP][Web][Acceptable][pdata.video.qiyi.com] new: [....62] [ip4][..tcp] [..192.168.115.8][50493] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....62] [ip4][..tcp] [..192.168.115.8][50493] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] + detected: [....62] [ip4][..tcp] [..192.168.115.8][50493] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....63] [ip4][..tcp] [..192.168.115.8][50494] -> [..223.26.106.66][...80] [MIDSTREAM] - detected: [....63] [ip4][..tcp] [..192.168.115.8][50494] -> [..223.26.106.66][...80] [HTTP][Web][Acceptable] + detected: [....63] [ip4][..tcp] [..192.168.115.8][50494] -> [..223.26.106.66][...80] [HTTP][Web][Acceptable][223.26.106.66] RISK: HTTP Numeric IP Address new: [....64] [ip4][..tcp] [...192.168.5.15][65127] -> [.68.233.253.133][...80] [MIDSTREAM] - detected: [....64] [ip4][..tcp] [...192.168.5.15][65127] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable] + detected: [....64] [ip4][..tcp] [...192.168.5.15][65127] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable][api.magicansoft.com] new: [....65] [ip4][..udp] [...192.168.5.48][63930] -> [239.255.255.250][.1900] - detected: [....65] [ip4][..udp] [...192.168.5.48][63930] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....65] [ip4][..udp] [...192.168.5.48][63930] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....66] [ip4][..tcp] [..192.168.115.8][50495] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....66] [ip4][..tcp] [..192.168.115.8][50495] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] + detected: [....66] [ip4][..tcp] [..192.168.115.8][50495] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....67] [ip4][..tcp] [..192.168.115.8][50496] -> [.101.227.200.11][...80] [MIDSTREAM] - detected: [....67] [ip4][..tcp] [..192.168.115.8][50496] -> [.101.227.200.11][...80] [HTTP.PPStream][Streaming][Fun] + detected: [....67] [ip4][..tcp] [..192.168.115.8][50496] -> [.101.227.200.11][...80] [HTTP.PPStream][Streaming][Fun][api.cupid.iqiyi.com] new: [....68] [ip4][..tcp] [..192.168.115.8][50497] -> [.123.125.112.49][...80] [MIDSTREAM] - detected: [....68] [ip4][..tcp] [..192.168.115.8][50497] -> [.123.125.112.49][...80] [HTTP][Web][Acceptable] + detected: [....68] [ip4][..tcp] [..192.168.115.8][50497] -> [.123.125.112.49][...80] [HTTP][Web][Acceptable][click.hm.baidu.com] new: [....69] [ip4][..udp] [...192.168.5.63][39383] -> [239.255.255.250][.1900] - detected: [....69] [ip4][..udp] [...192.168.5.63][39383] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....69] [ip4][..udp] [...192.168.5.63][39383] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....70] [ip4][..udp] [...192.168.5.63][60976] -> [239.255.255.250][.1900] - detected: [....70] [ip4][..udp] [...192.168.5.63][60976] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....70] [ip4][..udp] [...192.168.5.63][60976] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....71] [ip4][..tcp] [..192.168.115.8][50498] -> [..36.110.220.15][...80] [MIDSTREAM] - detected: [....71] [ip4][..tcp] [..192.168.115.8][50498] -> [..36.110.220.15][...80] [HTTP][Web][Acceptable] + detected: [....71] [ip4][..tcp] [..192.168.115.8][50498] -> [..36.110.220.15][...80] [HTTP][Web][Acceptable][msg.video.qiyi.com] new: [....72] [ip4][..tcp] [..192.168.115.8][50499] -> [..111.206.22.76][...80] [MIDSTREAM] - detected: [....72] [ip4][..tcp] [..192.168.115.8][50499] -> [..111.206.22.76][...80] [HTTP.PPStream][Streaming][Fun] + detected: [....72] [ip4][..tcp] [..192.168.115.8][50499] -> [..111.206.22.76][...80] [HTTP.PPStream][Streaming][Fun][msg.iqiyi.com] new: [....73] [ip4][..tcp] [..192.168.115.8][50500] -> [..23.41.133.163][...80] [MIDSTREAM] - detected: [....73] [ip4][..tcp] [..192.168.115.8][50500] -> [..23.41.133.163][...80] [HTTP][Web][Acceptable] + detected: [....73] [ip4][..tcp] [..192.168.115.8][50500] -> [..23.41.133.163][...80] [HTTP][Web][Acceptable][s1.symcb.com] new: [....74] [ip4][..tcp] [..192.168.115.8][50501] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....74] [ip4][..tcp] [..192.168.115.8][50501] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] + detected: [....74] [ip4][..tcp] [..192.168.115.8][50501] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....75] [ip4][..udp] [...192.168.5.38][58897] -> [239.255.255.250][.1900] - detected: [....75] [ip4][..udp] [...192.168.5.38][58897] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....75] [ip4][..udp] [...192.168.5.38][58897] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....76] [ip4][..tcp] [..192.168.115.8][50502] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....76] [ip4][..tcp] [..192.168.115.8][50502] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] + detected: [....76] [ip4][..tcp] [..192.168.115.8][50502] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....77] [ip4][..udp] [...192.168.5.50][52529] -> [239.255.255.250][.1900] - detected: [....77] [ip4][..udp] [...192.168.5.50][52529] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....77] [ip4][..udp] [...192.168.5.50][52529] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....78] [ip4][..tcp] [...192.168.5.15][65128] -> [.68.233.253.133][...80] [MIDSTREAM] - detected: [....78] [ip4][..tcp] [...192.168.5.15][65128] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable] + detected: [....78] [ip4][..tcp] [...192.168.5.15][65128] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable][api.magicansoft.com] new: [....79] [ip4][..tcp] [..192.168.115.8][50503] -> [.202.108.14.219][...80] [MIDSTREAM] - detected: [....79] [ip4][..tcp] [..192.168.115.8][50503] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] + detected: [....79] [ip4][..tcp] [..192.168.115.8][50503] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....80] [ip4][..udp] [...192.168.5.28][60023] -> [239.255.255.250][.1900] - detected: [....80] [ip4][..udp] [...192.168.5.28][60023] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....80] [ip4][..udp] [...192.168.5.28][60023] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] update: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133] update: [....25] [ip4][..udp] [..192.168.115.8][22793] -> [.115.157.62.243][29006] update: [....13] [ip4][..udp] [..192.168.115.8][22793] -> [.111.250.102.66][.1107] @@ -220,9 +220,9 @@ update: [.....5] [ip4][..udp] [..192.168.115.8][22793] -> [...202.198.7.89][16039] update: [....15] [ip4][..udp] [..192.168.115.8][22793] -> [..36.237.154.69][.4316] new: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [MIDSTREAM] - detected: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable] + detected: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable][static.qiyi.com] new: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] + detected: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable][msg.71.am] analyse: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.036| 0.003| 0.009| 84.840| 1.800] @@ -234,45 +234,45 @@ [PKTLENS.....: 184,552,188,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300] [ENTROPIES...: 5.6,5.7,5.6,4.4,0.3,0.3,3.7,6.1,5.9,6.1,6.0,6.2,6.1,6.0,6.1,5.9,6.3,6.2,6.3,6.4,5.8,6.2,6.0,6.1,6.1,6.4,6.3,6.0,6.1,6.0,6.4,6.3] new: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900] - detected: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....84] [ip4][..udp] [...192.168.5.41][50374] -> [239.255.255.250][.1900] - detected: [....84] [ip4][..udp] [...192.168.5.41][50374] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....84] [ip4][..udp] [...192.168.5.41][50374] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [MIDSTREAM] - detected: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable] + detected: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable][static.qiyi.com] new: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [MIDSTREAM] - detected: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [HTTP][Web][Acceptable] + detected: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [HTTP][Web][Acceptable][] new: [....87] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50295] [MIDSTREAM] - detected: [....87] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50295] [HTTP][Web][Acceptable] + detected: [....87] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50295] [HTTP][Web][Acceptable][] new: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [MIDSTREAM] - detected: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable] + detected: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable][static.qiyi.com] new: [....89] [ip4][..tcp] [..192.168.115.8][50509] -> [.106.38.219.107][...80] [MIDSTREAM] - detected: [....89] [ip4][..tcp] [..192.168.115.8][50509] -> [.106.38.219.107][...80] [HTTP][Web][Acceptable] + detected: [....89] [ip4][..tcp] [..192.168.115.8][50509] -> [.106.38.219.107][...80] [HTTP][Web][Acceptable][iplocation.geo.qiyi.com] new: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [MIDSTREAM] - detected: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [HTTP][Web][Acceptable] + detected: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [HTTP][Web][Acceptable][static.qiyi.com] new: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [MIDSTREAM] - detected: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [HTTP][Web][Acceptable] + detected: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [HTTP][Web][Acceptable][static.qiyi.com] new: [....92] [ip4][..tcp] [..192.168.115.8][50765] -> [..36.110.220.15][...80] [MIDSTREAM] - detected: [....92] [ip4][..tcp] [..192.168.115.8][50765] -> [..36.110.220.15][...80] [HTTP][Web][Acceptable] + detected: [....92] [ip4][..tcp] [..192.168.115.8][50765] -> [..36.110.220.15][...80] [HTTP][Web][Acceptable][msg.video.qiyi.com] new: [....93] [ip4][..tcp] [..192.168.115.8][50768] -> [..223.26.106.19][...80] [MIDSTREAM] - detected: [....93] [ip4][..tcp] [..192.168.115.8][50768] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable] + detected: [....93] [ip4][..tcp] [..192.168.115.8][50768] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable][static.qiyi.com] new: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [MIDSTREAM] - detected: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [HTTP.PPStream][Streaming][Fun] + detected: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [HTTP.PPStream][Streaming][Fun][api.cupid.iqiyi.com] new: [....95] [ip4][..tcp] [..192.168.115.8][50771] -> [.202.108.14.236][...80] [MIDSTREAM] - detected: [....95] [ip4][..tcp] [..192.168.115.8][50771] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] + detected: [....95] [ip4][..tcp] [..192.168.115.8][50771] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....96] [ip4][..tcp] [..192.168.115.8][50772] -> [.123.125.111.70][...80] [MIDSTREAM] - detected: [....96] [ip4][..tcp] [..192.168.115.8][50772] -> [.123.125.111.70][...80] [HTTP.PPStream][Streaming][Fun] + detected: [....96] [ip4][..tcp] [..192.168.115.8][50772] -> [.123.125.111.70][...80] [HTTP.PPStream][Streaming][Fun][nl.rcd.iqiyi.com] new: [....97] [ip4][..tcp] [..192.168.115.8][50773] -> [.202.108.14.221][...80] [MIDSTREAM] - detected: [....97] [ip4][..tcp] [..192.168.115.8][50773] -> [.202.108.14.221][...80] [HTTP][Streaming][Acceptable] + detected: [....97] [ip4][..tcp] [..192.168.115.8][50773] -> [.202.108.14.221][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [....98] [ip4][..tcp] [..192.168.115.8][50775] -> [.123.125.111.70][...80] [MIDSTREAM] - detected: [....98] [ip4][..tcp] [..192.168.115.8][50775] -> [.123.125.111.70][...80] [HTTP.PPStream][Streaming][Fun] + detected: [....98] [ip4][..tcp] [..192.168.115.8][50775] -> [.123.125.111.70][...80] [HTTP.PPStream][Streaming][Fun][nl.rcd.iqiyi.com] new: [....99] [ip4][..tcp] [..192.168.115.8][50774] -> [.202.108.14.219][...80] [MIDSTREAM] - detected: [....99] [ip4][..tcp] [..192.168.115.8][50774] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] + detected: [....99] [ip4][..tcp] [..192.168.115.8][50774] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable][msg.71.am] new: [...100] [ip4][..tcp] [..192.168.115.8][50776] -> [..111.206.22.77][...80] [MIDSTREAM] - detected: [...100] [ip4][..tcp] [..192.168.115.8][50776] -> [..111.206.22.77][...80] [HTTP.PPStream][Streaming][Fun] + detected: [...100] [ip4][..tcp] [..192.168.115.8][50776] -> [..111.206.22.77][...80] [HTTP.PPStream][Streaming][Fun][msg.iqiyi.com] new: [...101] [ip4][..tcp] [..192.168.115.8][50777] -> [..111.206.22.77][...80] [MIDSTREAM] - detected: [...101] [ip4][..tcp] [..192.168.115.8][50777] -> [..111.206.22.77][...80] [HTTP.PPStream][Streaming][Fun] + detected: [...101] [ip4][..tcp] [..192.168.115.8][50777] -> [..111.206.22.77][...80] [HTTP.PPStream][Streaming][Fun][msg.iqiyi.com] new: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [MIDSTREAM] - detected: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] + detected: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun][preimage1.qiyipic.com] analyse: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.061| 0.005| 0.014| 183.828| 1.800] @@ -284,11 +284,11 @@ [PKTLENS.....: 289,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300] [ENTROPIES...: 5.7,7.1,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.7,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8] new: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] - detected: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [...104] [ip4][..tcp] [..192.168.115.8][50779] -> [..111.206.22.77][...80] [MIDSTREAM] - detected: [...104] [ip4][..tcp] [..192.168.115.8][50779] -> [..111.206.22.77][...80] [HTTP.PPStream][Streaming][Fun] + detected: [...104] [ip4][..tcp] [..192.168.115.8][50779] -> [..111.206.22.77][...80] [HTTP.PPStream][Streaming][Fun][msg.iqiyi.com] new: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [MIDSTREAM] - detected: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] + detected: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun][preimage1.qiyipic.com] analyse: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.063| 0.006| 0.016| 268.635| 1.700] @@ -301,11 +301,11 @@ [ENTROPIES...: 5.7,7.1,7.8,7.8,7.8,7.8,7.8,7.7,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8] update: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [MIDSTREAM] - detected: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] + detected: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun][preimage1.qiyipic.com] new: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [MIDSTREAM] - detected: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP.AVAST][Download][Safe] + detected: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP.AVAST][Download][Safe][] RISK: Binary App Transfer - detection-update: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP.AVAST][Download][Safe] + detection-update: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP.AVAST][Download][Safe][] RISK: Binary App Transfer not-detected: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133] [Unknown][Unrated] idle: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133] @@ -315,7 +315,7 @@ idle: [....25] [ip4][..udp] [..192.168.115.8][22793] -> [.115.157.62.243][29006] not-detected: [....13] [ip4][..udp] [..192.168.115.8][22793] -> [.111.250.102.66][.1107] [Unknown][Unrated] idle: [....13] [ip4][..udp] [..192.168.115.8][22793] -> [.111.250.102.66][.1107] - guessed: [....10] [ip4][..tcp] [...192.168.5.15][65125] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable] + guessed: [....10] [ip4][..tcp] [...192.168.5.15][65125] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable][] end: [....10] [ip4][..tcp] [...192.168.5.15][65125] -> [.68.233.253.133][...80] idle: [....64] [ip4][..tcp] [...192.168.5.15][65127] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable] idle: [....78] [ip4][..tcp] [...192.168.5.15][65128] -> [.68.233.253.133][...80] [HTTP][Web][Acceptable] @@ -362,7 +362,7 @@ idle: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [HTTP.PPStream][Streaming][Fun] idle: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] [Unknown][Unrated] idle: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793] [Unknown][Unrated] - guessed: [.....9] [ip4][..tcp] [..192.168.115.8][50462] -> [.202.108.14.236][...80] [HTTP][Web][Acceptable] + guessed: [.....9] [ip4][..tcp] [..192.168.115.8][50462] -> [.202.108.14.236][...80] [HTTP][Web][Acceptable][] idle: [.....9] [ip4][..tcp] [..192.168.115.8][50462] -> [.202.108.14.236][...80] idle: [....40] [ip4][..tcp] [..192.168.115.8][50467] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] idle: [....41] [ip4][..tcp] [..192.168.115.8][50469] -> [.202.108.14.219][...80] [HTTP][Streaming][Acceptable] diff --git a/test/results/flow-info/psiphon3.pcap.out b/test/results/flow-info/psiphon3.pcap.out index 184e81107..244c111bb 100644 --- a/test/results/flow-info/psiphon3.pcap.out +++ b/test/results/flow-info/psiphon3.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] - detected: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Cloudflare][Web][Acceptable][] RISK: Missing SNI TLS Extn - detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Cloudflare][Web][Acceptable] + detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Cloudflare][Web][Acceptable][] RISK: Missing SNI TLS Extn - detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable] + detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable][] RISK: Missing SNI TLS Extn analyse: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] min| max| avg| stddev| variance| entropy @@ -18,7 +18,7 @@ [IATS(ms)....: 6.0,17.4,14.4,1.0,16.0,7.0,5.0,3.0,28.0,2.0,3.0,1.0,7.0,25.9,1.4,4.0,20.8,1.0,46.1,1.0] [PKTLENS.....: 60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048] [ENTROPIES...: 4.6,4.6,4.8,4.8,4.8,5.4,4.8,5.4,4.8,4.8,7.0,7.2,7.0,7.2,4.8,4.8,4.8,4.8,5.9,5.9,4.8,4.8,7.0,6.0,7.0,6.0,4.7,4.7,6.3,7.3,5.4,7.8] - detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable] + detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable][] RISK: Missing SNI TLS Extn end: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][VPN][Acceptable] RISK: Missing SNI TLS Extn diff --git a/test/results/flow-info/punycode-idn.pcap.out b/test/results/flow-info/punycode-idn.pcap.out index bab67ef7c..0aa247a37 100644 --- a/test/results/flow-info/punycode-idn.pcap.out +++ b/test/results/flow-info/punycode-idn.pcap.out @@ -2,13 +2,13 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] - detected: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS.Spotify][Music][Acceptable] - detection-update: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS.Spotify][Music][Acceptable] + detected: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS.Spotify][Music][Acceptable][i.scdn.co] + detection-update: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS.Spotify][Music][Acceptable][i.scdn.co] new: [.....2] [ip4][..udp] [..192.168.2.140][60156] -> [....192.168.2.1][...53] - detected: [.....2] [ip4][..udp] [..192.168.2.140][60156] -> [....192.168.2.1][...53] [DNS][Network][Acceptable] - detection-update: [.....2] [ip4][..udp] [..192.168.2.140][60156] -> [....192.168.2.1][...53] [DNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.2.140][60156] -> [....192.168.2.1][...53] [DNS][Network][Acceptable][www.xn--mnich-kva.com] + detection-update: [.....2] [ip4][..udp] [..192.168.2.140][60156] -> [....192.168.2.1][...53] [DNS][Network][Acceptable][www.xn--mnich-kva.com] new: [.....3] [ip4][..tcp] [..192.168.2.140][56011] -> [...170.33.9.230][...80] - detected: [.....3] [ip4][..tcp] [..192.168.2.140][56011] -> [...170.33.9.230][...80] [HTTP.Alibaba][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [..192.168.2.140][56011] -> [...170.33.9.230][...80] [HTTP.Alibaba][Web][Acceptable][www.love.xn--55qx5d] idle: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS.Spotify][Music][Acceptable] idle: [.....2] [ip4][..udp] [..192.168.2.140][60156] -> [....192.168.2.1][...53] end: [.....3] [ip4][..tcp] [..192.168.2.140][56011] -> [...170.33.9.230][...80] [HTTP.Alibaba][Web][Acceptable] diff --git a/test/results/flow-info/quic-23.pcap.out b/test/results/flow-info/quic-23.pcap.out index 4d91f8bff..99ea6b3c3 100644 --- a/test/results/flow-info/quic-23.pcap.out +++ b/test/results/flow-info/quic-23.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7][50339] -> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab][..443] - detected: [.....1] [ip6][..udp] [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7][50339] -> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab][..443] [QUIC][Web][Acceptable] + detected: [.....1] [ip6][..udp] [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7][50339] -> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab][..443] [QUIC][Web][Acceptable][quic.aiortc.org] idle: [.....1] [ip6][..udp] [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7][50339] -> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab][..443] [QUIC][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-24.pcap.out b/test/results/flow-info/quic-24.pcap.out index fe7a709a9..f449e90ed 100644 --- a/test/results/flow-info/quic-24.pcap.out +++ b/test/results/flow-info/quic-24.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.......10.9.0.1][41436] -> [.......10.9.0.2][..443] - detected: [.....1] [ip4][..udp] [.......10.9.0.1][41436] -> [.......10.9.0.2][..443] [QUIC][Web][Acceptable] + detected: [.....1] [ip4][..udp] [.......10.9.0.1][41436] -> [.......10.9.0.2][..443] [QUIC][Web][Acceptable][localhost] idle: [.....1] [ip4][..udp] [.......10.9.0.1][41436] -> [.......10.9.0.2][..443] [QUIC][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-27.pcap.out b/test/results/flow-info/quic-27.pcap.out index 01a08aa1d..b193e7ce9 100644 --- a/test/results/flow-info/quic-27.pcap.out +++ b/test/results/flow-info/quic-27.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [...3ef4:2194:f4a6:3503:40cd:714:57:c4e4][64229] -> [..............2f3d:64d1:9d59:549b::200e][..443] - detected: [.....1] [ip6][..udp] [...3ef4:2194:f4a6:3503:40cd:714:57:c4e4][64229] -> [..............2f3d:64d1:9d59:549b::200e][..443] [QUIC.Google][Web][Acceptable] + detected: [.....1] [ip6][..udp] [...3ef4:2194:f4a6:3503:40cd:714:57:c4e4][64229] -> [..............2f3d:64d1:9d59:549b::200e][..443] [QUIC.Google][Web][Acceptable][play.google.com] idle: [.....1] [ip6][..udp] [...3ef4:2194:f4a6:3503:40cd:714:57:c4e4][64229] -> [..............2f3d:64d1:9d59:549b::200e][..443] [QUIC.Google][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-28.pcap.out b/test/results/flow-info/quic-28.pcap.out index 12c31f6a8..a73050e4a 100644 --- a/test/results/flow-info/quic-28.pcap.out +++ b/test/results/flow-info/quic-28.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] - detected: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC.Cloudflare][Web][Acceptable] + detected: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC.Cloudflare][Web][Acceptable][www.wireshark.org] analyse: [.....1] [ip4][..udp] [.......10.9.0.2][60106] -> [..104.26.11.240][..443] [QUIC.Cloudflare][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.021| 0.006| 0.007| 51.479| 3.900] diff --git a/test/results/flow-info/quic-29.pcap.out b/test/results/flow-info/quic-29.pcap.out index 696de0e9e..bf7bb2cf0 100644 --- a/test/results/flow-info/quic-29.pcap.out +++ b/test/results/flow-info/quic-29.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.......10.9.0.1][36588] -> [.......10.9.0.2][..443] - detected: [.....1] [ip4][..udp] [.......10.9.0.1][36588] -> [.......10.9.0.2][..443] [QUIC][Web][Acceptable] + detected: [.....1] [ip4][..udp] [.......10.9.0.1][36588] -> [.......10.9.0.2][..443] [QUIC][Web][Acceptable][localhost] idle: [.....1] [ip4][..udp] [.......10.9.0.1][36588] -> [.......10.9.0.2][..443] [QUIC][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-33.pcapng.out b/test/results/flow-info/quic-33.pcapng.out index 4a698d57a..c29f603d0 100644 --- a/test/results/flow-info/quic-33.pcapng.out +++ b/test/results/flow-info/quic-33.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] - detected: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Web][Acceptable] + detected: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Web][Acceptable][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Web][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/quic-34.pcap.out b/test/results/flow-info/quic-34.pcap.out index 367ab735f..c1a865b31 100644 --- a/test/results/flow-info/quic-34.pcap.out +++ b/test/results/flow-info/quic-34.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] - detected: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] + detected: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn idle: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn diff --git a/test/results/flow-info/quic-mvfst-22.pcap.out b/test/results/flow-info/quic-mvfst-22.pcap.out index 83d6ff0b0..a94010acd 100644 --- a/test/results/flow-info/quic-mvfst-22.pcap.out +++ b/test/results/flow-info/quic-mvfst-22.pcap.out @@ -1,6 +1,6 @@ DAEMON-EVENT: init new: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] - detected: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] + detected: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun][graph.facebook.com] analyse: [.....1] [ip4][..udp] [......10.0.2.15][35601] -> [.....31.13.86.8][..443] [QUIC.Facebook][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.091| 0.169| 0.515| 264779.547| 2.100] diff --git a/test/results/flow-info/quic-mvfst-27.pcapng.out b/test/results/flow-info/quic-mvfst-27.pcapng.out index 4ba9c2178..4aebe337b 100644 --- a/test/results/flow-info/quic-mvfst-27.pcapng.out +++ b/test/results/flow-info/quic-mvfst-27.pcapng.out @@ -1,5 +1,5 @@ DAEMON-EVENT: init new: [.....1] [ip4][..udp] [......10.0.2.15][35957] -> [..69.171.250.15][..443] - detected: [.....1] [ip4][..udp] [......10.0.2.15][35957] -> [..69.171.250.15][..443] [QUIC.Facebook][SocialNetwork][Fun] + detected: [.....1] [ip4][..udp] [......10.0.2.15][35957] -> [..69.171.250.15][..443] [QUIC.Facebook][SocialNetwork][Fun][graph.facebook.com] idle: [.....1] [ip4][..udp] [......10.0.2.15][35957] -> [..69.171.250.15][..443] [QUIC.Facebook][SocialNetwork][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-mvfst-exp.pcap.out b/test/results/flow-info/quic-mvfst-exp.pcap.out index 9b61b4169..056a55292 100644 --- a/test/results/flow-info/quic-mvfst-exp.pcap.out +++ b/test/results/flow-info/quic-mvfst-exp.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [.2aac:cdf7:d506:7807:9092:75f:a963:f4ab][57587] -> [....3f65:ece9:fe71:6e2a:face:b00c::358e][..443] - detected: [.....1] [ip6][..udp] [.2aac:cdf7:d506:7807:9092:75f:a963:f4ab][57587] -> [....3f65:ece9:fe71:6e2a:face:b00c::358e][..443] [QUIC.Facebook][SocialNetwork][Fun] + detected: [.....1] [ip6][..udp] [.2aac:cdf7:d506:7807:9092:75f:a963:f4ab][57587] -> [....3f65:ece9:fe71:6e2a:face:b00c::358e][..443] [QUIC.Facebook][SocialNetwork][Fun][video.fmct2-3.fna.fbcdn.net] idle: [.....1] [ip6][..udp] [.2aac:cdf7:d506:7807:9092:75f:a963:f4ab][57587] -> [....3f65:ece9:fe71:6e2a:face:b00c::358e][..443] [QUIC.Facebook][SocialNetwork][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic-v2-01.pcapng.out b/test/results/flow-info/quic-v2-01.pcapng.out index c1badbb49..47af00881 100644 --- a/test/results/flow-info/quic-v2-01.pcapng.out +++ b/test/results/flow-info/quic-v2-01.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] - detected: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] + detected: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....1] [ip4][..udp] [...192.168.56.1][34229] -> [.192.168.56.198][.4443] [QUIC][Web][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/quic.pcap.out b/test/results/flow-info/quic.pcap.out index 9ad391e0d..e977cc804 100644 --- a/test/results/flow-info/quic.pcap.out +++ b/test/results/flow-info/quic.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] - detected: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable] + detected: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable][mail.google.com] analyse: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.198| 0.584| 0.964| 929164.558| 3.400] @@ -22,24 +22,24 @@ DAEMON-EVENT: [Processed: 419 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..udp] [..192.168.1.105][45669] -> [...172.217.16.4][..443] - detected: [.....3] [ip4][..udp] [..192.168.1.105][45669] -> [...172.217.16.4][..443] [QUIC.Google][Web][Acceptable] + detected: [.....3] [ip4][..udp] [..192.168.1.105][45669] -> [...172.217.16.4][..443] [QUIC.Google][Web][Acceptable][www.google.com] new: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443] new: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443] - detected: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443] [QUIC.YouTube][Media][Fun] + detected: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443] [QUIC.YouTube][Media][Fun][www.youtube.com] new: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443] - detected: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443] [QUIC.YouTube][Media][Fun] + detected: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443] [QUIC.YouTube][Media][Fun][i.ytimg.com] new: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] - detected: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] [QUIC.Google][Web][Acceptable] + detected: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] [QUIC.Google][Web][Acceptable][fonts.gstatic.com] new: [.....8] [ip4][..udp] [..192.168.1.105][55934] -> [.216.58.201.238][..443] - detected: [.....8] [ip4][..udp] [..192.168.1.105][55934] -> [.216.58.201.238][..443] [QUIC.YouTube][Media][Fun] + detected: [.....8] [ip4][..udp] [..192.168.1.105][55934] -> [.216.58.201.238][..443] [QUIC.YouTube][Media][Fun][s.ytimg.com] new: [.....9] [ip4][..udp] [..192.168.1.105][53817] -> [.216.58.210.225][..443] - detected: [.....9] [ip4][..udp] [..192.168.1.105][53817] -> [.216.58.210.225][..443] [QUIC.YouTube][Media][Fun] + detected: [.....9] [ip4][..udp] [..192.168.1.105][53817] -> [.216.58.210.225][..443] [QUIC.YouTube][Media][Fun][yt3.ggpht.com] idle: [.....2] [ip4][..udp] [.......10.0.0.4][40134] -> [.......10.0.0.3][.6121] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn DAEMON-EVENT: [Processed: 449 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 7 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] - detected: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun] + detected: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun][www.youtube.com] analyse: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.829| 0.062| 0.199| 39440.069| 2.000] diff --git a/test/results/flow-info/quic046.pcap.out b/test/results/flow-info/quic046.pcap.out index 4a2d54274..2e6affb6d 100644 --- a/test/results/flow-info/quic046.pcap.out +++ b/test/results/flow-info/quic046.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] - detected: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Media][Fun] + detected: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Media][Fun][i.ytimg.com] analyse: [.....1] [ip4][..udp] [..192.168.1.236][50587] -> [..216.58.206.86][..443] [QUIC.YouTube][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.029| 0.002| 0.006| 39.230| 2.600] diff --git a/test/results/flow-info/quic_0RTT.pcap.out b/test/results/flow-info/quic_0RTT.pcap.out index 2e7590d01..80c355db7 100644 --- a/test/results/flow-info/quic_0RTT.pcap.out +++ b/test/results/flow-info/quic_0RTT.pcap.out @@ -2,12 +2,12 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [....................................::1][60459] -> [....................................::1][.4443] - detected: [.....1] [ip6][..udp] [....................................::1][60459] -> [....................................::1][.4443] [QUIC][Web][Acceptable] + detected: [.....1] [ip6][..udp] [....................................::1][60459] -> [....................................::1][.4443] [QUIC][Web][Acceptable][abcd] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [..192.168.2.100][51972] -> [142.250.181.227][..443] - detected: [.....2] [ip4][..udp] [..192.168.2.100][51972] -> [142.250.181.227][..443] [QUIC.Google][Web][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.2.100][51972] -> [142.250.181.227][..443] [QUIC.Google][Web][Acceptable][ssl.gstatic.com] idle: [.....2] [ip4][..udp] [..192.168.2.100][51972] -> [142.250.181.227][..443] [QUIC.Google][Web][Acceptable] idle: [.....1] [ip6][..udp] [....................................::1][60459] -> [....................................::1][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/quic_crypto_aes_auth_size.pcap.out b/test/results/flow-info/quic_crypto_aes_auth_size.pcap.out index 8859b4a61..afca599df 100644 --- a/test/results/flow-info/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/flow-info/quic_crypto_aes_auth_size.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...134.53.36.43][34917] -> [..142.104.38.30][..443] - detected: [.....1] [ip4][..udp] [...134.53.36.43][34917] -> [..142.104.38.30][..443] [QUIC.Snapchat][SocialNetwork][Fun] + detected: [.....1] [ip4][..udp] [...134.53.36.43][34917] -> [..142.104.38.30][..443] [QUIC.Snapchat][SocialNetwork][Fun][app-analytics-v2.snapchat.com] new: [.....2] [ip4][..udp] [245.161.134.177][27636] -> [..77.242.114.14][..443] - detected: [.....2] [ip4][..udp] [245.161.134.177][27636] -> [..77.242.114.14][..443] [QUIC.Snapchat][SocialNetwork][Fun] + detected: [.....2] [ip4][..udp] [245.161.134.177][27636] -> [..77.242.114.14][..443] [QUIC.Snapchat][SocialNetwork][Fun][gcp.api.snapchat.com] idle: [.....1] [ip4][..udp] [...134.53.36.43][34917] -> [..142.104.38.30][..443] [QUIC.Snapchat][SocialNetwork][Fun] idle: [.....2] [ip4][..udp] [245.161.134.177][27636] -> [..77.242.114.14][..443] [QUIC.Snapchat][SocialNetwork][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/flow-info/quic_frags_ch_in_multiple_packets.pcapng.out index df14e6f8b..833b0f22d 100644 --- a/test/results/flow-info/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/flow-info/quic_frags_ch_in_multiple_packets.pcapng.out @@ -4,7 +4,7 @@ new: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] detected: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port - detection-update: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Web][Acceptable] + detection-update: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Web][Acceptable][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn idle: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Web][Acceptable] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn diff --git a/test/results/flow-info/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-info/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 8f91ea5b0..d75d0a3b3 100644 --- a/test/results/flow-info/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/flow-info/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -2,23 +2,23 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.133.205.75.230][56528] -> [.208.229.157.81][..443] - detected: [.....1] [ip4][..udp] [.133.205.75.230][56528] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [.....1] [ip4][..udp] [.133.205.75.230][56528] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable][update.googleapis.com] new: [.....2] [ip4][..udp] [..147.196.90.42][61647] -> [..177.86.46.206][..443] - detected: [.....2] [ip4][..udp] [..147.196.90.42][61647] -> [..177.86.46.206][..443] [QUIC.Google][Web][Acceptable] + detected: [.....2] [ip4][..udp] [..147.196.90.42][61647] -> [..177.86.46.206][..443] [QUIC.Google][Web][Acceptable][sb-ssl.google.com] idle: [.....1] [ip4][..udp] [.133.205.75.230][56528] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] DAEMON-EVENT: [Processed: 8 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..udp] [...168.144.64.5][55376] -> [.212.22.246.243][..443] - detected: [.....3] [ip4][..udp] [...168.144.64.5][55376] -> [.212.22.246.243][..443] [QUIC.Google][Web][Acceptable] + detected: [.....3] [ip4][..udp] [...168.144.64.5][55376] -> [.212.22.246.243][..443] [QUIC.Google][Web][Acceptable][www.google.com] new: [.....4] [ip4][..udp] [...168.144.64.5][64964] -> [.133.202.76.105][..443] - detected: [.....4] [ip4][..udp] [...168.144.64.5][64964] -> [.133.202.76.105][..443] [QUIC.Google][Web][Acceptable] + detected: [.....4] [ip4][..udp] [...168.144.64.5][64964] -> [.133.202.76.105][..443] [QUIC.Google][Web][Acceptable][accounts.google.com] new: [.....5] [ip4][..udp] [...168.144.64.5][55844] -> [..112.1.105.138][..443] - detected: [.....5] [ip4][..udp] [...168.144.64.5][55844] -> [..112.1.105.138][..443] [QUIC.PlayStore][SoftwareUpdate][Safe] + detected: [.....5] [ip4][..udp] [...168.144.64.5][55844] -> [..112.1.105.138][..443] [QUIC.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] new: [.....6] [ip4][..udp] [...168.144.64.5][59827] -> [..37.47.218.224][..443] - detected: [.....6] [ip4][..udp] [...168.144.64.5][59827] -> [..37.47.218.224][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [.....6] [ip4][..udp] [...168.144.64.5][59827] -> [..37.47.218.224][..443] [QUIC.Google][Advertisement][Acceptable][www.googleadservices.com] idle: [.....2] [ip4][..udp] [..147.196.90.42][61647] -> [..177.86.46.206][..443] [QUIC.Google][Web][Acceptable] new: [.....7] [ip4][..udp] [...168.144.64.5][51053] -> [241.138.147.133][..443] - detected: [.....7] [ip4][..udp] [...168.144.64.5][51053] -> [241.138.147.133][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [.....7] [ip4][..udp] [...168.144.64.5][51053] -> [241.138.147.133][..443] [QUIC.GoogleServices][Web][Acceptable][content-autofill.googleapis.com] update: [.....3] [ip4][..udp] [...168.144.64.5][55376] -> [.212.22.246.243][..443] [QUIC.Google][Web][Acceptable] update: [.....4] [ip4][..udp] [...168.144.64.5][64964] -> [.133.202.76.105][..443] [QUIC.Google][Web][Acceptable] update: [.....6] [ip4][..udp] [...168.144.64.5][59827] -> [..37.47.218.224][..443] [QUIC.Google][Advertisement][Acceptable] @@ -26,43 +26,43 @@ DAEMON-EVENT: [Processed: 17 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 5 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 4] new: [.....8] [ip4][..udp] [..10.117.78.100][44252] -> [.251.236.18.198][..443] - detected: [.....8] [ip4][..udp] [..10.117.78.100][44252] -> [.251.236.18.198][..443] [QUIC.Google][Web][Acceptable] + detected: [.....8] [ip4][..udp] [..10.117.78.100][44252] -> [.251.236.18.198][..443] [QUIC.Google][Web][Acceptable][accounts.google.com] idle: [.....3] [ip4][..udp] [...168.144.64.5][55376] -> [.212.22.246.243][..443] [QUIC.Google][Web][Acceptable] idle: [.....4] [ip4][..udp] [...168.144.64.5][64964] -> [.133.202.76.105][..443] [QUIC.Google][Web][Acceptable] idle: [.....6] [ip4][..udp] [...168.144.64.5][59827] -> [..37.47.218.224][..443] [QUIC.Google][Advertisement][Acceptable] idle: [.....7] [ip4][..udp] [...168.144.64.5][51053] -> [241.138.147.133][..443] [QUIC.GoogleServices][Web][Acceptable] idle: [.....5] [ip4][..udp] [...168.144.64.5][55844] -> [..112.1.105.138][..443] [QUIC.PlayStore][SoftwareUpdate][Safe] new: [.....9] [ip4][..udp] [..10.117.78.100][55273] -> [202.152.155.121][..443] - detected: [.....9] [ip4][..udp] [..10.117.78.100][55273] -> [202.152.155.121][..443] [QUIC.Google][Web][Acceptable] + detected: [.....9] [ip4][..udp] [..10.117.78.100][55273] -> [202.152.155.121][..443] [QUIC.Google][Web][Acceptable][clients4.google.com] DAEMON-EVENT: [Processed: 19 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 4] new: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] - detected: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable][update.googleapis.com] new: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] - detected: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] + detected: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable][fonts.gstatic.com] new: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] - detected: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Media][Fun] + detected: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Media][Fun][yt3.ggpht.com] new: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] - detected: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Advertisement][Acceptable][static.doubleclick.net] new: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] - detected: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] + detected: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun][suggestqueries-clients6.youtube.com] idle: [.....8] [ip4][..udp] [..10.117.78.100][44252] -> [.251.236.18.198][..443] [QUIC.Google][Web][Acceptable] idle: [.....9] [ip4][..udp] [..10.117.78.100][55273] -> [202.152.155.121][..443] [QUIC.Google][Web][Acceptable] new: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] - detected: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] [QUIC.GoogleServices][Web][Acceptable][clientservices.googleapis.com] update: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Media][Fun] update: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Advertisement][Acceptable] update: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] update: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] update: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....16] [ip4][..udp] [...168.144.64.5][63163] -> [113.250.137.243][..443] - detected: [....16] [ip4][..udp] [...168.144.64.5][63163] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....16] [ip4][..udp] [...168.144.64.5][63163] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable][update.googleapis.com] new: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] - detected: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] + detected: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun][dns.google] new: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] - detected: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] [QUIC.Google][Web][Acceptable] + detected: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] [QUIC.Google][Web][Acceptable][beacons.gcp.gvt2.com] new: [....19] [ip4][..udp] [...168.144.64.5][60896] -> [.45.228.175.189][..443] - detected: [....19] [ip4][..udp] [...168.144.64.5][60896] -> [.45.228.175.189][..443] [QUIC.Google][Web][Acceptable] + detected: [....19] [ip4][..udp] [...168.144.64.5][60896] -> [.45.228.175.189][..443] [QUIC.Google][Web][Acceptable][www.google.com] update: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] update: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Media][Fun] update: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Advertisement][Acceptable] @@ -73,9 +73,9 @@ update: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] update: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] - detected: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] + detected: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable][beacons.gvt2.com] new: [....21] [ip4][..udp] [...168.144.64.5][56488] -> [..177.86.46.206][..443] - detected: [....21] [ip4][..udp] [...168.144.64.5][56488] -> [..177.86.46.206][..443] [QUIC.YouTube][Media][Fun] + detected: [....21] [ip4][..udp] [...168.144.64.5][56488] -> [..177.86.46.206][..443] [QUIC.YouTube][Media][Fun][www.youtube.com] idle: [....11] [ip4][..udp] [...168.144.64.5][53431] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] idle: [....10] [ip4][..udp] [...168.144.64.5][53404] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] update: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] @@ -87,13 +87,13 @@ update: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] [QUIC.Google][Web][Acceptable] update: [....15] [ip4][..udp] [...168.144.64.5][51456] -> [102.194.207.179][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....22] [ip4][..udp] [...168.144.64.5][49153] -> [...153.98.28.78][..443] - detected: [....22] [ip4][..udp] [...168.144.64.5][49153] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] + detected: [....22] [ip4][..udp] [...168.144.64.5][49153] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun][dns.google] idle: [....12] [ip4][..udp] [...168.144.64.5][50482] -> [121.209.126.161][..443] [QUIC.YouTube][Media][Fun] idle: [....13] [ip4][..udp] [...168.144.64.5][62652] -> [.158.146.215.30][..443] [QUIC.Google][Advertisement][Acceptable] idle: [....14] [ip4][..udp] [...168.144.64.5][63136] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] update: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] new: [....23] [ip4][..udp] [...168.144.64.5][51296] -> [...128.248.24.1][..443] - detected: [....23] [ip4][..udp] [...168.144.64.5][51296] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] + detected: [....23] [ip4][..udp] [...168.144.64.5][51296] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable][beacons.gcp.gvt2.com] idle: [....17] [ip4][..udp] [...168.144.64.5][54016] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] idle: [....16] [ip4][..udp] [...168.144.64.5][63163] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] idle: [....18] [ip4][..udp] [...168.144.64.5][51248] -> [..99.42.133.245][..443] [QUIC.Google][Web][Acceptable] @@ -103,77 +103,77 @@ update: [....21] [ip4][..udp] [...168.144.64.5][56488] -> [..177.86.46.206][..443] [QUIC.YouTube][Media][Fun] update: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] new: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] - detected: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] [QUIC.YouTube][Media][Fun] + detected: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] [QUIC.YouTube][Media][Fun][r11---sn-vh5ouxa-hjuk.googlevideo.com] idle: [....23] [ip4][..udp] [...168.144.64.5][51296] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] idle: [....19] [ip4][..udp] [...168.144.64.5][60896] -> [.45.228.175.189][..443] [QUIC.Google][Web][Acceptable] idle: [....22] [ip4][..udp] [...168.144.64.5][49153] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] idle: [....21] [ip4][..udp] [...168.144.64.5][56488] -> [..177.86.46.206][..443] [QUIC.YouTube][Media][Fun] idle: [....20] [ip4][..udp] [...168.144.64.5][60551] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] new: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] - detected: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Media][Fun] + detected: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Media][Fun][r4---sn-vh5ouxa-hjud.googlevideo.com] new: [....26] [ip4][..udp] [...168.144.64.5][52273] -> [244.214.160.219][..443] - detected: [....26] [ip4][..udp] [...168.144.64.5][52273] -> [244.214.160.219][..443] [QUIC.YouTube][Media][Fun] + detected: [....26] [ip4][..udp] [...168.144.64.5][52273] -> [244.214.160.219][..443] [QUIC.YouTube][Media][Fun][r3---sn-vh5ouxa-hju6.googlevideo.com] new: [....27] [ip4][..udp] [...168.144.64.5][49324] -> [..35.194.157.47][..443] - detected: [....27] [ip4][..udp] [...168.144.64.5][49324] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....27] [ip4][..udp] [...168.144.64.5][49324] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable][pagead2.googlesyndication.com] update: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] [QUIC.YouTube][Media][Fun] DAEMON-EVENT: [Processed: 38 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 27|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 32] new: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] - detected: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Web][Acceptable] + detected: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Web][Acceptable][beacons4.gvt2.com] update: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Media][Fun] update: [....27] [ip4][..udp] [...168.144.64.5][49324] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable] update: [....26] [ip4][..udp] [...168.144.64.5][52273] -> [244.214.160.219][..443] [QUIC.YouTube][Media][Fun] update: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] [QUIC.YouTube][Media][Fun] new: [....29] [ip4][..udp] [...168.144.64.5][64976] -> [..220.80.126.73][..443] - detected: [....29] [ip4][..udp] [...168.144.64.5][64976] -> [..220.80.126.73][..443] [QUIC.YouTube][Media][Fun] + detected: [....29] [ip4][..udp] [...168.144.64.5][64976] -> [..220.80.126.73][..443] [QUIC.YouTube][Media][Fun][r1---sn-hju7enel.googlevideo.com] idle: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Media][Fun] idle: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Web][Acceptable] idle: [....27] [ip4][..udp] [...168.144.64.5][49324] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable] idle: [....26] [ip4][..udp] [...168.144.64.5][52273] -> [244.214.160.219][..443] [QUIC.YouTube][Media][Fun] idle: [....24] [ip4][..udp] [...168.144.64.5][57767] -> [....76.83.40.87][..443] [QUIC.YouTube][Media][Fun] new: [....30] [ip4][..udp] [...168.144.64.5][61209] -> [..35.194.157.47][..443] - detected: [....30] [ip4][..udp] [...168.144.64.5][61209] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....30] [ip4][..udp] [...168.144.64.5][61209] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable][www.googleadservices.com] new: [....31] [ip4][..udp] [...168.144.64.5][50540] -> [...99.45.60.254][..443] - detected: [....31] [ip4][..udp] [...168.144.64.5][50540] -> [...99.45.60.254][..443] [QUIC.YouTube][Media][Fun] + detected: [....31] [ip4][..udp] [...168.144.64.5][50540] -> [...99.45.60.254][..443] [QUIC.YouTube][Media][Fun][i.ytimg.com] update: [....29] [ip4][..udp] [...168.144.64.5][64976] -> [..220.80.126.73][..443] [QUIC.YouTube][Media][Fun] update: [....30] [ip4][..udp] [...168.144.64.5][61209] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable] DAEMON-EVENT: [Processed: 42 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 31|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 38] new: [....32] [ip4][..udp] [...168.144.64.5][60809] -> [...9.65.169.252][..443] - detected: [....32] [ip4][..udp] [...168.144.64.5][60809] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] + detected: [....32] [ip4][..udp] [...168.144.64.5][60809] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun][suggestqueries-clients6.youtube.com] update: [....29] [ip4][..udp] [...168.144.64.5][64976] -> [..220.80.126.73][..443] [QUIC.YouTube][Media][Fun] update: [....30] [ip4][..udp] [...168.144.64.5][61209] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable] update: [....31] [ip4][..udp] [...168.144.64.5][50540] -> [...99.45.60.254][..443] [QUIC.YouTube][Media][Fun] new: [....33] [ip4][..udp] [...168.144.64.5][55637] -> [.169.81.163.225][..443] - detected: [....33] [ip4][..udp] [...168.144.64.5][55637] -> [.169.81.163.225][..443] [QUIC.YouTube][Media][Fun] + detected: [....33] [ip4][..udp] [...168.144.64.5][55637] -> [.169.81.163.225][..443] [QUIC.YouTube][Media][Fun][r3---sn-hju7enel.googlevideo.com] new: [....34] [ip4][..udp] [...168.144.64.5][53127] -> [113.250.137.243][..443] - detected: [....34] [ip4][..udp] [...168.144.64.5][53127] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] + detected: [....34] [ip4][..udp] [...168.144.64.5][53127] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable][b1.nel.goog] idle: [....29] [ip4][..udp] [...168.144.64.5][64976] -> [..220.80.126.73][..443] [QUIC.YouTube][Media][Fun] idle: [....30] [ip4][..udp] [...168.144.64.5][61209] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable] idle: [....31] [ip4][..udp] [...168.144.64.5][50540] -> [...99.45.60.254][..443] [QUIC.YouTube][Media][Fun] update: [....32] [ip4][..udp] [...168.144.64.5][60809] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] update: [....33] [ip4][..udp] [...168.144.64.5][55637] -> [.169.81.163.225][..443] [QUIC.YouTube][Media][Fun] new: [....35] [ip4][..udp] [...168.144.64.5][50073] -> [.152.128.87.238][..443] - detected: [....35] [ip4][..udp] [...168.144.64.5][50073] -> [.152.128.87.238][..443] [QUIC.YouTube][Media][Fun] + detected: [....35] [ip4][..udp] [...168.144.64.5][50073] -> [.152.128.87.238][..443] [QUIC.YouTube][Media][Fun][r3---sn-vh5ouxa-hjud.googlevideo.com] idle: [....32] [ip4][..udp] [...168.144.64.5][60809] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] idle: [....33] [ip4][..udp] [...168.144.64.5][55637] -> [.169.81.163.225][..443] [QUIC.YouTube][Media][Fun] update: [....34] [ip4][..udp] [...168.144.64.5][53127] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] new: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] - detected: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] [QUIC.Google][Web][Acceptable] + detected: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] [QUIC.Google][Web][Acceptable][accounts.google.com] idle: [....34] [ip4][..udp] [...168.144.64.5][53127] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] update: [....35] [ip4][..udp] [...168.144.64.5][50073] -> [.152.128.87.238][..443] [QUIC.YouTube][Media][Fun] new: [....37] [ip4][..udp] [.192.168.254.11][38331] -> [.93.100.151.221][..443] - detected: [....37] [ip4][..udp] [.192.168.254.11][38331] -> [.93.100.151.221][..443] [QUIC.DataSaver][Web][Fun] + detected: [....37] [ip4][..udp] [.192.168.254.11][38331] -> [.93.100.151.221][..443] [QUIC.DataSaver][Web][Fun][litepages.googlezip.net] new: [....38] [ip4][..udp] [.192.168.254.11][45652] -> [.170.196.90.126][..443] - detected: [....38] [ip4][..udp] [.192.168.254.11][45652] -> [.170.196.90.126][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....38] [ip4][..udp] [.192.168.254.11][45652] -> [.170.196.90.126][..443] [QUIC.GoogleServices][Web][Acceptable][content-autofill.googleapis.com] new: [....39] [ip4][..udp] [.192.168.254.11][43427] -> [..98.251.203.81][..443] - detected: [....39] [ip4][..udp] [.192.168.254.11][43427] -> [..98.251.203.81][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....39] [ip4][..udp] [.192.168.254.11][43427] -> [..98.251.203.81][..443] [QUIC.GoogleServices][Web][Acceptable][optimizationguide-pa.googleapis.com] new: [....40] [ip4][..udp] [.192.168.254.11][54692] -> [.171.182.169.23][..443] - detected: [....40] [ip4][..udp] [.192.168.254.11][54692] -> [.171.182.169.23][..443] [QUIC][Web][Acceptable] + detected: [....40] [ip4][..udp] [.192.168.254.11][54692] -> [.171.182.169.23][..443] [QUIC][Web][Acceptable][www.freearabianporn.com] update: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] [QUIC.Google][Web][Acceptable] update: [....35] [ip4][..udp] [...168.144.64.5][50073] -> [.152.128.87.238][..443] [QUIC.YouTube][Media][Fun] new: [....41] [ip4][..udp] [.192.168.254.11][35124] -> [..168.78.153.39][..443] - detected: [....41] [ip4][..udp] [.192.168.254.11][35124] -> [..168.78.153.39][..443] [QUIC][Web][Acceptable] + detected: [....41] [ip4][..udp] [.192.168.254.11][35124] -> [..168.78.153.39][..443] [QUIC][Web][Acceptable][s-img.adskeeper.co.uk] idle: [....35] [ip4][..udp] [...168.144.64.5][50073] -> [.152.128.87.238][..443] [QUIC.YouTube][Media][Fun] update: [....38] [ip4][..udp] [.192.168.254.11][45652] -> [.170.196.90.126][..443] [QUIC.GoogleServices][Web][Acceptable] update: [....37] [ip4][..udp] [.192.168.254.11][38331] -> [.93.100.151.221][..443] [QUIC.DataSaver][Web][Fun] @@ -181,9 +181,9 @@ update: [....40] [ip4][..udp] [.192.168.254.11][54692] -> [.171.182.169.23][..443] [QUIC][Web][Acceptable] update: [....39] [ip4][..udp] [.192.168.254.11][43427] -> [..98.251.203.81][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....42] [ip4][..udp] [.192.168.254.11][51075] -> [.117.148.117.30][..443] - detected: [....42] [ip4][..udp] [.192.168.254.11][51075] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....42] [ip4][..udp] [.192.168.254.11][51075] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable][pagead2.googlesyndication.com] new: [....43] [ip4][..udp] [.192.168.254.11][49689] -> [.87.179.155.149][..443] - detected: [....43] [ip4][..udp] [.192.168.254.11][49689] -> [.87.179.155.149][..443] [QUIC.Google][Web][Acceptable] + detected: [....43] [ip4][..udp] [.192.168.254.11][49689] -> [.87.179.155.149][..443] [QUIC.Google][Web][Acceptable][www.google.com] idle: [....36] [ip4][..udp] [.192.168.254.11][59048] -> [.251.236.18.198][..443] [QUIC.Google][Web][Acceptable] update: [....38] [ip4][..udp] [.192.168.254.11][45652] -> [.170.196.90.126][..443] [QUIC.GoogleServices][Web][Acceptable] update: [....41] [ip4][..udp] [.192.168.254.11][35124] -> [..168.78.153.39][..443] [QUIC][Web][Acceptable] @@ -191,42 +191,42 @@ update: [....40] [ip4][..udp] [.192.168.254.11][54692] -> [.171.182.169.23][..443] [QUIC][Web][Acceptable] update: [....39] [ip4][..udp] [.192.168.254.11][43427] -> [..98.251.203.81][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....44] [ip4][..udp] [...168.144.64.5][62818] -> [113.250.137.243][..443] - detected: [....44] [ip4][..udp] [...168.144.64.5][62818] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....44] [ip4][..udp] [...168.144.64.5][62818] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable][clientservices.googleapis.com] idle: [....38] [ip4][..udp] [.192.168.254.11][45652] -> [.170.196.90.126][..443] [QUIC.GoogleServices][Web][Acceptable] idle: [....37] [ip4][..udp] [.192.168.254.11][38331] -> [.93.100.151.221][..443] [QUIC.DataSaver][Web][Fun] idle: [....39] [ip4][..udp] [.192.168.254.11][43427] -> [..98.251.203.81][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....45] [ip4][..udp] [...168.144.64.5][56425] -> [..125.136.204.4][..443] - detected: [....45] [ip4][..udp] [...168.144.64.5][56425] -> [..125.136.204.4][..443] [QUIC.YouTube][Media][Fun] + detected: [....45] [ip4][..udp] [...168.144.64.5][56425] -> [..125.136.204.4][..443] [QUIC.YouTube][Media][Fun][r1---sn-vh5ouxa-hjuk.googlevideo.com] idle: [....40] [ip4][..udp] [.192.168.254.11][54692] -> [.171.182.169.23][..443] [QUIC][Web][Acceptable] DAEMON-EVENT: [Processed: 57 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 5 / 45|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 57] new: [....46] [ip4][..udp] [...168.144.64.5][59622] -> [...153.98.28.78][..443] - detected: [....46] [ip4][..udp] [...168.144.64.5][59622] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] + detected: [....46] [ip4][..udp] [...168.144.64.5][59622] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun][dns.google] idle: [....44] [ip4][..udp] [...168.144.64.5][62818] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] idle: [....41] [ip4][..udp] [.192.168.254.11][35124] -> [..168.78.153.39][..443] [QUIC][Web][Acceptable] idle: [....42] [ip4][..udp] [.192.168.254.11][51075] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] idle: [....43] [ip4][..udp] [.192.168.254.11][49689] -> [.87.179.155.149][..443] [QUIC.Google][Web][Acceptable] update: [....45] [ip4][..udp] [...168.144.64.5][56425] -> [..125.136.204.4][..443] [QUIC.YouTube][Media][Fun] new: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] - detected: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] [QUIC.Google][Web][Acceptable] + detected: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] [QUIC.Google][Web][Acceptable][beacons.gvt2.com] idle: [....45] [ip4][..udp] [...168.144.64.5][56425] -> [..125.136.204.4][..443] [QUIC.YouTube][Media][Fun] new: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] - detected: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] + detected: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable][b1.nel.goog] new: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] - detected: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] + detected: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun][dns.google] update: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] update: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] [QUIC.Google][Web][Acceptable] update: [....46] [ip4][..udp] [...168.144.64.5][59622] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] new: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] - detected: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun] + detected: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] new: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] - detected: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] + detected: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable][b1.nel.goog] update: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] update: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] update: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] [QUIC.Google][Web][Acceptable] update: [....46] [ip4][..udp] [...168.144.64.5][59622] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] new: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] - detected: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun] + detected: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun][r9---sn-vh5ouxa-hjuk.googlevideo.com] idle: [....48] [ip4][..udp] [...168.144.64.5][56844] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] idle: [....47] [ip4][..udp] [...168.144.64.5][50552] -> [108.171.138.182][..443] [QUIC.Google][Web][Acceptable] idle: [....46] [ip4][..udp] [...168.144.64.5][59622] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] @@ -234,46 +234,46 @@ update: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun] update: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] new: [....53] [ip4][..udp] [...168.144.64.5][60936] -> [...9.65.169.252][..443] - detected: [....53] [ip4][..udp] [...168.144.64.5][60936] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] + detected: [....53] [ip4][..udp] [...168.144.64.5][60936] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun][suggestqueries-clients6.youtube.com] update: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] update: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun] update: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] update: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun] new: [....54] [ip4][..udp] [...168.144.64.5][59965] -> [..22.12.150.194][..443] - detected: [....54] [ip4][..udp] [...168.144.64.5][59965] -> [..22.12.150.194][..443] [QUIC.YouTube][Media][Fun] + detected: [....54] [ip4][..udp] [...168.144.64.5][59965] -> [..22.12.150.194][..443] [QUIC.YouTube][Media][Fun][r1---sn-vh5ouxa-hju6.googlevideo.com] idle: [....49] [ip4][..udp] [...168.144.64.5][58414] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] new: [....55] [ip4][..udp] [...168.144.64.5][64693] -> [113.250.137.243][..443] - detected: [....55] [ip4][..udp] [...168.144.64.5][64693] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] + detected: [....55] [ip4][..udp] [...168.144.64.5][64693] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable][b1.nel.goog] idle: [....50] [ip4][..udp] [...168.144.64.5][61341] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun] idle: [....51] [ip4][..udp] [...168.144.64.5][56683] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] update: [....54] [ip4][..udp] [...168.144.64.5][59965] -> [..22.12.150.194][..443] [QUIC.YouTube][Media][Fun] update: [....53] [ip4][..udp] [...168.144.64.5][60936] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] update: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun] new: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] - detected: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable][googleads.g.doubleclick.net] idle: [....54] [ip4][..udp] [...168.144.64.5][59965] -> [..22.12.150.194][..443] [QUIC.YouTube][Media][Fun] idle: [....53] [ip4][..udp] [...168.144.64.5][60936] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] idle: [....55] [ip4][..udp] [...168.144.64.5][64693] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] idle: [....52] [ip4][..udp] [...168.144.64.5][64700] -> [.16.232.218.117][..443] [QUIC.YouTube][Media][Fun] new: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] - detected: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] [QUIC.YouTube][Media][Fun] + detected: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] [QUIC.YouTube][Media][Fun][r2---sn-vh5ouxa-hjuk.googlevideo.com] new: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] - detected: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] [QUIC.Google][Advertisement][Acceptable][pagead2.googlesyndication.com] DAEMON-EVENT: [Processed: 70 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 58|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 75] new: [....59] [ip4][..udp] [...168.144.64.5][49860] -> [113.250.137.243][..443] - detected: [....59] [ip4][..udp] [...168.144.64.5][49860] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] + detected: [....59] [ip4][..udp] [...168.144.64.5][49860] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable][b1.nel.goog] update: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] update: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] [QUIC.YouTube][Media][Fun] update: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] [QUIC.Google][Advertisement][Acceptable] new: [....60] [ip4][..udp] [...168.144.64.5][60949] -> [185.186.183.185][..443] - detected: [....60] [ip4][..udp] [...168.144.64.5][60949] -> [185.186.183.185][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....60] [ip4][..udp] [...168.144.64.5][60949] -> [185.186.183.185][..443] [QUIC.GoogleServices][Web][Acceptable][content-autofill.googleapis.com] update: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] update: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] [QUIC.YouTube][Media][Fun] update: [....58] [ip4][..udp] [...168.144.64.5][52387] -> [..143.52.137.18][..443] [QUIC.Google][Advertisement][Acceptable] update: [....59] [ip4][..udp] [...168.144.64.5][49860] -> [113.250.137.243][..443] [QUIC.Google][Cloud][Acceptable] new: [....61] [ip4][..udp] [...168.144.64.5][57735] -> [..137.238.249.2][..443] - detected: [....61] [ip4][..udp] [...168.144.64.5][57735] -> [..137.238.249.2][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....61] [ip4][..udp] [...168.144.64.5][57735] -> [..137.238.249.2][..443] [QUIC.Google][Advertisement][Acceptable][ade.googlesyndication.com] idle: [....56] [ip4][..udp] [...168.144.64.5][59680] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] idle: [....57] [ip4][..udp] [...168.144.64.5][57565] -> [217.254.108.174][..443] [QUIC.YouTube][Media][Fun] idle: [....60] [ip4][..udp] [...168.144.64.5][60949] -> [185.186.183.185][..443] [QUIC.GoogleServices][Web][Acceptable] @@ -282,65 +282,65 @@ DAEMON-EVENT: [Processed: 73 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 61|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 82] new: [....62] [ip4][..udp] [..52.187.20.175][50588] -> [.208.229.157.81][..443] - detected: [....62] [ip4][..udp] [..52.187.20.175][50588] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....62] [ip4][..udp] [..52.187.20.175][50588] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable][update.googleapis.com] idle: [....61] [ip4][..udp] [...168.144.64.5][57735] -> [..137.238.249.2][..443] [QUIC.Google][Advertisement][Acceptable] new: [....63] [ip4][..udp] [..52.187.20.175][61089] -> [..99.42.133.245][..443] - detected: [....63] [ip4][..udp] [..52.187.20.175][61089] -> [..99.42.133.245][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....63] [ip4][..udp] [..52.187.20.175][61089] -> [..99.42.133.245][..443] [QUIC.GoogleServices][Web][Acceptable][clientservices.googleapis.com] update: [....62] [ip4][..udp] [..52.187.20.175][50588] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....64] [ip4][..udp] [..52.187.20.175][49880] -> [.208.229.157.81][..443] - detected: [....64] [ip4][..udp] [..52.187.20.175][49880] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....64] [ip4][..udp] [..52.187.20.175][49880] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable][update.googleapis.com] DAEMON-EVENT: [Processed: 85 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 64|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 83] new: [....65] [ip4][..udp] [159.117.176.124][58337] -> [.208.229.157.81][..443] - detected: [....65] [ip4][..udp] [159.117.176.124][58337] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....65] [ip4][..udp] [159.117.176.124][58337] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable][clientservices.googleapis.com] idle: [....62] [ip4][..udp] [..52.187.20.175][50588] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] idle: [....64] [ip4][..udp] [..52.187.20.175][49880] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] idle: [....63] [ip4][..udp] [..52.187.20.175][61089] -> [..99.42.133.245][..443] [QUIC.GoogleServices][Web][Acceptable] DAEMON-EVENT: [Processed: 89 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 65|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 83] new: [....66] [ip4][..udp] [159.117.176.124][49867] -> [...198.74.29.79][..443] - detected: [....66] [ip4][..udp] [159.117.176.124][49867] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....66] [ip4][..udp] [159.117.176.124][49867] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable][content-autofill.googleapis.com] idle: [....65] [ip4][..udp] [159.117.176.124][58337] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] DAEMON-EVENT: [Processed: 93 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 66|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 83] new: [....67] [ip4][..udp] [..52.187.20.175][58123] -> [..118.89.218.46][..443] - detected: [....67] [ip4][..udp] [..52.187.20.175][58123] -> [..118.89.218.46][..443] [QUIC.Google][Web][Acceptable] + detected: [....67] [ip4][..udp] [..52.187.20.175][58123] -> [..118.89.218.46][..443] [QUIC.Google][Web][Acceptable][accounts.google.com] new: [....68] [ip4][..udp] [..52.187.20.175][63507] -> [121.209.126.161][..443] - detected: [....68] [ip4][..udp] [..52.187.20.175][63507] -> [121.209.126.161][..443] [QUIC.Google][Web][Acceptable] + detected: [....68] [ip4][..udp] [..52.187.20.175][63507] -> [121.209.126.161][..443] [QUIC.Google][Web][Acceptable][clients2.googleusercontent.com] idle: [....66] [ip4][..udp] [159.117.176.124][49867] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....69] [ip4][..udp] [..52.187.20.175][57066] -> [108.171.138.182][..443] - detected: [....69] [ip4][..udp] [..52.187.20.175][57066] -> [108.171.138.182][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....69] [ip4][..udp] [..52.187.20.175][57066] -> [108.171.138.182][..443] [QUIC.GoogleServices][Web][Acceptable][clientservices.googleapis.com] update: [....67] [ip4][..udp] [..52.187.20.175][58123] -> [..118.89.218.46][..443] [QUIC.Google][Web][Acceptable] update: [....68] [ip4][..udp] [..52.187.20.175][63507] -> [121.209.126.161][..443] [QUIC.Google][Web][Acceptable] DAEMON-EVENT: [Processed: 102 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 69|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 85] new: [....70] [ip4][..udp] [..52.187.20.175][52512] -> [..196.245.61.64][..443] - detected: [....70] [ip4][..udp] [..52.187.20.175][52512] -> [..196.245.61.64][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....70] [ip4][..udp] [..52.187.20.175][52512] -> [..196.245.61.64][..443] [QUIC.GoogleServices][Web][Acceptable][safebrowsing.googleapis.com] idle: [....67] [ip4][..udp] [..52.187.20.175][58123] -> [..118.89.218.46][..443] [QUIC.Google][Web][Acceptable] idle: [....68] [ip4][..udp] [..52.187.20.175][63507] -> [121.209.126.161][..443] [QUIC.Google][Web][Acceptable] idle: [....69] [ip4][..udp] [..52.187.20.175][57066] -> [108.171.138.182][..443] [QUIC.GoogleServices][Web][Acceptable] DAEMON-EVENT: [Processed: 106 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 70|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 85] new: [....71] [ip4][..udp] [..52.187.20.175][51619] -> [.208.229.157.81][..443] - detected: [....71] [ip4][..udp] [..52.187.20.175][51619] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....71] [ip4][..udp] [..52.187.20.175][51619] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable][clientservices.googleapis.com] idle: [....70] [ip4][..udp] [..52.187.20.175][52512] -> [..196.245.61.64][..443] [QUIC.GoogleServices][Web][Acceptable] DAEMON-EVENT: [Processed: 110 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 71|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 85] new: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] - detected: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] [QUIC.PlayStore][SoftwareUpdate][Safe] + detected: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] [QUIC.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] new: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] - detected: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] + detected: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable][fonts.gstatic.com] new: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] - detected: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] [QUIC.Google][Web][Acceptable] + detected: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] [QUIC.Google][Web][Acceptable][adservice.google.com] new: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] - detected: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] + detected: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable][fonts.gstatic.com] new: [....76] [ip4][..udp] [...168.144.64.5][58832] -> [.117.148.117.30][..443] - detected: [....76] [ip4][..udp] [...168.144.64.5][58832] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....76] [ip4][..udp] [...168.144.64.5][58832] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable][googleads.g.doubleclick.net] new: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] - detected: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Advertisement][Acceptable][static.doubleclick.net] idle: [....71] [ip4][..udp] [..52.187.20.175][51619] -> [.208.229.157.81][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] - detected: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable][clientservices.googleapis.com] update: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] update: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] update: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] [QUIC.PlayStore][SoftwareUpdate][Safe] @@ -348,13 +348,13 @@ update: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] [QUIC.Google][Web][Acceptable] update: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Advertisement][Acceptable] new: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] - detected: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] + detected: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable][beacons.gcp.gvt2.com] new: [....80] [ip4][..udp] [...168.144.64.5][59785] -> [...128.248.24.1][..443] - detected: [....80] [ip4][..udp] [...168.144.64.5][59785] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] + detected: [....80] [ip4][..udp] [...168.144.64.5][59785] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable][beacons.gcp.gvt2.com] new: [....81] [ip4][..udp] [...168.144.64.5][59327] -> [...153.98.28.78][..443] - detected: [....81] [ip4][..udp] [...168.144.64.5][59327] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] + detected: [....81] [ip4][..udp] [...168.144.64.5][59327] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun][dns.google] new: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] - detected: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] [QUIC.Google][Web][Acceptable] + detected: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] [QUIC.Google][Web][Acceptable][beacons2.gvt2.com] update: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] update: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] update: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] @@ -364,11 +364,11 @@ update: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] update: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Advertisement][Acceptable] new: [....83] [ip4][..udp] [...168.144.64.5][49926] -> [.103.179.40.184][..443] - detected: [....83] [ip4][..udp] [...168.144.64.5][49926] -> [.103.179.40.184][..443] [QUIC.YouTube][Media][Fun] + detected: [....83] [ip4][..udp] [...168.144.64.5][49926] -> [.103.179.40.184][..443] [QUIC.YouTube][Media][Fun][r5---sn-vh5ouxa-hju6.googlevideo.com] new: [....84] [ip4][..udp] [...168.144.64.5][56384] -> [.117.148.117.30][..443] - detected: [....84] [ip4][..udp] [...168.144.64.5][56384] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....84] [ip4][..udp] [...168.144.64.5][56384] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable][pagead2.googlesyndication.com] new: [....85] [ip4][..udp] [...168.144.64.5][57398] -> [..137.238.249.2][..443] - detected: [....85] [ip4][..udp] [...168.144.64.5][57398] -> [..137.238.249.2][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....85] [ip4][..udp] [...168.144.64.5][57398] -> [..137.238.249.2][..443] [QUIC.Google][Advertisement][Acceptable][www.googleadservices.com] update: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] update: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] update: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] @@ -381,7 +381,7 @@ update: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] [QUIC.Google][Web][Acceptable] update: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Advertisement][Acceptable] new: [....86] [ip4][..udp] [...168.144.64.5][64497] -> [102.194.207.179][..443] - detected: [....86] [ip4][..udp] [...168.144.64.5][64497] -> [102.194.207.179][..443] [QUIC.Google][Web][Acceptable] + detected: [....86] [ip4][..udp] [...168.144.64.5][64497] -> [102.194.207.179][..443] [QUIC.Google][Web][Acceptable][beacons.gvt2.com] idle: [....73] [ip4][..udp] [...168.144.64.5][55066] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] idle: [....75] [ip4][..udp] [...168.144.64.5][65391] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] idle: [....72] [ip4][..udp] [...168.144.64.5][58703] -> [.93.100.151.221][..443] [QUIC.PlayStore][SoftwareUpdate][Safe] @@ -389,11 +389,11 @@ idle: [....74] [ip4][..udp] [...168.144.64.5][61886] -> [....65.33.51.74][..443] [QUIC.Google][Web][Acceptable] idle: [....77] [ip4][..udp] [...168.144.64.5][58429] -> [....38.57.8.121][..443] [QUIC.Google][Advertisement][Acceptable] new: [....87] [ip4][..udp] [...168.144.64.5][55572] -> [.117.148.117.30][..443] - detected: [....87] [ip4][..udp] [...168.144.64.5][55572] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....87] [ip4][..udp] [...168.144.64.5][55572] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable][googleads.g.doubleclick.net] new: [....88] [ip4][..udp] [...168.144.64.5][58956] -> [...128.248.24.1][..443] - detected: [....88] [ip4][..udp] [...168.144.64.5][58956] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] + detected: [....88] [ip4][..udp] [...168.144.64.5][58956] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable][beacons.gcp.gvt2.com] new: [....89] [ip4][..udp] [...168.144.64.5][54449] -> [102.194.207.179][..443] - detected: [....89] [ip4][..udp] [...168.144.64.5][54449] -> [102.194.207.179][..443] [QUIC.Google][Web][Acceptable] + detected: [....89] [ip4][..udp] [...168.144.64.5][54449] -> [102.194.207.179][..443] [QUIC.Google][Web][Acceptable][beacons3.gvt2.com] idle: [....79] [ip4][..udp] [...168.144.64.5][60934] -> [...128.248.24.1][..443] [QUIC.Google][Web][Acceptable] idle: [....78] [ip4][..udp] [...168.144.64.5][55479] -> [113.250.137.243][..443] [QUIC.GoogleServices][Web][Acceptable] update: [....86] [ip4][..udp] [...168.144.64.5][64497] -> [102.194.207.179][..443] [QUIC.Google][Web][Acceptable] @@ -406,7 +406,7 @@ update: [....82] [ip4][..udp] [...168.144.64.5][63925] -> [...39.227.72.32][..443] [QUIC.Google][Web][Acceptable] update: [....87] [ip4][..udp] [...168.144.64.5][55572] -> [.117.148.117.30][..443] [QUIC.Google][Advertisement][Acceptable] new: [....90] [ip4][..udp] [...168.144.64.5][60342] -> [.93.100.151.221][..443] - detected: [....90] [ip4][..udp] [...168.144.64.5][60342] -> [.93.100.151.221][..443] [QUIC.YouTube][Media][Fun] + detected: [....90] [ip4][..udp] [...168.144.64.5][60342] -> [.93.100.151.221][..443] [QUIC.YouTube][Media][Fun][suggestqueries-clients6.youtube.com] idle: [....86] [ip4][..udp] [...168.144.64.5][64497] -> [102.194.207.179][..443] [QUIC.Google][Web][Acceptable] idle: [....83] [ip4][..udp] [...168.144.64.5][49926] -> [.103.179.40.184][..443] [QUIC.YouTube][Media][Fun] idle: [....85] [ip4][..udp] [...168.144.64.5][57398] -> [..137.238.249.2][..443] [QUIC.Google][Advertisement][Acceptable] @@ -420,84 +420,84 @@ DAEMON-EVENT: [Processed: 129 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 90|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 119] new: [....91] [ip4][..udp] [...168.144.64.5][65186] -> [...9.65.169.252][..443] - detected: [....91] [ip4][..udp] [...168.144.64.5][65186] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] + detected: [....91] [ip4][..udp] [...168.144.64.5][65186] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun][www.youtube.com] idle: [....90] [ip4][..udp] [...168.144.64.5][60342] -> [.93.100.151.221][..443] [QUIC.YouTube][Media][Fun] new: [....92] [ip4][..udp] [...168.144.64.5][52942] -> [.93.100.151.221][..443] - detected: [....92] [ip4][..udp] [...168.144.64.5][52942] -> [.93.100.151.221][..443] [QUIC.Google][Web][Acceptable] + detected: [....92] [ip4][..udp] [...168.144.64.5][52942] -> [.93.100.151.221][..443] [QUIC.Google][Web][Acceptable][clients2.google.com] idle: [....91] [ip4][..udp] [...168.144.64.5][65186] -> [...9.65.169.252][..443] [QUIC.YouTube][Media][Fun] new: [....93] [ip4][..udp] [..52.187.20.175][62114] -> [...198.74.29.79][..443] - detected: [....93] [ip4][..udp] [..52.187.20.175][62114] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....93] [ip4][..udp] [..52.187.20.175][62114] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable][safebrowsing.googleapis.com] idle: [....92] [ip4][..udp] [...168.144.64.5][52942] -> [.93.100.151.221][..443] [QUIC.Google][Web][Acceptable] DAEMON-EVENT: [Processed: 135 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 93|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 119] new: [....94] [ip4][..udp] [...168.144.64.5][55561] -> [..35.194.157.47][..443] - detected: [....94] [ip4][..udp] [...168.144.64.5][55561] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [....94] [ip4][..udp] [...168.144.64.5][55561] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable][googleads.g.doubleclick.net] idle: [....93] [ip4][..udp] [..52.187.20.175][62114] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....95] [ip4][..udp] [159.117.176.124][61202] -> [...198.74.29.79][..443] - detected: [....95] [ip4][..udp] [159.117.176.124][61202] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....95] [ip4][..udp] [159.117.176.124][61202] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable][safebrowsing.googleapis.com] idle: [....94] [ip4][..udp] [...168.144.64.5][55561] -> [..35.194.157.47][..443] [QUIC.Google][Advertisement][Acceptable] DAEMON-EVENT: [Processed: 140 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 95|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 119] new: [....96] [ip4][..udp] [159.117.176.124][49521] -> [...128.248.24.1][..443] - detected: [....96] [ip4][..udp] [159.117.176.124][49521] -> [...128.248.24.1][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....96] [ip4][..udp] [159.117.176.124][49521] -> [...128.248.24.1][..443] [QUIC.GoogleServices][Web][Acceptable][clientservices.googleapis.com] update: [....95] [ip4][..udp] [159.117.176.124][61202] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable] DAEMON-EVENT: [Processed: 144 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 96|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 120] new: [....97] [ip4][..udp] [...168.144.64.5][49217] -> [185.186.183.185][..443] - detected: [....97] [ip4][..udp] [...168.144.64.5][49217] -> [185.186.183.185][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....97] [ip4][..udp] [...168.144.64.5][49217] -> [185.186.183.185][..443] [QUIC.GoogleServices][Web][Acceptable][safebrowsing.googleapis.com] idle: [....95] [ip4][..udp] [159.117.176.124][61202] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable] idle: [....96] [ip4][..udp] [159.117.176.124][49521] -> [...128.248.24.1][..443] [QUIC.GoogleServices][Web][Acceptable] new: [....98] [ip4][..udp] [..52.187.20.175][61286] -> [...198.74.29.79][..443] - detected: [....98] [ip4][..udp] [..52.187.20.175][61286] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....98] [ip4][..udp] [..52.187.20.175][61286] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable][safebrowsing.googleapis.com] update: [....97] [ip4][..udp] [...168.144.64.5][49217] -> [185.186.183.185][..443] [QUIC.GoogleServices][Web][Acceptable] DAEMON-EVENT: [Processed: 149 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 98|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 121] new: [....99] [ip4][..udp] [..52.187.20.175][53260] -> [102.194.207.179][..443] - detected: [....99] [ip4][..udp] [..52.187.20.175][53260] -> [102.194.207.179][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [....99] [ip4][..udp] [..52.187.20.175][53260] -> [102.194.207.179][..443] [QUIC.GoogleServices][Web][Acceptable][clientservices.googleapis.com] idle: [....97] [ip4][..udp] [...168.144.64.5][49217] -> [185.186.183.185][..443] [QUIC.GoogleServices][Web][Acceptable] idle: [....98] [ip4][..udp] [..52.187.20.175][61286] -> [...198.74.29.79][..443] [QUIC.GoogleServices][Web][Acceptable] new: [...100] [ip4][..udp] [...168.144.64.5][50023] -> [..76.231.104.92][..443] - detected: [...100] [ip4][..udp] [...168.144.64.5][50023] -> [..76.231.104.92][..443] [QUIC.YouTube][Media][Fun] + detected: [...100] [ip4][..udp] [...168.144.64.5][50023] -> [..76.231.104.92][..443] [QUIC.YouTube][Media][Fun][www.youtube.com] update: [....99] [ip4][..udp] [..52.187.20.175][53260] -> [102.194.207.179][..443] [QUIC.GoogleServices][Web][Acceptable] new: [...101] [ip4][..udp] [...168.144.64.5][65360] -> [....65.33.51.74][..443] - detected: [...101] [ip4][..udp] [...168.144.64.5][65360] -> [....65.33.51.74][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [...101] [ip4][..udp] [...168.144.64.5][65360] -> [....65.33.51.74][..443] [QUIC.Google][Advertisement][Acceptable][googleads.g.doubleclick.net] idle: [...100] [ip4][..udp] [...168.144.64.5][50023] -> [..76.231.104.92][..443] [QUIC.YouTube][Media][Fun] idle: [....99] [ip4][..udp] [..52.187.20.175][53260] -> [102.194.207.179][..443] [QUIC.GoogleServices][Web][Acceptable] new: [...102] [ip4][..udp] [159.117.176.124][64134] -> [..207.121.63.92][..443] - detected: [...102] [ip4][..udp] [159.117.176.124][64134] -> [..207.121.63.92][..443] [QUIC.Google][Web][Acceptable] + detected: [...102] [ip4][..udp] [159.117.176.124][64134] -> [..207.121.63.92][..443] [QUIC.Google][Web][Acceptable][www.google.com] new: [...103] [ip4][..udp] [..52.187.20.175][61484] -> [202.152.155.121][..443] - detected: [...103] [ip4][..udp] [..52.187.20.175][61484] -> [202.152.155.121][..443] [QUIC.Google][Web][Acceptable] + detected: [...103] [ip4][..udp] [..52.187.20.175][61484] -> [202.152.155.121][..443] [QUIC.Google][Web][Acceptable][ogs.google.com] update: [...101] [ip4][..udp] [...168.144.64.5][65360] -> [....65.33.51.74][..443] [QUIC.Google][Advertisement][Acceptable] new: [...104] [ip4][..udp] [159.117.176.124][51856] -> [.16.205.123.234][..443] - detected: [...104] [ip4][..udp] [159.117.176.124][51856] -> [.16.205.123.234][..443] [QUIC.WhatsAppFiles][Download][Acceptable] + detected: [...104] [ip4][..udp] [159.117.176.124][51856] -> [.16.205.123.234][..443] [QUIC.WhatsAppFiles][Download][Acceptable][media.fmct2-1.fna.whatsapp.net] idle: [...101] [ip4][..udp] [...168.144.64.5][65360] -> [....65.33.51.74][..443] [QUIC.Google][Advertisement][Acceptable] DAEMON-EVENT: [Processed: 164 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 104|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 123] new: [...105] [ip4][..udp] [...168.144.64.5][54120] -> [...153.98.28.78][..443] - detected: [...105] [ip4][..udp] [...168.144.64.5][54120] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] + detected: [...105] [ip4][..udp] [...168.144.64.5][54120] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun][dns.google] idle: [...102] [ip4][..udp] [159.117.176.124][64134] -> [..207.121.63.92][..443] [QUIC.Google][Web][Acceptable] idle: [...103] [ip4][..udp] [..52.187.20.175][61484] -> [202.152.155.121][..443] [QUIC.Google][Web][Acceptable] idle: [...104] [ip4][..udp] [159.117.176.124][51856] -> [.16.205.123.234][..443] [QUIC.WhatsAppFiles][Download][Acceptable] DAEMON-EVENT: [Processed: 165 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 105|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 123] new: [...106] [ip4][..udp] [...168.144.64.5][52396] -> [...153.98.28.78][..443] - detected: [...106] [ip4][..udp] [...168.144.64.5][52396] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] + detected: [...106] [ip4][..udp] [...168.144.64.5][52396] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun][dns.google] idle: [...105] [ip4][..udp] [...168.144.64.5][54120] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] DAEMON-EVENT: [Processed: 166 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 106|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 123] new: [...107] [ip4][..udp] [...168.144.64.5][50224] -> [....126.3.93.89][..443] - detected: [...107] [ip4][..udp] [...168.144.64.5][50224] -> [....126.3.93.89][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [...107] [ip4][..udp] [...168.144.64.5][50224] -> [....126.3.93.89][..443] [QUIC.GoogleServices][Web][Acceptable][www.googleapis.com] new: [...108] [ip4][..udp] [...168.144.64.5][62719] -> [..31.219.210.96][..443] - detected: [...108] [ip4][..udp] [...168.144.64.5][62719] -> [..31.219.210.96][..443] [QUIC.Google][Web][Acceptable] + detected: [...108] [ip4][..udp] [...168.144.64.5][62719] -> [..31.219.210.96][..443] [QUIC.Google][Web][Acceptable][lh4.googleusercontent.com] idle: [...106] [ip4][..udp] [...168.144.64.5][52396] -> [...153.98.28.78][..443] [QUIC.DoH_DoT][Network][Fun] new: [...109] [ip4][..udp] [...168.144.64.5][58351] -> [.193.68.169.100][..443] - detected: [...109] [ip4][..udp] [...168.144.64.5][58351] -> [.193.68.169.100][..443] [QUIC.Google][Web][Acceptable] + detected: [...109] [ip4][..udp] [...168.144.64.5][58351] -> [.193.68.169.100][..443] [QUIC.Google][Web][Acceptable][www.gstatic.com] new: [...110] [ip4][..udp] [...168.144.64.5][57319] -> [....7.71.118.27][..443] - detected: [...110] [ip4][..udp] [...168.144.64.5][57319] -> [....7.71.118.27][..443] [QUIC.PlayStore][SoftwareUpdate][Safe] + detected: [...110] [ip4][..udp] [...168.144.64.5][57319] -> [....7.71.118.27][..443] [QUIC.PlayStore][SoftwareUpdate][Safe][android.clients.google.com] new: [...111] [ip4][..udp] [...168.144.64.5][60919] -> [.53.101.228.200][..443] - detected: [...111] [ip4][..udp] [...168.144.64.5][60919] -> [.53.101.228.200][..443] [QUIC.Google][Web][Acceptable] + detected: [...111] [ip4][..udp] [...168.144.64.5][60919] -> [.53.101.228.200][..443] [QUIC.Google][Web][Acceptable][adservice.google.com] new: [...112] [ip4][..udp] [...168.144.64.5][50423] -> [.144.237.113.58][..443] - detected: [...112] [ip4][..udp] [...168.144.64.5][50423] -> [.144.237.113.58][..443] [QUIC.Google][Web][Acceptable] + detected: [...112] [ip4][..udp] [...168.144.64.5][50423] -> [.144.237.113.58][..443] [QUIC.Google][Web][Acceptable][www.google.com] idle: [...110] [ip4][..udp] [...168.144.64.5][57319] -> [....7.71.118.27][..443] [QUIC.PlayStore][SoftwareUpdate][Safe] idle: [...107] [ip4][..udp] [...168.144.64.5][50224] -> [....126.3.93.89][..443] [QUIC.GoogleServices][Web][Acceptable] idle: [...108] [ip4][..udp] [...168.144.64.5][62719] -> [..31.219.210.96][..443] [QUIC.Google][Web][Acceptable] @@ -506,7 +506,7 @@ DAEMON-EVENT: [Processed: 178 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 112|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 123] new: [...113] [ip4][..udp] [...168.144.64.5][59206] -> [..76.231.104.92][..443] - detected: [...113] [ip4][..udp] [...168.144.64.5][59206] -> [..76.231.104.92][..443] [QUIC.Google][Web][Acceptable] + detected: [...113] [ip4][..udp] [...168.144.64.5][59206] -> [..76.231.104.92][..443] [QUIC.Google][Web][Acceptable][ogs.google.com] idle: [...113] [ip4][..udp] [...168.144.64.5][59206] -> [..76.231.104.92][..443] [QUIC.Google][Web][Acceptable] idle: [...112] [ip4][..udp] [...168.144.64.5][50423] -> [.144.237.113.58][..443] [QUIC.Google][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_interop_V.pcapng.out b/test/results/flow-info/quic_interop_V.pcapng.out index 796226c5d..dc3ae4a35 100644 --- a/test/results/flow-info/quic_interop_V.pcapng.out +++ b/test/results/flow-info/quic_interop_V.pcapng.out @@ -2,186 +2,186 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38077] -> [.........2400:8902::f03c:91ff:fe69:a454][..443] - detected: [.....1] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38077] -> [.........2400:8902::f03c:91ff:fe69:a454][..443] [QUIC][Web][Acceptable] + detected: [.....1] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38077] -> [.........2400:8902::f03c:91ff:fe69:a454][..443] [QUIC][Web][Acceptable][nghttp2.org] new: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] - detected: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] [QUIC][Web][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] [QUIC][Web][Acceptable][71.202.41.169] new: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] - detected: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][Web][Acceptable] + detected: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][Web][Acceptable][quic.aiortc.org] new: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] - detected: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] [QUIC][Web][Acceptable] + detected: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] [QUIC][Web][Acceptable][quic.ogre.com] new: [.....5] [ip4][..udp] [..192.168.1.128][47010] -> [...3.121.242.54][..443] - detected: [.....5] [ip4][..udp] [..192.168.1.128][47010] -> [...3.121.242.54][..443] [QUIC.AmazonAWS][Cloud][Acceptable] + detected: [.....5] [ip4][..udp] [..192.168.1.128][47010] -> [...3.121.242.54][..443] [QUIC.AmazonAWS][Cloud][Acceptable][ietf.akaquic.com] new: [.....6] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][48707] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][..443] - detected: [.....6] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][48707] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][..443] [QUIC][Web][Acceptable] + detected: [.....6] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][48707] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][..443] [QUIC][Web][Acceptable][quant.eggert.org] new: [.....7] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][60346] -> [..................2001:bc8:47a4:1c25::1][..443] - detected: [.....7] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][60346] -> [..................2001:bc8:47a4:1c25::1][..443] [QUIC][Web][Acceptable] + detected: [.....7] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][60346] -> [..................2001:bc8:47a4:1c25::1][..443] [QUIC][Web][Acceptable][h3.stammw.eu] new: [.....8] [ip4][..udp] [..192.168.1.128][46576] -> [..40.112.191.60][.4433] - detected: [.....8] [ip4][..udp] [..192.168.1.128][46576] -> [..40.112.191.60][.4433] [QUIC.Azure][Cloud][Acceptable] + detected: [.....8] [ip4][..udp] [..192.168.1.128][46576] -> [..40.112.191.60][.4433] [QUIC.Azure][Cloud][Acceptable][f5quic.com] RISK: Known Proto on Non Std Port new: [.....9] [ip4][..udp] [..192.168.1.128][46334] -> [..40.112.191.60][..443] - detected: [.....9] [ip4][..udp] [..192.168.1.128][46334] -> [..40.112.191.60][..443] [QUIC.Azure][Cloud][Acceptable] + detected: [.....9] [ip4][..udp] [..192.168.1.128][46334] -> [..40.112.191.60][..443] [QUIC.Azure][Cloud][Acceptable][f5quic.com] new: [....10] [ip4][..udp] [..192.168.1.128][38366] -> [.202.238.220.92][.4433] - detected: [....10] [ip4][..udp] [..192.168.1.128][38366] -> [.202.238.220.92][.4433] [QUIC][Web][Acceptable] + detected: [....10] [ip4][..udp] [..192.168.1.128][38366] -> [.202.238.220.92][.4433] [QUIC][Web][Acceptable][mew.org] RISK: Known Proto on Non Std Port new: [....11] [ip4][.icmp] [...3.121.242.54] -> [..192.168.1.128] detected: [....11] [ip4][.icmp] [...3.121.242.54] -> [..192.168.1.128] [ICMP][Network][Acceptable] new: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] - detected: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Web][Acceptable] + detected: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Web][Acceptable][cloudflare-quic.com] RISK: Known Proto on Non Std Port new: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] - detected: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC.AmazonAWS][Cloud][Acceptable] + detected: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC.AmazonAWS][Cloud][Acceptable][ietf.akaquic.com] RISK: Known Proto on Non Std Port new: [....14] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51185] -> [..................2001:bc8:47a4:1c25::1][.4433] - detected: [....14] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51185] -> [..................2001:bc8:47a4:1c25::1][.4433] [QUIC][Web][Acceptable] + detected: [....14] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51185] -> [..................2001:bc8:47a4:1c25::1][.4433] [QUIC][Web][Acceptable][h3.stammw.eu] RISK: Known Proto on Non Std Port new: [....15] [ip4][..udp] [..192.168.1.128][34511] -> [.131.159.24.198][..443] - detected: [....15] [ip4][..udp] [..192.168.1.128][34511] -> [.131.159.24.198][..443] [QUIC][Web][Acceptable] + detected: [....15] [ip4][..udp] [..192.168.1.128][34511] -> [.131.159.24.198][..443] [QUIC][Web][Acceptable][pandora.cm.in.tum.de] new: [....16] [ip4][..udp] [..192.168.1.128][51887] -> [..51.158.105.98][..443] - detected: [....16] [ip4][..udp] [..192.168.1.128][51887] -> [..51.158.105.98][..443] [QUIC][Web][Acceptable] + detected: [....16] [ip4][..udp] [..192.168.1.128][51887] -> [..51.158.105.98][..443] [QUIC][Web][Acceptable][quic.seemann.io] new: [....17] [ip4][..udp] [..192.168.1.128][43475] -> [..18.189.84.245][.4433] - detected: [....17] [ip4][..udp] [..192.168.1.128][43475] -> [..18.189.84.245][.4433] [QUIC.AmazonAWS][Cloud][Acceptable] + detected: [....17] [ip4][..udp] [..192.168.1.128][43475] -> [..18.189.84.245][.4433] [QUIC.AmazonAWS][Cloud][Acceptable][fb.mvfst.net] RISK: Known Proto on Non Std Port new: [....18] [ip4][..udp] [..192.168.1.128][49151] -> [133.242.206.244][.4433] - detected: [....18] [ip4][..udp] [..192.168.1.128][49151] -> [133.242.206.244][.4433] [QUIC][Web][Acceptable] + detected: [....18] [ip4][..udp] [..192.168.1.128][49151] -> [133.242.206.244][.4433] [QUIC][Web][Acceptable][h2o.examp1e.net] RISK: Known Proto on Non Std Port new: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] - detected: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][Web][Acceptable] + detected: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][Web][Acceptable][quic.aiortc.org] RISK: Known Proto on Non Std Port new: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] - detected: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] [QUIC][Web][Acceptable] + detected: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] [QUIC][Web][Acceptable][quic.tech] new: [....21] [ip4][..udp] [..192.168.1.128][59171] -> [..193.190.10.98][.4433] - detected: [....21] [ip4][..udp] [..192.168.1.128][59171] -> [..193.190.10.98][.4433] [QUIC][Web][Acceptable] + detected: [....21] [ip4][..udp] [..192.168.1.128][59171] -> [..193.190.10.98][.4433] [QUIC][Web][Acceptable][quicker.edm.uhasselt.be] RISK: Known Proto on Non Std Port new: [....22] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][35643] -> [......................2001:19f0:4:34::1][.4433] - detected: [....22] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][35643] -> [......................2001:19f0:4:34::1][.4433] [QUIC][Web][Acceptable] + detected: [....22] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][35643] -> [......................2001:19f0:4:34::1][.4433] [QUIC][Web][Acceptable][quic.rocks] RISK: Known Proto on Non Std Port new: [....23] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56213] -> [.........2400:8902::f03c:91ff:fe69:a454][.4433] - detected: [....23] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56213] -> [.........2400:8902::f03c:91ff:fe69:a454][.4433] [QUIC][Web][Acceptable] + detected: [....23] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56213] -> [.........2400:8902::f03c:91ff:fe69:a454][.4433] [QUIC][Web][Acceptable][nghttp2.org] RISK: Known Proto on Non Std Port new: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] - detected: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][Web][Acceptable] + detected: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][Web][Acceptable][test.privateoctopus.com] RISK: Known Proto on Non Std Port new: [....25] [ip4][..udp] [..192.168.1.128][37661] -> [..71.202.41.169][.4433] - detected: [....25] [ip4][..udp] [..192.168.1.128][37661] -> [..71.202.41.169][.4433] [QUIC][Web][Acceptable] + detected: [....25] [ip4][..udp] [..192.168.1.128][37661] -> [..71.202.41.169][.4433] [QUIC][Web][Acceptable][71.202.41.169] RISK: Known Proto on Non Std Port new: [....26] [ip4][..udp] [..192.168.1.128][37784] -> [..140.227.52.92][..443] - detected: [....26] [ip4][..udp] [..192.168.1.128][37784] -> [..140.227.52.92][..443] [QUIC][Web][Acceptable] + detected: [....26] [ip4][..udp] [..192.168.1.128][37784] -> [..140.227.52.92][..443] [QUIC][Web][Acceptable][quic.examp1e.net] new: [....27] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][60983] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][.4433] - detected: [....27] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][60983] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][.4433] [QUIC][Web][Acceptable] + detected: [....27] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][60983] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][.4433] [QUIC][Web][Acceptable][quant.eggert.org] RISK: Known Proto on Non Std Port new: [....28] [ip4][..udp] [..192.168.1.128][49658] -> [..193.190.10.98][..443] - detected: [....28] [ip4][..udp] [..192.168.1.128][49658] -> [..193.190.10.98][..443] [QUIC][Web][Acceptable] + detected: [....28] [ip4][..udp] [..192.168.1.128][49658] -> [..193.190.10.98][..443] [QUIC][Web][Acceptable][quicker.edm.uhasselt.be] new: [....29] [ip4][..udp] [..192.168.1.128][41587] -> [.131.159.24.198][.4433] - detected: [....29] [ip4][..udp] [..192.168.1.128][41587] -> [.131.159.24.198][.4433] [QUIC][Web][Acceptable] + detected: [....29] [ip4][..udp] [..192.168.1.128][41587] -> [.131.159.24.198][.4433] [QUIC][Web][Acceptable][pandora.cm.in.tum.de] RISK: Known Proto on Non Std Port new: [....30] [ip4][.icmp] [..51.158.105.98] -> [..192.168.1.128] detected: [....30] [ip4][.icmp] [..51.158.105.98] -> [..192.168.1.128] [ICMP][Network][Acceptable] new: [....31] [ip4][..udp] [..192.168.1.128][38933] -> [.202.238.220.92][..443] - detected: [....31] [ip4][..udp] [..192.168.1.128][38933] -> [.202.238.220.92][..443] [QUIC][Web][Acceptable] + detected: [....31] [ip4][..udp] [..192.168.1.128][38933] -> [.202.238.220.92][..443] [QUIC][Web][Acceptable][mew.org] new: [....32] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52271] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][.4434] - detected: [....32] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52271] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][.4434] [QUIC][Web][Acceptable] + detected: [....32] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52271] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][.4434] [QUIC][Web][Acceptable][quant.eggert.org] RISK: Known Proto on Non Std Port new: [....33] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51040] -> [............2604:a880:800:a1::1279:3001][.4433] - detected: [....33] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51040] -> [............2604:a880:800:a1::1279:3001][.4433] [QUIC][Web][Acceptable] + detected: [....33] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][51040] -> [............2604:a880:800:a1::1279:3001][.4433] [QUIC][Web][Acceptable][http3-test.litespeedtech.com] RISK: Known Proto on Non Std Port new: [....34] [ip4][.icmp] [.131.159.24.198] -> [..192.168.1.128] detected: [....34] [ip4][.icmp] [.131.159.24.198] -> [..192.168.1.128] [ICMP][Network][Acceptable] new: [....35] [ip4][..udp] [..192.168.1.128][45250] -> [..51.158.105.98][.4433] - detected: [....35] [ip4][..udp] [..192.168.1.128][45250] -> [..51.158.105.98][.4433] [QUIC][Web][Acceptable] + detected: [....35] [ip4][..udp] [..192.168.1.128][45250] -> [..51.158.105.98][.4433] [QUIC][Web][Acceptable][quic.seemann.io] RISK: Known Proto on Non Std Port new: [....36] [ip4][..udp] [..192.168.1.128][42456] -> [133.242.206.244][..443] - detected: [....36] [ip4][..udp] [..192.168.1.128][42456] -> [133.242.206.244][..443] [QUIC][Web][Acceptable] + detected: [....36] [ip4][..udp] [..192.168.1.128][42456] -> [133.242.206.244][..443] [QUIC][Web][Acceptable][h2o.examp1e.net] new: [....37] [ip6][icmp6] [.2001:4800:7817:101:be76:4eff:fe04:631d] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] detected: [....37] [ip6][icmp6] [.2001:4800:7817:101:be76:4eff:fe04:631d] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Network][Acceptable] new: [....38] [ip4][..udp] [..192.168.1.128][50289] -> [..71.202.41.169][.4434] - detected: [....38] [ip4][..udp] [..192.168.1.128][50289] -> [..71.202.41.169][.4434] [QUIC][Web][Acceptable] + detected: [....38] [ip4][..udp] [..192.168.1.128][50289] -> [..71.202.41.169][.4434] [QUIC][Web][Acceptable][71.202.41.169] RISK: Known Proto on Non Std Port new: [....39] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49270] -> [..................2001:bc8:47a4:1c25::1][.4434] - detected: [....39] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49270] -> [..................2001:bc8:47a4:1c25::1][.4434] [QUIC][Web][Acceptable] + detected: [....39] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49270] -> [..................2001:bc8:47a4:1c25::1][.4434] [QUIC][Web][Acceptable][h3.stammw.eu] RISK: Known Proto on Non Std Port new: [....40] [ip4][..udp] [..192.168.1.128][34903] -> [..18.189.84.245][..443] - detected: [....40] [ip4][..udp] [..192.168.1.128][34903] -> [..18.189.84.245][..443] [QUIC.AmazonAWS][Cloud][Acceptable] + detected: [....40] [ip4][..udp] [..192.168.1.128][34903] -> [..18.189.84.245][..443] [QUIC.AmazonAWS][Cloud][Acceptable][fb.mvfst.net] new: [....41] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][45852] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4433] - detected: [....41] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][45852] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4433] [QUIC][Web][Acceptable] + detected: [....41] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][45852] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4433] [QUIC][Web][Acceptable][quic.tech] RISK: Known Proto on Non Std Port new: [....42] [ip4][..udp] [..192.168.1.128][45855] -> [133.242.206.244][.4434] - detected: [....42] [ip4][..udp] [..192.168.1.128][45855] -> [133.242.206.244][.4434] [QUIC][Web][Acceptable] + detected: [....42] [ip4][..udp] [..192.168.1.128][45855] -> [133.242.206.244][.4434] [QUIC][Web][Acceptable][h2o.examp1e.net] RISK: Known Proto on Non Std Port new: [....43] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46353] -> [.................2606:4700:10::6816:826][..443] - detected: [....43] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46353] -> [.................2606:4700:10::6816:826][..443] [QUIC][Web][Acceptable] + detected: [....43] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46353] -> [.................2606:4700:10::6816:826][..443] [QUIC][Web][Acceptable][cloudflare-quic.com] new: [....44] [ip4][..udp] [..192.168.1.128][53791] -> [..40.112.191.60][.4434] - detected: [....44] [ip4][..udp] [..192.168.1.128][53791] -> [..40.112.191.60][.4434] [QUIC.Azure][Cloud][Acceptable] + detected: [....44] [ip4][..udp] [..192.168.1.128][53791] -> [..40.112.191.60][.4434] [QUIC.Azure][Cloud][Acceptable][f5quic.com] RISK: Known Proto on Non Std Port new: [....45] [ip4][..udp] [..192.168.1.128][59515] -> [..193.190.10.98][.4434] - detected: [....45] [ip4][..udp] [..192.168.1.128][59515] -> [..193.190.10.98][.4434] [QUIC][Web][Acceptable] + detected: [....45] [ip4][..udp] [..192.168.1.128][59515] -> [..193.190.10.98][.4434] [QUIC][Web][Acceptable][quicker.edm.uhasselt.be] RISK: Known Proto on Non Std Port new: [....46] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49788] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4434] - detected: [....46] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49788] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4434] [QUIC][Web][Acceptable] + detected: [....46] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49788] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4434] [QUIC][Web][Acceptable][quic.ogre.com] RISK: Known Proto on Non Std Port new: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] - detected: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][Web][Acceptable] + detected: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][Web][Acceptable][test.privateoctopus.com] new: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] - detected: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] [QUIC][Web][Acceptable] + detected: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] [QUIC][Web][Acceptable][quic.examp1e.net] RISK: Known Proto on Non Std Port new: [....49] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44243] -> [......................2001:19f0:4:34::1][.4434] - detected: [....49] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44243] -> [......................2001:19f0:4:34::1][.4434] [QUIC][Web][Acceptable] + detected: [....49] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44243] -> [......................2001:19f0:4:34::1][.4434] [QUIC][Web][Acceptable][quic.rocks] RISK: Known Proto on Non Std Port new: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] - detected: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][Web][Acceptable] + detected: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][Web][Acceptable][test.privateoctopus.com] RISK: Known Proto on Non Std Port new: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] detected: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Network][Acceptable] new: [....52] [ip4][..udp] [..192.168.1.128][35263] -> [.202.238.220.92][.4434] - detected: [....52] [ip4][..udp] [..192.168.1.128][35263] -> [.202.238.220.92][.4434] [QUIC][Web][Acceptable] + detected: [....52] [ip4][..udp] [..192.168.1.128][35263] -> [.202.238.220.92][.4434] [QUIC][Web][Acceptable][mew.org] RISK: Known Proto on Non Std Port new: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] - detected: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] [QUIC][Web][Acceptable] + detected: [....53] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53760] -> [............2604:a880:800:a1::1279:3001][.4434] [QUIC][Web][Acceptable][http3-test.litespeedtech.com] RISK: Known Proto on Non Std Port new: [....54] [ip4][..udp] [..192.168.1.128][54570] -> [..18.189.84.245][.4434] - detected: [....54] [ip4][..udp] [..192.168.1.128][54570] -> [..18.189.84.245][.4434] [QUIC.AmazonAWS][Cloud][Acceptable] + detected: [....54] [ip4][..udp] [..192.168.1.128][54570] -> [..18.189.84.245][.4434] [QUIC.AmazonAWS][Cloud][Acceptable][fb.mvfst.net] RISK: Known Proto on Non Std Port new: [....55] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44924] -> [.........2400:8902::f03c:91ff:fe69:a454][.4434] - detected: [....55] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44924] -> [.........2400:8902::f03c:91ff:fe69:a454][.4434] [QUIC][Web][Acceptable] + detected: [....55] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44924] -> [.........2400:8902::f03c:91ff:fe69:a454][.4434] [QUIC][Web][Acceptable][nghttp2.org] RISK: Known Proto on Non Std Port new: [....56] [ip4][..udp] [..192.168.1.128][39975] -> [.138.91.188.147][..443] - detected: [....56] [ip4][..udp] [..192.168.1.128][39975] -> [.138.91.188.147][..443] [QUIC.Azure][Cloud][Acceptable] + detected: [....56] [ip4][..udp] [..192.168.1.128][39975] -> [.138.91.188.147][..443] [QUIC.Azure][Cloud][Acceptable][quic.westus.cloudapp.azure.com] new: [....57] [ip4][..udp] [..192.168.1.128][50705] -> [.138.91.188.147][.4434] - detected: [....57] [ip4][..udp] [..192.168.1.128][50705] -> [.138.91.188.147][.4434] [QUIC.Azure][Cloud][Acceptable] + detected: [....57] [ip4][..udp] [..192.168.1.128][50705] -> [.138.91.188.147][.4434] [QUIC.Azure][Cloud][Acceptable][quic.westus.cloudapp.azure.com] RISK: Known Proto on Non Std Port new: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] - detected: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Web][Acceptable] + detected: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Web][Acceptable][cloudflare-quic.com] RISK: Known Proto on Non Std Port new: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] - detected: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] [QUIC][Web][Acceptable] + detected: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] [QUIC][Web][Acceptable][http3-test.litespeedtech.com] new: [....60] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][43645] -> [......................2001:19f0:4:34::1][..443] - detected: [....60] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][43645] -> [......................2001:19f0:4:34::1][..443] [QUIC][Web][Acceptable] + detected: [....60] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][43645] -> [......................2001:19f0:4:34::1][..443] [QUIC][Web][Acceptable][quic.rocks] new: [....61] [ip4][..udp] [..192.168.1.128][48644] -> [.131.159.24.198][.4434] - detected: [....61] [ip4][..udp] [..192.168.1.128][48644] -> [.131.159.24.198][.4434] [QUIC][Web][Acceptable] + detected: [....61] [ip4][..udp] [..192.168.1.128][48644] -> [.131.159.24.198][.4434] [QUIC][Web][Acceptable][pandora.cm.in.tum.de] RISK: Known Proto on Non Std Port new: [....62] [ip4][..udp] [..192.168.1.128][42468] -> [.138.91.188.147][.4433] - detected: [....62] [ip4][..udp] [..192.168.1.128][42468] -> [.138.91.188.147][.4433] [QUIC.Azure][Cloud][Acceptable] + detected: [....62] [ip4][..udp] [..192.168.1.128][42468] -> [.138.91.188.147][.4433] [QUIC.Azure][Cloud][Acceptable][quic.westus.cloudapp.azure.com] RISK: Known Proto on Non Std Port new: [....63] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38689] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4434] - detected: [....63] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38689] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4434] [QUIC][Web][Acceptable] + detected: [....63] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38689] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4434] [QUIC][Web][Acceptable][quic.tech] RISK: Known Proto on Non Std Port new: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] - detected: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] [QUIC.AmazonAWS][Cloud][Acceptable] + detected: [....64] [ip4][..udp] [..192.168.1.128][53402] -> [...3.121.242.54][.4434] [QUIC.AmazonAWS][Cloud][Acceptable][ietf.akaquic.com] RISK: Known Proto on Non Std Port new: [....65] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53140] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4433] - detected: [....65] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53140] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4433] [QUIC][Web][Acceptable] + detected: [....65] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53140] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4433] [QUIC][Web][Acceptable][quic.ogre.com] RISK: Known Proto on Non Std Port new: [....66] [ip4][..udp] [..192.168.1.128][57926] -> [..140.227.52.92][.4434] - detected: [....66] [ip4][..udp] [..192.168.1.128][57926] -> [..140.227.52.92][.4434] [QUIC][Web][Acceptable] + detected: [....66] [ip4][..udp] [..192.168.1.128][57926] -> [..140.227.52.92][.4434] [QUIC][Web][Acceptable][quic.examp1e.net] RISK: Known Proto on Non Std Port new: [....67] [ip6][icmp6] [.........2400:8902::f03c:91ff:fe69:a454] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] detected: [....67] [ip6][icmp6] [.........2400:8902::f03c:91ff:fe69:a454] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Network][Acceptable] new: [....68] [ip6][icmp6] [......................2001:19f0:4:34::1] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] detected: [....68] [ip6][icmp6] [......................2001:19f0:4:34::1] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Network][Acceptable] new: [....69] [ip4][..udp] [..192.168.1.128][43735] -> [..51.158.105.98][.4434] - detected: [....69] [ip4][..udp] [..192.168.1.128][43735] -> [..51.158.105.98][.4434] [QUIC][Web][Acceptable] + detected: [....69] [ip4][..udp] [..192.168.1.128][43735] -> [..51.158.105.98][.4434] [QUIC][Web][Acceptable][quic.seemann.io] RISK: Known Proto on Non Std Port new: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] - detected: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][Web][Acceptable] + detected: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][Web][Acceptable][quic.aiortc.org] RISK: Known Proto on Non Std Port new: [....71] [ip4][.icmp] [.202.238.220.92] -> [..192.168.1.128] detected: [....71] [ip4][.icmp] [.202.238.220.92] -> [..192.168.1.128] [ICMP][Network][Acceptable] diff --git a/test/results/flow-info/quic_q39.pcap.out b/test/results/flow-info/quic_q39.pcap.out index 6b9eb32ad..8b89b950d 100644 --- a/test/results/flow-info/quic_q39.pcap.out +++ b/test/results/flow-info/quic_q39.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] - detected: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Media][Fun] + detected: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Media][Fun][s.youtube.com] analyse: [.....1] [ip4][..udp] [.170.216.16.209][38620] -> [.21.157.183.227][..443] [QUIC.YouTube][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.515| 0.578| 1.532| 2346988.339| 2.700] diff --git a/test/results/flow-info/quic_q43.pcap.out b/test/results/flow-info/quic_q43.pcap.out index 155c00c8f..f7e779b35 100644 --- a/test/results/flow-info/quic_q43.pcap.out +++ b/test/results/flow-info/quic_q43.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..51.120.20.202][49241] -> [..72.119.217.29][..443] - detected: [.....1] [ip4][..udp] [..51.120.20.202][49241] -> [..72.119.217.29][..443] [QUIC.DoH_DoT][Network][Fun] + detected: [.....1] [ip4][..udp] [..51.120.20.202][49241] -> [..72.119.217.29][..443] [QUIC.DoH_DoT][Network][Fun][dns.google.com] idle: [.....1] [ip4][..udp] [..51.120.20.202][49241] -> [..72.119.217.29][..443] [QUIC.DoH_DoT][Network][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_q46.pcap.out b/test/results/flow-info/quic_q46.pcap.out index 4e76105cc..647788408 100644 --- a/test/results/flow-info/quic_q46.pcap.out +++ b/test/results/flow-info/quic_q46.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..172.29.42.236][38292] -> [.153.20.183.203][..443] - detected: [.....1] [ip4][..udp] [..172.29.42.236][38292] -> [.153.20.183.203][..443] [QUIC.Google][Web][Acceptable] + detected: [.....1] [ip4][..udp] [..172.29.42.236][38292] -> [.153.20.183.203][..443] [QUIC.Google][Web][Acceptable][play.google.com] idle: [.....1] [ip4][..udp] [..172.29.42.236][38292] -> [.153.20.183.203][..443] [QUIC.Google][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_q46_b.pcap.out b/test/results/flow-info/quic_q46_b.pcap.out index 015ce6680..0ae907f4c 100644 --- a/test/results/flow-info/quic_q46_b.pcap.out +++ b/test/results/flow-info/quic_q46_b.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..172.27.69.216][45530] -> [.110.231.134.35][..443] - detected: [.....1] [ip4][..udp] [..172.27.69.216][45530] -> [.110.231.134.35][..443] [QUIC.YouTubeUpload][Media][Fun] + detected: [.....1] [ip4][..udp] [..172.27.69.216][45530] -> [.110.231.134.35][..443] [QUIC.YouTubeUpload][Media][Fun][upload.youtube.com] idle: [.....1] [ip4][..udp] [..172.27.69.216][45530] -> [.110.231.134.35][..443] [QUIC.YouTubeUpload][Media][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_q50.pcap.out b/test/results/flow-info/quic_q50.pcap.out index a7798b3b8..7579d8730 100644 --- a/test/results/flow-info/quic_q50.pcap.out +++ b/test/results/flow-info/quic_q50.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [248.144.129.147][39203] -> [184.151.193.237][..443] - detected: [.....1] [ip4][..udp] [248.144.129.147][39203] -> [184.151.193.237][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [.....1] [ip4][..udp] [248.144.129.147][39203] -> [184.151.193.237][..443] [QUIC.GoogleServices][Web][Acceptable][www.googletagmanager.com] idle: [.....1] [ip4][..udp] [248.144.129.147][39203] -> [184.151.193.237][..443] [QUIC.GoogleServices][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_t50.pcap.out b/test/results/flow-info/quic_t50.pcap.out index 1800e3976..0d15c8c75 100644 --- a/test/results/flow-info/quic_t50.pcap.out +++ b/test/results/flow-info/quic_t50.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.40.154.127.200][49836] -> [166.240.188.209][..443] - detected: [.....1] [ip4][..udp] [.40.154.127.200][49836] -> [166.240.188.209][..443] [QUIC.GoogleServices][Web][Acceptable] + detected: [.....1] [ip4][..udp] [.40.154.127.200][49836] -> [166.240.188.209][..443] [QUIC.GoogleServices][Web][Acceptable][fonts.googleapis.com] idle: [.....1] [ip4][..udp] [.40.154.127.200][49836] -> [166.240.188.209][..443] [QUIC.GoogleServices][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/quic_t51.pcap.out b/test/results/flow-info/quic_t51.pcap.out index a39038c23..fadd610d0 100644 --- a/test/results/flow-info/quic_t51.pcap.out +++ b/test/results/flow-info/quic_t51.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] - detected: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] + detected: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable][www.google.com] analyse: [.....1] [ip4][..udp] [187.227.136.152][55356] -> [.211.247.147.90][..443] [QUIC.Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 19.583| 2.165| 5.210| 27140724.621| 2.500] diff --git a/test/results/flow-info/quickplay.pcap.out b/test/results/flow-info/quickplay.pcap.out index 81e78bb65..6e9792632 100644 --- a/test/results/flow-info/quickplay.pcap.out +++ b/test/results/flow-info/quickplay.pcap.out @@ -2,36 +2,36 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..10.54.169.250][50668] -> [...120.28.35.41][...80] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [..10.54.169.250][50668] -> [...120.28.35.41][...80] [HTTP][Streaming][Acceptable] + detected: [.....1] [ip4][..tcp] [..10.54.169.250][50668] -> [...120.28.35.41][...80] [HTTP][Streaming][Acceptable][api-singtelhawk.quickplay.com] new: [.....2] [ip4][..tcp] [..10.54.169.250][50669] -> [...120.28.35.41][...80] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [..10.54.169.250][50669] -> [...120.28.35.41][...80] [HTTP][Streaming][Acceptable] + detected: [.....2] [ip4][..tcp] [..10.54.169.250][50669] -> [...120.28.35.41][...80] [HTTP][Streaming][Acceptable][api-singtelhawk.quickplay.com] new: [.....3] [ip4][..tcp] [..10.54.169.250][33064] -> [....120.28.5.18][...80] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [..10.54.169.250][33064] -> [....120.28.5.18][...80] [HTTP][Streaming][Acceptable] + detected: [.....3] [ip4][..tcp] [..10.54.169.250][33064] -> [....120.28.5.18][...80] [HTTP][Streaming][Acceptable][api-singtelhawk.quickplay.com] new: [.....4] [ip4][..tcp] [..10.54.169.250][52285] -> [..173.252.74.22][...80] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [..10.54.169.250][52285] -> [..173.252.74.22][...80] [HTTP.Facebook][SocialNetwork][Fun] + detected: [.....4] [ip4][..tcp] [..10.54.169.250][52285] -> [..173.252.74.22][...80] [HTTP.Facebook][SocialNetwork][Fun][www.facebook.com] new: [.....5] [ip4][..tcp] [..10.54.169.250][52288] -> [..173.252.74.22][...80] [MIDSTREAM] - detected: [.....5] [ip4][..tcp] [..10.54.169.250][52288] -> [..173.252.74.22][...80] [HTTP.Facebook][SocialNetwork][Fun] + detected: [.....5] [ip4][..tcp] [..10.54.169.250][52288] -> [..173.252.74.22][...80] [HTTP.Facebook][SocialNetwork][Fun][www.facebook.com] new: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [MIDSTREAM] - detected: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Web][Acceptable] + detected: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Web][Acceptable][clients3.google.com] new: [.....7] [ip4][..tcp] [..10.54.169.250][44793] -> [....31.13.68.49][...80] [MIDSTREAM] - detected: [.....7] [ip4][..tcp] [..10.54.169.250][44793] -> [....31.13.68.49][...80] [HTTP.Facebook][SocialNetwork][Fun] + detected: [.....7] [ip4][..tcp] [..10.54.169.250][44793] -> [....31.13.68.49][...80] [HTTP.Facebook][SocialNetwork][Fun][www.facebook.com] new: [.....8] [ip4][..tcp] [..10.54.169.250][44256] -> [....120.28.5.41][...80] [MIDSTREAM] - detected: [.....8] [ip4][..tcp] [..10.54.169.250][44256] -> [....120.28.5.41][...80] [HTTP][Streaming][Acceptable] + detected: [.....8] [ip4][..tcp] [..10.54.169.250][44256] -> [....120.28.5.41][...80] [HTTP][Streaming][Acceptable][play-singtelhawk.quickplay.com] new: [.....9] [ip4][..tcp] [..10.54.169.250][52007] -> [...120.28.35.40][...80] [MIDSTREAM] - detected: [.....9] [ip4][..tcp] [..10.54.169.250][52007] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] + detected: [.....9] [ip4][..tcp] [..10.54.169.250][52007] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable][vod-singtelhawk.quickplay.com] new: [....10] [ip4][..tcp] [..10.54.169.250][54883] -> [203.205.151.160][...80] [MIDSTREAM] - detected: [....10] [ip4][..tcp] [..10.54.169.250][54883] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Chat][Fun] + detected: [....10] [ip4][..tcp] [..10.54.169.250][54883] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Chat][Fun][hkextshort.weixin.qq.com] RISK: Known Proto on Non Std Port new: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [MIDSTREAM] - detected: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] + detected: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable][vod-singtelhawk.quickplay.com] new: [....12] [ip4][..tcp] [..10.54.169.250][42761] -> [203.205.129.101][...80] [MIDSTREAM] - detected: [....12] [ip4][..tcp] [..10.54.169.250][42761] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Chat][Fun] + detected: [....12] [ip4][..tcp] [..10.54.169.250][42761] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Chat][Fun][hkextshort.weixin.qq.com] RISK: Known Proto on Non Std Port new: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [MIDSTREAM] - detected: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Chat][Fun] + detected: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Chat][Fun][hkextshort.weixin.qq.com] RISK: Known Proto on Non Std Port new: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [MIDSTREAM] - detected: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Chat][Fun] + detected: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Chat][Fun][hkextshort.weixin.qq.com] RISK: Known Proto on Non Std Port analyse: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] min| max| avg| stddev| variance| entropy @@ -44,22 +44,22 @@ [PKTLENS.....: 484,1440,484,224,569,486,1232,569,486,838,571,60,488,1252,569,486,142,486,642,486,1108,486,1192,486,332,486,1440,486,946,486,564,486] [ENTROPIES...: 5.9,7.9,6.0,7.1,5.9,5.9,7.8,5.9,5.9,7.7,6.0,5.0,6.0,7.8,6.0,5.9,6.6,5.9,7.7,6.0,7.8,5.9,7.8,6.0,7.3,5.9,7.9,5.9,7.8,5.9,7.6,5.9] new: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [MIDSTREAM] - detected: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Chat][Fun] + detected: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Chat][Fun][hkminorshort.weixin.qq.com] RISK: Known Proto on Non Std Port new: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [MIDSTREAM] - detected: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][Web][Acceptable] + detected: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][Web][Acceptable][api.account.xiaomi.com] new: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [MIDSTREAM] - detected: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] + detected: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable][vod-singtelhawk.quickplay.com] end: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Chat][Fun] RISK: Known Proto on Non Std Port new: [....18] [ip4][..tcp] [..10.54.169.250][52018] -> [...120.28.35.40][...80] [MIDSTREAM] - detected: [....18] [ip4][..tcp] [..10.54.169.250][52018] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] + detected: [....18] [ip4][..tcp] [..10.54.169.250][52018] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable][vod-singtelhawk.quickplay.com] new: [....19] [ip4][..tcp] [..10.54.169.250][52019] -> [...120.28.35.40][...80] [MIDSTREAM] - detected: [....19] [ip4][..tcp] [..10.54.169.250][52019] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] + detected: [....19] [ip4][..tcp] [..10.54.169.250][52019] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable][vod-singtelhawk.quickplay.com] new: [....20] [ip4][..tcp] [..10.54.169.250][52021] -> [...120.28.35.40][...80] [MIDSTREAM] - detected: [....20] [ip4][..tcp] [..10.54.169.250][52021] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] + detected: [....20] [ip4][..tcp] [..10.54.169.250][52021] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable][vod-singtelhawk.quickplay.com] new: [....21] [ip4][..tcp] [..10.54.169.250][52022] -> [...120.28.35.40][...80] [MIDSTREAM] - detected: [....21] [ip4][..tcp] [..10.54.169.250][52022] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable] + detected: [....21] [ip4][..tcp] [..10.54.169.250][52022] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable][vod-singtelhawk.quickplay.com] idle: [.....1] [ip4][..tcp] [..10.54.169.250][50668] -> [...120.28.35.41][...80] [HTTP][Streaming][Acceptable] idle: [.....2] [ip4][..tcp] [..10.54.169.250][50669] -> [...120.28.35.41][...80] [HTTP][Streaming][Acceptable] idle: [.....7] [ip4][..tcp] [..10.54.169.250][44793] -> [....31.13.68.49][...80] [HTTP.Facebook][SocialNetwork][Fun] diff --git a/test/results/flow-info/reddit.pcap.out b/test/results/flow-info/reddit.pcap.out index a9e8a4bf3..6c4fa22cb 100644 --- a/test/results/flow-info/reddit.pcap.out +++ b/test/results/flow-info/reddit.pcap.out @@ -4,17 +4,17 @@ new: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] new: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] new: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] - detected: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable] + detected: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable][safebrowsing.googleapis.com] new: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] - detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable] - detected: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable] - detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable] - detected: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable][safebrowsing.googleapis.com] + detected: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.reddit.com] + detection-update: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable][safebrowsing.googleapis.com] + detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.reddit.com] + detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.reddit.com] + detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable][safebrowsing.googleapis.com] + detected: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.reddit.com] + detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.reddit.com] + detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.reddit.com] analyse: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.076| 0.015| 0.024| 570.611| 3.200] @@ -35,7 +35,7 @@ [IATS(ms)....: 33.2,33.2,0.9,66.6,0.0,0.0,0.0,0.0,65.7,0.0,0.0,0.0,13.2,0.7,0.5,42.1,0.0,27.6,0.5,0.5,1.4,59.9,0.1,1228.9,1287.6,0.9,0.0,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1120,1120,1120,587,72,72,72,72,165,171,445,72,330,72,72,138,72,110,72,72,1120,72,1120,1120,1120,203,1120] [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,6.9,7.4,7.3,7.6,5.3,5.2,5.3,5.3,6.1,6.3,7.4,5.1,7.1,5.1,5.2,6.2,5.2,5.7,5.1,5.1,7.8,5.2,7.8,7.8,7.8,6.7,7.8] - detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.reddit.com] new: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] new: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] new: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56566] -> [.....................64:ff9b::9765:798c][..443] @@ -50,52 +50,52 @@ new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56584] -> [.....................64:ff9b::9765:798c][..443] new: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56586] -> [.....................64:ff9b::9765:798c][..443] new: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] - detected: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56570] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56568] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56566] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56572] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detected: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detected: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detected: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56570] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detected: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56568] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detected: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56566] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56572] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] new: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] new: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] - detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56576] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56574] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56580] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56584] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56586] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56568] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56570] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56568] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56570] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56566] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56566] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56572] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detected: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56572] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56576] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56576] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56574] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56580] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56574] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56580] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56584] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56584] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56586] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56586] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detected: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56576] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56574] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56580] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detected: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56584] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56586] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detected: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detection-update: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56562] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56568] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56570] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56568] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56570] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56566] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56566] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56572] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][emoji.redditmedia.com] + detected: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][emoji.redditmedia.com] + detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56572] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][www.redditstatic.com] + detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detection-update: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56576] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detection-update: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56576] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56574] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56580] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56574] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56580] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] + detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56584] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56584] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56586] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56586] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] + detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] analyse: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.042| 0.008| 0.014| 206.884| 3.100] @@ -106,10 +106,10 @@ [IATS(ms)....: 29.9,29.9,0.1,38.0,2.3,0.0,40.2,0.0,0.1,0.0,0.0,2.7,0.1,0.6,0.0,0.2,0.0,41.5,1.3,39.1,1.6,0.0,7.3,1.5,7.3,2.1,0.2,0.1,0.0,0.2] [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,592,72,72,165,171,361,391,1460,269,72,330,72,195,227,72,138,72,217,110,182,183,294] [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,6.9,7.3,5.2,5.2,7.3,7.5,5.2,5.2,5.9,6.4,7.2,7.2,7.6,6.8,5.1,7.1,5.2,6.6,6.5,5.1,6.2,5.2,6.7,5.5,6.5,6.5,6.9] - detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][emoji.redditmedia.com] + detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][emoji.redditmedia.com] + detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][emoji.redditmedia.com] + detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][emoji.redditmedia.com] analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.048| 0.010| 0.016| 264.552| 3.200] @@ -120,7 +120,7 @@ [IATS(ms)....: 38.7,38.7,0.2,38.5,0.0,38.3,0.0,0.0,0.3,0.3,0.0,2.2,2.8,0.2,0.2,6.5,48.3,2.9,39.3,6.8,2.7,0.0,9.6,0.3,0.8,2.1,0.0] [PKTLENS.....: 80,80,72,589,72,1120,72,1120,72,1120,602,72,72,165,171,436,468,115,72,330,72,72,72,138,72,110,72,1120,1120,1120,1120,1120] [ENTROPIES...: 4.7,5.2,5.3,4.6,5.1,6.9,5.3,7.3,5.3,7.4,7.6,5.3,5.3,6.0,6.4,7.4,7.2,5.8,5.1,7.1,5.2,5.1,5.1,6.2,5.2,5.7,5.1,7.8,7.8,7.8,7.8,7.8] - detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][styles.redditmedia.com] analyse: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.060| 0.011| 0.020| 392.540| 2.700] @@ -131,7 +131,7 @@ [IATS(ms)....: 36.1,36.1,0.1,41.3,0.0,41.2,0.0,0.0,0.7,0.7,0.0,2.3,1.1,0.2,0.0,0.2,60.3,1.0,57.4,0.0,0.0,0.0,0.0,0.0,0.9] [PKTLENS.....: 80,80,72,589,72,1120,72,1120,72,1120,576,72,72,165,171,446,359,227,72,330,72,72,138,72,72,72,1120,687,72,72,72,110] [ENTROPIES...: 4.8,5.3,5.3,4.5,5.1,6.9,5.3,7.4,5.3,7.3,7.5,5.3,5.3,6.1,6.5,7.4,7.1,6.8,5.1,7.1,5.1,5.2,6.2,5.0,5.0,5.1,7.8,7.7,5.2,5.2,5.2,5.6] - detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][preview.redd.it] analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.052| 0.011| 0.020| 382.734| 2.800] @@ -142,11 +142,11 @@ [IATS(ms)....: 44.6,44.7,0.3,51.0,1.8,0.0,52.5,0.0,0.0,0.0,2.4,0.7,0.1,0.1,49.0,0.0,45.8,0.1,0.2,1.2,0.0,0.0,1.4,0.0,0.0,0.1,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1120,1120,1120,602,72,72,72,72,165,171,389,153,72,330,72,72,72,138,72,1120,1118,72,72,72,1120,72,1120] [ENTROPIES...: 4.9,5.4,5.3,4.6,5.1,6.9,7.3,7.4,7.5,5.2,5.2,5.2,5.3,6.1,6.4,7.3,6.1,5.1,7.1,5.3,5.1,5.0,6.2,5.1,7.8,7.8,5.3,5.2,5.3,7.8,5.2,7.8] - detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][emoji.redditmedia.com] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] - detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][b.thumbs.redditmedia.com] + detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][b.thumbs.redditmedia.com] + detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][b.thumbs.redditmedia.com] analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.092| 0.013| 0.024| 558.351| 2.800] @@ -157,16 +157,16 @@ [IATS(ms)....: 25.8,25.9,0.4,66.4,26.1,92.0,0.8,0.8,0.0,0.0,1.6,0.1,0.3,42.1,0.0,0.0,6.2,0.0,0.0,46.4,0.0,0.0,0.0,0.0,0.0,0.9] [PKTLENS.....: 80,80,72,589,72,1120,72,1120,1120,623,72,72,72,165,171,403,72,72,72,346,138,1120,1120,1120,1120,72,72,72,72,72,72,110] [ENTROPIES...: 4.9,5.3,5.3,4.6,5.1,7.0,5.3,7.3,7.3,7.6,5.3,5.3,5.3,6.1,6.5,7.3,5.1,5.2,5.2,7.2,6.2,7.8,7.8,7.8,7.8,5.3,5.3,5.3,5.3,5.3,5.3,5.7] - detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][b.thumbs.redditmedia.com] new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] new: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] - detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Web][Acceptable] - detected: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Web][Safe] - detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Web][Acceptable] - detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Web][Safe] + detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Web][Acceptable][www.googletagservices.com] + detected: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Web][Safe][c.aaxads.com] + detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable][c.amazon-adsystem.com] + detection-update: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Web][Acceptable][www.googletagservices.com] + detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable][c.amazon-adsystem.com] + detection-update: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Web][Safe][c.aaxads.com] analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.009| 0.015| 214.376| 3.100] @@ -187,7 +187,7 @@ [IATS(ms)....: 38.5,38.6,0.4,37.3,14.2,0.0,0.0,51.0,0.0,0.0,0.0,0.0,2.4,0.1,0.1,31.3,0.0,1.6,0.0,30.2,0.1,3.4,0.0,3.2,0.0,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1460,1460,1460,1460,387,72,72,72,72,72,136,164,330,72,72,72,143,72,103,1460,1460,1460,1460,72,72,72,72] [ENTROPIES...: 4.8,5.2,5.2,4.5,5.1,7.8,7.8,7.9,7.8,7.4,5.2,5.2,5.2,5.2,5.1,6.1,6.5,7.3,5.0,5.0,5.1,6.3,5.2,5.9,7.9,7.8,7.9,7.8,5.2,5.2,5.3,5.3] - detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable] + detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Web][Acceptable][c.amazon-adsystem.com] analyse: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.072| 0.015| 0.019| 374.318| 3.400] @@ -199,12 +199,12 @@ [PKTLENS.....: 80,80,72,589,72,1460,1460,310,72,72,72,152,164,350,72,72,72,343,343,142,72,72,72,103,72,1460,72,1445,1460,1445,1460,72] [ENTROPIES...: 4.9,5.3,5.2,4.4,5.1,7.8,7.8,7.2,5.3,5.2,5.2,6.3,6.5,7.4,5.1,5.1,5.1,7.2,7.3,6.3,5.2,5.3,5.2,5.9,5.1,7.9,5.2,7.9,7.8,7.9,7.9,5.3] new: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] - detected: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Advertisement][Acceptable] + detected: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Advertisement][Acceptable][securepubads.g.doubleclick.net] new: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] - detected: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] - detection-update: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] - detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] + detected: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun][platform.twitter.com] + detection-update: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Advertisement][Acceptable][securepubads.g.doubleclick.net] + detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun][platform.twitter.com] + detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun][platform.twitter.com] analyse: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.049| 0.009| 0.015| 230.505| 3.100] @@ -225,10 +225,10 @@ [IATS(ms)....: 30.4,30.4,0.3,47.5,14.0,61.1,0.1,0.0,0.0,0.0,0.0,3.3,0.1,0.1,30.6,2.1,0.1,29.2,1.3,1.3,0.2,0.4,0.0,0.0,0.0,0.2,0.0,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1120,72,1120,1120,704,72,72,72,165,171,337,72,72,72,330,72,138,72,110,1120,1120,1120,1120,72,72,72,72] [ENTROPIES...: 4.9,5.3,5.2,4.5,5.0,6.9,5.1,7.2,7.3,7.6,5.2,5.2,5.1,6.0,6.4,7.2,5.1,5.1,5.1,7.0,5.2,6.3,5.2,5.6,7.8,7.8,7.8,7.8,5.2,5.2,5.2,5.2] - detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] + detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun][platform.twitter.com] new: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] - detected: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable] - detection-update: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable] + detected: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable][www.googletagmanager.com] + detection-update: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable][www.googletagmanager.com] new: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] analyse: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Web][Acceptable] min| max| avg| stddev| variance| entropy @@ -240,25 +240,25 @@ [IATS(ms)....: 34.3,34.3,1.7,38.1,7.5,0.0,43.9,0.0,0.0,3.0,0.2,0.3,37.3,0.0,0.4,0.0,34.1,0.0,0.2,2.3,6.9,9.1,0.8,0.0,0.9,0.0,0.1,0.0,0.7] [PKTLENS.....: 80,80,72,589,72,1280,1280,550,72,72,72,136,164,335,72,72,652,103,72,72,103,72,545,72,1280,1280,72,72,1280,72,1280,1280] [ENTROPIES...: 4.8,5.3,5.1,4.6,5.0,7.8,7.8,7.6,5.2,5.2,5.2,6.0,6.6,7.3,5.0,5.0,7.7,5.7,5.2,5.2,5.8,5.1,7.6,5.2,7.8,7.8,5.2,5.2,7.8,5.2,7.8,7.8] - detected: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] [TLS][Web][Safe] + detected: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] [TLS][Web][Safe][www.aaxdetect.com] new: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] - detected: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] - detection-update: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] [TLS][Web][Safe] + detected: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun][syndication.twitter.com] + detection-update: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] [TLS][Web][Safe][www.aaxdetect.com] new: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] new: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] - detected: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Web][Safe] + detected: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Web][Safe][id.rlcdn.com] new: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] new: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] - detected: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Media][Fun] - detected: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe] - detected: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] [TLS][Advertisement][Safe] - detection-update: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Web][Safe] - detection-update: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Media][Fun] - detection-update: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] [TLS][Advertisement][Safe] - detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe] - detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe] - detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] - detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] + detected: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Media][Fun][www.youtube.com] + detected: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe][secure.quantserve.com] + detected: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] [TLS][Advertisement][Safe][sb.scorecardresearch.com] + detection-update: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Web][Safe][id.rlcdn.com] + detection-update: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Media][Fun][www.youtube.com] + detection-update: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] [TLS][Advertisement][Safe][sb.scorecardresearch.com] + detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe][secure.quantserve.com] + detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe][secure.quantserve.com] + detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun][syndication.twitter.com] + detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun][syndication.twitter.com] analyse: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.180| 0.022| 0.040| 1578.121| 3.300] @@ -269,7 +269,7 @@ [IATS(ms)....: 41.3,41.4,0.2,45.6,16.1,0.0,61.5,0.0,0.0,3.9,0.4,0.1,94.0,180.2,10.5,0.0,92.3,0.1,0.4,5.5,8.0,1.9,14.9,15.5,0.0,15.5,0.0,0.3,0.0] [PKTLENS.....: 80,80,72,589,72,1460,1460,660,72,72,72,198,171,330,330,72,346,141,72,72,110,72,72,110,72,1460,1460,72,72,1460,1460,1460] [ENTROPIES...: 5.3,5.6,5.5,4.7,5.4,6.9,7.4,7.6,5.4,5.4,5.3,6.5,6.4,7.2,7.2,5.4,7.2,6.3,5.5,5.5,5.8,5.4,5.4,6.0,5.4,7.9,7.9,5.5,5.5,7.9,7.9,7.9] - detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe] + detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Web][Safe][secure.quantserve.com] analyse: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.169| 0.024| 0.039| 1530.136| 3.300] @@ -283,12 +283,12 @@ new: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] new: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] - detected: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable] - detected: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable] - detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Web][Safe] - detection-update: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Web][Safe] + detected: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable][ad.doubleclick.net] + detected: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable][ad.doubleclick.net] + detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Web][Safe][rules.quantcount.com] + detection-update: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable][ad.doubleclick.net] + detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable][ad.doubleclick.net] + detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Web][Safe][rules.quantcount.com] analyse: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.011| 0.015| 223.794| 3.600] @@ -309,14 +309,14 @@ [IATS(ms)....: 29.2,29.3,0.2,29.5,187.3,216.6,0.3,0.3,0.0,1.8,0.2,0.0,70.3,211.9,6.5,0.0,182.9,58.3,20.2,41.8,0.1,0.0,0.9,11.7,10.9,9.9,6.2,112.5,128.6,76.1] [PKTLENS.....: 80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338] [ENTROPIES...: 4.8,5.2,5.2,4.6,5.1,6.8,5.2,7.4,7.6,5.2,5.2,6.4,6.3,7.1,7.1,5.1,5.1,5.1,6.4,5.1,7.0,5.2,5.9,5.2,5.6,5.9,5.2,5.1,5.1,7.5,5.2,7.3] - detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun] + detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][SocialNetwork][Fun][syndication.twitter.com] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] - detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][SocialNetwork][Fun] - detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][SocialNetwork][Fun] + detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][SocialNetwork][Fun][cdn.syndication.twimg.com] + detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][SocialNetwork][Fun][cdn.syndication.twimg.com] new: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] new: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] - detected: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Advertisement][Acceptable] - detected: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable] + detected: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Advertisement][Acceptable][static.doubleclick.net] + detected: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable][www.google.com] analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.051| 0.013| 0.018| 330.361| 3.500] @@ -327,15 +327,15 @@ [IATS(ms)....: 43.0,43.1,0.3,41.3,10.2,51.1,0.4,38.4,3.5,41.5,0.5,0.0,0.5,0.0,0.1,0.1,2.3,0.2,0.1,38.5,0.0,36.0,0.0,0.0,0.1,5.2,2.2,17.6,0.2] [PKTLENS.....: 80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280] [ENTROPIES...: 5.2,5.5,5.4,4.7,5.3,6.2,5.3,5.1,5.3,7.8,5.5,7.8,7.9,5.4,5.4,7.4,5.5,6.4,6.6,7.5,5.4,7.3,7.3,6.5,5.4,5.5,5.4,6.0,5.4,5.4,5.9,7.8] - detection-update: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Advertisement][Acceptable] + detection-update: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Advertisement][Acceptable][static.doubleclick.net] new: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] new: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] new: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] new: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] - detection-update: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable] - detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] - detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] - detected: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun] + detection-update: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable][www.google.com] + detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable][fonts.gstatic.com] + detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable][fonts.gstatic.com] + detected: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun][yt3.ggpht.com] analyse: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.062| 0.010| 0.018| 322.960| 3.000] @@ -346,11 +346,11 @@ [IATS(ms)....: 37.4,37.4,0.2,47.4,15.0,62.3,0.0,0.4,0.3,2.5,0.2,0.3,39.9,0.1,2.3,39.3,0.2,2.9,2.6,0.8,0.8,0.3,0.0,0.0,0.3,0.0,0.0,0.1,0.0] [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292] [ENTROPIES...: 4.7,5.3,5.2,4.4,5.1,7.8,7.8,5.2,5.2,7.2,5.2,6.1,6.5,7.3,5.1,5.1,5.1,7.7,5.1,5.8,7.5,5.2,7.8,5.2,7.8,7.9,7.8,5.1,5.2,5.1,7.8,7.2] - detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Media][Fun] - detection-update: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun] - detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Media][Fun] - detection-update: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] - detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable] + detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Media][Fun][i.ytimg.com] + detection-update: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun][yt3.ggpht.com] + detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Media][Fun][i.ytimg.com] + detection-update: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable][fonts.gstatic.com] + detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Web][Acceptable][fonts.gstatic.com] analyse: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.069| 0.013| 0.024| 573.258| 2.800] @@ -382,9 +382,9 @@ [PKTLENS.....: 80,80,72,589,72,1280,1280,751,72,72,72,136,164,375,72,652,72,103,72,72,103,72,456,72,1280,72,1280,1280,1280,1280,72,72] [ENTROPIES...: 4.9,5.3,5.2,4.4,5.1,7.8,7.9,7.7,5.2,5.2,5.3,6.3,6.6,7.4,5.1,7.7,5.1,5.9,5.1,5.1,5.8,5.2,7.5,5.3,7.9,5.3,7.8,7.8,7.8,7.8,5.2,5.3] new: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] - detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] - detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][gateway.reddit.com] + detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][gateway.reddit.com] + detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][gateway.reddit.com] analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.144| 0.017| 0.037| 1404.834| 2.700] @@ -395,20 +395,20 @@ [IATS(ms)....: 25.7,25.8,0.2,144.2,0.0,144.0,0.0,0.1,0.0,0.0,0.0,2.5,0.6,1.3,49.7,0.0,0.0,45.4,0.0,0.1,0.0,0.1,0.7,0.4,0.9,38.4,2.5,1.1,2.2] [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,587,72,72,165,171,471,72,72,330,138,72,72,72,439,72,110,566,142,72,72,72,114] [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,6.9,7.4,5.2,5.2,7.3,7.5,5.2,5.2,6.1,6.4,7.4,5.2,5.1,7.1,6.2,5.2,5.3,5.1,7.5,5.3,5.6,7.6,6.2,5.1,5.1,5.1,6.0] - detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun] + detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][SocialNetwork][Fun][gateway.reddit.com] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] new: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] - detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Web][Acceptable] - detected: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Web][Acceptable] + detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Web][Acceptable][adservice.google.fr] + detected: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Web][Acceptable][adservice.google.com] new: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] new: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] - detected: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Web][Acceptable] - detection-update: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Web][Acceptable] - detected: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable] - detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable] + detected: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable][aax-eu.amazon-adsystem.com] + detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Web][Acceptable][adservice.google.fr] + detection-update: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Web][Acceptable][adservice.google.com] + detected: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] + detection-update: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] + detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable][aax-eu.amazon-adsystem.com] + detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Web][Acceptable][aax-eu.amazon-adsystem.com] analyse: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.008| 0.012| 155.374| 3.400] @@ -439,27 +439,27 @@ new: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] new: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] new: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] - detected: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - detected: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - detected: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - detected: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - detected: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - detected: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Web][Acceptable] - detected: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] - detected: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] - detected: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] - detected: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] + detected: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] + detected: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] + detected: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] + detected: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] + detected: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] + detected: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Web][Acceptable][fonts.googleapis.com] + detected: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detected: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detected: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detected: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] new: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] - detection-update: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - detection-update: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - detection-update: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - detection-update: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] - detection-update: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Web][Acceptable] - detection-update: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] - detection-update: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable] + detection-update: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] + detection-update: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] + detection-update: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] + detection-update: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe][cdn.ampproject.org] + detection-update: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Web][Acceptable][fonts.googleapis.com] + detection-update: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Advertisement][Acceptable][tpc.googlesyndication.com] analyse: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.042| 0.008| 0.012| 152.931| 3.300] @@ -491,9 +491,9 @@ [PKTLENS.....: 80,80,72,589,72,1280,72,1280,72,572,72,136,164,355,72,652,72,103,72,103,72,72,531,897,272,357,72,72,72,72,111,72] [ENTROPIES...: 4.8,5.2,5.1,4.6,5.0,7.8,5.1,7.8,5.0,7.6,5.0,6.0,6.4,7.3,5.0,7.6,5.1,5.8,5.0,5.5,5.0,5.1,7.5,7.7,7.1,7.3,5.1,5.1,5.1,5.1,5.8,5.0] new: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] - detected: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Web][Safe] - detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Web][Safe] - detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Web][Safe] + detected: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Web][Safe][d9.flashtalking.com] + detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Web][Safe][d9.flashtalking.com] + detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Web][Safe][d9.flashtalking.com] idle: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Web][Acceptable] idle: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Web][Acceptable] idle: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][SocialNetwork][Fun] diff --git a/test/results/flow-info/safari.pcap.out b/test/results/flow-info/safari.pcap.out index 9ad62237d..51ba4ddde 100644 --- a/test/results/flow-info/safari.pcap.out +++ b/test/results/flow-info/safari.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] new: [.....2] [ip4][..tcp] [..192.168.1.178][55265] -> [...146.48.58.18][..443] new: [.....3] [ip4][..tcp] [..192.168.1.178][55266] -> [...146.48.58.18][..443] new: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] @@ -20,26 +20,26 @@ [IATS(ms)....: 28.3,28.4,0.6,28.7,7.0,0.1,0.0,35.1,0.0,52.7,82.0,0.0,29.3,0.9,28.1,550.6,1.2,579.0,0.2,0.3,0.1,0.1,0.1,0.1,0.1,0.1,428.1,455.0,4.4,1.2,32.6] [PKTLENS.....: 64,60,52,287,52,1492,1492,627,52,52,145,52,103,52,411,52,1492,1492,52,1492,52,1492,52,1492,52,1492,52,431,52,1492,1492,52] [ENTROPIES...: 4.4,5.3,5.0,5.6,5.0,7.1,7.3,7.6,5.0,4.9,6.1,5.0,5.9,5.0,7.4,5.0,7.9,7.9,4.9,7.9,4.8,7.9,5.0,7.9,4.9,7.9,5.0,7.4,5.1,7.9,7.9,5.1] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detected: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detected: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....2] [ip4][..tcp] [..192.168.1.178][55265] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....2] [ip4][..tcp] [..192.168.1.178][55265] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....3] [ip4][..tcp] [..192.168.1.178][55266] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....3] [ip4][..tcp] [..192.168.1.178][55266] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][55265] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.178][55265] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][55268] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][55266] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.178][55266] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][55269] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..192.168.1.178][55267] -> [...146.48.58.18][..443] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy @@ -92,9 +92,9 @@ [PKTLENS.....: 64,60,52,263,52,193,52,103,480,52,52,1399,52,483,52,1492,1492,52,1492,1492,52,1492,1492,411,52,52,52,489,52,1492,1492,52] [ENTROPIES...: 4.4,5.2,4.9,5.9,4.9,6.5,4.8,5.6,7.5,5.0,5.0,7.9,5.0,7.4,4.9,7.9,7.9,4.8,7.9,7.9,4.9,7.9,7.9,7.5,4.9,4.9,4.8,7.5,5.1,7.9,7.9,5.1] new: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] - detected: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe] - detection-update: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe] + detected: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] + detection-update: [.....7] [ip4][..tcp] [..192.168.1.178][55285] -> [...146.48.58.18][..443] [TLS][Web][Safe][www.iit.cnr.it] idle: [.....1] [ip4][..tcp] [..192.168.1.178][55262] -> [...146.48.58.18][..443] [TLS][Web][Safe] idle: [.....2] [ip4][..tcp] [..192.168.1.178][55265] -> [...146.48.58.18][..443] [TLS][Web][Safe] RISK: TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow-info/salesforce.pcap.out b/test/results/flow-info/salesforce.pcap.out index 0617d9d0d..e23762e44 100644 --- a/test/results/flow-info/salesforce.pcap.out +++ b/test/results/flow-info/salesforce.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.178][54399] -> [...85.222.142.6][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.178][54399] -> [...85.222.142.6][..443] [TLS.Salesforce][Cloud][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][54399] -> [...85.222.142.6][..443] [TLS.Salesforce][Cloud][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][54399] -> [...85.222.142.6][..443] [TLS.Salesforce][Cloud][Safe] + detected: [.....1] [ip4][..tcp] [..192.168.1.178][54399] -> [...85.222.142.6][..443] [TLS.Salesforce][Cloud][Safe][help.salesforce.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][54399] -> [...85.222.142.6][..443] [TLS.Salesforce][Cloud][Safe][help.salesforce.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][54399] -> [...85.222.142.6][..443] [TLS.Salesforce][Cloud][Safe][help.salesforce.com] idle: [.....1] [ip4][..tcp] [..192.168.1.178][54399] -> [...85.222.142.6][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/selfsigned.pcap.out b/test/results/flow-info/selfsigned.pcap.out index fd3413da2..0f5824a7d 100644 --- a/test/results/flow-info/selfsigned.pcap.out +++ b/test/results/flow-info/selfsigned.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [......127.0.0.1][51607] -> [......127.0.0.1][.3001] - detected: [.....1] [ip4][..tcp] [......127.0.0.1][51607] -> [......127.0.0.1][.3001] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][51607] -> [......127.0.0.1][.3001] [TLS][Web][Safe][localhost] RISK: Known Proto on Non Std Port - detection-update: [.....1] [ip4][..tcp] [......127.0.0.1][51607] -> [......127.0.0.1][.3001] [TLS.ntop][Network][Safe] + detection-update: [.....1] [ip4][..tcp] [......127.0.0.1][51607] -> [......127.0.0.1][.3001] [TLS.ntop][Network][Safe][localhost] RISK: Known Proto on Non Std Port, Self-signed Cert, TLS Cert Expired end: [.....1] [ip4][..tcp] [......127.0.0.1][51607] -> [......127.0.0.1][.3001] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/signal.pcap.out b/test/results/flow-info/signal.pcap.out index 123390a31..64b6b21cf 100644 --- a/test/results/flow-info/signal.pcap.out +++ b/test/results/flow-info/signal.pcap.out @@ -2,22 +2,22 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][lucas-imac] new: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] - detected: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] [DNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] [DNS][Network][Acceptable][e673.dsce9.akamaiedge.net] new: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] new: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] new: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] new: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] new: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] - detection-update: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] [DNS][Network][Acceptable] - detected: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] - detection-update: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] - detected: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] + detection-update: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] [DNS][Network][Acceptable][e673.dsce9.akamaiedge.net] + detected: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun][itunes.apple.com] + detection-update: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun][itunes.apple.com] + detected: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] - detected: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] - detected: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] + detected: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detected: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detected: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] analyse: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.052| 0.012| 0.020| 399.390| 3.200] @@ -28,16 +28,16 @@ [IATS(ms)....: 44.2,46.0,0.1,45.6,0.8,0.2,0.3,0.2,47.8,0.0,0.1,46.0,44.7,7.8,1.7,0.1,0.4,0.1,52.3,0.0,1.1,0.0,42.6,0.1,0.7,0.5,0.1,0.9,0.1,0.4,0.0] [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,1492,52,52,52,659,52,132,98,95,87,193,323,323,52,122,52,52,52,52,83,1098,1098,1492,413] [ENTROPIES...: 4.5,5.3,5.1,4.4,5.2,7.8,7.9,7.8,7.9,5.1,5.1,5.0,7.6,5.2,6.3,5.8,5.9,5.8,6.9,7.3,7.4,5.1,6.4,5.1,5.1,5.0,5.0,5.6,7.8,7.8,7.9,7.5] - detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] + detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] + detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] - detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] - detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] - detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] - detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] - detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun] + detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] new: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [MIDSTREAM] detected: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [TLS.Apple][Web][Safe] new: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [MIDSTREAM] @@ -45,20 +45,20 @@ new: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] new: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] new: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] - detected: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Chat][Fun] + detected: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Chat][Fun][textsecure-service.whispersystems.org] new: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] new: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] new: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] - detection-update: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Chat][Fun] + detection-update: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Chat][Fun][textsecure-service.whispersystems.org] new: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] detected: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Network][Acceptable] - detected: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] - detection-update: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] - detected: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] + detected: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun][itunes.apple.com] + detection-update: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun][itunes.apple.com] + detected: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detected: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - detected: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - detected: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] + detected: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detected: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detected: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] analyse: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.101| 0.015| 0.025| 625.062| 3.300] @@ -69,20 +69,20 @@ [IATS(ms)....: 34.9,37.7,0.1,37.4,0.8,0.2,0.3,0.2,37.0,0.2,34.8,100.7,83.3,17.6,1.1,2.5,0.1,0.4,0.1,36.0,0.0,31.6,0.5,2.4,0.0,0.5,2.2,1.1,0.2,0.2,0.0] [PKTLENS.....: 64,60,52,569,52,1492,1492,1268,1492,52,52,659,52,659,64,132,98,95,87,193,323,323,52,52,52,122,52,52,1098,1098,1492,413] [ENTROPIES...: 4.5,5.2,5.1,4.4,5.2,7.9,7.9,7.8,7.9,5.1,5.1,7.7,5.1,7.7,5.0,6.4,6.0,5.9,5.8,6.8,7.3,7.3,5.2,5.1,5.2,6.3,5.1,5.1,7.8,7.8,7.9,7.5] - detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] + detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] + detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] + detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] new: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] - detected: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] - detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] + detected: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] + detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun][textsecure-service.whispersystems.org] analyse: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.115| 0.033| 0.050| 2490.513| 3.300] @@ -96,9 +96,9 @@ new: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [MIDSTREAM] detected: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [TLS][Web][Safe] new: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] - detected: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] - detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] - detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] + detected: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun][cdn.signal.org] + detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun][cdn.signal.org] + detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun][cdn.signal.org] analyse: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.012| 0.016| 257.340| 3.700] @@ -109,7 +109,7 @@ [IATS(ms)....: 32.9,39.8,0.1,40.0,2.7,0.0,39.4,7.8,43.4,0.4,0.0,34.7,0.1,7.5,0.5,0.0,0.1,0.4,5.9,0.1,0.4,42.2,0.0,0.5,26.8,7.6,10.7,0.1,0.3,0.3,26.1] [PKTLENS.....: 64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52] [ENTROPIES...: 4.4,5.2,5.0,4.3,5.1,7.1,7.7,5.1,6.3,5.1,6.0,6.4,5.1,5.1,5.7,5.6,5.5,7.0,5.4,7.9,7.9,7.9,4.9,5.9,5.1,7.6,5.1,7.9,7.9,7.9,7.9,5.1] - detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun] + detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun][cdn.signal.org] idle: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] end: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [TLS.Apple][Web][Safe] idle: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Network][Acceptable] diff --git a/test/results/flow-info/simple-dnscrypt.pcap.out b/test/results/flow-info/simple-dnscrypt.pcap.out index 366191b95..fc21e72ed 100644 --- a/test/results/flow-info/simple-dnscrypt.pcap.out +++ b/test/results/flow-info/simple-dnscrypt.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] - detected: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] + detected: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS][Web][Safe][simplednscrypt.org] + detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS][Web][Safe][simplednscrypt.org] + detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] analyse: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.222| 0.043| 0.053| 2772.255| 3.900] @@ -15,19 +15,19 @@ [IATS(ms)....: 110.6,111.2,27.9,119.6,18.5,5.2,114.9,3.0,7.5,0.0,0.0,10.6,4.9,14.9,0.1,0.1,0.4,91.8,0.0,71.5,3.1,28.8,26.8,76.4,36.0,32.6,95.2,61.6,222.0,0.0] [PKTLENS.....: 52,52,40,246,40,1350,1350,40,1350,1350,1350,346,40,166,93,96,82,258,298,109,40,78,40,78,40,40,40,401,40,105,1350,1310] [ENTROPIES...: 4.7,5.1,4.9,5.6,4.9,7.3,7.2,4.7,7.6,7.5,7.6,7.3,4.8,6.4,5.7,5.8,5.5,7.1,7.1,6.1,4.9,5.4,4.9,5.8,4.9,4.9,4.9,7.3,4.9,6.0,7.8,7.8] - detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] + detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] new: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] new: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] new: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] - detected: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] - detected: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] - detected: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] - detection-update: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] - detection-update: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] - detection-update: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] - detection-update: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] - detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] - detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] + detected: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] + detected: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] + detected: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] + detection-update: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] + detection-update: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] + detection-update: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] + detection-update: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] + detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] + detection-update: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] analyse: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.106| 0.026| 0.036| 1310.829| 3.600] @@ -38,7 +38,7 @@ [IATS(ms)....: 76.9,77.0,0.2,75.5,27.7,2.5,105.6,0.6,0.0,0.6,1.3,0.0,1.6,3.3,3.7,0.1,0.1,3.1,0.1,0.0,84.7,0.0,74.1,4.3,9.6,25.1,23.4,82.0,4.1,98.4] [PKTLENS.....: 52,52,40,250,40,1350,1350,40,1350,1350,40,1350,346,40,166,93,96,82,320,119,118,298,109,40,40,78,40,78,40,402,401,40] [ENTROPIES...: 4.7,5.0,4.8,5.5,4.8,7.3,7.3,4.8,7.6,7.5,4.7,7.6,7.4,4.8,6.3,5.6,5.8,5.5,7.3,6.0,6.1,7.2,6.3,4.9,4.9,5.8,4.8,5.4,4.9,7.5,7.4,4.9] - detection-update: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] + detection-update: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe][simplednscrypt.org] idle: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Network][Safe] idle: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] idle: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] diff --git a/test/results/flow-info/sites.pcapng.out b/test/results/flow-info/sites.pcapng.out index 9f8f04c91..e2045239b 100644 --- a/test/results/flow-info/sites.pcapng.out +++ b/test/results/flow-info/sites.pcapng.out @@ -2,26 +2,26 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.168.12.169][46160] -> [..69.171.250.20][..443] - detected: [.....1] [ip4][..tcp] [.192.168.12.169][46160] -> [..69.171.250.20][..443] [TLS.Messenger][Chat][Acceptable] - detection-update: [.....1] [ip4][..tcp] [.192.168.12.169][46160] -> [..69.171.250.20][..443] [TLS.Messenger][Chat][Acceptable] + detected: [.....1] [ip4][..tcp] [.192.168.12.169][46160] -> [..69.171.250.20][..443] [TLS.Messenger][Chat][Acceptable][edge-mqtt.facebook.com] + detection-update: [.....1] [ip4][..tcp] [.192.168.12.169][46160] -> [..69.171.250.20][..443] [TLS.Messenger][Chat][Acceptable][edge-mqtt.facebook.com] DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] - detected: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][SocialNetwork][Fun] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][SocialNetwork][Fun] + detected: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][SocialNetwork][Fun][vcs-va.tiktokv.com] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] [TLS.TikTok][SocialNetwork][Fun][vcs-va.tiktokv.com] idle: [.....1] [ip4][..tcp] [.192.168.12.169][46160] -> [..69.171.250.20][..443] DAEMON-EVENT: [Processed: 35 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] new: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] - detected: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][VoIP][Acceptable] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][VoIP][Acceptable] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][VoIP][Acceptable] + detected: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][VoIP][Acceptable][presence.fuze.com] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][VoIP][Acceptable][presence.fuze.com] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][VoIP][Acceptable][presence.fuze.com] end: [.....2] [ip4][..tcp] [..192.168.1.250][41878] -> [...92.122.95.99][..443] DAEMON-EVENT: [Processed: 66 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] new: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] - detected: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] + detected: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe][upload.wikimedia.org] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe][upload.wikimedia.org] analyse: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.053| 0.020| 0.024| 571.173| 2.800] @@ -32,12 +32,12 @@ [IATS(ms)....: 46.8,50.1,2.2,52.9,0.2,52.2,1.5,0.6,2.4,52.4,0.8,3.1,0.2,0.2,47.9,0.2] [PKTLENS.....: 60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83] [ENTROPIES...: 4.7,5.2,5.0,5.4,5.1,7.8,7.9,7.8,6.5,5.0,5.0,5.1,5.1,6.3,6.9,7.1,7.4,6.0,5.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.4,5.1,5.0,5.1,5.6] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe] + detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Web][Safe][upload.wikimedia.org] end: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] DAEMON-EVENT: [Processed: 118 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0] new: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] - detected: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][SocialNetwork][Fun] + detected: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][SocialNetwork][Fun][videosnap.like.video] analyse: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.031| 0.138| 0.327| 107215.077| 1.600] @@ -52,127 +52,127 @@ DAEMON-EVENT: [Processed: 230 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0] new: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] - detected: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Streaming][Fun] - detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Streaming][Fun] - detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Streaming][Fun] + detected: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Streaming][Fun][f.vimeocdn.com] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Streaming][Fun][f.vimeocdn.com] + detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Streaming][Fun][f.vimeocdn.com] end: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][SocialNetwork][Fun] DAEMON-EVENT: [Processed: 255 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 8|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] - detected: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][Streaming][Fun] - detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][Streaming][Fun] + detected: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][Streaming][Fun][prod-static.disney-plus.net] + detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][Streaming][Fun][prod-static.disney-plus.net] end: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] DAEMON-EVENT: [Processed: 284 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 9|updates: 0] new: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] - detected: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Web][Fun] - detection-update: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Web][Fun] + detected: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Web][Fun][api.accuweather.com] + detection-update: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Web][Fun][api.accuweather.com] end: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] DAEMON-EVENT: [Processed: 314 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 10|updates: 0] new: [.....9] [ip4][..udp] [..192.168.1.123][59102] -> [..216.58.209.46][..443] - detected: [.....9] [ip4][..udp] [..192.168.1.123][59102] -> [..216.58.209.46][..443] [QUIC.GoogleClassroom][Collaborative][Safe] + detected: [.....9] [ip4][..udp] [..192.168.1.123][59102] -> [..216.58.209.46][..443] [QUIC.GoogleClassroom][Collaborative][Safe][classroom.google.com] end: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] DAEMON-EVENT: [Processed: 315 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 10|updates: 0] new: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] - detected: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] [TLS.Badoo][SocialNetwork][Fun] - detection-update: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] [TLS.Badoo][SocialNetwork][Fun] + detected: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] [TLS.Badoo][SocialNetwork][Fun][www.badoo.com] + detection-update: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] [TLS.Badoo][SocialNetwork][Fun][www.badoo.com] idle: [.....9] [ip4][..udp] [..192.168.1.123][59102] -> [..216.58.209.46][..443] [QUIC.GoogleClassroom][Collaborative][Safe] new: [....11] [ip4][..tcp] [..192.168.1.128][53998] -> [..172.65.251.78][..443] - detected: [....11] [ip4][..tcp] [..192.168.1.128][53998] -> [..172.65.251.78][..443] [TLS.GitLab][Collaborative][Fun] - detection-update: [....11] [ip4][..tcp] [..192.168.1.128][53998] -> [..172.65.251.78][..443] [TLS.GitLab][Collaborative][Fun] + detected: [....11] [ip4][..tcp] [..192.168.1.128][53998] -> [..172.65.251.78][..443] [TLS.GitLab][Collaborative][Fun][www.gitlab.com] + detection-update: [....11] [ip4][..tcp] [..192.168.1.128][53998] -> [..172.65.251.78][..443] [TLS.GitLab][Collaborative][Fun][www.gitlab.com] new: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] - detected: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Game][Fun] - detection-update: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Game][Fun] - detection-update: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Game][Fun] + detected: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Game][Fun][www.activision.com] + detection-update: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Game][Fun][www.activision.com] + detection-update: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] [TLS.Activision][Game][Fun][www.activision.com] new: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] - detected: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] [TLS.Twitch][Video][Fun] - detection-update: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] [TLS.Twitch][Video][Fun] + detected: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] [TLS.Twitch][Video][Fun][gql.twitch.tv] + detection-update: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] [TLS.Twitch][Video][Fun][gql.twitch.tv] new: [....14] [ip4][..tcp] [..192.168.1.128][45936] -> [..208.85.40.158][...80] new: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] - detected: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][Music][Fun] - detection-update: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][Music][Fun] + detected: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][Music][Fun][soundcloud.com] + detection-update: [....15] [ip4][..tcp] [..192.168.1.128][51806] -> [..18.66.196.102][..443] [TLS.SoundCloud][Music][Fun][soundcloud.com] new: [....16] [ip4][..tcp] [..192.168.1.128][56468] -> [.151.101.192.92][..443] - detected: [....16] [ip4][..tcp] [..192.168.1.128][56468] -> [.151.101.192.92][..443] [TLS][Web][Safe] - detection-update: [....16] [ip4][..tcp] [..192.168.1.128][56468] -> [.151.101.192.92][..443] [TLS][Web][Safe] - detection-update: [....16] [ip4][..tcp] [..192.168.1.128][56468] -> [.151.101.192.92][..443] [TLS.Vevo][Music][Fun] + detected: [....16] [ip4][..tcp] [..192.168.1.128][56468] -> [.151.101.192.92][..443] [TLS][Web][Safe][vevo.com] + detection-update: [....16] [ip4][..tcp] [..192.168.1.128][56468] -> [.151.101.192.92][..443] [TLS][Web][Safe][vevo.com] + detection-update: [....16] [ip4][..tcp] [..192.168.1.128][56468] -> [.151.101.192.92][..443] [TLS.Vevo][Music][Fun][vevo.com] new: [....17] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] - detected: [....17] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Web][Safe] - detection-update: [....17] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Web][Safe] + detected: [....17] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Web][Safe][cdn.cnn.com] + detection-update: [....17] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Web][Safe][cdn.cnn.com] new: [....18] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] - detected: [....18] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Shopping][Safe] - detection-update: [....18] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Shopping][Safe] + detected: [....18] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Shopping][Safe][www.ebay.com] + detection-update: [....18] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] [TLS.eBay][Shopping][Safe][www.ebay.com] new: [....19] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] - detected: [....19] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.UbuntuONE][Cloud][Acceptable] - detection-update: [....19] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.UbuntuONE][Cloud][Acceptable] + detected: [....19] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.UbuntuONE][Cloud][Acceptable][assets.ubuntu.com] + detection-update: [....19] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] [TLS.UbuntuONE][Cloud][Acceptable][assets.ubuntu.com] new: [....20] [ip4][..tcp] [..192.168.1.128][51248] -> [..95.131.169.91][..443] - detected: [....20] [ip4][..tcp] [..192.168.1.128][51248] -> [..95.131.169.91][..443] [TLS][Web][Safe] - detection-update: [....20] [ip4][..tcp] [..192.168.1.128][51248] -> [..95.131.169.91][..443] [TLS][Web][Safe] - detection-update: [....20] [ip4][..tcp] [..192.168.1.128][51248] -> [..95.131.169.91][..443] [TLS.Tuenti][VoIP][Acceptable] + detected: [....20] [ip4][..tcp] [..192.168.1.128][51248] -> [..95.131.169.91][..443] [TLS][Web][Safe][tuenti.com] + detection-update: [....20] [ip4][..tcp] [..192.168.1.128][51248] -> [..95.131.169.91][..443] [TLS][Web][Safe][tuenti.com] + detection-update: [....20] [ip4][..tcp] [..192.168.1.128][51248] -> [..95.131.169.91][..443] [TLS.Tuenti][VoIP][Acceptable][tuenti.com] new: [....21] [ip4][..tcp] [..192.168.1.128][39302] -> [..95.131.170.91][..443] - detected: [....21] [ip4][..tcp] [..192.168.1.128][39302] -> [..95.131.170.91][..443] [TLS.Tuenti][VoIP][Acceptable] - detection-update: [....21] [ip4][..tcp] [..192.168.1.128][39302] -> [..95.131.170.91][..443] [TLS.Tuenti][VoIP][Acceptable] - detection-update: [....21] [ip4][..tcp] [..192.168.1.128][39302] -> [..95.131.170.91][..443] [TLS.Tuenti][VoIP][Acceptable] + detected: [....21] [ip4][..tcp] [..192.168.1.128][39302] -> [..95.131.170.91][..443] [TLS.Tuenti][VoIP][Acceptable][static.tuenti.com] + detection-update: [....21] [ip4][..tcp] [..192.168.1.128][39302] -> [..95.131.170.91][..443] [TLS.Tuenti][VoIP][Acceptable][static.tuenti.com] + detection-update: [....21] [ip4][..tcp] [..192.168.1.128][39302] -> [..95.131.170.91][..443] [TLS.Tuenti][VoIP][Acceptable][static.tuenti.com] new: [....22] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] - detected: [....22] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Streaming][Fun] - detection-update: [....22] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Streaming][Fun] + detected: [....22] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Streaming][Fun][hulu.com] + detection-update: [....22] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] [TLS.Hulu][Streaming][Fun][hulu.com] new: [....23] [ip4][..tcp] [..192.168.1.128][44954] -> [..34.96.123.111][...80] new: [....24] [ip4][..tcp] [..192.168.1.128][47122] -> [.35.201.112.136][..443] - detected: [....24] [ip4][..tcp] [..192.168.1.128][47122] -> [.35.201.112.136][..443] [TLS.LastFM][Music][Fun] - detection-update: [....24] [ip4][..tcp] [..192.168.1.128][47122] -> [.35.201.112.136][..443] [TLS.LastFM][Music][Fun] + detected: [....24] [ip4][..tcp] [..192.168.1.128][47122] -> [.35.201.112.136][..443] [TLS.LastFM][Music][Fun][kerve.last.fm] + detection-update: [....24] [ip4][..tcp] [..192.168.1.128][47122] -> [.35.201.112.136][..443] [TLS.LastFM][Music][Fun][kerve.last.fm] new: [....25] [ip4][..tcp] [..192.168.1.128][39036] -> [..69.191.252.15][...80] new: [....26] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] - detected: [....26] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Cloud][Acceptable] - detection-update: [....26] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Cloud][Acceptable] - detection-update: [....26] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Cloud][Acceptable] + detected: [....26] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Cloud][Acceptable][www.bloomberg.com] + detection-update: [....26] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Cloud][Acceptable][www.bloomberg.com] + detection-update: [....26] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] [TLS.Bloomberg][Cloud][Acceptable][www.bloomberg.com] new: [....27] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] - detected: [....27] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][Cloud][Acceptable] - detection-update: [....27] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][Cloud][Acceptable] + detected: [....27] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][Cloud][Acceptable][sourcepointcmp.bloomberg.com] + detection-update: [....27] [ip4][..tcp] [..192.168.1.128][57014] -> [108.139.210.102][..443] [TLS.Bloomberg][Cloud][Acceptable][sourcepointcmp.bloomberg.com] new: [....28] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] - detected: [....28] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] [TLS.LinkedIn][SocialNetwork][Fun] - detection-update: [....28] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] [TLS.LinkedIn][SocialNetwork][Fun] + detected: [....28] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] [TLS.LinkedIn][SocialNetwork][Fun][www.linkedin.com] + detection-update: [....28] [ip4][..tcp] [..192.168.1.128][48654] -> [...13.107.42.14][..443] [TLS.LinkedIn][SocialNetwork][Fun][www.linkedin.com] new: [....29] [ip4][..tcp] [..192.168.1.128][39934] -> [..104.23.98.190][..443] - detected: [....29] [ip4][..tcp] [..192.168.1.128][39934] -> [..104.23.98.190][..443] [TLS.Pastebin][Download][Potentially Dangerous] + detected: [....29] [ip4][..tcp] [..192.168.1.128][39934] -> [..104.23.98.190][..443] [TLS.Pastebin][Download][Potentially Dangerous][pastebin.com] RISK: Unsafe Protocol - detection-update: [....29] [ip4][..tcp] [..192.168.1.128][39934] -> [..104.23.98.190][..443] [TLS.Pastebin][Download][Potentially Dangerous] + detection-update: [....29] [ip4][..tcp] [..192.168.1.128][39934] -> [..104.23.98.190][..443] [TLS.Pastebin][Download][Potentially Dangerous][pastebin.com] RISK: Unsafe Protocol new: [....30] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] - detected: [....30] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Game][Fun] - detection-update: [....30] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Game][Fun] - detection-update: [....30] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Game][Fun] + detected: [....30] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Game][Fun][www.playstation.com] + detection-update: [....30] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Game][Fun][www.playstation.com] + detection-update: [....30] [ip4][..tcp] [..192.168.1.128][57336] -> [....23.1.68.189][..443] [TLS.Playstation][Game][Fun][www.playstation.com] new: [....31] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] - detected: [....31] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Game][Fun] - detection-update: [....31] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Game][Fun] + detected: [....31] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Game][Fun][static.playstation.com] + detection-update: [....31] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] [TLS.Playstation][Game][Fun][static.playstation.com] new: [....32] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] - detected: [....32] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][Music][Fun] - detection-update: [....32] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][Music][Fun] + detected: [....32] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][Music][Fun][deezer.com] + detection-update: [....32] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] [TLS.Deezer][Music][Fun][deezer.com] new: [....33] [ip4][..tcp] [..192.168.1.128][52070] -> [....18.65.82.67][...80] new: [....34] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] - detected: [....34] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] [TLS.GoogleMaps][Web][Safe] - detection-update: [....34] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] [TLS.GoogleMaps][Web][Safe] + detected: [....34] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] [TLS.GoogleMaps][Web][Safe][maps.google.com] + detection-update: [....34] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] [TLS.GoogleMaps][Web][Safe][maps.google.com] new: [....35] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] - detected: [....35] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Game][Fun] - detection-update: [....35] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Game][Fun] + detected: [....35] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Game][Fun][account.xbox.com] + detection-update: [....35] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Game][Fun][account.xbox.com] new: [....36] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] - detected: [....36] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] [TLS.Outlook][Email][Acceptable] - detection-update: [....36] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] [TLS.Microsoft365][Collaborative][Acceptable] + detected: [....36] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] [TLS.Outlook][Email][Acceptable][outlook.com] + detection-update: [....36] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] [TLS.Microsoft365][Collaborative][Acceptable][outlook.com] DAEMON-EVENT: [Processed: 457 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 27 / 36|skipped: 0|!detected: 0|guessed: 0|detection-updates: 39|updates: 0] new: [....37] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] - detected: [....37] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][VirtAssistant][Acceptable] - detection-update: [....37] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][VirtAssistant][Acceptable] + detected: [....37] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][VirtAssistant][Acceptable][guzzoni.apple.com] + detection-update: [....37] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][VirtAssistant][Acceptable][guzzoni.apple.com] idle: [....22] [ip4][..tcp] [..192.168.1.128][51432] -> [.95.101.195.214][..443] - guessed: [....23] [ip4][..tcp] [..192.168.1.128][44954] -> [..34.96.123.111][...80] [HTTP.GoogleCloud][Cloud][Acceptable] + guessed: [....23] [ip4][..tcp] [..192.168.1.128][44954] -> [..34.96.123.111][...80] [HTTP.GoogleCloud][Cloud][Acceptable][] idle: [....23] [ip4][..tcp] [..192.168.1.128][44954] -> [..34.96.123.111][...80] - guessed: [....25] [ip4][..tcp] [..192.168.1.128][39036] -> [..69.191.252.15][...80] [HTTP.Bloomberg][Network][Acceptable] + guessed: [....25] [ip4][..tcp] [..192.168.1.128][39036] -> [..69.191.252.15][...80] [HTTP.Bloomberg][Network][Acceptable][] idle: [....25] [ip4][..tcp] [..192.168.1.128][39036] -> [..69.191.252.15][...80] idle: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] idle: [....26] [ip4][..tcp] [..192.168.1.128][43412] -> [.151.101.193.73][..443] idle: [....12] [ip4][..tcp] [..192.168.1.128][42580] -> [...2.17.141.128][..443] idle: [....13] [ip4][..tcp] [..192.168.1.128][46084] -> [..146.75.62.167][..443] idle: [....31] [ip4][..tcp] [..192.168.1.128][46264] -> [...23.51.246.65][..443] - guessed: [....14] [ip4][..tcp] [..192.168.1.128][45936] -> [..208.85.40.158][...80] [HTTP][Web][Acceptable] + guessed: [....14] [ip4][..tcp] [..192.168.1.128][45936] -> [..208.85.40.158][...80] [HTTP][Web][Acceptable][] idle: [....14] [ip4][..tcp] [..192.168.1.128][45936] -> [..208.85.40.158][...80] idle: [....35] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] idle: [....18] [ip4][..tcp] [..192.168.1.128][40832] -> [....2.17.141.49][..443] @@ -183,7 +183,7 @@ idle: [....16] [ip4][..tcp] [..192.168.1.128][56468] -> [.151.101.192.92][..443] idle: [....34] [ip4][..tcp] [..192.168.1.128][38858] -> [142.250.180.142][..443] idle: [....32] [ip4][..tcp] [..192.168.1.128][43150] -> [.108.138.199.67][..443] - guessed: [....33] [ip4][..tcp] [..192.168.1.128][52070] -> [....18.65.82.67][...80] [HTTP.AmazonAWS][Cloud][Acceptable] + guessed: [....33] [ip4][..tcp] [..192.168.1.128][52070] -> [....18.65.82.67][...80] [HTTP.AmazonAWS][Cloud][Acceptable][] idle: [....33] [ip4][..tcp] [..192.168.1.128][52070] -> [....18.65.82.67][...80] idle: [....29] [ip4][..tcp] [..192.168.1.128][39934] -> [..104.23.98.190][..443] idle: [....20] [ip4][..tcp] [..192.168.1.128][51248] -> [..95.131.169.91][..443] @@ -194,38 +194,38 @@ idle: [....17] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] idle: [....19] [ip4][..tcp] [..192.168.1.128][42884] -> [.185.125.190.21][..443] new: [....38] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] - detected: [....38] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [....38] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detected: [....38] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.office.com] + detection-update: [....38] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.office.com] new: [....39] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] - detected: [....39] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][Video][Acceptable] - detection-update: [....39] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][Video][Acceptable] + detected: [....39] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][Video][Acceptable][www.primevideo.com] + detection-update: [....39] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][Video][Acceptable][www.primevideo.com] new: [....40] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] - detected: [....40] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Cloud][Acceptable] - detection-update: [....40] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Cloud][Acceptable] + detected: [....40] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Cloud][Acceptable][drive.google.com] + detection-update: [....40] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Cloud][Acceptable][drive.google.com] new: [....41] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] - detected: [....41] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Azure][Cloud][Acceptable] - detection-update: [....41] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....41] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Azure][Cloud][Acceptable][onedrive.com] + detection-update: [....41] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Microsoft][Cloud][Safe][onedrive.com] new: [....42] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] - detected: [....42] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Cloud][Acceptable] - detection-update: [....42] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Cloud][Acceptable] + detected: [....42] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Cloud][Acceptable][onedrive.live.com] + detection-update: [....42] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Cloud][Acceptable][onedrive.live.com] new: [....43] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] - detected: [....43] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Video][Fun] - detection-update: [....43] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Video][Fun] - detection-update: [....43] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Video][Fun] + detected: [....43] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Video][Fun][www.iflix.com] + detection-update: [....43] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Video][Fun][www.iflix.com] + detection-update: [....43] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Video][Fun][www.iflix.com] new: [....44] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] - detected: [....44] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Web][Acceptable] + detected: [....44] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Web][Acceptable][hangouts.google.com] new: [....45] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] - detected: [....45] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS.Google][Web][Acceptable] - detection-update: [....45] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS.Google][Web][Acceptable] + detected: [....45] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS.Google][Web][Acceptable][googleplus.com] + detection-update: [....45] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS.Google][Web][Acceptable][googleplus.com] new: [....46] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] - detected: [....46] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] [QUIC.GooglePlus][SocialNetwork][Fun] + detected: [....46] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] [QUIC.GooglePlus][SocialNetwork][Fun][plus.google.com] update: [....44] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Web][Acceptable] DAEMON-EVENT: [Processed: 512 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 10 / 46|skipped: 0|!detected: 0|guessed: 4|detection-updates: 48|updates: 1] new: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] - detected: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Streaming][Fun] - detection-update: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Streaming][Fun] - detection-update: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Streaming][Fun] + detected: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Streaming][Fun][pandora.com] + detection-update: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Streaming][Fun][pandora.com] + detection-update: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Streaming][Fun][pandora.com] idle: [....39] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] idle: [....40] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] idle: [....45] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] diff --git a/test/results/flow-info/skype-conference-call.pcap.out b/test/results/flow-info/skype-conference-call.pcap.out index 6038cbb81..70f00a406 100644 --- a/test/results/flow-info/skype-conference-call.pcap.out +++ b/test/results/flow-info/skype-conference-call.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] - detected: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][VoIP][Acceptable] + detected: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [.....1] [ip4][..udp] [...192.168.2.20][49282] -> [...104.46.40.49][60642] [STUN.Skype_TeamsCall][VoIP][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/skype.pcap.out b/test/results/flow-info/skype.pcap.out index 7949b425c..05607466f 100644 --- a/test/results/flow-info/skype.pcap.out +++ b/test/results/flow-info/skype.pcap.out @@ -2,47 +2,47 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.1.34][49163] -> [....192.168.1.1][...53] - detected: [.....1] [ip4][..udp] [...192.168.1.34][49163] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....1] [ip4][..udp] [...192.168.1.34][49163] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][b.config.skype.com] new: [.....2] [ip4][..udp] [...192.168.1.34][57406] -> [....192.168.1.1][...53] - detected: [.....2] [ip4][..udp] [...192.168.1.34][57406] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....2] [ip4][..udp] [...192.168.1.34][57406] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][b.config.skype.com] new: [.....3] [ip4][..udp] [...192.168.1.34][55711] -> [....192.168.1.1][...53] - detected: [.....3] [ip4][..udp] [...192.168.1.34][55711] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....3] [ip4][..udp] [...192.168.1.34][55711] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][conn.skype.akadns.net] new: [.....4] [ip4][..udp] [...192.168.1.34][52850] -> [....192.168.1.1][...53] - detected: [.....4] [ip4][..udp] [...192.168.1.34][52850] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....4] [ip4][..udp] [...192.168.1.34][52850] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][conn.skype.akadns.net] new: [.....5] [ip4][..udp] [...192.168.1.34][54396] -> [....192.168.1.1][...53] - detected: [.....5] [ip4][..udp] [...192.168.1.34][54396] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....5] [ip4][..udp] [...192.168.1.34][54396] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][api.skype.com] new: [.....6] [ip4][..udp] [...192.168.1.34][65426] -> [....192.168.1.1][...53] - detected: [.....6] [ip4][..udp] [...192.168.1.34][65426] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....6] [ip4][..udp] [...192.168.1.34][65426] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][api.skype.com] new: [.....7] [ip4][..udp] [...192.168.1.34][64085] -> [....192.168.1.1][...53] - detected: [.....7] [ip4][..udp] [...192.168.1.34][64085] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....7] [ip4][..udp] [...192.168.1.34][64085] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e7768.b.akamaiedge.net] new: [.....8] [ip4][..udp] [...192.168.1.34][58681] -> [....192.168.1.1][...53] - detected: [.....8] [ip4][..udp] [...192.168.1.34][58681] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....8] [ip4][..udp] [...192.168.1.34][58681] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][db3msgr5011709.gateway.messenger.live.com] new: [.....9] [ip4][..tcp] [...192.168.1.34][50026] -> [...65.55.223.33][40002] new: [....10] [ip4][..udp] [...192.168.1.34][49793] -> [....192.168.1.1][...53] - detected: [....10] [ip4][..udp] [...192.168.1.34][49793] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....10] [ip4][..udp] [...192.168.1.34][49793] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][dsn4.d.skype.net] new: [....11] [ip4][..udp] [...192.168.1.34][65045] -> [....192.168.1.1][...53] - detected: [....11] [ip4][..udp] [...192.168.1.34][65045] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] - detection-update: [.....7] [ip4][..udp] [...192.168.1.34][64085] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....11] [ip4][..udp] [...192.168.1.34][65045] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][dsn4.d.skype.net] + detection-update: [.....7] [ip4][..udp] [...192.168.1.34][64085] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e7768.b.akamaiedge.net] new: [....12] [ip4][..tcp] [...192.168.1.34][50027] -> [...23.223.73.34][..443] new: [....13] [ip4][..udp] [...192.168.1.34][49990] -> [....192.168.1.1][...53] - detected: [....13] [ip4][..udp] [...192.168.1.34][49990] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....13] [ip4][..udp] [...192.168.1.34][49990] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst6.r.skype.net] new: [....14] [ip4][..udp] [...192.168.1.34][57288] -> [....192.168.1.1][...53] - detected: [....14] [ip4][..udp] [...192.168.1.34][57288] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] - detection-update: [.....8] [ip4][..udp] [...192.168.1.34][58681] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detected: [....12] [ip4][..tcp] [...192.168.1.34][50027] -> [...23.223.73.34][..443] [TLS.Skype_Teams][VoIP][Acceptable] + detected: [....14] [ip4][..udp] [...192.168.1.34][57288] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst6.r.skype.net] + detection-update: [.....8] [ip4][..udp] [...192.168.1.34][58681] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][db3msgr5011709.gateway.messenger.live.com] + detected: [....12] [ip4][..tcp] [...192.168.1.34][50027] -> [...23.223.73.34][..443] [TLS.Skype_Teams][VoIP][Acceptable][apps.skypeassets.com] RISK: TLS (probably) Not Carrying HTTPS new: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] - detected: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS][Web][Safe] + detected: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS.Skype_Teams][VoIP][Acceptable] + detection-update: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS.Skype_Teams][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....16] [ip4][..udp] [...192.168.1.34][49903] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [...192.168.1.34][49903] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....16] [ip4][..udp] [...192.168.1.34][49903] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][ui.skype.com] new: [....17] [ip4][..udp] [...192.168.1.34][51879] -> [....192.168.1.1][...53] - detected: [....17] [ip4][..udp] [...192.168.1.34][51879] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] - detection-update: [....17] [ip4][..udp] [...192.168.1.34][51879] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....17] [ip4][..udp] [...192.168.1.34][51879] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e4593.g.akamaiedge.net] + detection-update: [....17] [ip4][..udp] [...192.168.1.34][51879] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e4593.g.akamaiedge.net] new: [....18] [ip4][..tcp] [...192.168.1.34][50029] -> [..23.206.33.166][..443] - detected: [....18] [ip4][..tcp] [...192.168.1.34][50029] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable] + detected: [....18] [ip4][..tcp] [...192.168.1.34][50029] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable][apps.skype.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS.Skype_Teams][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -56,11 +56,11 @@ [ENTROPIES...: 4.6,5.4,5.2,5.8,7.0,5.6,5.2,7.5,7.7,5.2,6.7,5.2,6.0,6.1,5.1,7.2,7.1,5.2,7.7,7.0,5.2,7.0,7.7,7.2,5.2,5.1,7.7,6.7,7.9,7.9,5.3,5.1] new: [....19] [ip4][..tcp] [...192.168.1.34][50030] -> [...65.55.223.33][..443] new: [....20] [ip4][..udp] [...192.168.1.34][60288] -> [....192.168.1.1][...53] - detected: [....20] [ip4][..udp] [...192.168.1.34][60288] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....20] [ip4][..udp] [...192.168.1.34][60288] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [....21] [ip4][..udp] [...192.168.1.34][57726] -> [....192.168.1.1][...53] - detected: [....21] [ip4][..udp] [...192.168.1.34][57726] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....21] [ip4][..udp] [...192.168.1.34][57726] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [....22] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] - detected: [....22] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....22] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....23] [ip4][..tcp] [.108.160.170.46][..443] -> [...192.168.1.34][49445] [MIDSTREAM] detected: [....23] [ip4][..tcp] [.108.160.170.46][..443] -> [...192.168.1.34][49445] [TLS.Dropbox][Cloud][Acceptable] new: [....24] [ip4][..udp] [...192.168.1.34][13021] -> [....64.4.23.166][40022] @@ -292,9 +292,9 @@ detected: [...147] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.146][33033] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...148] [ip4][..tcp] [...192.168.1.34][50024] -> [..17.172.100.36][..443] [MIDSTREAM] new: [...149] [ip4][..udp] [...192.168.1.34][55159] -> [....192.168.1.1][...53] - detected: [...149] [ip4][..udp] [...192.168.1.34][55159] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe] + detected: [...149] [ip4][..udp] [...192.168.1.34][55159] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe][a.config.skype.trafficmanager.net] new: [...150] [ip4][..udp] [...192.168.1.34][63108] -> [....192.168.1.1][...53] - detected: [...150] [ip4][..udp] [...192.168.1.34][63108] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe] + detected: [...150] [ip4][..udp] [...192.168.1.34][63108] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe][a.config.skype.trafficmanager.net] new: [...151] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.235.147][40020] detected: [...151] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.235.147][40020] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...152] [ip4][..udp] [...192.168.1.34][13021] -> [.111.221.77.165][40020] @@ -307,9 +307,9 @@ new: [...156] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.157][40013] detected: [...156] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.157][40013] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...157] [ip4][..udp] [...192.168.1.34][58458] -> [....192.168.1.1][...53] - detected: [...157] [ip4][..udp] [...192.168.1.34][58458] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...157] [ip4][..udp] [...192.168.1.34][58458] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [...158] [ip4][..udp] [...192.168.1.34][49360] -> [....192.168.1.1][...53] - detected: [...158] [ip4][..udp] [...192.168.1.34][49360] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...158] [ip4][..udp] [...192.168.1.34][49360] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [...159] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.235.145][40022] detected: [...159] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.235.145][40022] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...160] [ip4][..udp] [...192.168.1.34][13021] -> [...65.55.223.26][40004] @@ -339,9 +339,9 @@ detected: [...173] [ip4][..udp] [...192.168.1.34][13021] -> [..111.221.74.28][40014] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...174] [ip4][..tcp] [...192.168.1.34][50069] -> [..157.55.56.160][..443] new: [...175] [ip4][..udp] [...192.168.1.34][54343] -> [....192.168.1.1][...53] - detected: [...175] [ip4][..udp] [...192.168.1.34][54343] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...175] [ip4][..udp] [...192.168.1.34][54343] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst13.r.skype.net] new: [...176] [ip4][..udp] [...192.168.1.34][58368] -> [....192.168.1.1][...53] - detected: [...176] [ip4][..udp] [...192.168.1.34][58368] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...176] [ip4][..udp] [...192.168.1.34][58368] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst13.r.skype.net] new: [...177] [ip4][..tcp] [...192.168.1.34][50070] -> [.157.55.130.170][40018] new: [...178] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.148][40019] detected: [...178] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.148][40019] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] @@ -420,10 +420,10 @@ new: [...212] [ip4][..tcp] [...192.168.1.34][50087] -> [.111.221.77.142][..443] new: [...213] [ip4][..tcp] [...192.168.1.34][50088] -> [.157.55.235.146][33033] new: [...214] [ip4][..udp] [...192.168.1.34][63321] -> [....192.168.1.1][...53] - detected: [...214] [ip4][..udp] [...192.168.1.34][63321] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] - detection-update: [...214] [ip4][..udp] [...192.168.1.34][63321] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...214] [ip4][..udp] [...192.168.1.34][63321] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e4593.g.akamaiedge.net] + detection-update: [...214] [ip4][..udp] [...192.168.1.34][63321] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e4593.g.akamaiedge.net] new: [...215] [ip4][..tcp] [...192.168.1.34][50090] -> [..23.206.33.166][..443] - detected: [...215] [ip4][..tcp] [...192.168.1.34][50090] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable] + detected: [...215] [ip4][..tcp] [...192.168.1.34][50090] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable][apps.skype.com] RISK: Obsolete TLS (v1.1 or older) new: [...216] [ip4][..tcp] [...192.168.1.34][50091] -> [.157.55.235.146][..443] new: [...217] [ip4][..tcp] [...192.168.1.34][50092] -> [.157.55.130.155][40020] @@ -514,9 +514,9 @@ update: [....94] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.165][40007] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...227] [ip4][..tcp] [...192.168.1.34][50108] -> [...157.56.52.28][40009] new: [...228] [ip4][..udp] [...192.168.1.34][49485] -> [239.255.255.250][.1900] - detected: [...228] [ip4][..udp] [...192.168.1.34][49485] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...228] [ip4][..udp] [...192.168.1.34][49485] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [...229] [ip4][..udp] [...192.168.1.34][51066] -> [239.255.255.250][.1900] - detected: [...229] [ip4][..udp] [...192.168.1.34][51066] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...229] [ip4][..udp] [...192.168.1.34][51066] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [...230] [ip4][..udp] [...192.168.1.34][54067] -> [....192.168.1.1][.5351] detected: [...230] [ip4][..udp] [...192.168.1.34][54067] -> [....192.168.1.1][.5351] [NAT-PMP][Network][Acceptable] new: [...231] [ip4][.icmp] [....192.168.1.1] -> [...192.168.1.34] @@ -543,9 +543,9 @@ new: [...237] [ip4][..udp] [...192.168.1.34][13021] -> [.....71.62.0.85][33647] detected: [...237] [ip4][..udp] [...192.168.1.34][13021] -> [.....71.62.0.85][33647] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...238] [ip4][..udp] [...192.168.1.92][.5353] -> [....224.0.0.251][.5353] - detected: [...238] [ip4][..udp] [...192.168.1.92][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [...238] [ip4][..udp] [...192.168.1.92][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_afpovertcp._tcp.local] new: [...239] [ip6][..udp] [...............fe80::c62c:3ff:fe06:49fe][.5353] -> [...............................ff02::fb][.5353] - detected: [...239] [ip6][..udp] [...............fe80::c62c:3ff:fe06:49fe][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [...239] [ip6][..udp] [...............fe80::c62c:3ff:fe06:49fe][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_afpovertcp._tcp.local] new: [...240] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.145][..443] detected: [...240] [ip4][..udp] [...192.168.1.34][13021] -> [.157.55.130.145][..443] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...241] [ip4][..udp] [...192.168.1.34][13021] -> [...65.55.223.39][..443] @@ -581,12 +581,12 @@ new: [...257] [ip4][..tcp] [...192.168.1.34][50126] -> [..91.190.216.23][12350] new: [...258] [ip4][..tcp] [...192.168.1.34][50127] -> [...80.14.46.121][.4415] new: [...259] [ip4][..udp] [...192.168.1.34][62454] -> [....192.168.1.1][...53] - detected: [...259] [ip4][..udp] [...192.168.1.34][62454] -> [....192.168.1.1][...53] [DNS.AppleiCloud][Web][Acceptable] - detection-update: [...259] [ip4][..udp] [...192.168.1.34][62454] -> [....192.168.1.1][...53] [DNS.AppleiCloud][Web][Acceptable] + detected: [...259] [ip4][..udp] [...192.168.1.34][62454] -> [....192.168.1.1][...53] [DNS.AppleiCloud][Web][Acceptable][p05-keyvalueservice.icloud.com.akadns.net] + detection-update: [...259] [ip4][..udp] [...192.168.1.34][62454] -> [....192.168.1.1][...53] [DNS.AppleiCloud][Web][Acceptable][p05-keyvalueservice.icloud.com.akadns.net] new: [...260] [ip4][..tcp] [...192.168.1.34][50128] -> [..17.172.100.36][..443] - detected: [...260] [ip4][..tcp] [...192.168.1.34][50128] -> [..17.172.100.36][..443] [TLS.AppleiCloud][Web][Acceptable] + detected: [...260] [ip4][..tcp] [...192.168.1.34][50128] -> [..17.172.100.36][..443] [TLS.AppleiCloud][Web][Acceptable][p05-keyvalueservice.icloud.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [...260] [ip4][..tcp] [...192.168.1.34][50128] -> [..17.172.100.36][..443] [TLS.AppleiCloud][Web][Acceptable] + detection-update: [...260] [ip4][..tcp] [...192.168.1.34][50128] -> [..17.172.100.36][..443] [TLS.AppleiCloud][Web][Acceptable][p05-keyvalueservice.icloud.com] RISK: TLS (probably) Not Carrying HTTPS new: [...261] [ip4][..tcp] [...192.168.1.34][50129] -> [.91.190.218.125][12350] analyse: [...260] [ip4][..tcp] [...192.168.1.34][50128] -> [..17.172.100.36][..443] [TLS.AppleiCloud][Web][Acceptable] @@ -636,9 +636,9 @@ update: [...126] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.146][40030] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [...125] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.154][40034] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...262] [ip4][..udp] [...192.168.1.34][52742] -> [....192.168.1.1][...53] - detected: [...262] [ip4][..udp] [...192.168.1.34][52742] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...262] [ip4][..udp] [...192.168.1.34][52742] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst5.r.skype.net] new: [...263] [ip4][..udp] [...192.168.1.34][56387] -> [....192.168.1.1][...53] - detected: [...263] [ip4][..udp] [...192.168.1.34][56387] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...263] [ip4][..udp] [...192.168.1.34][56387] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst5.r.skype.net] analyse: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.782| 0.325| 0.510| 259840.393| 3.600] @@ -651,14 +651,14 @@ [ENTROPIES...: 4.7,5.3,5.2,6.0,6.4,5.2,5.6,5.5,5.2,7.8,5.6,5.2,5.2,5.3,7.8,5.2,7.6,6.1,5.9,5.6,5.2,5.9,5.2,5.7,5.8,5.2,5.9,5.2,6.0,5.1,6.0,5.2] not-detected: [...251] [ip4][..tcp] [...192.168.1.34][50121] -> [...81.83.77.141][17639] [Unknown][Unrated] new: [...264] [ip4][..udp] [...192.168.1.34][52714] -> [....192.168.1.1][...53] - detected: [...264] [ip4][..udp] [...192.168.1.34][52714] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...264] [ip4][..udp] [...192.168.1.34][52714] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][b.config.skype.com] new: [...265] [ip4][..udp] [...192.168.1.34][51802] -> [....192.168.1.1][...53] - detected: [...265] [ip4][..udp] [...192.168.1.34][51802] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...265] [ip4][..udp] [...192.168.1.34][51802] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][b.config.skype.com] new: [...266] [ip4][..tcp] [...192.168.1.34][50130] -> [...212.161.8.36][13392] new: [...267] [ip4][..udp] [...192.168.1.34][63421] -> [....192.168.1.1][...53] - detected: [...267] [ip4][..udp] [...192.168.1.34][63421] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...267] [ip4][..udp] [...192.168.1.34][63421] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [...268] [ip4][..udp] [...192.168.1.34][65037] -> [....192.168.1.1][...53] - detected: [...268] [ip4][..udp] [...192.168.1.34][65037] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...268] [ip4][..udp] [...192.168.1.34][65037] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [...269] [ip4][..tcp] [...192.168.1.34][50131] -> [...212.161.8.36][13392] detected: [...269] [ip4][..tcp] [...192.168.1.34][50131] -> [...212.161.8.36][13392] [TLS][Web][Safe] RISK: Known Proto on Non Std Port @@ -668,7 +668,7 @@ detected: [...271] [ip4][..tcp] [...192.168.1.34][50133] -> [...149.13.32.15][13392] [TLS][Web][Safe] RISK: Known Proto on Non Std Port new: [...272] [ip4][..udp] [...192.168.1.92][50084] -> [239.255.255.250][.1900] - detected: [...272] [ip4][..udp] [...192.168.1.92][50084] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...272] [ip4][..udp] [...192.168.1.92][50084] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] update: [...150] [ip4][..udp] [...192.168.1.34][63108] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe] update: [...179] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.37][40032] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] update: [...149] [ip4][..udp] [...192.168.1.34][55159] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe] @@ -746,9 +746,9 @@ [ENTROPIES...: 4.6,4.7,4.9,6.2,5.9,5.3,5.7,5.6,5.3,5.7,5.3,5.3,5.2,7.8,5.1,7.8,5.2,6.5,5.1,7.7,5.9,6.4,5.9,5.2,6.1,5.2,5.9,6.1,5.3,5.3,5.8,5.3] not-detected: [...248] [ip4][..tcp] [...192.168.1.34][50117] -> [...71.238.7.203][18767] [Unknown][Unrated] new: [...274] [ip4][..udp] [...192.168.1.34][56886] -> [239.255.255.250][.1900] - detected: [...274] [ip4][..udp] [...192.168.1.34][56886] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...274] [ip4][..udp] [...192.168.1.34][56886] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [...275] [ip4][..udp] [...192.168.1.34][64560] -> [239.255.255.250][.1900] - detected: [...275] [ip4][..udp] [...192.168.1.34][64560] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...275] [ip4][..udp] [...192.168.1.34][64560] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [...276] [ip4][..udp] [...192.168.1.34][49511] -> [....192.168.1.1][.5351] detected: [...276] [ip4][..udp] [...192.168.1.34][49511] -> [....192.168.1.1][.5351] [NAT-PMP][Network][Acceptable] new: [...277] [ip4][..tcp] [...192.168.1.34][50134] -> [...157.56.53.47][12350] @@ -966,7 +966,7 @@ update: [...276] [ip4][..udp] [...192.168.1.34][49511] -> [....192.168.1.1][.5351] [NAT-PMP][Network][Acceptable] new: [...292] [ip4][..tcp] [...192.168.1.34][50146] -> [...157.56.53.51][..443] new: [...293] [ip4][..udp] [...192.168.1.34][55893] -> [....192.168.1.1][...53] - detected: [...293] [ip4][..udp] [...192.168.1.34][55893] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...293] [ip4][..udp] [...192.168.1.34][55893] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][ui.skype.com] not-detected: [....50] [ip4][..tcp] [...192.168.1.34][50033] -> [..157.55.56.170][40015] [Unknown][Unrated] end: [....50] [ip4][..tcp] [...192.168.1.34][50033] -> [..157.55.56.170][40015] not-detected: [....51] [ip4][..tcp] [...192.168.1.34][50034] -> [.157.55.130.140][40033] [Unknown][Unrated] diff --git a/test/results/flow-info/skype_no_unknown.pcap.out b/test/results/flow-info/skype_no_unknown.pcap.out index a057e2974..0c1375156 100644 --- a/test/results/flow-info/skype_no_unknown.pcap.out +++ b/test/results/flow-info/skype_no_unknown.pcap.out @@ -4,43 +4,43 @@ new: [.....1] [ip4][....2] [..192.168.1.219] -> [.....224.0.0.22] detected: [.....1] [ip4][....2] [..192.168.1.219] -> [.....224.0.0.22] [IGMP][Network][Acceptable] new: [.....2] [ip4][..udp] [...192.168.1.34][55028] -> [....192.168.1.1][...53] - detected: [.....2] [ip4][..udp] [...192.168.1.34][55028] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....2] [ip4][..udp] [...192.168.1.34][55028] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][a.config.skype.com] new: [.....3] [ip4][..udp] [...192.168.1.34][64971] -> [....192.168.1.1][...53] - detected: [.....3] [ip4][..udp] [...192.168.1.34][64971] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....3] [ip4][..udp] [...192.168.1.34][64971] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][a.config.skype.com] new: [.....4] [ip4][..udp] [...192.168.1.34][60688] -> [....192.168.1.1][...53] - detected: [.....4] [ip4][..udp] [...192.168.1.34][60688] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....4] [ip4][..udp] [...192.168.1.34][60688] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][conn.skype.akadns.net] new: [.....5] [ip4][..udp] [...192.168.1.34][58631] -> [....192.168.1.1][...53] - detected: [.....5] [ip4][..udp] [...192.168.1.34][58631] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....5] [ip4][..udp] [...192.168.1.34][58631] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][conn.skype.akadns.net] new: [.....6] [ip4][..udp] [...192.168.1.34][64240] -> [....192.168.1.1][...53] - detected: [.....6] [ip4][..udp] [...192.168.1.34][64240] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....6] [ip4][..udp] [...192.168.1.34][64240] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][api.skype.com] new: [.....7] [ip4][..udp] [...192.168.1.34][49864] -> [....192.168.1.1][...53] - detected: [.....7] [ip4][..udp] [...192.168.1.34][49864] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....7] [ip4][..udp] [...192.168.1.34][49864] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][api.skype.com] new: [.....8] [ip4][..udp] [...192.168.1.34][61016] -> [....192.168.1.1][...53] - detected: [.....8] [ip4][..udp] [...192.168.1.34][61016] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [.....8] [ip4][..udp] [...192.168.1.34][61016] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][apps.skypeassets.com] new: [.....9] [ip4][..udp] [...192.168.1.34][57694] -> [....192.168.1.1][...53] - detected: [.....9] [ip4][..udp] [...192.168.1.34][57694] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [.....9] [ip4][..udp] [...192.168.1.34][57694] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....9] [ip4][..udp] [...192.168.1.34][57694] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][db3msgr5011709.gateway.messenger.live.com] + detection-update: [.....9] [ip4][..udp] [...192.168.1.34][57694] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][db3msgr5011709.gateway.messenger.live.com] new: [....10] [ip4][..tcp] [...192.168.1.34][51229] -> [...157.56.52.28][40009] new: [....11] [ip4][..udp] [...192.168.1.34][62875] -> [....192.168.1.1][...53] - detected: [....11] [ip4][..udp] [...192.168.1.34][62875] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....11] [ip4][..udp] [...192.168.1.34][62875] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][dsn13.d.skype.net] new: [....12] [ip4][..udp] [...192.168.1.34][59113] -> [....192.168.1.1][...53] - detected: [....12] [ip4][..udp] [...192.168.1.34][59113] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....12] [ip4][..udp] [...192.168.1.34][59113] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][dsn13.d.skype.net] new: [....13] [ip4][..tcp] [...192.168.1.34][51230] -> [.157.56.126.211][..443] new: [....14] [ip4][..udp] [...192.168.1.34][57592] -> [....192.168.1.1][...53] - detected: [....14] [ip4][..udp] [...192.168.1.34][57592] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....14] [ip4][..udp] [...192.168.1.34][57592] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst11.r.skype.net] new: [....15] [ip4][..udp] [...192.168.1.34][53372] -> [....192.168.1.1][...53] - detected: [....15] [ip4][..udp] [...192.168.1.34][53372] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] - detected: [....13] [ip4][..tcp] [...192.168.1.34][51230] -> [.157.56.126.211][..443] [TLS][Web][Safe] + detected: [....15] [ip4][..udp] [...192.168.1.34][53372] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst11.r.skype.net] + detected: [....13] [ip4][..tcp] [...192.168.1.34][51230] -> [.157.56.126.211][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....13] [ip4][..tcp] [...192.168.1.34][51230] -> [.157.56.126.211][..443] [TLS.Skype_Teams][VoIP][Acceptable] + detection-update: [....13] [ip4][..tcp] [...192.168.1.34][51230] -> [.157.56.126.211][..443] [TLS.Skype_Teams][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....16] [ip4][..udp] [...192.168.1.34][63514] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [...192.168.1.34][63514] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....16] [ip4][..udp] [...192.168.1.34][63514] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][ui.skype.com] new: [....17] [ip4][..udp] [...192.168.1.34][63661] -> [....192.168.1.1][...53] - detected: [....17] [ip4][..udp] [...192.168.1.34][63661] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] - detection-update: [....17] [ip4][..udp] [...192.168.1.34][63661] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....17] [ip4][..udp] [...192.168.1.34][63661] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e4593.g.akamaiedge.net] + detection-update: [....17] [ip4][..udp] [...192.168.1.34][63661] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e4593.g.akamaiedge.net] new: [....18] [ip4][..tcp] [...192.168.1.34][51231] -> [..23.206.33.166][..443] - detected: [....18] [ip4][..tcp] [...192.168.1.34][51231] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable] + detected: [....18] [ip4][..tcp] [...192.168.1.34][51231] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable][apps.skype.com] RISK: TLS (probably) Not Carrying HTTPS new: [....19] [ip4][..tcp] [.17.143.160.149][.5223] -> [...192.168.1.34][50407] [MIDSTREAM] detected: [....19] [ip4][..tcp] [.17.143.160.149][.5223] -> [...192.168.1.34][50407] [TLS.Apple][Web][Safe] @@ -56,9 +56,9 @@ [PKTLENS.....: 64,56,52,146,1492,72,52,1492,850,52,159,52,111,111,52,281,233,52,681,233,52,249,745,52,265,52,617,153,1369,52,1492,57] [ENTROPIES...: 4.6,5.2,5.2,5.7,7.0,5.6,5.1,7.5,7.7,5.1,6.7,5.2,6.0,6.1,5.1,7.3,7.0,5.1,7.7,7.0,5.1,7.2,7.7,5.2,7.2,5.2,7.7,6.6,7.9,5.2,7.9,5.3] new: [....20] [ip4][..udp] [...192.168.1.34][50055] -> [....192.168.1.1][...53] - detected: [....20] [ip4][..udp] [...192.168.1.34][50055] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....20] [ip4][..udp] [...192.168.1.34][50055] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [....21] [ip4][..udp] [...192.168.1.34][51753] -> [....192.168.1.1][...53] - detected: [....21] [ip4][..udp] [...192.168.1.34][51753] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [....21] [ip4][..udp] [...192.168.1.34][51753] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [....22] [ip4][..tcp] [...192.168.1.34][51232] -> [...157.56.52.28][..443] new: [....23] [ip4][..tcp] [...192.168.1.34][51227] -> [..17.172.100.36][..443] [MIDSTREAM] detected: [....23] [ip4][..tcp] [...192.168.1.34][51227] -> [..17.172.100.36][..443] [TLS.Apple][Web][Safe] @@ -73,27 +73,27 @@ [PKTLENS.....: 666,608,46,46,373,76,40,40,642,66,40,40,659,616,46,46,373,76,40,40,647,66,40,40,663,542,46,46,373,40,76,40] [ENTROPIES...: 7.7,7.7,4.7,4.5,7.4,5.7,4.8,4.9,7.6,5.6,4.8,4.8,7.7,7.7,4.6,4.6,7.5,5.7,4.8,4.8,7.7,5.6,4.8,4.9,7.7,7.6,4.6,4.5,7.4,4.8,5.8,4.8] new: [....24] [ip4][..udp] [...192.168.1.34][..137] -> [..192.168.1.255][..137] - detected: [....24] [ip4][..udp] [...192.168.1.34][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [....24] [ip4][..udp] [...192.168.1.34][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][__msbrowse__] new: [....25] [ip4][..udp] [....192.168.1.1][..137] -> [...192.168.1.34][..137] - detected: [....25] [ip4][..udp] [....192.168.1.1][..137] -> [...192.168.1.34][..137] [NetBIOS][System][Acceptable] + detected: [....25] [ip4][..udp] [....192.168.1.1][..137] -> [...192.168.1.34][..137] [NetBIOS][System][Acceptable][__msbrowse__] new: [....26] [ip4][..udp] [...192.168.1.34][..138] -> [..192.168.1.255][..138] - detected: [....26] [ip4][..udp] [...192.168.1.34][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....26] [ip4][..udp] [...192.168.1.34][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][lucasmacbookpro] RISK: Unsafe Protocol new: [....27] [ip4][..udp] [....192.168.1.1][..138] -> [...192.168.1.34][..138] - detected: [....27] [ip4][..udp] [....192.168.1.1][..138] -> [...192.168.1.34][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....27] [ip4][..udp] [....192.168.1.1][..138] -> [...192.168.1.34][..138] [NetBIOS.SMBv1][System][Dangerous][alicegate] RISK: Unsafe Protocol new: [....28] [ip4][..udp] [...192.168.1.92][..137] -> [..192.168.1.255][..137] - detected: [....28] [ip4][..udp] [...192.168.1.92][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [....28] [ip4][..udp] [...192.168.1.92][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][workgroup] new: [....29] [ip4][..udp] [...192.168.1.92][..138] -> [..192.168.1.255][..138] - detected: [....29] [ip4][..udp] [...192.168.1.92][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....29] [ip4][..udp] [...192.168.1.92][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][lucas-imac] RISK: Unsafe Protocol new: [....30] [ip4][..udp] [...192.168.1.92][53826] -> [..192.168.1.255][..137] - detected: [....30] [ip4][..udp] [...192.168.1.92][53826] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [....30] [ip4][..udp] [...192.168.1.92][53826] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][lucas-imac] new: [....31] [ip6][..udp] [...............fe80::c62c:3ff:fe06:49fe][.5353] -> [...............................ff02::fb][.5353] - detected: [....31] [ip6][..udp] [...............fe80::c62c:3ff:fe06:49fe][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....31] [ip6][..udp] [...............fe80::c62c:3ff:fe06:49fe][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][lucas-imac.local] new: [....32] [ip4][..udp] [...192.168.1.92][.5353] -> [....224.0.0.251][.5353] - detected: [....32] [ip4][..udp] [...192.168.1.92][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - detection-update: [....31] [ip6][..udp] [...............fe80::c62c:3ff:fe06:49fe][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....32] [ip4][..udp] [...192.168.1.92][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][lucas-imac.local] + detection-update: [....31] [ip6][..udp] [...............fe80::c62c:3ff:fe06:49fe][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][lucas-imac.local] new: [....33] [ip4][..udp] [...192.168.1.34][13021] -> [..157.55.56.170][40015] detected: [....33] [ip4][..udp] [...192.168.1.34][13021] -> [..157.55.56.170][40015] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [....34] [ip4][..udp] [...192.168.1.34][13021] -> [..111.221.74.15][40026] @@ -127,7 +127,7 @@ new: [....48] [ip4][..udp] [...192.168.1.34][13021] -> [...65.55.223.18][33033] detected: [....48] [ip4][..udp] [...192.168.1.34][13021] -> [...65.55.223.18][33033] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [....49] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] - detected: [....49] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....49] [ip4][..udp] [..192.168.0.254][.1025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....50] [ip4][..udp] [...192.168.1.34][13021] -> [...65.55.223.32][40022] detected: [....50] [ip4][..udp] [...192.168.1.34][13021] -> [...65.55.223.32][40022] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [....51] [ip4][..udp] [...192.168.1.34][13021] -> [..111.221.74.33][40011] @@ -322,9 +322,9 @@ new: [...154] [ip4][..udp] [...192.168.1.34][13021] -> [.111.221.77.146][33033] detected: [...154] [ip4][..udp] [...192.168.1.34][13021] -> [.111.221.77.146][33033] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...155] [ip4][..udp] [...192.168.1.34][63342] -> [....192.168.1.1][...53] - detected: [...155] [ip4][..udp] [...192.168.1.34][63342] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...155] [ip4][..udp] [...192.168.1.34][63342] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][b.config.skype.com] new: [...156] [ip4][..udp] [...192.168.1.34][64258] -> [....192.168.1.1][...53] - detected: [...156] [ip4][..udp] [...192.168.1.34][64258] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...156] [ip4][..udp] [...192.168.1.34][64258] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][b.config.skype.com] new: [...157] [ip4][..tcp] [...192.168.1.34][51259] -> [.111.221.77.142][..443] new: [...158] [ip4][..tcp] [...192.168.1.34][51260] -> [.157.55.130.142][..443] new: [...159] [ip4][..tcp] [...192.168.1.34][51261] -> [.157.55.235.170][..443] @@ -340,9 +340,9 @@ new: [...165] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.38][40015] detected: [...165] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.38][40015] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...166] [ip4][..udp] [...192.168.1.34][61095] -> [....192.168.1.1][...53] - detected: [...166] [ip4][..udp] [...192.168.1.34][61095] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...166] [ip4][..udp] [...192.168.1.34][61095] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [...167] [ip4][..udp] [...192.168.1.34][55866] -> [....192.168.1.1][...53] - detected: [...167] [ip4][..udp] [...192.168.1.34][55866] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...167] [ip4][..udp] [...192.168.1.34][55866] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][pipe.prd.skypedata.akadns.net] new: [...168] [ip4][..udp] [...192.168.1.34][13021] -> [..111.221.74.38][40015] detected: [...168] [ip4][..udp] [...192.168.1.34][13021] -> [..111.221.74.38][40015] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...169] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.40][40017] @@ -398,9 +398,9 @@ new: [...197] [ip4][..udp] [...192.168.1.34][13021] -> [...65.55.223.16][40032] detected: [...197] [ip4][..udp] [...192.168.1.34][13021] -> [...65.55.223.16][40032] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...198] [ip4][..udp] [...192.168.1.34][60413] -> [....192.168.1.1][...53] - detected: [...198] [ip4][..udp] [...192.168.1.34][60413] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...198] [ip4][..udp] [...192.168.1.34][60413] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst0.r.skype.net] new: [...199] [ip4][..udp] [...192.168.1.34][64364] -> [....192.168.1.1][...53] - detected: [...199] [ip4][..udp] [...192.168.1.34][64364] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...199] [ip4][..udp] [...192.168.1.34][64364] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][335.0.7.7.3.rst0.r.skype.net] new: [...200] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.149][40030] detected: [...200] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.149][40030] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...201] [ip4][..udp] [...192.168.1.34][13021] -> [...157.56.52.29][40010] @@ -456,9 +456,9 @@ new: [...222] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.141][40015] detected: [...222] [ip4][..udp] [...192.168.1.34][13021] -> [213.199.179.141][40015] [Skype_Teams.Skype_TeamsCall][VoIP][Acceptable] new: [...223] [ip4][..udp] [...192.168.1.34][59237] -> [239.255.255.250][.1900] - detected: [...223] [ip4][..udp] [...192.168.1.34][59237] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...223] [ip4][..udp] [...192.168.1.34][59237] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [...224] [ip4][..udp] [...192.168.1.34][58061] -> [239.255.255.250][.1900] - detected: [...224] [ip4][..udp] [...192.168.1.34][58061] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [...224] [ip4][..udp] [...192.168.1.34][58061] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [...225] [ip4][..udp] [...192.168.1.34][59052] -> [....192.168.1.1][.5351] detected: [...225] [ip4][..udp] [...192.168.1.34][59052] -> [....192.168.1.1][.5351] [NAT-PMP][Network][Acceptable] new: [...226] [ip4][.icmp] [....192.168.1.1] -> [...192.168.1.34] @@ -497,10 +497,10 @@ new: [...241] [ip4][..tcp] [...192.168.1.34][51293] -> [..5.248.186.221][31010] new: [...242] [ip4][..tcp] [...192.168.1.34][51294] -> [...81.83.77.141][17639] new: [...243] [ip4][..udp] [...192.168.1.34][59788] -> [....192.168.1.1][...53] - detected: [...243] [ip4][..udp] [...192.168.1.34][59788] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] - detection-update: [...243] [ip4][..udp] [...192.168.1.34][59788] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detected: [...243] [ip4][..udp] [...192.168.1.34][59788] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e4593.g.akamaiedge.net] + detection-update: [...243] [ip4][..udp] [...192.168.1.34][59788] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][e4593.g.akamaiedge.net] new: [...244] [ip4][..tcp] [...192.168.1.34][51295] -> [..23.206.33.166][..443] - detected: [...244] [ip4][..tcp] [...192.168.1.34][51295] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable] + detected: [...244] [ip4][..tcp] [...192.168.1.34][51295] -> [..23.206.33.166][..443] [TLS.Skype_Teams][VoIP][Acceptable][apps.skype.com] RISK: Obsolete TLS (v1.1 or older) new: [...245] [ip4][..tcp] [...192.168.1.34][51296] -> [.91.190.216.125][12350] new: [...246] [ip4][..tcp] [...192.168.1.34][51297] -> [..91.190.216.24][12350] diff --git a/test/results/flow-info/smb_deletefile.pcap.out b/test/results/flow-info/smb_deletefile.pcap.out index 01666965f..6b41920a7 100644 --- a/test/results/flow-info/smb_deletefile.pcap.out +++ b/test/results/flow-info/smb_deletefile.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][System][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][System][Acceptable][] analyse: [.....1] [ip4][..tcp] [..192.168.1.118][56848] -> [..192.168.1.187][..445] [NetBIOS.SMBv23][System][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.158| 0.143| 0.529| 280112.169| 1.200] diff --git a/test/results/flow-info/smb_frags.pcap.out b/test/results/flow-info/smb_frags.pcap.out index 543f1024f..6a9447e12 100644 --- a/test/results/flow-info/smb_frags.pcap.out +++ b/test/results/flow-info/smb_frags.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] - detected: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][System][Dangerous] + detected: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][System][Dangerous][] RISK: Known Proto on Non Std Port, SMB Insecure Vers, Unsafe Protocol end: [.....1] [ip4][..tcp] [.10.202.211.125][54120] -> [.....10.202.7.8][..445] [NetBIOS.SMBv1][System][Dangerous] RISK: Known Proto on Non Std Port, SMB Insecure Vers, Unsafe Protocol diff --git a/test/results/flow-info/smbv1.pcap.out b/test/results/flow-info/smbv1.pcap.out index 40c4bfc07..3d0d21100 100644 --- a/test/results/flow-info/smbv1.pcap.out +++ b/test/results/flow-info/smbv1.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.172.16.156.130][50927] -> [...10.128.0.243][..445] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [.172.16.156.130][50927] -> [...10.128.0.243][..445] [NetBIOS.SMBv1][System][Dangerous] + detected: [.....1] [ip4][..tcp] [.172.16.156.130][50927] -> [...10.128.0.243][..445] [NetBIOS.SMBv1][System][Dangerous][] RISK: Known Proto on Non Std Port, SMB Insecure Vers, Unsafe Protocol idle: [.....1] [ip4][..tcp] [.172.16.156.130][50927] -> [...10.128.0.243][..445] [NetBIOS.SMBv1][System][Dangerous] RISK: Known Proto on Non Std Port, SMB Insecure Vers, Unsafe Protocol diff --git a/test/results/flow-info/smtp-starttls.pcap.out b/test/results/flow-info/smtp-starttls.pcap.out index 2c1fefa27..537f0a2c1 100644 --- a/test/results/flow-info/smtp-starttls.pcap.out +++ b/test/results/flow-info/smtp-starttls.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] - detected: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTP.Google][Email][Acceptable] + detected: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTP.Google][Email][Acceptable][mx.google.com] detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Email][Acceptable] detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][57406] -> [..173.194.68.26][...25] [SMTPS.Google][Email][Acceptable] RISK: Obsolete TLS (v1.1 or older) @@ -23,7 +23,7 @@ DAEMON-EVENT: [Processed: 36 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] new: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] - detected: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTP][Email][Acceptable] + detected: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTP][Email][Acceptable][jw-vm08-int-dns.webernetz.net] detection-update: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Email][Safe] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....2] [ip6][..tcp] [...2003:de:2016:125:fc36:8317:4e86:cb72][.7562] -> [...............2003:de:2016:120::a08:53][...25] [SMTPS][Email][Safe] diff --git a/test/results/flow-info/smtp.pcap.out b/test/results/flow-info/smtp.pcap.out index 1f2f6a83f..29809aec6 100644 --- a/test/results/flow-info/smtp.pcap.out +++ b/test/results/flow-info/smtp.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] - detected: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Email][Acceptable] + detected: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Email][Acceptable][pigeon.eyrie.af.mil] analyse: [.....1] [ip4][..tcp] [..194.7.248.153][.2127] -> [.172.16.114.207][...25] [SMTP][Email][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.055| 0.006| 0.012| 143.094| 3.200] diff --git a/test/results/flow-info/snapchat.pcap.out b/test/results/flow-info/snapchat.pcap.out index 40387de26..ffc16977b 100644 --- a/test/results/flow-info/snapchat.pcap.out +++ b/test/results/flow-info/snapchat.pcap.out @@ -2,16 +2,16 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.......10.8.0.1][33233] -> [.74.125.136.141][..443] - detected: [.....1] [ip4][..tcp] [.......10.8.0.1][33233] -> [.74.125.136.141][..443] [TLS.Google][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [.......10.8.0.1][33233] -> [.74.125.136.141][..443] [TLS.Google][Web][Acceptable][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][33233] -> [.74.125.136.141][..443] [TLS.Google][Web][Acceptable] + detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][33233] -> [.74.125.136.141][..443] [TLS.Google][Web][Acceptable][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [.....2] [ip4][..tcp] [.......10.8.0.1][44536] -> [.74.125.136.141][..443] new: [.....3] [ip4][..tcp] [.......10.8.0.1][56193] -> [.74.125.136.141][..443] - detected: [.....2] [ip4][..tcp] [.......10.8.0.1][44536] -> [.74.125.136.141][..443] [TLS.Snapchat][SocialNetwork][Fun] - detected: [.....3] [ip4][..tcp] [.......10.8.0.1][56193] -> [.74.125.136.141][..443] [TLS.Snapchat][SocialNetwork][Fun] - detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][44536] -> [.74.125.136.141][..443] [TLS.Snapchat][SocialNetwork][Fun] - detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][56193] -> [.74.125.136.141][..443] [TLS.Snapchat][SocialNetwork][Fun] + detected: [.....2] [ip4][..tcp] [.......10.8.0.1][44536] -> [.74.125.136.141][..443] [TLS.Snapchat][SocialNetwork][Fun][feelinsonice-hrd.appspot.com] + detected: [.....3] [ip4][..tcp] [.......10.8.0.1][56193] -> [.74.125.136.141][..443] [TLS.Snapchat][SocialNetwork][Fun][feelinsonice-hrd.appspot.com] + detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][44536] -> [.74.125.136.141][..443] [TLS.Snapchat][SocialNetwork][Fun][feelinsonice-hrd.appspot.com] + detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][56193] -> [.74.125.136.141][..443] [TLS.Snapchat][SocialNetwork][Fun][feelinsonice-hrd.appspot.com] end: [.....1] [ip4][..tcp] [.......10.8.0.1][33233] -> [.74.125.136.141][..443] [TLS.Google][Web][Acceptable] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn idle: [.....3] [ip4][..tcp] [.......10.8.0.1][56193] -> [.74.125.136.141][..443] [TLS.Snapchat][SocialNetwork][Fun] diff --git a/test/results/flow-info/soap.pcap.out b/test/results/flow-info/soap.pcap.out index d10d73faa..2dc4485bc 100644 --- a/test/results/flow-info/soap.pcap.out +++ b/test/results/flow-info/soap.pcap.out @@ -3,7 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] new: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Cloud][Acceptable] + detected: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Cloud][Acceptable][go.microsoft.com] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] @@ -11,6 +11,6 @@ detected: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][RPC][Acceptable] idle: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][RPC][Acceptable] idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] - guessed: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [HTTP][Web][Acceptable] + guessed: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [HTTP][Web][Acceptable][] end: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/softether.pcap.out b/test/results/flow-info/softether.pcap.out index 395625caf..c38aa6ca8 100644 --- a/test/results/flow-info/softether.pcap.out +++ b/test/results/flow-info/softether.pcap.out @@ -10,7 +10,7 @@ DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 3] new: [.....2] [ip4][..tcp] [..192.168.2.100][37504] -> [..130.158.75.45][...80] - detected: [.....2] [ip4][..tcp] [..192.168.2.100][37504] -> [..130.158.75.45][...80] [HTTP.Softether][VPN][Acceptable] + detected: [.....2] [ip4][..tcp] [..192.168.2.100][37504] -> [..130.158.75.45][...80] [HTTP.Softether][VPN][Acceptable][x0.x0.dev.open.servers.ddns.softether-network.net] idle: [.....1] [ip4][..udp] [..192.168.2.100][51381] -> [..130.158.6.113][.5004] [Softether][VPN][Acceptable] DAEMON-EVENT: [Processed: 19 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 3] diff --git a/test/results/flow-info/sql_injection.pcap.out b/test/results/flow-info/sql_injection.pcap.out index 40a3ccc3a..8ed0bde74 100644 --- a/test/results/flow-info/sql_injection.pcap.out +++ b/test/results/flow-info/sql_injection.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.3.109][53528] -> [..192.168.3.107][...80] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [..192.168.3.109][53528] -> [..192.168.3.107][...80] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.3.109][53528] -> [..192.168.3.107][...80] [HTTP][Web][Acceptable][192.168.3.107] RISK: HTTP Numeric IP Address idle: [.....1] [ip4][..tcp] [..192.168.3.109][53528] -> [..192.168.3.107][...80] [HTTP][Web][Acceptable] RISK: SQL Injection, HTTP Numeric IP Address diff --git a/test/results/flow-info/ssdp-m-search-ua.pcap.out b/test/results/flow-info/ssdp-m-search-ua.pcap.out index 4c54f0ba6..2c60b8ed3 100644 --- a/test/results/flow-info/ssdp-m-search-ua.pcap.out +++ b/test/results/flow-info/ssdp-m-search-ua.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.242.50][56446] -> [239.255.255.250][.1900] - detected: [.....1] [ip4][..udp] [.192.168.242.50][56446] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....1] [ip4][..udp] [.192.168.242.50][56446] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] idle: [.....1] [ip4][..udp] [.192.168.242.50][56446] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/ssdp-m-search.pcap.out b/test/results/flow-info/ssdp-m-search.pcap.out index 3bb684d52..87b735a4e 100644 --- a/test/results/flow-info/ssdp-m-search.pcap.out +++ b/test/results/flow-info/ssdp-m-search.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.242.8][42253] -> [192.168.242.255][32412] - detected: [.....1] [ip4][..udp] [..192.168.242.8][42253] -> [192.168.242.255][32412] [SSDP][System][Acceptable] + detected: [.....1] [ip4][..udp] [..192.168.242.8][42253] -> [192.168.242.255][32412] [SSDP][System][Acceptable][] update: [.....1] [ip4][..udp] [..192.168.242.8][42253] -> [192.168.242.255][32412] [SSDP][System][Acceptable] idle: [.....1] [ip4][..udp] [..192.168.242.8][42253] -> [192.168.242.255][32412] [SSDP][System][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/ssl-cert-name-mismatch.pcap.out b/test/results/flow-info/ssl-cert-name-mismatch.pcap.out index a0563f206..7a4772c90 100644 --- a/test/results/flow-info/ssl-cert-name-mismatch.pcap.out +++ b/test/results/flow-info/ssl-cert-name-mismatch.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.2.222][54772] -> [.104.154.89.105][..443] - detected: [.....1] [ip4][..tcp] [..192.168.2.222][54772] -> [.104.154.89.105][..443] [TLS.GoogleCloud][Cloud][Acceptable] - detection-update: [.....1] [ip4][..tcp] [..192.168.2.222][54772] -> [.104.154.89.105][..443] [TLS.GoogleCloud][Cloud][Acceptable] - detection-update: [.....1] [ip4][..tcp] [..192.168.2.222][54772] -> [.104.154.89.105][..443] [TLS.GoogleCloud][Cloud][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.2.222][54772] -> [.104.154.89.105][..443] [TLS.GoogleCloud][Cloud][Acceptable][wrong.host.badssl.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.2.222][54772] -> [.104.154.89.105][..443] [TLS.GoogleCloud][Cloud][Acceptable][wrong.host.badssl.com] + detection-update: [.....1] [ip4][..tcp] [..192.168.2.222][54772] -> [.104.154.89.105][..443] [TLS.GoogleCloud][Cloud][Acceptable][wrong.host.badssl.com] end: [.....1] [ip4][..tcp] [..192.168.2.222][54772] -> [.104.154.89.105][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/starcraft_battle.pcap.out b/test/results/flow-info/starcraft_battle.pcap.out index f8ddecc44..63d2f65db 100644 --- a/test/results/flow-info/starcraft_battle.pcap.out +++ b/test/results/flow-info/starcraft_battle.pcap.out @@ -4,42 +4,42 @@ new: [.....1] [ip4][..tcp] [..192.30.252.91][..443] -> [..192.168.1.100][.3213] [MIDSTREAM] detected: [.....1] [ip4][..tcp] [..192.30.252.91][..443] -> [..192.168.1.100][.3213] [TLS.Github][Collaborative][Acceptable] new: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] - detected: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][91.252.30.192.in-addr.arpa] + detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][100.1.168.192.in-addr.arpa] + detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][100.1.168.192.in-addr.arpa] RISK: Suspicious DNS Traffic new: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] [MIDSTREAM] new: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] - detected: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][254.1.168.192.in-addr.arpa] + detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][26.186.239.80.in-addr.arpa] + detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][254.1.168.192.in-addr.arpa] + detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][26.186.239.80.in-addr.arpa] new: [.....5] [ip4][..tcp] [..80.239.186.40][..443] -> [..192.168.1.100][.3478] [MIDSTREAM] new: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] new: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53] - detected: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][40.186.239.80.in-addr.arpa] + detection-update: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][40.186.239.80.in-addr.arpa] new: [.....8] [ip4][..tcp] [..192.168.1.100][.3052] -> [.216.58.212.110][..443] [MIDSTREAM] new: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] - detected: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][22.40.194.173.in-addr.arpa] + detection-update: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][110.212.58.216.in-addr.arpa] + detection-update: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][110.212.58.216.in-addr.arpa] new: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119] [MIDSTREAM] new: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228] [MIDSTREAM] ERROR-EVENT: Unknown packet type new: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] - detected: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80] - detected: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80] [HTTP.Google][Advertisement][Acceptable] + detected: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80] [HTTP.Google][Advertisement][Acceptable][www.google-analytics.com] new: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] - detected: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][llnw.blizzard.com] RISK: Suspicious DGA Domain name - detection-update: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detection-update: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][llnw.blizzard.com] RISK: Suspicious DGA Domain name, Risky Domain Name new: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] - detected: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Web][Acceptable] + detected: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Web][Acceptable][llnw.blizzard.com] RISK: Suspicious DGA Domain name - detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Download][Acceptable] + detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Download][Acceptable][llnw.blizzard.com] RISK: Binary App Transfer, Suspicious DGA Domain name analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Download][Acceptable] min| max| avg| stddev| variance| entropy @@ -52,7 +52,7 @@ [PKTLENS.....: 52,52,40,227,46,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500] [ENTROPIES...: 4.6,4.9,4.7,5.8,4.5,5.3,4.7,5.1,4.6,5.2,4.7,5.1,4.7,5.1,4.6,5.2,4.6,5.2,4.6,5.1,4.7,5.2,4.7,5.1,4.7,5.1,4.7,5.2,4.7,5.2,4.7,5.1] new: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] - detected: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Game][Fun] + detected: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Game][Fun][us.scan.worldofwarcraft.com] new: [....17] [ip4][..tcp] [..192.168.1.100][.3492] -> [...2.228.46.104][..443] [MIDSTREAM] new: [....18] [ip4][..tcp] [..192.168.1.100][.3489] -> [...2.228.46.104][..443] [MIDSTREAM] new: [....19] [ip4][..tcp] [..192.168.1.100][.3490] -> [...2.228.46.104][..443] [MIDSTREAM] @@ -74,18 +74,18 @@ new: [....27] [ip4][....2] [..192.168.1.107] -> [.....224.0.0.22] detected: [....27] [ip4][....2] [..192.168.1.107] -> [.....224.0.0.22] [IGMP][Network][Acceptable] new: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] - detected: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][nydus.battle.net] + detection-update: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][nydus.battle.net] new: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80] - detected: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable] + detected: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable][nydus.battle.net] new: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80] - detected: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80] [HTTP][Web][Acceptable] + detected: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80] [HTTP][Web][Acceptable][eu.launcher.battle.net] new: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] new: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80] - detected: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable] + detected: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable][nydus.battle.net] new: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] detected: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Game][Fun] - detected: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Web][Acceptable] + detected: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Web][Acceptable][eu.launcher.battle.net] analyse: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Game][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.166| 0.038| 0.053| 2837.592| 3.600] @@ -101,35 +101,35 @@ new: [....36] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.212][.1119] new: [....37] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.166][.1119] new: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80] - detected: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable] + detected: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable][nydus.battle.net] new: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80] - detected: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80] [HTTP][Web][Acceptable] + detected: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80] [HTTP][Web][Acceptable][eu.launcher.battle.net] new: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80] new: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] - detected: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable] - detected: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable] + detected: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable][nydus.battle.net] + detected: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] [HTTP][Web][Acceptable][nydus.battle.net] new: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] new: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] - detected: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] [HTTP][Web][Acceptable] - detected: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP][Web][Acceptable] + detected: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] [HTTP][Web][Acceptable][eu.battle.net] + detected: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP][Web][Acceptable][eu.battle.net] new: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] - detected: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][bnetcmsus-a.akamaihd.net] + detection-update: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][bnetcmsus-a.akamaihd.net] new: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] new: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80] new: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80] new: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80] new: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] - detected: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] + detected: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable][bnetcmsus-a.akamaihd.net] new: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] new: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] - detected: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] - detected: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] - detected: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] - detected: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] + detected: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable][bnetcmsus-a.akamaihd.net] + detected: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable][bnetcmsus-a.akamaihd.net] + detected: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable][bnetcmsus-a.akamaihd.net] + detected: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable][bnetcmsus-a.akamaihd.net] new: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80] - detected: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] - detected: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] + detected: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable][bnetcmsus-a.akamaihd.net] + detected: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable][bnetcmsus-a.akamaihd.net] analyse: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.034| 0.007| 0.013| 169.003| 2.900] @@ -161,7 +161,7 @@ idle: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] idle: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] idle: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] - guessed: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable] + guessed: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80] [HTTP][Web][Acceptable][] idle: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80] idle: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Game][Fun] end: [....24] [ip4][..tcp] [..192.168.1.100][.3479] -> [...2.228.46.114][..443] [TLS][Web][Safe] diff --git a/test/results/flow-info/stun.pcap.out b/test/results/flow-info/stun.pcap.out index ca430e2e9..0137f1d9f 100644 --- a/test/results/flow-info/stun.pcap.out +++ b/test/results/flow-info/stun.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] - detected: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] + detected: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable][] update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] analyse: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Network][Acceptable] @@ -19,7 +19,7 @@ DAEMON-EVENT: [Processed: 42 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] new: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] - detected: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][VoIP][Acceptable] + detected: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][VoIP][Acceptable][turner.facebook] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -35,13 +35,13 @@ DAEMON-EVENT: [Processed: 117 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] new: [.....3] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] - detected: [.....3] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Network][Acceptable] + detected: [.....3] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Network][Acceptable][apps-host.com] idle: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 137 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] new: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] - detected: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][VoIP][Acceptable] + detected: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][VoIP][Acceptable][] analyse: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.836| 0.131| 0.227| 51553.292| 3.400] diff --git a/test/results/flow-info/stun_signal.pcapng.out b/test/results/flow-info/stun_signal.pcapng.out index 9d4189dff..00f8cc6d5 100644 --- a/test/results/flow-info/stun_signal.pcapng.out +++ b/test/results/flow-info/stun_signal.pcapng.out @@ -9,28 +9,28 @@ new: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] new: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] detected: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][Network][Acceptable] - detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable] - detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable] - detected: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][VoIP][Acceptable] + detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable][signal.org] + detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable][] + detected: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][VoIP][Acceptable] + detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable] + detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable][] RISK: Known Proto on Non Std Port new: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] - detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable] + detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable][] new: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] - detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable] + detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable][] RISK: Known Proto on Non Std Port new: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] new: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] new: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] - detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable] + detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.AmazonAWS][Cloud][Acceptable][] RISK: Known Proto on Non Std Port new: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] - detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable] + detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable][] new: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] - detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.AmazonAWS][Cloud][Acceptable] + detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.AmazonAWS][Cloud][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.AmazonAWS][Cloud][Acceptable] min| max| avg| stddev| variance| entropy @@ -43,9 +43,9 @@ [PKTLENS.....: 124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84] [ENTROPIES...: 5.8,5.8,5.9,5.8,5.7,5.6,5.9,5.9,5.8,5.8,5.9,5.8,5.7,5.1,5.8,5.3,5.9,5.8,5.8,5.7,5.9,5.8,5.1,5.8,5.2,5.2,5.1,5.8,5.8,5.6,5.1,5.8] update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][Network][Acceptable] - detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.AmazonAWS][Cloud][Acceptable] + detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.AmazonAWS][Cloud][Acceptable][] RISK: Known Proto on Non Std Port - detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable] + detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][Network][Acceptable] min| max| avg| stddev| variance| entropy @@ -67,10 +67,10 @@ update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable] update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][VoIP][Acceptable] new: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] - detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable] + detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] - detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable] + detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] @@ -78,17 +78,17 @@ new: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] new: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][Network][Acceptable] - detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][VoIP][Acceptable] - detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][VoIP][Acceptable] - detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][VoIP][Acceptable] + detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][VoIP][Acceptable][signal.org] + detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][VoIP][Acceptable][] + detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.AmazonAWS][Cloud][Acceptable] + detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.AmazonAWS][Cloud][Acceptable][] RISK: Known Proto on Non Std Port new: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] - detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][VoIP][Acceptable] + detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] - detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][VoIP][Acceptable] + detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -123,7 +123,7 @@ RISK: Known Proto on Non Std Port idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port - guessed: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable] + guessed: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][VoIP][Acceptable][] idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] idle: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.AmazonAWS][Cloud][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/synscan.pcap.out b/test/results/flow-info/synscan.pcap.out index c457eea38..094ec392f 100644 --- a/test/results/flow-info/synscan.pcap.out +++ b/test/results/flow-info/synscan.pcap.out @@ -3013,11 +3013,11 @@ idle: [...930] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][12174] guessed: [..1606] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.1935] [RTMP][Media][Acceptable] idle: [..1606] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.1935] - guessed: [....33] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [....33] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.8080] [HTTP_Proxy][Web][Acceptable][] idle: [....33] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.8080] not-detected: [..1442] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.8081] [Unknown][Unrated] idle: [..1442] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.8081] - guessed: [....66] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.8080] [HTTP_Proxy][Web][Acceptable] + guessed: [....66] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.8080] [HTTP_Proxy][Web][Acceptable][] idle: [....66] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.8080] not-detected: [..1504] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.8081] [Unknown][Unrated] idle: [..1504] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.8081] @@ -3551,7 +3551,7 @@ idle: [...481] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][49176] not-detected: [...157] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...24] [Unknown][Unrated] idle: [...157] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...24] - guessed: [....35] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...25] [SMTP][Email][Acceptable] + guessed: [....35] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...25] [SMTP][Email][Acceptable][] end: [....35] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...25] not-detected: [...293] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...26] [Unknown][Unrated] idle: [...293] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...26] @@ -3591,11 +3591,11 @@ idle: [..1451] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...37] not-detected: [...694] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...42] [Unknown][Unrated] idle: [...694] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...42] - guessed: [..1222] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...43] [Whois-DAS][Network][Acceptable] + guessed: [..1222] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...43] [Whois-DAS][Network][Acceptable][] idle: [..1222] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...43] not-detected: [...753] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...42] [Unknown][Unrated] idle: [...753] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...42] - guessed: [..1276] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...43] [Whois-DAS][Network][Acceptable] + guessed: [..1276] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...43] [Whois-DAS][Network][Acceptable][] idle: [..1276] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...43] not-detected: [..1017] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][45100] [Unknown][Unrated] idle: [..1017] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][45100] @@ -3613,7 +3613,7 @@ idle: [...239] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2099] not-detected: [...903] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2100] [Unknown][Unrated] idle: [...903] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2100] - guessed: [.....9] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...53] [DNS][Network][Acceptable] + guessed: [.....9] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...53] [DNS][Network][Acceptable][] idle: [.....9] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...53] not-detected: [..1931] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2103] [Unknown][Unrated] idle: [..1931] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2103] @@ -3661,7 +3661,7 @@ idle: [...648] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2126] not-detected: [..1260] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...79] [Unknown][Unrated] idle: [..1260] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][...79] - guessed: [....13] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...80] [HTTP][Web][Acceptable] + guessed: [....13] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...80] [HTTP][Web][Acceptable][] idle: [....13] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...80] not-detected: [..1365] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...81] [Unknown][Unrated] idle: [..1365] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][...81] @@ -3793,9 +3793,9 @@ idle: [....39] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..135] guessed: [....61] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..135] [RPC][RPC][Acceptable] idle: [....61] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..135] - guessed: [....14] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..139] [NetBIOS][System][Acceptable] + guessed: [....14] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..139] [NetBIOS][System][Acceptable][] idle: [....14] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..139] - guessed: [....19] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..139] [NetBIOS][System][Acceptable] + guessed: [....19] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..139] [NetBIOS][System][Acceptable][] idle: [....19] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..139] guessed: [..1788] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.8333] [Mining][Mining][Unsafe] RISK: Unsafe Protocol @@ -3917,11 +3917,11 @@ idle: [...266] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.6389] not-detected: [...313] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.6389] [Unknown][Unrated] idle: [...313] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.6389] - guessed: [...622] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4343] [Whois-DAS][Network][Acceptable] + guessed: [...622] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4343] [Whois-DAS][Network][Acceptable][] idle: [...622] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4343] not-detected: [..1524] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][49400] [Unknown][Unrated] idle: [..1524] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][49400] - guessed: [...675] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4343] [Whois-DAS][Network][Acceptable] + guessed: [...675] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4343] [Whois-DAS][Network][Acceptable][] idle: [...675] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4343] not-detected: [..1599] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][49400] [Unknown][Unrated] idle: [..1599] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][49400] @@ -4377,9 +4377,9 @@ idle: [..1102] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][33354] not-detected: [..1153] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][33354] [Unknown][Unrated] idle: [..1153] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][33354] - guessed: [.....8] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..587] [SMTP][Email][Acceptable] + guessed: [.....8] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..587] [SMTP][Email][Acceptable][] idle: [.....8] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..587] - guessed: [....22] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..587] [SMTP][Email][Acceptable] + guessed: [....22] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..587] [SMTP][Email][Acceptable][] idle: [....22] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..587] not-detected: [..1622] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2638] [Unknown][Unrated] idle: [..1622] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2638] @@ -5377,7 +5377,7 @@ idle: [...807] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.1078] not-detected: [...771] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.1079] [Unknown][Unrated] idle: [...771] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.1079] - guessed: [..1831] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.3128] [HTTP_Proxy][Web][Acceptable] + guessed: [..1831] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.3128] [HTTP_Proxy][Web][Acceptable][] idle: [..1831] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.3128] guessed: [..1694] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.1080] [SOCKS][Web][Acceptable] idle: [..1694] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.1080] @@ -5385,7 +5385,7 @@ idle: [...826] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.1079] not-detected: [...618] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][54328] [Unknown][Unrated] idle: [...618] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][54328] - guessed: [..1900] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.3128] [HTTP_Proxy][Web][Acceptable] + guessed: [..1900] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.3128] [HTTP_Proxy][Web][Acceptable][] idle: [..1900] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.3128] guessed: [..1763] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.1080] [SOCKS][Web][Acceptable] idle: [..1763] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.1080] diff --git a/test/results/flow-info/teams.pcap.out b/test/results/flow-info/teams.pcap.out index 844619d2d..9642cd25f 100644 --- a/test/results/flow-info/teams.pcap.out +++ b/test/results/flow-info/teams.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] - detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][tl-sg116e] ERROR-EVENT: Unknown packet type new: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [MIDSTREAM] ERROR-EVENT: Unknown packet type @@ -11,13 +11,13 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] - detected: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] + detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] - detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] - detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] min| max| avg| stddev| variance| entropy @@ -29,13 +29,13 @@ [IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5] [PKTLENS.....: 64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40] [ENTROPIES...: 4.4,4.9,4.5,5.4,4.6,7.4,7.4,4.7,7.5,4.6,7.6,7.1,4.6,6.6,4.6,7.2,4.7,6.0,4.6,6.2,5.1,7.0,5.4,4.6,4.7,4.6,7.6,4.7,7.8,7.8,7.7,4.7] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type new: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] - detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable] - detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable] + detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.221| 0.032| 0.054| 2931.592| 3.400] @@ -46,14 +46,14 @@ [IATS(ms)....: 43.2,43.3,94.0,139.8,0.2,45.9,0.1,0.1,1.4,46.8,45.4,177.2,0.0,0.0,221.2,44.0,0.0,0.0,0.0,21.3,21.2,0.0,23.0,23.0,0.0,0.0,0.0,1.2,1.2,0.0,0.0] [PKTLENS.....: 64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480] [ENTROPIES...: 4.4,5.2,4.9,5.6,7.3,7.3,4.9,7.7,4.9,5.9,5.5,4.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] - detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] - detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com] analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.050| 0.018| 0.021| 449.200| 3.900] @@ -74,78 +74,78 @@ [IATS(ms)....: 11.4,11.5,0.2,11.3,2.8,0.1,13.8,0.1,0.1,0.1,0.0,0.1,4.8,15.5,11.8,1.3,0.0,0.2,0.0,0.3,0.2,0.0,0.1,10.9,0.0,10.4,1.7,0.2,0.0,50.4,0.0] [PKTLENS.....: 64,52,40,254,46,1492,1492,40,1492,40,1492,257,40,198,46,133,366,109,40,40,78,1480,1047,124,46,78,40,46,46,46,1492,1055] [ENTROPIES...: 4.4,4.9,4.6,5.5,4.5,7.3,7.4,4.7,7.5,4.6,7.6,7.1,4.7,6.5,4.5,6.1,7.2,5.9,4.7,4.6,5.1,7.9,7.8,6.1,4.5,5.4,4.6,4.6,4.6,4.5,7.8,7.8] - detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] - detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type new: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] - detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe] + detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe][b._dns-sd._udp.ntop.org] new: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] detected: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable] new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] detected: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type - detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe] + detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe][b._dns-sd._udp.ntop.org] new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][] new: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [MIDSTREAM] detected: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Web][Safe] ERROR-EVENT: Unknown packet type new: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] - detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][ConnCheck][Acceptable] - detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][ConnCheck][Acceptable] + detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][ConnCheck][Acceptable][captive.apple.com.edgekey.net] + detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][ConnCheck][Acceptable][captive.apple.com.edgekey.net] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][VoIP][Safe] + detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][VoIP][Safe][eu-api.asm.skype.com] new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] - detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] + detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] + detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] - detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable] + detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][VoIP][Acceptable][eu-api.asm.skype.com] new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] - detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Collaborative][Safe] - detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][VoIP][Acceptable] - detection-update: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][VoIP][Acceptable] + detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] + detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] + detection-update: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][VoIP][Acceptable][eu-api.asm.skype.com] new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] - detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Collaborative][Safe] - detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][VoIP][Acceptable] + detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] + detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][VoIP][Acceptable][eu-api.asm.skype.com] new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] - detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][VoIP][Acceptable] - detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] + detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] + detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][config.teams.microsoft.com] new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] - detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][config.teams.microsoft.com] new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] - detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe] + detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe][northeuropecns.trafficmanager.net] new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] - detection-update: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe] + detection-update: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe][northeuropecns.trafficmanager.net] new: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] - detected: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] + detection-update: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] + detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type new: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] - detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe] - detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe] + detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe][presence.services.sfb.trafficmanager.net] + detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe][presence.services.sfb.trafficmanager.net] new: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] new: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [MIDSTREAM] detected: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS.Dropbox][Cloud][Acceptable] - detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe] + detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe][presence.teams.microsoft.com] + detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe][presence.teams.microsoft.com] analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.153| 0.028| 0.040| 1626.047| 3.600] @@ -156,12 +156,12 @@ [IATS(ms)....: 50.5,50.6,0.3,64.6,72.0,0.2,136.5,0.1,0.1,1.4,68.0,86.2,152.9,2.3,0.0,0.0,46.4,44.1,0.0,0.0,0.0,23.6,23.6,0.0,20.9,20.9,0.0,0.0,0.0,0.8,0.8] [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] - detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] - detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe] + detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe] + detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy @@ -174,15 +174,15 @@ [PKTLENS.....: 64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82] [ENTROPIES...: 4.4,5.0,4.6,5.4,7.1,7.4,4.7,4.7,4.5,7.6,7.6,4.7,7.5,4.7,6.6,6.1,7.6,5.4,4.6,6.0,4.5,5.2,5.4,4.7,7.5,4.7,4.5,7.9,6.6,6.7,4.5,5.4] new: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] - detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] + detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][chatsvcagg.svcs.teams.office.com] + detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][chatsvcagg.svcs.teams.office.com] new: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] - detected: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Collaborative][Safe] + detected: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Collaborative][Safe][chatsvcagg.teams.microsoft.com] new: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] - detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type - detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy @@ -196,11 +196,11 @@ [ENTROPIES...: 4.3,5.1,4.7,5.5,7.4,7.3,4.8,4.8,7.5,4.7,7.6,7.4,4.8,6.3,6.2,7.5,5.6,4.9,6.0,4.9,5.4,5.5,4.8,7.4,4.9,5.1,7.8,7.0,5.0,6.8,4.7,7.8] ERROR-EVENT: Unknown packet type new: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] - detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable] - detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable] + detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable][substrate.office.com] + detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable][substrate.office.com] new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] - detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable] - detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable] + detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable][substrate.office.com] + detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable][substrate.office.com] analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.010| 0.146| 0.490| 239614.050| 1.700] @@ -211,7 +211,7 @@ [IATS(ms)....: 12.7,12.8,0.2,12.4,2.5,0.3,14.9,0.5,0.5,0.2,0.0,0.8,4.9,17.1,1.4,0.0,13.1,0.0,0.2,0.3,0.1,11.8,0.0,11.2,0.1,0.6,112.9,113.7,1998.1,2009.8,174.6] [PKTLENS.....: 64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345] [ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][config.teams.microsoft.com] ERROR-EVENT: Unknown packet type analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] min| max| avg| stddev| variance| entropy @@ -223,49 +223,49 @@ [IATS(ms)....: 11.5,11.6,0.3,11.9,32.5,0.1,44.2,0.2,0.0,0.2,3.8,7.7,0.3,0.1,14.6,1.5,0.0,4.2,0.0,0.3,6.5,0.5,6.7,4.3,9.9,14.2,10.7,10.7,539.6,0.0,0.3] [PKTLENS.....: 64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248] [ENTROPIES...: 4.4,4.9,4.5,5.4,4.5,6.7,7.5,4.6,7.6,5.7,4.7,6.5,6.2,7.6,6.5,4.5,7.2,5.8,4.6,4.6,5.3,4.5,5.4,4.6,4.5,7.7,4.7,7.3,4.7,7.8,7.7,7.0] - detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable] + detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Collaborative][Acceptable][substrate.office.com] new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] - detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] + detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][euaz.tr.teams.microsoft.com] new: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] - detected: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] + detected: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] new: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] - detected: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] + detected: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] new: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] - detected: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] + detected: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][api.flightproxy.teams.microsoft.com] + detection-update: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] + detection-update: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] new: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] - detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] + detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][api.flightproxy.teams.microsoft.com] + detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: Suspicious DNS Traffic new: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] - detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable] - detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable] + detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable][outlook.office.com] + detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Collaborative][Acceptable][outlook.office.com] new: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] new: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] new: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] - detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] - detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] + detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Collaborative][Acceptable] - detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Collaborative][Acceptable] - detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type - detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] min| max| avg| stddev| variance| entropy @@ -277,18 +277,18 @@ [IATS(ms)....: 12.9,13.0,0.5,12.4,2.0,1.5,15.4,0.1,0.1,0.1,0.0,0.1,21.6,33.0,11.5,11.7,0.1,11.8,0.6,13.4,140.4,0.7,154.0,0.2,0.2,0.2,0.2,0.5,0.0,0.1,0.2] [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][config.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] - detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] - detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] min| max| avg| stddev| variance| entropy @@ -304,18 +304,18 @@ new: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] detected: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable] new: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] - detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Collaborative][Acceptable] - detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Collaborative][Acceptable] + detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] new: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] - detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] - detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][api.microsoftstream.com] ERROR-EVENT: Unknown packet type - detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][api.microsoftstream.com] new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] - detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Azure][Cloud][Acceptable] - detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Azure][Cloud][Acceptable][api.microsoftstream.com] + detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Azure][Cloud][Acceptable] @@ -329,8 +329,8 @@ [PKTLENS.....: 64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52] [ENTROPIES...: 4.4,5.2,4.9,5.6,7.4,7.5,4.9,7.4,4.9,4.8,7.6,7.1,5.0,5.9,6.3,7.4,5.6,6.1,4.9,4.9,5.4,5.6,4.9,7.5,5.0,7.9,6.1,5.1,5.7,5.0,7.5,4.9] new: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] - detected: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][euno-1.api.microsoftstream.com] + detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][euno-1.api.microsoftstream.com] new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] min| max| avg| stddev| variance| entropy @@ -342,25 +342,25 @@ [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] - detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Azure][Cloud][Acceptable] + detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Azure][Cloud][Acceptable][euno-1.api.microsoftstream.com] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] - detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe] - detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe] + detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe][dc.applicationinsights.microsoft.com] + detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe][dc.applicationinsights.microsoft.com] new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] - detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable] - detection-update: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable] + detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable][gate.hockeyapp.net] + detection-update: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable][gate.hockeyapp.net] new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] - detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] + detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] + detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] new: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] - detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe] - detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe] + detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] + detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] ERROR-EVENT: Unknown packet type analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy @@ -386,75 +386,75 @@ new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] ERROR-EVENT: Unknown packet type new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] - detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe] + detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port - detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe] + detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port ERROR-EVENT: Unknown packet type new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] - detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Teams][VoIP][Safe] + detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Teams][VoIP][Safe][] new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] - detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Cloud][Acceptable] - detection-update: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Cloud][Acceptable] - detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe] + detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Cloud][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] + detection-update: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Cloud][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] + detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] - detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Teams][VoIP][Safe] + detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Teams][VoIP][Safe][] new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] - detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Teams][VoIP][Safe] - detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe] + detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Teams][VoIP][Safe][] + detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] - detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Teams][VoIP][Safe] - detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe] + detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Teams][VoIP][Safe][] + detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] - detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Teams][VoIP][Safe] + detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Teams][VoIP][Safe][] new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] - detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Teams][VoIP][Safe] - detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe] + detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Teams][VoIP][Safe][] + detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe][euaz.tr.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] - detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Azure][Cloud][Acceptable] + detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Azure][Cloud][Acceptable][52.114.250.152] RISK: TLS (probably) Not Carrying HTTPS - detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Azure][Cloud][Acceptable] + detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Azure][Cloud][Acceptable][52.114.250.153] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Collaborative][Safe][52.114.250.152] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS - detection-update: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Collaborative][Safe][52.114.250.153] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS new: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] new: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] - detected: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - detection-update: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Collaborative][Safe] + detected: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][c-flightproxy-euno-01-teams.cloudapp.net] + detection-update: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe][c-flightproxy-euno-01-teams.cloudapp.net] + detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Collaborative][Safe] + detection-update: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Collaborative][Safe][api.flightproxy.teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] - detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Teams][VoIP][Safe] + detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Teams][VoIP][Safe][] RISK: Known Proto on Non Std Port new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] - detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Teams][VoIP][Safe] + detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Teams][VoIP][Safe][] RISK: Known Proto on Non Std Port new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] - detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][VoIP][Acceptable] + detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] - detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][VoIP][Acceptable] + detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port ERROR-EVENT: Unknown packet type new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] - detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][VoIP][Acceptable] + detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] - detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][VoIP][Acceptable] + detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Collaborative][Safe] min| max| avg| stddev| variance| entropy @@ -469,8 +469,8 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] - detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable] - detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable] + detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable][gate.hockeyapp.net] + detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Azure][Cloud][Acceptable][gate.hockeyapp.net] ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] @@ -548,7 +548,7 @@ idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe] RISK: Known Proto on Non Std Port idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Collaborative][Safe] - guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [STUN.Azure][Cloud][Acceptable] + guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [STUN.Azure][Cloud][Acceptable][] idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Web][Safe] not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unrated] diff --git a/test/results/flow-info/telegram.pcap.out b/test/results/flow-info/telegram.pcap.out index b84d51f5a..62cc9f348 100644 --- a/test/results/flow-info/telegram.pcap.out +++ b/test/results/flow-info/telegram.pcap.out @@ -2,31 +2,31 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] - detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][tl-sg116e] new: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] - detected: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] - detected: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_spotify-connect._tcp.local] new: [.....4] [ip4][..udp] [...192.168.1.69][.5353] -> [....224.0.0.251][.5353] - detected: [.....4] [ip4][..udp] [...192.168.1.69][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....4] [ip4][..udp] [...192.168.1.69][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_spotify-connect._tcp.local] new: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] - detected: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_dacp._tcp.local] new: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] - detected: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_dacp._tcp.local] new: [.....7] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.75][.5353] - detected: [.....7] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.75][.5353] [MDNS][Network][Acceptable] + detected: [.....7] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.75][.5353] [MDNS][Network][Acceptable][_companion-link._tcp.local] new: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] - detected: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][e7047.e12.akamaiedge.net] + detection-update: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][e7047.e12.akamaiedge.net] new: [.....9] [ip4][..udp] [...192.168.1.77][17500] -> [255.255.255.255][17500] detected: [.....9] [ip4][..udp] [...192.168.1.77][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable] new: [....10] [ip4][..udp] [...192.168.1.77][17500] -> [..192.168.1.255][17500] detected: [....10] [ip4][..udp] [...192.168.1.77][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable] - detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_homekit._tcp.local] new: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] - detected: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_homekit._tcp.local] new: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] - detected: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] [MDNS][Network][Acceptable] + detected: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] [MDNS][Network][Acceptable][_companion-link._tcp.local] analyse: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.089| 0.260| 0.238| 56779.682| 4.400] @@ -47,22 +47,22 @@ [IATS(ms)....: 549.6,0.4,252.7,249.3,102.6,153.3,104.8,140.9,2.6,102.6,252.5,506.2,1088.5,524.6,0.5,254.5,249.4,109.0,147.1,100.8,145.2,1.9,102.6,256.1,498.0,504.7,600.4,564.2,0.4,249.0,248.4] [PKTLENS.....: 148,239,314,175,159,175,159,217,190,314,159,173,281,148,239,314,175,159,175,159,217,190,314,159,173,217,173,148,239,314,175,159] [ENTROPIES...: 4.9,5.3,5.1,5.1,4.5,5.1,4.5,5.1,5.0,5.1,4.5,4.5,5.0,4.9,5.3,5.1,5.1,4.5,5.1,4.5,5.0,5.0,5.1,4.5,4.5,5.0,4.5,4.9,5.3,5.1,5.1,4.5] - detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - detection-update: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_sleep-proxy._udp.local] + detection-update: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_sleep-proxy._udp.local] new: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] - detected: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe] - detection-update: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe] + detected: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe][in.appcenter.ms] + detection-update: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe][in.appcenter.ms] new: [....14] [ip4][..udp] [...192.168.1.53][57621] -> [..192.168.1.255][57621] detected: [....14] [ip4][..udp] [...192.168.1.53][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable] new: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] - detected: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] - detected: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][e4518.dscx.akamaiedge.net] + detection-update: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][e4518.dscx.akamaiedge.net] new: [....17] [ip4][..udp] [...192.168.1.52][.5353] -> [....224.0.0.251][.5353] - detected: [....17] [ip4][..udp] [...192.168.1.52][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....17] [ip4][..udp] [...192.168.1.52][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] new: [....18] [ip6][..udp] [...............fe80::4dc:edec:5b0c:a661][.5353] -> [...............................ff02::fb][.5353] - detected: [....18] [ip6][..udp] [...............fe80::4dc:edec:5b0c:a661][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....18] [ip6][..udp] [...............fe80::4dc:edec:5b0c:a661][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] new: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521] detected: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521] [Telegram][Chat][Acceptable] new: [....20] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.12.5][..523] @@ -90,8 +90,8 @@ [PKTLENS.....: 68,92,124,68,92,124,124,60,124,76,68,92,220,124,220,124,220,204,124,124,204,220,204,68,92,204,204,188,204,204,124,220] [ENTROPIES...: 4.9,5.1,6.5,4.9,5.1,6.6,6.5,4.6,6.6,5.1,4.9,5.1,7.1,6.4,7.0,6.5,7.0,7.0,6.5,6.4,7.0,7.1,7.0,4.9,5.1,6.9,6.8,6.9,7.0,7.0,6.4,7.0] new: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] - detected: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable] - detection-update: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable] + detected: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable][www.googletagservices.com] + detection-update: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable][www.googletagservices.com] RISK: Suspicious DNS Traffic analyse: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] min| max| avg| stddev| variance| entropy @@ -105,26 +105,26 @@ [ENTROPIES...: 6.4,6.1,6.3,5.8,6.0,5.8,6.0,6.9,7.1,7.2,7.1,7.1,7.1,7.0,7.0,7.1,7.0,6.9,6.8,7.0,7.0,7.0,6.9,6.9,6.9,6.9,6.9,6.9,7.0,6.9,7.0,7.1] not-detected: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] [Unknown][Unrated] new: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][] new: [....29] [ip4][..udp] [...192.168.1.43][..138] -> [..192.168.1.255][..138] - detected: [....29] [ip4][..udp] [...192.168.1.43][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....29] [ip4][..udp] [...192.168.1.43][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][desktop-rb5t12g] RISK: Unsafe Protocol new: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137] - detected: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][workgroup] new: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] - detected: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe] - detection-update: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe] + detected: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe][dati.ntop.org] + detection-update: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe][dati.ntop.org] new: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] - detected: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][pixel.wp.com] + detection-update: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][pixel.wp.com] RISK: Suspicious DNS Traffic new: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] - detected: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe] - detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe][b._dns-sd._udp.ntop.org] + detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_googlecast._tcp.local] new: [....34] [ip4][..udp] [...192.168.1.77][61974] -> [..216.58.205.68][..443] - detected: [....34] [ip4][..udp] [...192.168.1.77][61974] -> [..216.58.205.68][..443] [QUIC.Google][Web][Acceptable] + detected: [....34] [ip4][..udp] [...192.168.1.77][61974] -> [..216.58.205.68][..443] [QUIC.Google][Web][Acceptable][www.google.com] new: [....35] [ip4][..udp] [...192.168.1.77][50822] -> [..216.58.205.68][..443] - detected: [....35] [ip4][..udp] [...192.168.1.77][50822] -> [..216.58.205.68][..443] [QUIC.Google][Web][Acceptable] + detected: [....35] [ip4][..udp] [...192.168.1.77][50822] -> [..216.58.205.68][..443] [QUIC.Google][Web][Acceptable][www.google.com] new: [....36] [ip4][..udp] [...192.168.1.77][57621] -> [..192.168.1.255][57621] detected: [....36] [ip4][..udp] [...192.168.1.77][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable] new: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] @@ -139,9 +139,9 @@ detected: [....41] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.5][..537] [Telegram][Chat][Acceptable] new: [....42] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.3][..537] detected: [....42] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.3][..537] [Telegram][Chat][Acceptable] - detection-update: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe] + detection-update: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe][b._dns-sd._udp.ntop.org] new: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] - detected: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] analyse: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] [Telegram][Chat][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.008| 0.505| 0.099| 0.138| 18965.475| 4.000] @@ -164,7 +164,7 @@ [PKTLENS.....: 68,92,68,124,92,124,60,68,124,92,124,76,124,204,204,188,204,204,204,68,124,204,92,124,204,124,204,204,188,204,188,204] [ENTROPIES...: 5.0,5.1,4.9,6.5,5.0,6.5,4.6,4.9,6.5,5.1,6.3,5.1,6.5,6.9,7.0,6.9,7.0,6.9,7.0,4.9,6.5,7.0,5.0,6.3,6.9,6.4,6.9,6.9,6.9,7.0,6.9,7.0] new: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] - detected: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] update: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] update: [.....9] [ip4][..udp] [...192.168.1.77][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable] update: [....10] [ip4][..udp] [...192.168.1.77][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable] @@ -176,13 +176,13 @@ update: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] update: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] new: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900] - detected: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] - detected: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Cloud][Acceptable] + detected: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Cloud][Acceptable][telemetry.dropbox.com] new: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] - detected: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Cloud][Acceptable] + detected: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][e4518.dscx.akamaiedge.net] + detection-update: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][e4518.dscx.akamaiedge.net] + detection-update: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Cloud][Acceptable][telemetry.dropbox.com] idle: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] RISK: Suspicious DNS Traffic idle: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] diff --git a/test/results/flow-info/tk.pcap.out b/test/results/flow-info/tk.pcap.out index 0556da058..5131f928a 100644 --- a/test/results/flow-info/tk.pcap.out +++ b/test/results/flow-info/tk.pcap.out @@ -2,14 +2,14 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.1.178][51954] -> [....192.168.1.1][...53] - detected: [.....1] [ip4][..udp] [..192.168.1.178][51954] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [.....1] [ip4][..udp] [..192.168.1.178][51954] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....1] [ip4][..udp] [..192.168.1.178][51954] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][whois.dot.tk] + detection-update: [.....1] [ip4][..udp] [..192.168.1.178][51954] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][whois.dot.tk] new: [.....2] [ip4][..udp] [..192.168.1.178][55591] -> [....192.168.1.1][...53] - detected: [.....2] [ip4][..udp] [..192.168.1.178][55591] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [.....2] [ip4][..udp] [..192.168.1.178][55591] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.1.178][55591] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][whois.dot.tk] + detection-update: [.....2] [ip4][..udp] [..192.168.1.178][55591] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][whois.dot.tk] new: [.....3] [ip4][..udp] [..192.168.1.178][53820] -> [....192.168.1.1][...53] - detected: [.....3] [ip4][..udp] [..192.168.1.178][53820] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [.....3] [ip4][..udp] [..192.168.1.178][53820] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....3] [ip4][..udp] [..192.168.1.178][53820] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][whois.dot.tk] + detection-update: [.....3] [ip4][..udp] [..192.168.1.178][53820] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][whois.dot.tk] idle: [.....2] [ip4][..udp] [..192.168.1.178][55591] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] idle: [.....3] [ip4][..udp] [..192.168.1.178][53820] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] idle: [.....1] [ip4][..udp] [..192.168.1.178][51954] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] diff --git a/test/results/flow-info/tls-esni-fuzzed.pcap.out b/test/results/flow-info/tls-esni-fuzzed.pcap.out index 9361457bf..2b049c0ac 100644 --- a/test/results/flow-info/tls-esni-fuzzed.pcap.out +++ b/test/results/flow-info/tls-esni-fuzzed.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] [TLS.Cloudflare][Web][Acceptable][] new: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] [TLS.Cloudflare][Web][Acceptable][] new: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS.Cloudflare][Web][Acceptable][] RISK: Missing SNI TLS Extn idle: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] idle: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] diff --git a/test/results/flow-info/tls-rdn-extract.pcap.out b/test/results/flow-info/tls-rdn-extract.pcap.out index 86c2d401e..57311caee 100644 --- a/test/results/flow-info/tls-rdn-extract.pcap.out +++ b/test/results/flow-info/tls-rdn-extract.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS][Web][Safe][ads1.msads.net] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS][Web][Safe] + detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS][Web][Safe][ads1.msads.net] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS.Microsoft][Web][Safe] + detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS.Microsoft][Web][Safe][ads1.msads.net] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher, TLS Cert Expired idle: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_2_reasms.pcapng.out b/test/results/flow-info/tls_2_reasms.pcapng.out index 0c3b7164b..5a8fe4d73 100644 --- a/test/results/flow-info/tls_2_reasms.pcapng.out +++ b/test/results/flow-info/tls_2_reasms.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.91.186.174][..443] -> [...25.137.80.32][38134] - detected: [.....1] [ip4][..tcp] [.192.91.186.174][..443] -> [...25.137.80.32][38134] [TLS.Instagram][SocialNetwork][Fun] - detection-update: [.....1] [ip4][..tcp] [.192.91.186.174][..443] -> [...25.137.80.32][38134] [TLS.Instagram][SocialNetwork][Fun] + detected: [.....1] [ip4][..tcp] [.192.91.186.174][..443] -> [...25.137.80.32][38134] [TLS.Instagram][SocialNetwork][Fun][i.instagram.com] + detection-update: [.....1] [ip4][..tcp] [.192.91.186.174][..443] -> [...25.137.80.32][38134] [TLS.Instagram][SocialNetwork][Fun][i.instagram.com] idle: [.....1] [ip4][..tcp] [.192.91.186.174][..443] -> [...25.137.80.32][38134] [TLS.Instagram][SocialNetwork][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_2_reasms_b.pcapng.out b/test/results/flow-info/tls_2_reasms_b.pcapng.out index fca20dcd1..67b9862f2 100644 --- a/test/results/flow-info/tls_2_reasms_b.pcapng.out +++ b/test/results/flow-info/tls_2_reasms_b.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..88.14.137.195][..443] -> [196.234.165.216][37658] - detected: [.....1] [ip4][..tcp] [..88.14.137.195][..443] -> [196.234.165.216][37658] [TLS.Facebook][SocialNetwork][Fun] - detection-update: [.....1] [ip4][..tcp] [..88.14.137.195][..443] -> [196.234.165.216][37658] [TLS.Facebook][SocialNetwork][Fun] + detected: [.....1] [ip4][..tcp] [..88.14.137.195][..443] -> [196.234.165.216][37658] [TLS.Facebook][SocialNetwork][Fun][video.fmct2-3.fna.fbcdn.net] + detection-update: [.....1] [ip4][..tcp] [..88.14.137.195][..443] -> [196.234.165.216][37658] [TLS.Facebook][SocialNetwork][Fun][video.fmct2-3.fna.fbcdn.net] idle: [.....1] [ip4][..tcp] [..88.14.137.195][..443] -> [196.234.165.216][37658] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_alert.pcap.out b/test/results/flow-info/tls_alert.pcap.out index 97c7db282..b74293ac3 100644 --- a/test/results/flow-info/tls_alert.pcap.out +++ b/test/results/flow-info/tls_alert.pcap.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.192][63158] -> [...192.168.1.20][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.192][63158] -> [...192.168.1.20][..443] [TLS.Google][Advertisement][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.1.192][63158] -> [...192.168.1.20][..443] [TLS.Google][Advertisement][Acceptable][www.google-analytics.com] RISK: Obsolete TLS (v1.1 or older) DAEMON-EVENT: [Processed: 11 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] diff --git a/test/results/flow-info/tls_certificate_too_long.pcap.out b/test/results/flow-info/tls_certificate_too_long.pcap.out index 9827d9d0a..830db9cb2 100644 --- a/test/results/flow-info/tls_certificate_too_long.pcap.out +++ b/test/results/flow-info/tls_certificate_too_long.pcap.out @@ -4,71 +4,71 @@ new: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443] [MIDSTREAM] new: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367] [MIDSTREAM] new: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] - detected: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + detected: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][121.1.168.192.in-addr.arpa] + detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][60.21.149.52.in-addr.arpa] + detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][139.1.168.192.in-addr.arpa] + detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][139.1.168.192.in-addr.arpa] + detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][60.21.149.52.in-addr.arpa] new: [.....4] [ip4][..udp] [..192.168.1.139][.5353] -> [....224.0.0.251][.5353] - detected: [.....4] [ip4][..udp] [..192.168.1.139][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....4] [ip4][..udp] [..192.168.1.139][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_companion-link._tcp.local] new: [.....5] [ip6][..udp] [..............fe80::1059:a858:f9e7:cf94][.5353] -> [...............................ff02::fb][.5353] - detected: [.....5] [ip6][..udp] [..............fe80::1059:a858:f9e7:cf94][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [.....5] [ip6][..udp] [..............fe80::1059:a858:f9e7:cf94][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_companion-link._tcp.local] new: [.....6] [ip4][..udp] [..192.168.1.121][.5353] -> [..192.168.1.139][.5353] - detected: [.....6] [ip4][..udp] [..192.168.1.121][.5353] -> [..192.168.1.139][.5353] [MDNS][Network][Acceptable] + detected: [.....6] [ip4][..udp] [..192.168.1.121][.5353] -> [..192.168.1.139][.5353] [MDNS][Network][Acceptable][_companion-link._tcp.local] new: [.....7] [ip4][....2] [..192.168.1.139] -> [......224.0.0.2] detected: [.....7] [ip4][....2] [..192.168.1.139] -> [......224.0.0.2] [IGMP][Network][Acceptable] new: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251] detected: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251] [IGMP][Network][Acceptable] new: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] - detected: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe] + detected: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe][wdcp.microsoft.com] new: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] - detected: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe] - detection-update: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe] + detected: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detection-update: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe][wdcp.microsoft.com] new: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] - detected: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Cloud][Acceptable] + detected: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Cloud][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com] new: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] - detection-update: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe] + detection-update: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe][wdcp.microsoft.com] new: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] - detection-update: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Cloud][Acceptable] - detected: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detected: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detection-update: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] + detection-update: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Cloud][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com] + detected: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detected: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detection-update: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] new: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] - detected: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe] + detected: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe][www.microsoft.com] new: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] - detected: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe] - detection-update: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe] + detected: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe][www.microsoft.com] + detection-update: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe][www.microsoft.com] new: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] - detected: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + detected: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][e13678.dscb.akamaiedge.net] new: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] - detected: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] - detection-update: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detection-update: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + detected: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][e13678.dscb.akamaiedge.net] + detection-update: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detection-update: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][e13678.dscb.akamaiedge.net] new: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] - detection-update: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe] - detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Cloud][Safe] - detection-update: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] - detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Download][Safe] + detection-update: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Cloud][Safe][www.microsoft.com] + detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Cloud][Safe][www.microsoft.com] + detection-update: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][e13678.dscb.akamaiedge.net] + detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Download][Safe][www.microsoft.com] RISK: Binary App Transfer new: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] - detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Cloud][Safe] - detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Download][Safe] + detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Cloud][Safe][www.microsoft.com] + detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Download][Safe][www.microsoft.com] RISK: Binary App Transfer new: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [MIDSTREAM] new: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] - detected: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Web][Safe] - detection-update: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Web][Safe] + detected: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Web][Safe][time-macos.apple.com] + detection-update: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Web][Safe][time-macos.apple.com] new: [....22] [ip4][..udp] [..192.168.1.121][49216] -> [..17.253.54.251][..123] detected: [....22] [ip4][..udp] [..192.168.1.121][49216] -> [..17.253.54.251][..123] [NTP][System][Acceptable] detected: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [TLS.Github][Collaborative][Acceptable] new: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] - detected: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] - detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + detected: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][235.33.22.2.in-addr.arpa] + detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][26.113.82.140.in-addr.arpa] new: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [MIDSTREAM] detected: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS.Outlook][Email][Acceptable] new: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [MIDSTREAM] detected: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS.Outlook][Email][Acceptable] - detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][235.33.22.2.in-addr.arpa] analyse: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS.Outlook][Email][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.067| 0.005| 0.015| 217.103| 1.700] @@ -91,26 +91,26 @@ [ENTROPIES...: 7.9,7.8,7.9,4.9,7.9,7.8,6.6,7.1,7.5,5.7,5.6,4.7,5.4,4.7,4.9,7.9,7.8,7.6,4.9,7.6,7.8,7.5,4.6,6.6,7.0,7.2,6.2,5.6,5.8,5.5,4.7,5.0] new: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] new: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] - detected: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detected: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detection-update: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detection-update: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detected: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detection-update: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detection-update: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] new: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123] detected: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123] [NTP][System][Acceptable] new: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] new: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] - detected: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detected: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detection-update: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detection-update: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detected: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detection-update: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detection-update: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] new: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123] detected: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123] [NTP][System][Acceptable] new: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] new: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] - detected: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detected: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detection-update: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] - detection-update: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe] + detected: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detected: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detection-update: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] + detection-update: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Cloud][Safe][wdcp.microsoft.com] new: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123] detected: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123] [NTP][System][Acceptable] new: [....35] [ip4][..tcp] [.130.211.33.145][..443] -> [..192.168.1.121][53432] [MIDSTREAM] diff --git a/test/results/flow-info/tls_cipher_lens.pcap.out b/test/results/flow-info/tls_cipher_lens.pcap.out index 7167d0510..f6b835d7d 100644 --- a/test/results/flow-info/tls_cipher_lens.pcap.out +++ b/test/results/flow-info/tls_cipher_lens.pcap.out @@ -2,19 +2,19 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.11.11][51587] -> [.173.194.35.191][..443] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [..192.168.11.11][51587] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.11.11][51587] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable][www.google.it] RISK: Obsolete TLS (v1.1 or older) new: [.....2] [ip4][..tcp] [..192.168.11.11][51590] -> [.173.194.35.191][..443] [MIDSTREAM] - detected: [.....2] [ip4][..tcp] [..192.168.11.11][51590] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [..192.168.11.11][51590] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [.....3] [ip4][..tcp] [..192.168.11.11][51589] -> [.173.194.35.191][..443] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [..192.168.11.11][51589] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [..192.168.11.11][51589] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [.....4] [ip4][..tcp] [..192.168.11.11][51588] -> [.173.194.35.191][..443] [MIDSTREAM] - detected: [.....4] [ip4][..tcp] [..192.168.11.11][51588] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable] + detected: [.....4] [ip4][..tcp] [..192.168.11.11][51588] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [.....5] [ip4][..tcp] [..192.168.11.11][51591] -> [.173.194.35.191][..443] [MIDSTREAM] - detected: [.....5] [ip4][..tcp] [..192.168.11.11][51591] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable] + detected: [.....5] [ip4][..tcp] [..192.168.11.11][51591] -> [.173.194.35.191][..443] [TLS.Google][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) idle: [.....1] [ip4][..tcp] [..192.168.11.11][51587] -> [.173.194.35.191][..443] idle: [.....4] [ip4][..tcp] [..192.168.11.11][51588] -> [.173.194.35.191][..443] diff --git a/test/results/flow-info/tls_esni_sni_both.pcap.out b/test/results/flow-info/tls_esni_sni_both.pcap.out index 0b41947af..9f5adac99 100644 --- a/test/results/flow-info/tls_esni_sni_both.pcap.out +++ b/test/results/flow-info/tls_esni_sni_both.pcap.out @@ -2,14 +2,14 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.21][55500] -> [..104.17.175.85][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.21][55500] -> [..104.17.175.85][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [...192.168.1.21][55500] -> [..104.17.175.85][..443] [TLS.Cloudflare][Web][Acceptable][these-are-not-the-droids-youre-looking-for.com] RISK: TLS (probably) Not Carrying HTTPS, TLS Suspicious ESNI Usage - detection-update: [.....1] [ip4][..tcp] [...192.168.1.21][55500] -> [..104.17.175.85][..443] [TLS.Cloudflare][Web][Acceptable] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.21][55500] -> [..104.17.175.85][..443] [TLS.Cloudflare][Web][Acceptable][these-are-not-the-droids-youre-looking-for.com] RISK: TLS (probably) Not Carrying HTTPS, TLS Suspicious ESNI Usage new: [.....2] [ip4][..tcp] [...192.168.1.21][55514] -> [..104.17.175.85][..443] - detected: [.....2] [ip4][..tcp] [...192.168.1.21][55514] -> [..104.17.175.85][..443] [TLS.Cloudflare][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [...192.168.1.21][55514] -> [..104.17.175.85][..443] [TLS.Cloudflare][Web][Acceptable][you-think-thats-normal-tls-traffic-youre-seeing.com] RISK: TLS (probably) Not Carrying HTTPS, TLS Suspicious ESNI Usage - detection-update: [.....2] [ip4][..tcp] [...192.168.1.21][55514] -> [..104.17.175.85][..443] [TLS.Cloudflare][Web][Acceptable] + detection-update: [.....2] [ip4][..tcp] [...192.168.1.21][55514] -> [..104.17.175.85][..443] [TLS.Cloudflare][Web][Acceptable][you-think-thats-normal-tls-traffic-youre-seeing.com] RISK: TLS (probably) Not Carrying HTTPS, TLS Suspicious ESNI Usage end: [.....1] [ip4][..tcp] [...192.168.1.21][55500] -> [..104.17.175.85][..443] end: [.....2] [ip4][..tcp] [...192.168.1.21][55514] -> [..104.17.175.85][..443] diff --git a/test/results/flow-info/tls_invalid_reads.pcap.out b/test/results/flow-info/tls_invalid_reads.pcap.out index 85b4bcd92..3a3621197 100644 --- a/test/results/flow-info/tls_invalid_reads.pcap.out +++ b/test/results/flow-info/tls_invalid_reads.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] - detected: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] [TLS][Web][Safe] + detection-update: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] [TLS][Web][Safe] + detection-update: [.....1] [ip4][..tcp] [.192.168.10.101][.3967] -> [..206.33.61.113][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) DAEMON-EVENT: [Processed: 8 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] diff --git a/test/results/flow-info/tls_long_cert.pcap.out b/test/results/flow-info/tls_long_cert.pcap.out index f68c6570f..451660e24 100644 --- a/test/results/flow-info/tls_long_cert.pcap.out +++ b/test/results/flow-info/tls_long_cert.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] - detected: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe][www.repubblica.it] + detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe][www.repubblica.it] + detection-update: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe][www.repubblica.it] analyse: [.....1] [ip4][..tcp] [..192.168.2.126][60174] -> [.104.111.215.93][..443] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.034| 0.008| 0.011| 130.013| 3.600] diff --git a/test/results/flow-info/tls_missing_ch_frag.pcap.out b/test/results/flow-info/tls_missing_ch_frag.pcap.out index 624f6c792..46c7cce98 100644 --- a/test/results/flow-info/tls_missing_ch_frag.pcap.out +++ b/test/results/flow-info/tls_missing_ch_frag.pcap.out @@ -2,6 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][33063] - detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][33063] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][33063] [TLS][Web][Safe][] end: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][33063] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_multiple_synack_different_seq.pcapng.out b/test/results/flow-info/tls_multiple_synack_different_seq.pcapng.out index 61f48410c..8d5666eeb 100644 --- a/test/results/flow-info/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/flow-info/tls_multiple_synack_different_seq.pcapng.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] - detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Cloud][Acceptable][bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com] + detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Cloud][Acceptable][bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com] + detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] [TLS.AmazonAWS][Cloud][Acceptable][bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com] idle: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][59927] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_port_80.pcapng.out b/test/results/flow-info/tls_port_80.pcapng.out index dca271de5..bf6eb72cd 100644 --- a/test/results/flow-info/tls_port_80.pcapng.out +++ b/test/results/flow-info/tls_port_80.pcapng.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..57.91.202.194][50541] -> [..132.49.141.56][...80] - detected: [.....1] [ip4][..tcp] [..57.91.202.194][50541] -> [..132.49.141.56][...80] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [..57.91.202.194][50541] -> [..132.49.141.56][...80] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....1] [ip4][..tcp] [..57.91.202.194][50541] -> [..132.49.141.56][...80] [TLS][Web][Safe] + detection-update: [.....1] [ip4][..tcp] [..57.91.202.194][50541] -> [..132.49.141.56][...80] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn idle: [.....1] [ip4][..tcp] [..57.91.202.194][50541] -> [..132.49.141.56][...80] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_torrent.pcapng.out b/test/results/flow-info/tls_torrent.pcapng.out index cf0840379..0ecd3a2ef 100644 --- a/test/results/flow-info/tls_torrent.pcapng.out +++ b/test/results/flow-info/tls_torrent.pcapng.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][58842] - detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][58842] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][58842] [TLS][Web][Safe][web.utorrent.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][58842] [TLS][Web][Safe] + detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][58842] [TLS][Web][Safe][web.utorrent.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][58842] [TLS.BitTorrent][Download][Acceptable] + detection-update: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][58842] [TLS.BitTorrent][Download][Acceptable][web.utorrent.com] RISK: TLS (probably) Not Carrying HTTPS idle: [.....1] [ip4][..tcp] [.....10.10.10.1][..443] -> [....192.168.0.1][58842] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tls_verylong_certificate.pcap.out b/test/results/flow-info/tls_verylong_certificate.pcap.out index b3787f9c9..b71f5841f 100644 --- a/test/results/flow-info/tls_verylong_certificate.pcap.out +++ b/test/results/flow-info/tls_verylong_certificate.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Web][Safe] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe] + detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Web][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Web][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe][feodotracker.abuse.ch] analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.022| 0.005| 0.007| 43.853| 3.500] @@ -15,6 +15,6 @@ [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe][feodotracker.abuse.ch] end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Media][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/tor.pcap.out b/test/results/flow-info/tor.pcap.out index fa3dc4acc..705364771 100644 --- a/test/results/flow-info/tor.pcap.out +++ b/test/results/flow-info/tor.pcap.out @@ -5,21 +5,21 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe] + detected: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe][www.ct7ctrgb6cr7.com] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Web][Safe][www.ct7ctrgb6cr7.com] RISK: Obsolete TLS (v1.1 or older) ERROR-EVENT: Unknown packet type new: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] - detected: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][VPN][Potentially Dangerous] + detected: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com] RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol - detection-update: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][VPN][Potentially Dangerous] + detection-update: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com] RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol ERROR-EVENT: Unknown packet type new: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] - detected: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous] + detected: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous][www.q4cyamnc6mtokjurvdclt.com] RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol - detection-update: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][VPN][Potentially Dangerous][www.q4cyamnc6mtokjurvdclt.com] RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type @@ -36,7 +36,7 @@ ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type new: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] - detected: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][endian-pc] RISK: Unsafe Protocol ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type @@ -124,19 +124,19 @@ ERROR-EVENT: Unknown packet type new: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] new: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] - detected: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Web][Safe] + detected: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Web][Safe][www.t3i3ru.com] RISK: Obsolete TLS (v1.1 or older) - detected: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][VPN][Potentially Dangerous] + detected: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][VPN][Potentially Dangerous][www.gfu7hbxpfp.com] RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol - detection-update: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Web][Safe] + detection-update: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Web][Safe][www.t3i3ru.com] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][VPN][Potentially Dangerous] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][VPN][Potentially Dangerous][www.gfu7hbxpfp.com] RISK: Obsolete TLS (v1.1 or older), Suspicious DGA Domain name, Unsafe Protocol ERROR-EVENT: Unknown packet type new: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] - detected: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe] + detected: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe][www.jmts2id.com] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe] + detection-update: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Web][Safe][www.jmts2id.com] RISK: Obsolete TLS (v1.1 or older) analyse: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][VPN][Potentially Dangerous] min| max| avg| stddev| variance| entropy @@ -201,9 +201,9 @@ update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable] ERROR-EVENT: Unknown packet type new: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] - detected: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Web][Safe] + detected: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Web][Safe][www.6gyip7tqim7sieb.com] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Web][Safe] + detection-update: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Web][Safe][www.6gyip7tqim7sieb.com] RISK: Obsolete TLS (v1.1 or older) ERROR-EVENT: Unknown packet type ERROR-EVENT: Unknown packet type diff --git a/test/results/flow-info/trickbot.pcap.out b/test/results/flow-info/trickbot.pcap.out index 59b60456c..b3db275ad 100644 --- a/test/results/flow-info/trickbot.pcap.out +++ b/test/results/flow-info/trickbot.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] - detected: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable][82.118.225.196] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address - detection-update: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable] + detection-update: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable][82.118.225.196] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address, HTTP Suspicious Content analyse: [.....1] [ip4][..tcp] [...10.12.29.101][61318] -> [.82.118.225.196][.7080] [HTTP][Web][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/tumblr.pcap.out b/test/results/flow-info/tumblr.pcap.out index e986aca55..994323168 100644 --- a/test/results/flow-info/tumblr.pcap.out +++ b/test/results/flow-info/tumblr.pcap.out @@ -37,7 +37,7 @@ [PKTLENS.....: 232,223,72,72,891,72,111,1460,72,72,84,72,1472,72,1472,1460,72,72,84,72,1472,72,1472,72,1460,72,84,1460,72,72,84,72] [ENTROPIES...: 7.0,6.8,5.0,5.0,7.7,5.3,5.9,7.9,5.3,5.3,5.4,5.3,7.9,5.3,7.9,7.8,5.2,5.3,5.4,5.3,7.9,5.2,7.9,5.2,7.9,5.2,5.3,7.8,5.3,5.3,5.4,5.3] detection-update: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] - detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] + detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe][consent.cmp.oath.com] analyse: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.045| 0.004| 0.009| 88.667| 2.800] @@ -50,9 +50,9 @@ [ENTROPIES...: 6.6,5.9,6.6,6.5,5.0,5.0,4.9,5.0,7.9,5.1,7.9,5.1,7.9,7.8,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1] detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Web][Safe] new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] - detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] - detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] - detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] + detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe][consent.cmp.oath.com] + detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe][consent.cmp.oath.com] + detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe][consent.cmp.oath.com] analyse: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.048| 0.012| 0.017| 287.486| 3.200] @@ -65,9 +65,9 @@ [ENTROPIES...: 5.3,5.6,5.6,4.6,5.5,6.2,5.5,5.0,5.5,7.8,7.9,7.8,5.6,5.5,5.6,7.6,5.6,7.8,5.6,6.6,6.7,7.3,6.3,5.5,5.5,5.4,5.5,7.3,7.3,6.5,5.6,5.6] new: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47118] -> [.................2001:4998:14:800::1001][..443] - detected: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] - detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47118] -> [.................2001:4998:14:800::1001][..443] [TLS.Yahoo][Web][Safe] - detection-update: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] + detected: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe][sb.scorecardresearch.com] + detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47118] -> [.................2001:4998:14:800::1001][..443] [TLS.Yahoo][Web][Safe][cookiex.ngd.yahoo.com] + detection-update: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe][sb.scorecardresearch.com] new: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [MIDSTREAM] detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Web][Safe] analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] @@ -83,14 +83,14 @@ detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Web][Safe] new: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [MIDSTREAM] detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [TLS][Web][Safe] - detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47118] -> [.................2001:4998:14:800::1001][..443] [TLS.Yahoo][Web][Safe] + detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47118] -> [.................2001:4998:14:800::1001][..443] [TLS.Yahoo][Web][Safe][cookiex.ngd.yahoo.com] new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56582] -> [.....................64:ff9b::9765:798c][..443] [MIDSTREAM] new: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56564] -> [.....................64:ff9b::9765:798c][..443] [MIDSTREAM] new: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [MIDSTREAM] new: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56578] -> [.....................64:ff9b::9765:798c][..443] [MIDSTREAM] new: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] - detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun] - detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun] + detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun][64.media.tumblr.com] + detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun][64.media.tumblr.com] analyse: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] [TLS.Tumblr][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.070| 0.013| 0.021| 430.743| 3.100] @@ -122,10 +122,10 @@ new: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55014] -> [...............2a00:1450:4007:806::200e][..443] [MIDSTREAM] new: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49002] -> [...............2a00:1450:4007:811::2004][..443] [MIDSTREAM] new: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] - detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] + detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun][catasters.tumblr.com] new: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] [MIDSTREAM] - detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] - detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] + detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun][catasters.tumblr.com] + detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun][catasters.tumblr.com] analyse: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.189| 0.029| 0.050| 2509.587| 3.200] @@ -136,10 +136,10 @@ [IATS(ms)....: 21.4,21.5,0.5,29.5,160.4,189.4,0.2,0.2,0.0,0.8,0.8,3.8,0.1,0.2,28.7,0.0,1.0,78.0,0.0,103.6,0.1,0.7,29.8,79.1,108.2,0.1,0.1,0.4,0.4,0.1] [PKTLENS.....: 80,80,72,589,72,1472,72,1472,1368,72,72,1073,72,157,163,523,72,72,72,338,142,72,72,102,72,1472,72,1472,72,1472,72,1472] [ENTROPIES...: 4.8,5.3,5.3,4.6,5.1,7.2,5.2,7.3,7.6,5.2,5.2,7.6,5.2,6.2,6.5,7.6,5.1,5.1,5.1,7.0,6.3,5.2,5.2,5.7,5.1,7.9,5.2,7.9,5.2,7.9,5.2,7.9] - detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun] + detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][SocialNetwork][Fun][catasters.tumblr.com] new: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Web][Safe] - detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable] + detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable][apis.google.com] new: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] analyse: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] min| max| avg| stddev| variance| entropy @@ -152,9 +152,9 @@ [PKTLENS.....: 72,158,118,72,1120,72,1120,1120,72,72,1120,72,1120,72,1120,1120,1120,1120,1120,1120,1120,72,72,72,72,72,72,72,1120,1120,1120,1120] [ENTROPIES...: 5.3,6.2,5.8,5.1,7.8,5.2,7.8,7.8,5.2,5.2,7.8,5.2,7.8,5.3,7.8,7.8,7.8,7.8,7.8,7.8,7.8,5.3,5.2,5.3,5.3,5.2,5.2,5.3,7.8,7.8,7.8,7.8] detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Web][Safe] - detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable] - detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable] - detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable] + detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable][ajax.googleapis.com] + detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Web][Acceptable][apis.google.com] + detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable][ajax.googleapis.com] analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.067| 0.012| 0.020| 413.573| 3.200] @@ -178,9 +178,9 @@ detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] [TLS][Web][Safe] detected: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS][Web][Safe] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] - detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] + detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe][sb.scorecardresearch.com] new: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] [MIDSTREAM] - detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] + detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe][sb.scorecardresearch.com] analyse: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS][Advertisement][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 16.589| 1.119| 4.059| 16477581.214| 1.400] diff --git a/test/results/flow-info/tunnelbear.pcap.out b/test/results/flow-info/tunnelbear.pcap.out index 0c13187ee..011359172 100644 --- a/test/results/flow-info/tunnelbear.pcap.out +++ b/test/results/flow-info/tunnelbear.pcap.out @@ -2,23 +2,23 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] - detected: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable][api.tunnelbear.com] new: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] new: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] new: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] - detected: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] new: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] - detected: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detected: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detected: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable][api.tunnelbear.com] + detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] new: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] - detected: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe] - detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe] + detected: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe][mobile-collector.newrelic.com] + detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe][mobile-collector.newrelic.com] analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.266| 0.037| 0.060| 3626.297| 3.500] @@ -31,10 +31,10 @@ [ENTROPIES...: 4.5,4.5,4.6,6.1,4.5,7.2,4.5,5.9,4.5,7.4,4.5,7.6,4.6,7.4,4.5,7.1,7.4,4.5,7.6,4.5,6.5,4.5,4.6,5.3,4.5,7.9,4.6,7.6,4.6,7.1,4.6,7.9] new: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] new: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] - detected: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] analyse: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.234| 0.036| 0.055| 3015.001| 3.600] @@ -46,22 +46,22 @@ [PKTLENS.....: 60,40,40,557,40,196,40,91,40,576,40,576,40,303,40,118,363,40,78,40,789,40,213,40,78,40,71,40,40,40,40,40] [ENTROPIES...: 4.5,4.6,4.6,6.1,4.5,6.1,4.7,5.4,4.5,7.4,4.6,7.6,4.5,7.2,4.5,5.9,7.4,4.6,5.3,4.6,7.7,4.7,6.8,4.7,5.3,4.6,5.1,4.5,4.5,4.4,4.5,4.5] new: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [MIDSTREAM] - detected: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] new: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [MIDSTREAM] new: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] - detected: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable] + detected: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable][mqtt-mini.facebook.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable] + detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable][mqtt-mini.facebook.com] RISK: TLS (probably) Not Carrying HTTPS new: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] - detected: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable][capi.grammarly.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable][capi.grammarly.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable][capi.grammarly.com] RISK: TLS (probably) Not Carrying HTTPS new: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] - detected: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable] + detected: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable][mtalk.google.com] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS end: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] end: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] @@ -69,29 +69,29 @@ end: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] end: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] end: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable] + detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable][mtalk.google.com] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS new: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] - detected: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] new: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] new: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] - detected: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] new: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] new: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] - detected: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable][api.tunnelbear.com] new: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] - detected: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detected: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detected: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detected: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detected: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] new: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] - detected: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe] - detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable] - detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe] + detected: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe][mobile-collector.newrelic.com] + detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] + detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable][api.tunnelbear.com] + detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe][mobile-collector.newrelic.com] analyse: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.340| 0.040| 0.084| 7024.527| 3.000] @@ -103,13 +103,13 @@ [PKTLENS.....: 60,40,40,557,40,196,40,91,40,93,40,126,40,576,40,576,40,165,40,109,78,40,78,361,40,576,40,148,40,363,40,2940] [ENTROPIES...: 4.5,4.5,4.5,6.1,4.6,6.0,4.6,5.4,4.6,5.5,4.6,5.9,4.5,7.6,4.5,7.6,4.6,6.8,4.5,5.9,5.3,4.6,5.3,7.2,4.6,7.6,4.6,6.5,4.6,7.3,4.5,7.9] new: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] - detected: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable] + detected: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com] idle: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] idle: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] idle: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] idle: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] idle: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] - guessed: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable] + guessed: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][] end: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] idle: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] end: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] diff --git a/test/results/flow-info/ultrasurf.pcap.out b/test/results/flow-info/ultrasurf.pcap.out index 4cddce789..cb762f8b1 100644 --- a/test/results/flow-info/ultrasurf.pcap.out +++ b/test/results/flow-info/ultrasurf.pcap.out @@ -14,9 +14,9 @@ [PKTLENS.....: 2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628] [ENTROPIES...: 7.9,7.9,7.8,7.8,7.9,7.9,5.5,5.4,7.9,7.9,7.9,5.5,7.9,7.9,7.8,7.9,5.5,5.3,5.4,5.4,7.8,5.5,7.8,7.9,7.9,5.5,5.5,7.9,7.9,7.9,7.9,7.9] new: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] - detected: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] + detected: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn - detection-update: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] + detection-update: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy @@ -29,9 +29,9 @@ [PKTLENS.....: 60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113] [ENTROPIES...: 4.7,5.2,5.3,6.1,5.1,7.8,7.8,7.8,5.2,5.2,5.2,6.1,6.4,7.7,6.3,5.9,5.7,6.1,5.8,5.2,6.0,7.9,5.9,7.8,7.7,7.7,5.2,5.9,6.9,6.8,5.9,6.2] new: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] - detected: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe] + detected: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn - detection-update: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe] + detection-update: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn analyse: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Web][Safe] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/viber.pcap.out b/test/results/flow-info/viber.pcap.out index 49b65212a..8a74722db 100644 --- a/test/results/flow-info/viber.pcap.out +++ b/test/results/flow-info/viber.pcap.out @@ -3,35 +3,35 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] [MIDSTREAM] new: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] - detected: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS.Facebook][SocialNetwork][Fun] - detection-update: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS.Facebook][SocialNetwork][Fun] + detected: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS.Facebook][SocialNetwork][Fun][graph.facebook.com] + detection-update: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS.Facebook][SocialNetwork][Fun][graph.facebook.com] new: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] - detected: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Advertisement][Acceptable] - detection-update: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Advertisement][Acceptable] + detected: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Advertisement][Acceptable][app.adjust.com] + detection-update: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Advertisement][Acceptable][app.adjust.com] new: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] - detected: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Network][Acceptable] - detection-update: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Network][Acceptable] + detected: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Network][Acceptable][mapi.apptimize.com] + detection-update: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Network][Acceptable][mapi.apptimize.com] new: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] - detected: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable][mapi.apptimize.com] + detection-update: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable][mapi.apptimize.com] + detection-update: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable][mapi.apptimize.com] new: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] - detected: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable][mapi.apptimize.com] + detection-update: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS.AmazonAWS][Cloud][Acceptable][mapi.apptimize.com] new: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] - detected: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS.Viber][Chat][Acceptable] - detection-update: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS.Viber][Chat][Acceptable] + detected: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS.Viber][Chat][Acceptable][media.cdn.viber.com] + detection-update: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS.Viber][Chat][Acceptable][media.cdn.viber.com] new: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] - detected: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][Chat][Acceptable] - detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][Chat][Acceptable] - detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][Chat][Acceptable] + detected: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][Chat][Acceptable][media.cdn.viber.com] + detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][Chat][Acceptable][media.cdn.viber.com] + detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][Chat][Acceptable][media.cdn.viber.com] new: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] - detected: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS.Viber][Chat][Acceptable] - detection-update: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS.Viber][Chat][Acceptable] + detected: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS.Viber][Chat][Acceptable][dl-media.viber.com] + detection-update: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS.Viber][Chat][Acceptable][dl-media.viber.com] new: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] - detected: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] - detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] - detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] + detected: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable][dl-media.viber.com] + detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable][dl-media.viber.com] + detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable][dl-media.viber.com] analyse: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.048| 0.009| 0.015| 217.133| 3.300] @@ -42,24 +42,24 @@ [IATS(ms)....: 19.5,21.7,1.0,22.3,3.2,0.2,0.0,0.2,39.4,0.1,0.6,0.3,10.8,47.8,22.3,40.8,0.3,0.1,0.2,0.3,0.0,0.2,0.3,0.2,0.2,0.5,41.2,0.1,0.0,0.0,1.1] [PKTLENS.....: 60,60,52,235,52,1500,1500,1500,397,52,52,52,52,178,294,760,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,794,52,52,52,52,52] [ENTROPIES...: 4.6,5.2,5.2,5.6,5.1,7.2,7.5,7.5,7.3,5.1,5.2,5.2,5.2,6.4,7.2,7.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.7,5.2,5.2,5.1,5.2,5.1] - detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable] + detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][Chat][Acceptable][dl-media.viber.com] new: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443] new: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] - detected: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS][Network][Acceptable] - detection-update: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS][Network][Acceptable] + detected: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS][Network][Acceptable][app-measurement.com] + detection-update: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS][Network][Acceptable][app-measurement.com] new: [....13] [ip4][..tcp] [...192.168.0.17][43702] -> [..172.217.23.78][..443] - detected: [....13] [ip4][..tcp] [...192.168.0.17][43702] -> [..172.217.23.78][..443] [TLS.Google][Web][Acceptable] - detection-update: [....13] [ip4][..tcp] [...192.168.0.17][43702] -> [..172.217.23.78][..443] [TLS.Google][Web][Acceptable] + detected: [....13] [ip4][..tcp] [...192.168.0.17][43702] -> [..172.217.23.78][..443] [TLS.Google][Web][Acceptable][app-measurement.com] + detection-update: [....13] [ip4][..tcp] [...192.168.0.17][43702] -> [..172.217.23.78][..443] [TLS.Google][Web][Acceptable][app-measurement.com] new: [....14] [ip4][..udp] [...192.168.0.17][.5353] -> [....224.0.0.251][.5353] - detected: [....14] [ip4][..udp] [...192.168.0.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....14] [ip4][..udp] [...192.168.0.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_805741c9._sub._googlecast._tcp.local] new: [....15] [ip6][icmp6] [..............fe80::3207:4dff:fea3:5fa7] -> [................................ff02::2] detected: [....15] [ip6][icmp6] [..............fe80::3207:4dff:fea3:5fa7] -> [................................ff02::2] [ICMPV6][Network][Acceptable] new: [....16] [ip4][..udp] [...192.168.0.17][44376] -> [...192.168.0.15][...53] - detected: [....16] [ip4][..udp] [...192.168.0.17][44376] -> [...192.168.0.15][...53] [DNS][Network][Acceptable] - detection-update: [....16] [ip4][..udp] [...192.168.0.17][44376] -> [...192.168.0.15][...53] [DNS][Network][Acceptable] + detected: [....16] [ip4][..udp] [...192.168.0.17][44376] -> [...192.168.0.15][...53] [DNS][Network][Acceptable][venetia.iad.appboy.com] + detection-update: [....16] [ip4][..udp] [...192.168.0.17][44376] -> [...192.168.0.15][...53] [DNS][Network][Acceptable][venetia.iad.appboy.com] new: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] - detected: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe] - detection-update: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe] + detected: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe][venetia.iad.appboy.com] + detection-update: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Web][Safe][venetia.iad.appboy.com] analyse: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.702| 1.934| 2.902| 8424002.683| 3.500] @@ -78,9 +78,9 @@ new: [....20] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7987] detected: [....20] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7987] [Viber][VoIP][Acceptable] new: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] - detected: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] - detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable][brahe.apptimize.com] + detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable][brahe.apptimize.com] + detection-update: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS.AmazonAWS][Cloud][Acceptable][brahe.apptimize.com] analyse: [....19] [ip4][..udp] [...192.168.0.17][47171] -> [....18.201.4.32][.7985] [Viber][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.525| 0.329| 0.210| 44226.417| 4.600] @@ -108,8 +108,8 @@ [PKTLENS.....: 285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285] [ENTROPIES...: 6.3,4.5,5.0,3.5,4.0,6.4,3.5,5.1,4.4,6.4,4.0,3.5,6.3,3.5,5.0,4.4,6.3,3.9,3.4,6.4,3.5,5.0,4.4,6.3,3.9,3.5,6.4,3.5,5.0,4.4,4.0,6.4] new: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] - detected: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Web][Acceptable] - detection-update: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Web][Acceptable] + detected: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Web][Acceptable][www.google.com] + detection-update: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Web][Acceptable][www.google.com] new: [....26] [ip4][.icmp] [...192.168.0.17] -> [...192.168.0.15] detected: [....26] [ip4][.icmp] [...192.168.0.17] -> [...192.168.0.15] [ICMP][Network][Acceptable] update: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Advertisement][Acceptable] diff --git a/test/results/flow-info/wa_video.pcap.out b/test/results/flow-info/wa_video.pcap.out index 5ab984b25..89429a960 100644 --- a/test/results/flow-info/wa_video.pcap.out +++ b/test/results/flow-info/wa_video.pcap.out @@ -5,17 +5,17 @@ detected: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable] new: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [MIDSTREAM] new: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] - detected: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....4] [ip4][..udp] [...192.168.2.12][53688] -> [..185.60.216.51][.3478] - detected: [.....4] [ip4][..udp] [...192.168.2.12][53688] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....4] [ip4][..udp] [...192.168.2.12][53688] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....5] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.193.48][.3478] - detected: [.....5] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....5] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....6] [ip4][..udp] [...192.168.2.12][53688] -> [..179.60.192.48][.3478] - detected: [.....6] [ip4][..udp] [...192.168.2.12][53688] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....6] [ip4][..udp] [...192.168.2.12][53688] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....7] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.196.62][.3478] - detected: [.....7] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....7] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] - detected: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] analyse: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.404| 0.182| 0.481| 231053.525| 2.400] @@ -39,12 +39,12 @@ [PKTLENS.....: 154,154,72,72,154,500,72,500,500,500,500,500,500,34,500,500,30,500,500,500,500,500,500,500,154,72,48,500,48,500,500,48] [ENTROPIES...: 6.5,6.5,5.2,5.3,6.5,7.4,5.3,7.5,7.5,7.5,7.5,7.4,7.5,4.6,7.5,7.5,4.5,7.5,7.5,7.5,7.4,7.5,7.4,7.4,6.5,5.3,3.8,7.3,3.8,7.4,7.4,4.2] new: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][lucas-imac] new: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] - detected: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] - detected: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -59,9 +59,9 @@ new: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] detected: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] new: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] - detected: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900] - detected: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] idle: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] idle: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] idle: [.....7] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] diff --git a/test/results/flow-info/wa_voice.pcap.out b/test/results/flow-info/wa_voice.pcap.out index 2d1869450..ee8252a7d 100644 --- a/test/results/flow-info/wa_voice.pcap.out +++ b/test/results/flow-info/wa_voice.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] - detected: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] + detected: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][www.google.com] + detection-update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][www.google.com] new: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] - detected: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] - detection-update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] + detected: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][g.whatsapp.net] + detection-update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][g.whatsapp.net] new: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Cloud][Acceptable] new: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] @@ -24,11 +24,11 @@ [PKTLENS.....: 64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52] [ENTROPIES...: 4.5,5.1,5.0,7.2,5.1,6.1,6.0,6.5,7.9,5.9,7.9,6.7,7.9,6.7,7.9,5.0,5.0,5.0,5.1,5.1,5.1,5.0,7.8,5.6,5.9,6.2,5.7,6.2,5.0,7.3,5.0,5.0] new: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] - detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable] - detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable] + detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] + detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] new: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] - detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] - detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] + detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] + detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] analyse: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.163| 0.021| 0.048| 2262.349| 2.500] @@ -44,31 +44,31 @@ new: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS.Apple][Web][Safe] new: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] - detected: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] - detected: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] - detected: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] new: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] - detected: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] new: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] - detected: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] - detected: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] - detected: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] - detected: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] - detected: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] - detected: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] - detected: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] - detection-update: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] + detected: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][pps.whatsapp.net] + detection-update: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][pps.whatsapp.net] new: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] - detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] - detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] + detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable][pps.whatsapp.net] + detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable][pps.whatsapp.net] analyse: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.129| 0.020| 0.031| 949.768| 3.500] @@ -80,9 +80,9 @@ [PKTLENS.....: 64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440] [ENTROPIES...: 4.4,5.1,4.9,4.8,5.0,7.8,7.9,7.3,4.9,4.9,6.1,5.9,5.9,5.8,7.0,7.0,6.4,4.9,4.9,5.6,5.1,5.8,5.0,5.9,4.9,5.0,7.6,4.9,7.9,7.9,7.8,7.8] new: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][lucas-imac] new: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] - detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -95,7 +95,7 @@ [PKTLENS.....: 154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72] [ENTROPIES...: 6.5,6.5,5.3,5.3,4.6,4.5,6.5,6.5,5.2,5.1,4.6,4.5,4.6,4.5,4.6,4.5,4.6,4.5,5.7,5.2,7.0,7.1,7.1,6.6,7.3,7.0,7.2,4.6,4.5,6.5,6.5,5.2] new: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] - detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -107,17 +107,17 @@ [IATS(ms)....: 578.2,623.6,1203.7,72.5,167.2,11.6,115.7,158.4,0.0,172.8,173.6,169.8,156.2,136.6,155.3,179.8,99.3,157.4,38.3,163.4,181.3,166.6,142.4,3.0,26.0,115.3,6.1,171.8,106.3,56.2,143.4] [PKTLENS.....: 72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179] [ENTROPIES...: 5.5,5.6,5.5,5.6,5.5,5.6,6.9,7.1,6.7,6.6,7.3,6.5,6.7,6.6,6.5,6.6,6.5,6.6,6.7,6.8,6.7,6.7,6.7,6.7,6.5,5.2,6.6,6.6,6.7,6.6,6.6,6.8] - detection-update: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detection-update: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_homekit._tcp.local] + detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_homekit._tcp.local] new: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [MIDSTREAM] update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable] update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] update: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable] update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] new: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] - detected: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] - detected: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] detected: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Network][Acceptable] idle: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Cloud][Acceptable] diff --git a/test/results/flow-info/waze.pcap.out b/test/results/flow-info/waze.pcap.out index 50b1e5d3d..8ea9ce42f 100644 --- a/test/results/flow-info/waze.pcap.out +++ b/test/results/flow-info/waze.pcap.out @@ -5,65 +5,65 @@ new: [.....2] [ip4][..udp] [.......10.8.0.1][46214] -> [..200.89.75.198][..123] detected: [.....2] [ip4][..udp] [.......10.8.0.1][46214] -> [..200.89.75.198][..123] [NTP][System][Acceptable] new: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] - detected: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Web][Acceptable][xtra1.gpsonextra.net] new: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] new: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] new: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] - detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] + detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][roadshields.waze.com] + detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][roadshields.waze.com] new: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] - detected: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS.Google][Web][Acceptable] + detected: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS.Google][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS.Google][Web][Acceptable] + detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS.Google][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] - detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] + detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] + detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] + detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] + detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Download][Acceptable] + detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Download][Acceptable][xtra1.gpsonextra.net] RISK: Binary App Transfer new: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] new: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] - detected: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detection-update: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detected: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detection-update: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] + detected: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] + detection-update: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] + detected: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][roadshields.waze.com] + detection-update: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][roadshields.waze.com] new: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] new: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] new: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] new: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] new: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] - detected: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] + detected: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] + detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] new: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] - detected: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] + detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] + detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] - detected: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] - detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] + detected: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] + detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable][cres.waze.com] analyse: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Download][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 3.681| 0.340| 0.885| 782653.260| 2.800] @@ -84,41 +84,41 @@ [IATS(ms)....: 1.2,10.9,357.2,367.1,474.4,475.3,8.1,9.0,265.9,317.7,52.0,0.9,0.6,0.3,0.3,1430.1,1483.3,119.5,172.8,51.4,51.9,1.4,0.9,0.5,0.4,0.3,0.4,1601.9,1658.8,0.2,57.1] [PKTLENS.....: 60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40] [ENTROPIES...: 4.3,4.7,4.7,5.2,4.7,7.4,4.6,7.3,4.7,7.0,6.9,4.6,7.6,4.7,6.1,4.6,8.0,4.7,6.8,4.6,7.6,4.6,7.7,4.6,7.6,4.7,6.2,4.7,8.0,4.6,6.8,4.6] - detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] + detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] - detected: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] - detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] - detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] - detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80] [MIDSTREAM] new: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] [MIDSTREAM] @@ -149,7 +149,7 @@ [IATS(ms)....: 2.4,2.8,291.8,292.5,279.8,332.4,52.7,50.7,425.1,475.7,259.9,310.7,0.7,51.4,0.6,0.7,0.5,0.3,293.9,546.0,252.8,1.5,20.2,21.2,56.9,56.8,156.2,205.9,52.7,4.2,1449.2] [PKTLENS.....: 60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40] [ENTROPIES...: 4.4,4.8,4.8,5.2,4.7,7.0,4.8,7.6,4.6,6.6,4.7,7.0,4.7,7.6,4.8,7.4,4.7,5.7,4.7,8.0,4.8,8.0,4.7,7.8,4.7,8.0,4.8,7.8,4.8,8.0,4.7,4.8] - detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older) analyse: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] min| max| avg| stddev| variance| entropy @@ -162,20 +162,20 @@ [PKTLENS.....: 60,40,40,222,40,1052,40,2175,40,366,40,274,40,221,40,541,40,93,40,1052,40,3646,40,189,40,301,40,317,40,77,40,40] [ENTROPIES...: 4.3,4.7,4.7,5.2,4.6,7.0,4.7,7.5,4.6,7.3,4.7,7.0,4.7,7.0,4.7,7.5,4.7,6.1,4.7,7.8,4.7,7.9,4.7,6.8,4.7,7.2,4.7,7.3,4.7,5.7,4.6,4.7] new: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] - detected: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....32] [ip4][..tcp] [.......10.8.0.1][50828] -> [108.168.176.228][..443] detected: [....32] [ip4][..tcp] [.......10.8.0.1][50828] -> [108.168.176.228][..443] [WhatsApp][Chat][Acceptable] new: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] - detected: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] + detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - guessed: [....26] [ip4][..tcp] [...10.16.37.157][52953] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable] + guessed: [....26] [ip4][..tcp] [...10.16.37.157][52953] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable][] end: [....26] [ip4][..tcp] [...10.16.37.157][52953] -> [...200.160.4.49][...80] end: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] end: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] @@ -185,7 +185,7 @@ end: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] end: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable] idle: [....32] [ip4][..tcp] [.......10.8.0.1][50828] -> [108.168.176.228][..443] [WhatsApp][Chat][Acceptable] - guessed: [....25] [ip4][..tcp] [.......10.8.0.1][45169] -> [..200.160.4.198][...80] [HTTP][Web][Acceptable] + guessed: [....25] [ip4][..tcp] [.......10.8.0.1][45169] -> [..200.160.4.198][...80] [HTTP][Web][Acceptable][] end: [....25] [ip4][..tcp] [.......10.8.0.1][45169] -> [..200.160.4.198][...80] end: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher @@ -207,20 +207,20 @@ end: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] end: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] end: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] - guessed: [....24] [ip4][..tcp] [...10.16.37.157][41823] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable] + guessed: [....24] [ip4][..tcp] [...10.16.37.157][41823] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable][] end: [....24] [ip4][..tcp] [...10.16.37.157][41823] -> [...200.160.4.49][...80] - guessed: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80] [HTTP][Web][Acceptable] + guessed: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80] [HTTP][Web][Acceptable][] end: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80] - guessed: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable] + guessed: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable][] end: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80] end: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Download][Acceptable] RISK: Binary App Transfer - guessed: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable] + guessed: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable][] end: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] guessed: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [TLS][Web][Safe] end: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] idle: [.....2] [ip4][..udp] [.......10.8.0.1][46214] -> [..200.89.75.198][..123] [NTP][System][Acceptable] - guessed: [....27] [ip4][..tcp] [...10.16.37.157][52746] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable] + guessed: [....27] [ip4][..tcp] [...10.16.37.157][52746] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable][] end: [....27] [ip4][..tcp] [...10.16.37.157][52746] -> [...200.160.4.49][...80] not-detected: [.....1] [ip4][..tcp] [...10.16.37.157][42256] -> [..174.37.231.81][.5222] [Unknown][Unrated] end: [.....1] [ip4][..tcp] [...10.16.37.157][42256] -> [..174.37.231.81][.5222] diff --git a/test/results/flow-info/webex.pcap.out b/test/results/flow-info/webex.pcap.out index 6f601de5c..49b8b583a 100644 --- a/test/results/flow-info/webex.pcap.out +++ b/test/results/flow-info/webex.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] - detected: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detected: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] min| max| avg| stddev| variance| entropy @@ -16,22 +16,22 @@ [IATS(ms)....: 6.5,6.7,0.2,0.6,505.7,557.3,57.9,60.1,0.9,55.6,257.5,309.3,10.1,61.4,0.8,0.7,299.2,351.3,56.0,56.2,0.8,52.9,0.4,2.8,268.6,322.3,52.3,51.9,18.4,69.5,0.5] [PKTLENS.....: 60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504] [ENTROPIES...: 4.4,4.7,4.7,5.5,4.7,7.3,4.8,7.1,4.7,7.2,4.6,5.6,4.6,7.7,4.5,6.3,4.6,7.9,4.7,7.8,4.8,7.6,4.6,7.3,4.7,7.9,4.7,7.7,4.7,7.6,4.5,7.6] - detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] - detected: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detected: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS new: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] new: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] - detected: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detected: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detected: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -46,19 +46,19 @@ new: [.....5] [ip4][..tcp] [..10.133.206.47][54651] -> [..185.63.147.10][..443] [MIDSTREAM] new: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] [MIDSTREAM] new: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] - detected: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detected: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] - detected: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS][Web][Safe] + detected: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] - detected: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detected: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher analyse: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -72,76 +72,76 @@ [ENTROPIES...: 4.4,4.7,4.7,5.3,4.6,7.2,4.7,7.2,4.6,7.3,4.6,6.0,7.6,4.5,5.7,4.6,7.9,4.7,8.0,4.7,7.9,4.7,8.0,4.7,6.8,4.6,7.9,4.6,8.0,4.7,7.9,4.7] new: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] new: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] - detected: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] - detected: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] - detected: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....14] [ip4][..tcp] [.......10.8.0.1][45814] -> [...62.109.231.3][..443] - detected: [....14] [ip4][..tcp] [.......10.8.0.1][45814] -> [...62.109.231.3][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....14] [ip4][..tcp] [.......10.8.0.1][45814] -> [...62.109.231.3][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] new: [....16] [ip4][..tcp] [.......10.8.0.1][47116] -> [.114.29.202.139][..443] new: [....17] [ip4][..tcp] [.......10.8.0.1][52730] -> [...173.243.4.76][..443] new: [....18] [ip4][..tcp] [.......10.8.0.1][52219] -> [..64.68.121.100][..443] new: [....19] [ip4][..tcp] [.......10.8.0.1][55969] -> [...64.68.121.99][..443] - detected: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....16] [ip4][..tcp] [.......10.8.0.1][47116] -> [.114.29.202.139][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....16] [ip4][..tcp] [.......10.8.0.1][47116] -> [.114.29.202.139][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....17] [ip4][..tcp] [.......10.8.0.1][52730] -> [...173.243.4.76][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....17] [ip4][..tcp] [.......10.8.0.1][52730] -> [...173.243.4.76][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....20] [ip4][..tcp] [.......10.8.0.1][47841] -> [..114.29.200.11][..443] - detected: [....18] [ip4][..tcp] [.......10.8.0.1][52219] -> [..64.68.121.100][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....18] [ip4][..tcp] [.......10.8.0.1][52219] -> [..64.68.121.100][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....19] [ip4][..tcp] [.......10.8.0.1][55969] -> [...64.68.121.99][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....19] [ip4][..tcp] [.......10.8.0.1][55969] -> [...64.68.121.99][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....20] [ip4][..tcp] [.......10.8.0.1][47841] -> [..114.29.200.11][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....20] [ip4][..tcp] [.......10.8.0.1][47841] -> [..114.29.200.11][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....21] [ip4][..tcp] [.......10.8.0.1][51370] -> [...64.68.105.97][..443] new: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] - detected: [....21] [ip4][..tcp] [.......10.8.0.1][51370] -> [...64.68.105.97][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....21] [ip4][..tcp] [.......10.8.0.1][51370] -> [...64.68.105.97][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....23] [ip4][..tcp] [.......10.8.0.1][41386] -> [..64.68.105.103][..443] - detected: [....23] [ip4][..tcp] [.......10.8.0.1][41386] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....23] [ip4][..tcp] [.......10.8.0.1][41386] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][45814] -> [...62.109.231.3][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][45814] -> [...62.109.231.3][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][52730] -> [...173.243.4.76][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][52730] -> [...173.243.4.76][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....23] [ip4][..tcp] [.......10.8.0.1][41386] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....23] [ip4][..tcp] [.......10.8.0.1][41386] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....21] [ip4][..tcp] [.......10.8.0.1][51370] -> [...64.68.105.97][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....21] [ip4][..tcp] [.......10.8.0.1][51370] -> [...64.68.105.97][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][52219] -> [..64.68.121.100][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][52219] -> [..64.68.121.100][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][55969] -> [...64.68.121.99][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][55969] -> [...64.68.121.99][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] detected: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] [SIP][VoIP][Acceptable] - detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][47116] -> [.114.29.202.139][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][47116] -> [.114.29.202.139][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][47841] -> [..114.29.200.11][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][47841] -> [..114.29.200.11][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] - detected: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Advertisement][Acceptable] + detected: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Advertisement][Acceptable][ssl.google-analytics.com] RISK: TLS (probably) Not Carrying HTTPS new: [....26] [ip4][..tcp] [.......10.8.0.1][47135] -> [.114.29.202.139][..443] new: [....27] [ip4][..tcp] [.......10.8.0.1][41757] -> [.114.29.213.212][..443] @@ -154,45 +154,45 @@ detected: [....33] [ip4][..tcp] [..10.133.206.47][33459] -> [...80.74.110.68][..443] [TLS][Web][Safe] new: [....34] [ip4][..tcp] [.......10.8.0.1][33511] -> [...80.74.110.68][..443] new: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] - detected: [....26] [ip4][..tcp] [.......10.8.0.1][47135] -> [.114.29.202.139][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....26] [ip4][..tcp] [.......10.8.0.1][47135] -> [.114.29.202.139][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....27] [ip4][..tcp] [.......10.8.0.1][41757] -> [.114.29.213.212][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....27] [ip4][..tcp] [.......10.8.0.1][41757] -> [.114.29.213.212][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....28] [ip4][..tcp] [.......10.8.0.1][51676] -> [..114.29.204.49][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....28] [ip4][..tcp] [.......10.8.0.1][51676] -> [..114.29.204.49][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....29] [ip4][..tcp] [.......10.8.0.1][37139] -> [...64.68.105.98][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....29] [ip4][..tcp] [.......10.8.0.1][37139] -> [...64.68.105.98][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....30] [ip4][..tcp] [.......10.8.0.1][41394] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....30] [ip4][..tcp] [.......10.8.0.1][41394] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....31] [ip4][..tcp] [.......10.8.0.1][51134] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....31] [ip4][..tcp] [.......10.8.0.1][51134] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....32] [ip4][..tcp] [.......10.8.0.1][51135] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....32] [ip4][..tcp] [.......10.8.0.1][51135] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....34] [ip4][..tcp] [.......10.8.0.1][33511] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detected: [....34] [ip4][..tcp] [.......10.8.0.1][33511] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detected: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detected: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Advertisement][Acceptable] + detection-update: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Advertisement][Acceptable][ssl.google-analytics.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detection-update: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) new: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] new: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] - detected: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher - detection-update: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....38] [ip4][..tcp] [.......10.8.0.1][41419] -> [..64.68.105.103][..443] - detected: [....38] [ip4][..tcp] [.......10.8.0.1][41419] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....38] [ip4][..tcp] [.......10.8.0.1][41419] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....38] [ip4][..tcp] [.......10.8.0.1][41419] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....38] [ip4][..tcp] [.......10.8.0.1][41419] -> [..64.68.105.103][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] - detected: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) analyse: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -204,7 +204,7 @@ [IATS(ms)....: 14.2,16.6,0.1,3.2,966.8,968.2,50.6,52.1,160.0,217.3,56.9,151.8,203.4,506.4,456.2,506.1,506.2,258.0,307.3,51.0,1.8,210.7,261.7,55.5,54.3,51.9,51.3,2214.6,2165.1,3.2,2.9] [PKTLENS.....: 60,40,40,103,40,3947,40,366,40,99,514,40,258,40,1010,40,10567,40,157,40,274,40,109,40,205,40,385,40,546,40,588,40] [ENTROPIES...: 4.5,4.8,4.8,5.4,4.7,7.3,4.8,7.2,4.7,5.9,7.5,4.7,7.2,4.7,7.7,4.8,8.0,4.8,6.6,4.8,7.2,4.8,6.1,4.8,6.9,4.8,7.3,4.7,7.5,4.8,7.6,4.8] - detection-update: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher analyse: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -217,63 +217,63 @@ [PKTLENS.....: 60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40] [ENTROPIES...: 4.4,4.7,4.6,5.4,4.7,7.3,4.8,7.3,4.8,6.0,7.6,4.8,7.6,4.8,6.5,4.8,7.6,4.8,7.6,4.8,7.4,4.8,7.4,4.7,7.6,4.7,6.5,4.7,7.6,4.7,7.0,4.8] new: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] - detected: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....41] [ip4][..tcp] [.......10.8.0.1][55669] -> [..173.243.0.110][..443] - detected: [....41] [ip4][..tcp] [.......10.8.0.1][55669] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....41] [ip4][..tcp] [.......10.8.0.1][55669] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....41] [ip4][..tcp] [.......10.8.0.1][55669] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....41] [ip4][..tcp] [.......10.8.0.1][55669] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher update: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] [SIP][VoIP][Acceptable] new: [....42] [ip4][..tcp] [.......10.8.0.1][55671] -> [..173.243.0.110][..443] - detected: [....42] [ip4][..tcp] [.......10.8.0.1][55671] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....42] [ip4][..tcp] [.......10.8.0.1][55671] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....42] [ip4][..tcp] [.......10.8.0.1][55671] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....42] [ip4][..tcp] [.......10.8.0.1][55671] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....43] [ip4][..tcp] [.......10.8.0.1][51839] -> [.62.109.229.158][..443] - detected: [....43] [ip4][..tcp] [.......10.8.0.1][51839] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....43] [ip4][..tcp] [.......10.8.0.1][51839] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] - detected: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS.AmazonAWS][Cloud][Acceptable][api.crittercism.com] RISK: Obsolete TLS (v1.1 or older) new: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] new: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] - detected: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] [HTTP][Web][Acceptable] - detection-update: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] [HTTP][Web][Acceptable] - detected: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Web][Acceptable] - detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detected: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] [HTTP][Web][Acceptable][cp.pushwoosh.com] + detection-update: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] [HTTP][Web][Acceptable][cp.pushwoosh.com] + detected: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Web][Acceptable][cp.pushwoosh.com] + detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS.AmazonAWS][Cloud][Acceptable][api.crittercism.com] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS.AmazonAWS][Cloud][Acceptable] + detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS.AmazonAWS][Cloud][Acceptable][api.crittercism.com] RISK: Obsolete TLS (v1.1 or older) new: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] - detected: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detected: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detection-update: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) new: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] new: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] - detected: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detected: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detected: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detected: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detection-update: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detection-update: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) new: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] - detected: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] - detected: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detected: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Web][Safe] + detection-update: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) new: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] - detected: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detection-update: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [....53] [ip4][..udp] [.......10.8.0.1][51772] -> [.62.109.229.158][.9000] new: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] @@ -288,16 +288,16 @@ [PKTLENS.....: 60,40,40,227,40,3947,40,366,40,99,40,114,40,77,40,418,40,109,40,529,40,130,40,194,40,162,40,162,40,146,40,109] [ENTROPIES...: 4.5,4.8,4.8,5.2,4.7,7.3,4.8,7.3,4.8,6.0,4.8,6.2,4.8,5.7,4.8,7.5,4.8,6.2,4.8,7.4,4.8,6.4,4.8,6.8,4.7,6.6,4.6,6.6,4.8,6.4,4.7,6.2] new: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] - detected: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) new: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] new: [....57] [ip4][..tcp] [.......10.8.0.1][51195] -> [.62.109.224.120][..443] - detected: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) - detected: [....57] [ip4][..tcp] [.......10.8.0.1][51195] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detected: [....57] [ip4][..tcp] [.......10.8.0.1][51195] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older) update: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] [SIP][VoIP][Acceptable] - detection-update: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable] + detection-update: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] [TLS.Webex][VoIP][Acceptable][] RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher end: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] [HTTP][Web][Acceptable] end: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Web][Acceptable] diff --git a/test/results/flow-info/wechat.pcap.out b/test/results/flow-info/wechat.pcap.out index 68bc9f13d..6c0779dcb 100644 --- a/test/results/flow-info/wechat.pcap.out +++ b/test/results/flow-info/wechat.pcap.out @@ -3,28 +3,28 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54084] [MIDSTREAM] new: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] - detected: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_googlecast._tcp.local] new: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] - detected: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_googlecast._tcp.local] new: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] - detected: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] + detected: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable][safebrowsing.googleusercontent.com] + detection-update: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable][safebrowsing.googleusercontent.com] new: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] - detected: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Web][Acceptable] - detection-update: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Web][Acceptable] - detection-update: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Web][Acceptable] + detected: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Web][Acceptable][safebrowsing.googleusercontent.com] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Web][Acceptable][safebrowsing.googleusercontent.com] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Web][Acceptable][safebrowsing.googleusercontent.com] new: [.....6] [ip4][..tcp] [..192.168.1.103][47627] -> [..216.58.205.78][..443] [MIDSTREAM] new: [.....7] [ip4][..tcp] [..192.168.1.103][53220] -> [..172.217.23.78][..443] [MIDSTREAM] new: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] - detected: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] + detected: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable][ssl.gstatic.com] + detection-update: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable][ssl.gstatic.com] new: [.....9] [ip4][..udp] [..192.168.1.103][51507] -> [..172.217.23.67][..443] - detected: [.....9] [ip4][..udp] [..192.168.1.103][51507] -> [..172.217.23.67][..443] [QUIC.Google][Web][Acceptable] + detected: [.....9] [ip4][..udp] [..192.168.1.103][51507] -> [..172.217.23.67][..443] [QUIC.Google][Web][Acceptable][ssl.gstatic.com] new: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] - detected: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS.GoogleDocs][Collaborative][Acceptable] - detection-update: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS.GoogleDocs][Collaborative][Acceptable] + detected: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS.GoogleDocs][Collaborative][Acceptable][docs.google.com] + detection-update: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS.GoogleDocs][Collaborative][Acceptable][docs.google.com] new: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443] - detected: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443] [QUIC.GoogleDocs][Collaborative][Acceptable] + detected: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443] [QUIC.GoogleDocs][Collaborative][Acceptable][docs.google.com] new: [....12] [ip4][..tcp] [..192.168.1.103][36017] -> [.64.233.167.188][.5228] [MIDSTREAM] new: [....13] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54058] [MIDSTREAM] detected: [....13] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54058] [TLS][Web][Safe] @@ -32,14 +32,14 @@ new: [....15] [ip4][..tcp] [..192.168.1.103][54085] -> [203.205.151.162][..443] [MIDSTREAM] new: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] new: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] - detected: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detected: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] new: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] - detection-update: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detected: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detection-update: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] analyse: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.411| 0.155| 0.181| 32640.860| 3.800] @@ -50,28 +50,28 @@ [IATS(ms)....: 361.6,361.6,0.4,378.1,3.6,381.3,56.9,56.9,0.3,0.3,2.7,376.6,375.0,3.3,373.8,38.3,2.8,410.6,21.2,3.3,393.4,30.9,401.1,383.7,0.8,383.1,2.9,2.9,5.8,1.1,1.1] [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,219,52,1225,429,52,250,1140,1480,1480,52,1480,1480,52,5878,52] [ENTROPIES...: 4.7,5.2,5.0,5.8,5.2,6.8,5.0,7.5,5.0,7.3,5.0,6.3,5.8,7.8,7.6,5.1,7.9,7.0,5.0,7.8,7.4,5.2,7.1,7.8,7.9,7.9,4.9,7.9,7.9,5.0,8.0,5.1] - detection-update: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detection-update: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....18] [ip4][..tcp] [..192.168.1.103][54091] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] detected: [.....6] [ip4][..tcp] [..192.168.1.103][47627] -> [..216.58.205.78][..443] [TLS.Google][Web][Acceptable] detected: [.....7] [ip4][..tcp] [..192.168.1.103][53220] -> [..172.217.23.78][..443] [TLS.Google][Web][Acceptable] new: [....19] [ip4][..tcp] [..192.168.1.103][54092] -> [203.205.151.162][..443] new: [....20] [ip4][..tcp] [..192.168.1.103][54093] -> [203.205.151.162][..443] - detected: [....19] [ip4][..tcp] [..192.168.1.103][54092] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....19] [ip4][..tcp] [..192.168.1.103][54092] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....19] [ip4][..tcp] [..192.168.1.103][54092] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....19] [ip4][..tcp] [..192.168.1.103][54092] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....19] [ip4][..tcp] [..192.168.1.103][54092] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....19] [ip4][..tcp] [..192.168.1.103][54092] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] new: [....21] [ip4][..tcp] [..192.168.1.103][49787] -> [.216.58.205.142][..443] [MIDSTREAM] new: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] new: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] - detected: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detected: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] new: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] - detection-update: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detected: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detection-update: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....23] [ip4][..tcp] [..192.168.1.103][54095] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....24] [ip4][..tcp] [..192.168.1.103][54096] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] new: [....25] [ip4][..tcp] [..192.168.1.103][40740] -> [203.205.151.211][..443] [MIDSTREAM] analyse: [....22] [ip4][..tcp] [..192.168.1.103][54094] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] min| max| avg| stddev| variance| entropy @@ -112,13 +112,13 @@ update: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443] [QUIC.GoogleDocs][Collaborative][Acceptable] new: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] new: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] - detected: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] detected: [....25] [ip4][..tcp] [..192.168.1.103][40740] -> [203.205.151.211][..443] [TLS][Web][Safe] - detected: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....27] [ip4][..tcp] [..192.168.1.103][54098] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] analyse: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 6.862| 1.014| 1.948| 3793749.017| 3.100] @@ -164,23 +164,23 @@ update: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443] [QUIC.GoogleDocs][Collaborative][Acceptable] new: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] new: [....32] [ip4][..tcp] [..192.168.1.103][54100] -> [203.205.151.162][..443] - detected: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detected: [....32] [ip4][..tcp] [..192.168.1.103][54100] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....32] [ip4][..tcp] [..192.168.1.103][54100] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] new: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] new: [....34] [ip4][..tcp] [..192.168.1.103][54102] -> [203.205.151.162][..443] - detection-update: [....32] [ip4][..tcp] [..192.168.1.103][54100] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....32] [ip4][..tcp] [..192.168.1.103][54100] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detected: [....34] [ip4][..tcp] [..192.168.1.103][54102] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detection-update: [....32] [ip4][..tcp] [..192.168.1.103][54100] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....32] [ip4][..tcp] [..192.168.1.103][54100] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....34] [ip4][..tcp] [..192.168.1.103][54102] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] new: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] - detected: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....34] [ip4][..tcp] [..192.168.1.103][54102] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detected: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....34] [ip4][..tcp] [..192.168.1.103][54102] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] new: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] analyse: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] min| max| avg| stddev| variance| entropy @@ -192,9 +192,9 @@ [IATS(ms)....: 366.1,366.2,0.5,368.6,0.8,368.9,8.2,8.2,3.1,367.9,365.6,3.2,378.7,92.7,2.0,469.4,27.8,1.7,407.1,30.0,408.6,3.8,397.8,10.9,404.7,396.0,0.8,396.2,0.5,1.2,1.8] [PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1480,330,52,1225,429,52,250,1225,429,52,250,1140,1480,1480,52,1480,1480,52] [ENTROPIES...: 4.7,5.1,4.8,5.8,5.2,6.8,5.1,7.6,5.0,6.2,6.0,7.8,7.5,5.1,7.9,7.3,5.0,7.8,7.4,5.0,7.0,7.8,7.4,5.1,7.1,7.8,7.9,7.8,4.9,7.9,7.9,5.0] - detected: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....36] [ip4][..tcp] [..192.168.1.103][54104] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] analyse: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.647| 0.130| 0.182| 33080.510| 3.500] @@ -205,7 +205,7 @@ [IATS(ms)....: 360.8,360.9,1.1,320.2,2.0,321.1,0.8,0.8,0.5,0.5,2.5,331.8,329.8,339.6,0.8,339.8,0.5,4.5,5.1,2.5,2.5,1.1,1.1,271.4,646.7,0.8,376.1,0.5,0.9,1.5,0.5] [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1140,1480,1480,52,1480,1480,52,2908,52,3120,52,1140,1480,1480,52,1480,1480,52,1480] [ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,6.8,5.1,7.5,5.0,7.3,5.0,6.4,5.8,7.9,7.9,7.9,5.1,7.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8,7.9,7.9,5.0,7.9,7.9,5.1,7.9] - detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] analyse: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.952| 0.213| 0.233| 54375.543| 4.000] @@ -226,9 +226,9 @@ new: [....38] [ip4][..tcp] [..192.168.1.103][54110] -> [203.205.151.162][..443] [MIDSTREAM] new: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] new: [....40] [ip4][..tcp] [..192.168.1.103][54112] -> [203.205.151.162][..443] - detected: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] new: [....41] [ip4][..tcp] [..192.168.1.103][54106] -> [203.205.151.162][..443] [MIDSTREAM] end: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] end: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] @@ -262,15 +262,15 @@ update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] new: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] new: [....43] [ip4][..tcp] [..192.168.1.103][54114] -> [203.205.151.162][..443] - detected: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] new: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] - detected: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Chat][Fun] - detection-update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Chat][Fun] + detected: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Chat][Fun][res.wx.qq.com] + detection-update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Chat][Fun][res.wx.qq.com] new: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] new: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] - detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun] + detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun][res.wx.qq.com] analyse: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.615| 0.560| 1.552| 2408711.979| 2.600] @@ -281,28 +281,28 @@ [IATS(ms)....: 315.2,315.3,0.4,318.4,1.9,319.8,0.5,0.5,1.1,1.1,2.6,316.6,315.1,4.6,327.3,29.7,2.7,353.9,21.7,4.6,350.0,32.2,392.6,18.0,3.3,380.6,36.9,359.5,6259.0,6615.4,265.6] [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,250,52,1292,527,52,989,52,1113,52,1480] [ENTROPIES...: 4.7,5.2,5.0,5.9,5.2,6.8,5.1,7.5,5.1,7.3,5.1,6.3,6.0,7.8,7.6,5.1,7.9,6.3,5.0,7.8,7.4,5.1,7.0,5.0,7.8,7.6,5.2,7.8,5.1,7.8,5.1,7.9] - detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun] + detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun][res.wx.qq.com] RISK: Weak TLS Cipher - detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun] + detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Chat][Fun][res.wx.qq.com] RISK: Weak TLS Cipher new: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] - detected: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] - detection-update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] + detected: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable][ssl.gstatic.com] + detection-update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable][ssl.gstatic.com] new: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] - detected: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Web][Acceptable] + detected: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Web][Acceptable][ssl.gstatic.com] new: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] - detected: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][giovanni-pc] RISK: Unsafe Protocol update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] new: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] new: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] - detected: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detected: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Chat][Fun] update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Web][Acceptable] @@ -338,12 +338,12 @@ [ENTROPIES...: 3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8,3.8] new: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] new: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] - detected: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detected: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] + detected: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] update: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] RISK: Unsafe Protocol @@ -366,21 +366,21 @@ update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Web][Acceptable] new: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] - detected: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun] - detection-update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun] + detected: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun][web.wechat.com] new: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443] new: [....56] [ip4][..tcp] [..192.168.1.103][58037] -> [203.205.147.171][..443] - detected: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] + detected: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] end: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] guessed: [....40] [ip4][..tcp] [..192.168.1.103][54112] -> [203.205.151.162][..443] [TLS][Web][Safe] end: [....40] [ip4][..tcp] [..192.168.1.103][54112] -> [203.205.151.162][..443] new: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] new: [....58] [ip4][..tcp] [..192.168.1.103][58039] -> [203.205.147.171][..443] - detected: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] + detected: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] analyse: [....57] [ip4][..tcp] [..192.168.1.103][58038] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.509| 0.286| 0.565| 319614.583| 3.400] @@ -401,9 +401,9 @@ RISK: Unsafe Protocol update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] new: [....59] [ip4][..udp] [..192.168.1.100][.5353] -> [....224.0.0.251][.5353] - detected: [....59] [ip4][..udp] [..192.168.1.100][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....59] [ip4][..udp] [..192.168.1.100][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_googlecast._tcp.local] new: [....60] [ip6][..udp] [..............fe80::91f9:3df3:7436:6cd6][.5353] -> [...............................ff02::fb][.5353] - detected: [....60] [ip6][..udp] [..............fe80::91f9:3df3:7436:6cd6][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....60] [ip6][..udp] [..............fe80::91f9:3df3:7436:6cd6][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_googlecast._tcp.local] new: [....61] [ip4][..udp] [..192.168.1.100][54124] -> [....224.0.0.252][.5355] detected: [....61] [ip4][..udp] [..192.168.1.100][54124] -> [....224.0.0.252][.5355] [LLMNR][Network][Acceptable] new: [....62] [ip4][..udp] [..192.168.1.100][49832] -> [....224.0.0.252][.5355] @@ -417,7 +417,7 @@ new: [....66] [ip6][..udp] [..............fe80::91f9:3df3:7436:6cd6][50577] -> [..............................ff02::1:3][.5355] detected: [....66] [ip6][..udp] [..............fe80::91f9:3df3:7436:6cd6][50577] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] new: [....67] [ip4][..udp] [..192.168.1.100][..137] -> [..192.168.1.255][..137] - detected: [....67] [ip4][..udp] [..192.168.1.100][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [....67] [ip4][..udp] [..192.168.1.100][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][lbjamwptxz] end: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Chat][Fun] update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] @@ -449,16 +449,16 @@ new: [....68] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [................................ff02::2] detected: [....68] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [................................ff02::2] [ICMPV6][Network][Acceptable] new: [....69] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [....69] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [....69] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][iphonedimonica] new: [....70] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff86:6c5b] detected: [....70] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff86:6c5b] [ICMPV6][Network][Acceptable] new: [....71] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [...............................ff02::16] detected: [....71] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] new: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] - detected: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] + detected: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] analyse: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.577| 0.182| 0.352| 123851.137| 3.200] @@ -469,10 +469,10 @@ [IATS(ms)....: 268.3,268.4,0.5,270.4,0.8,270.7,0.4,0.4,1.0,1.0,2.8,273.1,271.4,0.2,0.0,0.0,0.0,0.0,1.2,289.4,22.8,22.4,9.7,380.7,1255.6,5.0,1577.0,73.3,351.0,6.0,3.3] [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1232,1480,1480,1480,1480,1480,315,52,52,52,143,52,1220,513,52,283,52,1292,527] [ENTROPIES...: 4.7,5.2,4.9,5.8,5.0,6.8,4.8,7.5,4.8,7.2,4.9,6.3,5.9,7.8,7.9,7.9,7.9,7.9,7.9,7.2,5.0,4.8,4.9,6.4,5.0,7.8,7.5,5.1,7.2,4.9,7.8,7.5] - detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detected: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] + detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detected: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] end: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Chat][Fun] end: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun] @@ -496,9 +496,9 @@ update: [....64] [ip6][..udp] [..............fe80::91f9:3df3:7436:6cd6][50440] -> [..............................ff02::1:3][.5355] [LLMNR][Network][Acceptable] new: [....74] [ip4][..tcp] [..192.168.1.103][58042] -> [203.205.147.171][..443] new: [....75] [ip4][..tcp] [..192.168.1.103][58043] -> [203.205.147.171][..443] - detected: [....74] [ip4][..tcp] [..192.168.1.103][58042] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....74] [ip4][..tcp] [..192.168.1.103][58042] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] - detection-update: [....74] [ip4][..tcp] [..192.168.1.103][58042] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun] + detected: [....74] [ip4][..tcp] [..192.168.1.103][58042] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....74] [ip4][..tcp] [..192.168.1.103][58042] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] + detection-update: [....74] [ip4][..tcp] [..192.168.1.103][58042] -> [203.205.147.171][..443] [TLS.WeChat][Chat][Fun][web.wechat.com] guessed: [....56] [ip4][..tcp] [..192.168.1.103][58037] -> [203.205.147.171][..443] [TLS.Tencent][SocialNetwork][Acceptable] end: [....56] [ip4][..tcp] [..192.168.1.103][58037] -> [203.205.147.171][..443] update: [....70] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff86:6c5b] [ICMPV6][Network][Acceptable] @@ -557,13 +557,13 @@ new: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] [MIDSTREAM] new: [....88] [ip4][..tcp] [..192.168.1.103][58226] -> [203.205.147.171][..443] [MIDSTREAM] new: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] - detected: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun] + detected: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun][webpush.web.wechat.com] new: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] - detected: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun] + detected: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun][webpush.web.wechat.com] new: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] - detected: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun] + detected: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun][webpush.web.wechat.com] new: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] - detected: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun] + detected: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun][webpush.web.wechat.com] new: [....93] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] detected: [....93] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] [IGMP][Network][Acceptable] new: [....94] [ip4][....2] [..192.168.1.103] -> [.....224.0.0.22] @@ -573,9 +573,9 @@ new: [....96] [ip4][....2] [..192.168.1.108] -> [.....224.0.0.22] detected: [....96] [ip4][....2] [..192.168.1.108] -> [.....224.0.0.22] [IGMP][Network][Acceptable] new: [....97] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] - detected: [....97] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....97] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_googlecast._tcp.local] new: [....98] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] - detected: [....98] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....98] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_googlecast._tcp.local] update: [....84] [ip4][..udp] [..192.168.1.103][37578] -> [193.204.114.233][..123] [NTP][System][Acceptable] update: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] update: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] @@ -583,31 +583,31 @@ update: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] detected: [....85] [ip4][..tcp] [..192.168.1.103][58143] -> [.216.58.205.131][..443] [TLS.Google][Web][Acceptable] new: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] - detected: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun] + detected: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS.WeChat][Chat][Fun][webpush.web.wechat.com] new: [...100] [ip4][..udp] [..192.168.1.103][59567] -> [..192.168.1.254][...53] - detected: [...100] [ip4][..udp] [..192.168.1.103][59567] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [...100] [ip4][..udp] [..192.168.1.103][59567] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][ssl.gstatic.com.lan] new: [...101] [ip4][..udp] [..192.168.1.103][42074] -> [..192.168.1.254][...53] - detected: [...101] [ip4][..udp] [..192.168.1.103][42074] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [...101] [ip4][..udp] [..192.168.1.103][42074] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][ssl.gstatic.com.lan] new: [...102] [ip4][..udp] [..192.168.1.103][43705] -> [..192.168.1.254][...53] - detected: [...102] [ip4][..udp] [..192.168.1.103][43705] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [...102] [ip4][..udp] [..192.168.1.103][43705] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][webpush.web.wechat.com.lan] new: [...103] [ip4][..udp] [..192.168.1.103][44063] -> [..192.168.1.254][...53] - detected: [...103] [ip4][..udp] [..192.168.1.103][44063] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [...103] [ip4][..udp] [..192.168.1.103][44063] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [...103] [ip4][..udp] [..192.168.1.103][44063] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][1.debian.pool.ntp.org] + detection-update: [...103] [ip4][..udp] [..192.168.1.103][44063] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][1.debian.pool.ntp.org] new: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] - detected: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] + detected: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous][giovanni-pc] RISK: Unsafe Protocol new: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53] - detected: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable] + detected: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53] [DNS.Google][Web][Acceptable][ssl.gstatic.com] new: [...106] [ip4][..udp] [..192.168.1.103][42856] -> [..192.168.1.254][...53] - detected: [...106] [ip4][..udp] [..192.168.1.103][42856] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [...106] [ip4][..udp] [..192.168.1.103][42856] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [...106] [ip4][..udp] [..192.168.1.103][42856] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][1.debian.pool.ntp.org.lan] + detection-update: [...106] [ip4][..udp] [..192.168.1.103][42856] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][1.debian.pool.ntp.org.lan] new: [...107] [ip4][..udp] [..192.168.1.103][44346] -> [..192.168.1.254][...53] - detected: [...107] [ip4][..udp] [..192.168.1.103][44346] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [...107] [ip4][..udp] [..192.168.1.103][44346] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][webpush.web.wechat.com.lan] new: [...108] [ip4][..udp] [..192.168.1.103][41759] -> [..192.168.1.254][...53] - detected: [...108] [ip4][..udp] [..192.168.1.103][41759] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] - detection-update: [...108] [ip4][..udp] [..192.168.1.103][41759] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [...108] [ip4][..udp] [..192.168.1.103][41759] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][2.debian.pool.ntp.org] + detection-update: [...108] [ip4][..udp] [..192.168.1.103][41759] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][2.debian.pool.ntp.org] new: [...109] [ip4][..udp] [..192.168.1.103][53515] -> [..192.168.1.254][...53] - detected: [...109] [ip4][..udp] [..192.168.1.103][53515] -> [..192.168.1.254][...53] [DNS][Network][Acceptable] + detected: [...109] [ip4][..udp] [..192.168.1.103][53515] -> [..192.168.1.254][...53] [DNS][Network][Acceptable][webpush.web.wechat.com.lan] idle: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53] idle: [....98] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] end: [....85] [ip4][..tcp] [..192.168.1.103][58143] -> [.216.58.205.131][..443] @@ -617,7 +617,7 @@ idle: [....95] [ip4][....2] [..192.168.1.100] -> [.....224.0.0.22] [IGMP][Network][Acceptable] idle: [....94] [ip4][....2] [..192.168.1.103] -> [.....224.0.0.22] [IGMP][Network][Acceptable] idle: [....93] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] [IGMP][Network][Acceptable] - guessed: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] [HTTP][Web][Acceptable] + guessed: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] [HTTP][Web][Acceptable][] end: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] idle: [...100] [ip4][..udp] [..192.168.1.103][59567] -> [..192.168.1.254][...53] idle: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous] @@ -637,20 +637,20 @@ idle: [...101] [ip4][..udp] [..192.168.1.103][42074] -> [..192.168.1.254][...53] idle: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] idle: [...107] [ip4][..udp] [..192.168.1.103][44346] -> [..192.168.1.254][...53] - guessed: [....83] [ip4][..tcp] [..192.168.1.103][34981] -> [...95.101.34.33][...80] [HTTP][Web][Acceptable] + guessed: [....83] [ip4][..tcp] [..192.168.1.103][34981] -> [...95.101.34.33][...80] [HTTP][Web][Acceptable][] end: [....83] [ip4][..tcp] [..192.168.1.103][34981] -> [...95.101.34.33][...80] - guessed: [....79] [ip4][..tcp] [..192.168.1.103][34996] -> [...95.101.34.33][...80] [HTTP][Web][Acceptable] + guessed: [....79] [ip4][..tcp] [..192.168.1.103][34996] -> [...95.101.34.33][...80] [HTTP][Web][Acceptable][] end: [....79] [ip4][..tcp] [..192.168.1.103][34996] -> [...95.101.34.33][...80] - guessed: [....80] [ip4][..tcp] [..192.168.1.103][34999] -> [...95.101.34.33][...80] [HTTP][Web][Acceptable] + guessed: [....80] [ip4][..tcp] [..192.168.1.103][34999] -> [...95.101.34.33][...80] [HTTP][Web][Acceptable][] end: [....80] [ip4][..tcp] [..192.168.1.103][34999] -> [...95.101.34.33][...80] - guessed: [....81] [ip4][..tcp] [..192.168.1.103][35000] -> [...95.101.34.33][...80] [HTTP][Web][Acceptable] + guessed: [....81] [ip4][..tcp] [..192.168.1.103][35000] -> [...95.101.34.33][...80] [HTTP][Web][Acceptable][] end: [....81] [ip4][..tcp] [..192.168.1.103][35000] -> [...95.101.34.33][...80] guessed: [....77] [ip4][..tcp] [..192.168.1.103][54205] -> [.64.233.167.188][..443] [TLS.Google][Web][Acceptable] idle: [....77] [ip4][..tcp] [..192.168.1.103][54205] -> [.64.233.167.188][..443] - guessed: [....86] [ip4][..tcp] [..192.168.1.103][39195] -> [...95.101.34.34][...80] [HTTP][Web][Acceptable] + guessed: [....86] [ip4][..tcp] [..192.168.1.103][39195] -> [...95.101.34.34][...80] [HTTP][Web][Acceptable][] end: [....86] [ip4][..tcp] [..192.168.1.103][39195] -> [...95.101.34.34][...80] - guessed: [....78] [ip4][..tcp] [..192.168.1.103][39207] -> [...95.101.34.34][...80] [HTTP][Web][Acceptable] + guessed: [....78] [ip4][..tcp] [..192.168.1.103][39207] -> [...95.101.34.34][...80] [HTTP][Web][Acceptable][] end: [....78] [ip4][..tcp] [..192.168.1.103][39207] -> [...95.101.34.34][...80] - guessed: [....82] [ip4][..tcp] [..192.168.1.103][39231] -> [...95.101.34.34][...80] [HTTP][Web][Acceptable] + guessed: [....82] [ip4][..tcp] [..192.168.1.103][39231] -> [...95.101.34.34][...80] [HTTP][Web][Acceptable][] end: [....82] [ip4][..tcp] [..192.168.1.103][39231] -> [...95.101.34.34][...80] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/weibo.pcap.out b/test/results/flow-info/weibo.pcap.out index 4ab19300c..92a51195a 100644 --- a/test/results/flow-info/weibo.pcap.out +++ b/test/results/flow-info/weibo.pcap.out @@ -6,22 +6,22 @@ new: [.....3] [ip4][..tcp] [..192.168.1.105][58481] -> [..216.58.214.78][..443] [MIDSTREAM] new: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] new: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] - detected: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][weibo.com] + detection-update: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][weibo.com] new: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] new: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] new: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80] new: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [MIDSTREAM] - detected: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable] + detected: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable][weibo.com] new: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] - detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] - detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] + detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][www.weibo.com] + detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][www.weibo.com] new: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] - detected: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] + detected: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][www.weibo.com] new: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] [MIDSTREAM] new: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [MIDSTREAM] new: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [MIDSTREAM] - detection-update: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] + detection-update: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][www.weibo.com] analyse: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.482| 0.042| 0.114| 12948.299| 2.500] @@ -33,17 +33,17 @@ [PKTLENS.....: 60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488] [ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,5.1,5.1,7.9,5.1,7.9,5.1,5.1,5.1,7.8,5.1,5.2,5.1,7.9,5.1,7.2,5.1,5.1,5.2,7.8,5.1,5.8,5.1,5.2,5.0,7.9,4.9,7.9] new: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] - detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] - detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] + detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn] + detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn] RISK: Suspicious DNS Traffic new: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] new: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] new: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] - detected: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - detected: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - detected: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] + detected: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn] new: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] - detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] + detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][js.t.sinajs.cn] analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.314| 0.038| 0.072| 5116.345| 3.500] @@ -65,50 +65,50 @@ [PKTLENS.....: 60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488] [ENTROPIES...: 4.6,5.1,4.9,5.9,5.0,5.7,4.8,7.8,4.9,8.0,4.9,7.9,4.8,8.0,4.9,7.9,4.9,5.7,5.0,5.7,5.0,7.9,4.9,7.9,4.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8] new: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] - detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] + detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][u1.img.mobile.sina.cn] new: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] - detected: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][acjstb.aliyun.com] RISK: Suspicious DGA Domain name new: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] - detected: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable] + detected: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable][g.alicdn.com] new: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] - detected: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable] + detected: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable][log.mmstat.com] new: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] - detected: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][login.taobao.com] new: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] new: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] new: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] new: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] - detected: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - detected: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - detected: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] + detected: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn] + detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][u1.img.mobile.sina.cn] new: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] - detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] + detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][account.weibo.com] new: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] - detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] + detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][js.t.sinajs.cn] new: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] - detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] + detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][c.weibo.cn] new: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] - detection-update: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable] + detection-update: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable][g.alicdn.com] new: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] - detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] + detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][data.weibo.com] new: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] - detection-update: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable] + detection-update: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable][log.mmstat.com] new: [....35] [ip4][..tcp] [..192.168.1.105][48352] -> [..140.205.174.1][..443] new: [....36] [ip4][..tcp] [..192.168.1.105][48353] -> [..140.205.174.1][..443] new: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] new: [....38] [ip4][..tcp] [..192.168.1.105][50831] -> [...47.89.65.229][..443] new: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] - detected: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - detected: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] [TLS.Alibaba][Web][Acceptable] - detection-update: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][js.t.sinajs.cn] + detected: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] [TLS.Alibaba][Web][Acceptable][g.alicdn.com] + detection-update: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][acjstb.aliyun.com] RISK: Suspicious DGA Domain name, Risky Domain Name new: [....40] [ip4][..tcp] [..192.168.1.105][52271] -> [..42.156.184.19][..443] new: [....41] [ip4][..tcp] [..192.168.1.105][52272] -> [..42.156.184.19][..443] - detection-update: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detection-update: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][login.taobao.com] new: [....42] [ip4][..tcp] [..192.168.1.105][47721] -> [.140.205.170.63][..443] - detected: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] + detected: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][u1.img.mobile.sina.cn] new: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] new: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443] analyse: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] @@ -142,7 +142,7 @@ [PKTLENS.....: 60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488] [ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,5.8,5.0,7.3,5.0,7.9,5.1,7.9,5.0,7.9,5.0,7.8,5.0,7.9,5.0,7.9,5.1,7.9,4.9,7.9,4.9,7.9,5.0,5.8,5.1,7.9,5.1,7.9] idle: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] - guessed: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] [HTTP][Web][Acceptable] + guessed: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] [HTTP][Web][Acceptable][] idle: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] idle: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun] idle: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] @@ -153,7 +153,7 @@ idle: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] idle: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] idle: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] - guessed: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] [HTTP][Web][Acceptable] + guessed: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] [HTTP][Web][Acceptable][] idle: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] idle: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun] idle: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] @@ -195,9 +195,9 @@ guessed: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] [Google][Web][Acceptable] idle: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] end: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable] - guessed: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable] + guessed: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable][] idle: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] - guessed: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable] + guessed: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable][] idle: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80] guessed: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [TLS.Google][Web][Acceptable] idle: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] diff --git a/test/results/flow-info/whatsapp_login_call.pcap.out b/test/results/flow-info/whatsapp_login_call.pcap.out index 3f868017e..4d71e4b97 100644 --- a/test/results/flow-info/whatsapp_login_call.pcap.out +++ b/test/results/flow-info/whatsapp_login_call.pcap.out @@ -14,17 +14,17 @@ new: [.....9] [ip4][..tcp] [....192.168.2.4][49165] -> [..17.172.100.55][..443] [MIDSTREAM] new: [....10] [ip4][..tcp] [....192.168.2.4][49176] -> [..17.130.137.77][..443] [MIDSTREAM] new: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] - detected: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] - detection-update: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] + detected: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][query.ess.apple.com] + detection-update: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe][query.ess.apple.com] new: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] - detected: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] + detected: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][e13.whatsapp.net] new: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] - detection-update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] + detection-update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][e13.whatsapp.net] new: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] new: [....15] [ip4][..tcp] [....192.168.2.4][49203] -> [..17.178.104.14][..443] - detected: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Web][Safe] + detected: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Web][Safe][query.ess.apple.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Web][Safe] + detection-update: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Web][Safe][query.ess.apple.com] RISK: TLS (probably) Not Carrying HTTPS new: [....16] [ip4][..tcp] [....192.168.2.4][49193] -> [..17.110.229.14][.5223] [MIDSTREAM] detected: [....16] [ip4][..tcp] [....192.168.2.4][49193] -> [..17.110.229.14][.5223] [ApplePush][Cloud][Acceptable] @@ -39,7 +39,7 @@ [IATS(ms)....: 281.8,283.2,8.7,294.4,1.1,0.0,286.0,0.8,0.5,0.6,39.8,0.2,0.3,326.4,1.4,0.4,3.0,289.9,5.8,0.5,0.0,317.5,1.9,68.9,0.6,382.6,405.2,0.7,0.0,712.5,2.0] [PKTLENS.....: 64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40] [ENTROPIES...: 4.5,4.9,4.7,5.6,7.2,7.4,6.9,4.9,4.9,4.9,4.8,7.2,4.8,5.7,4.8,4.8,4.8,5.8,4.9,7.9,7.9,6.7,4.7,4.7,7.9,7.8,4.9,7.9,7.8,6.7,4.8,4.8] - detection-update: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Web][Safe] + detection-update: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Web][Safe][query.ess.apple.com] RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] analyse: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Chat][Acceptable] @@ -52,9 +52,9 @@ [IATS(ms)....: 153.9,242.2,244.8,708.1,709.4,35.6,213.2,0.3,145.7,325.0,262.8,250.3,148.2,98.4,249.4,163.4,164.5,351.1,174.0,178.0,0.0,178.3,0.3,171.7,0.0,302.7,0.3,301.9,0.0,204.0] [PKTLENS.....: 64,60,52,52,218,130,73,52,52,253,84,71,73,52,227,84,52,118,84,184,84,84,186,52,85,85,252,52,85,85,85,118] [ENTROPIES...: 4.5,5.3,5.3,5.1,6.6,6.2,5.4,5.2,5.2,7.1,5.8,5.8,5.7,5.2,7.1,5.8,5.2,6.3,5.8,6.8,5.8,5.7,6.8,5.3,5.9,5.9,7.0,5.3,5.9,5.8,5.8,6.3] - detected: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] + detected: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] + detection-update: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] min| max| avg| stddev| variance| entropy @@ -72,21 +72,21 @@ new: [....21] [ip4][..tcp] [....192.168.2.4][49181] -> [..17.172.100.37][..443] [MIDSTREAM] new: [....22] [ip4][..tcp] [....192.168.2.4][49180] -> [..17.172.100.59][..443] [MIDSTREAM] new: [....23] [ip4][..udp] [....192.168.2.4][51518] -> [...31.13.100.14][.3478] - detected: [....23] [ip4][..udp] [....192.168.2.4][51518] -> [...31.13.100.14][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....23] [ip4][..udp] [....192.168.2.4][51518] -> [...31.13.100.14][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....24] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.70.48][.3478] - detected: [....24] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.70.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....24] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.70.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....25] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.64.48][.3478] - detected: [....25] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.64.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....25] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.64.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....26] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.85.48][.3478] - detected: [....26] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.85.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....26] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.85.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....27] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.91.48][.3478] - detected: [....27] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.91.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....27] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.91.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....28] [ip4][..udp] [....192.168.2.4][51518] -> [...31.13.79.192][.3478] - detected: [....28] [ip4][..udp] [....192.168.2.4][51518] -> [...31.13.79.192][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....28] [ip4][..udp] [....192.168.2.4][51518] -> [...31.13.79.192][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....29] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.93.48][.3478] - detected: [....29] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.93.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....29] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.93.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....30] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.73.48][.3478] - detected: [....30] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.73.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....30] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.73.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....31] [ip4][..tcp] [....192.168.2.4][49164] -> [..17.167.142.31][..443] [MIDSTREAM] new: [....32] [ip4][..tcp] [....192.168.2.4][49167] -> [...17.172.100.8][..443] [MIDSTREAM] new: [....33] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] @@ -97,10 +97,10 @@ new: [....36] [ip4][..tcp] [....192.168.2.4][49198] -> [..17.167.142.13][..443] [MIDSTREAM] new: [....37] [ip4][..tcp] [....192.168.2.4][49200] -> [..17.167.142.13][..443] [MIDSTREAM] new: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] - detected: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] - detected: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -115,21 +115,21 @@ new: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] detected: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Network][Acceptable] new: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][lucas-imac] update: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Web][Safe] update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] new: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353] - detected: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][lucas-imac.local] new: [....43] [ip6][..udp] [................fe80::da30:62ff:fe56:1c][.5353] -> [...............................ff02::fb][.5353] - detected: [....43] [ip6][..udp] [................fe80::da30:62ff:fe56:1c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....43] [ip6][..udp] [................fe80::da30:62ff:fe56:1c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][lucas-imac.local] new: [....44] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] - detected: [....44] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....44] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][lucas-imac.local] new: [....45] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] - detected: [....45] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] - detection-update: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - detection-update: [....44] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - detection-update: [....45] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] - detection-update: [....43] [ip6][..udp] [................fe80::da30:62ff:fe56:1c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....45] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][lucas-imac.local] + detection-update: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][lucas-imac.local] + detection-update: [....44] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][lucas-imac.local] + detection-update: [....45] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][lucas-imac.local] + detection-update: [....43] [ip6][..udp] [................fe80::da30:62ff:fe56:1c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][lucas-imac.local] update: [....23] [ip4][..udp] [....192.168.2.4][51518] -> [...31.13.100.14][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] update: [....24] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.70.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] update: [....25] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.64.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] @@ -139,28 +139,28 @@ update: [....28] [ip4][..udp] [....192.168.2.4][51518] -> [...31.13.79.192][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] update: [....29] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.93.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] new: [....46] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.73.48][.3478] - detected: [....46] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.73.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....46] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.73.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....47] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.93.48][.3478] - detected: [....47] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.93.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....47] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.93.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....48] [ip4][..udp] [....192.168.2.4][52794] -> [...31.13.79.192][.3478] - detected: [....48] [ip4][..udp] [....192.168.2.4][52794] -> [...31.13.79.192][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....48] [ip4][..udp] [....192.168.2.4][52794] -> [...31.13.79.192][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....49] [ip4][..udp] [....192.168.2.4][52794] -> [..179.60.192.48][.3478] - detected: [....49] [ip4][..udp] [....192.168.2.4][52794] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....49] [ip4][..udp] [....192.168.2.4][52794] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....50] [ip4][..udp] [....192.168.2.4][52794] -> [..173.252.114.1][.3478] - detected: [....50] [ip4][..udp] [....192.168.2.4][52794] -> [..173.252.114.1][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....50] [ip4][..udp] [....192.168.2.4][52794] -> [..173.252.114.1][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....51] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.90.48][.3478] - detected: [....51] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.90.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....51] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.90.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....52] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.74.48][.3478] - detected: [....52] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.74.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....52] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.74.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....53] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.84.48][.3478] - detected: [....53] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.84.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....53] [ip4][..udp] [....192.168.2.4][52794] -> [....31.13.84.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] update: [....33] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] update: [....34] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable] new: [....54] [ip4][..udp] [....192.168.2.4][52794] -> [...1.194.90.191][51727] - detected: [....54] [ip4][..udp] [....192.168.2.4][52794] -> [...1.194.90.191][51727] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....54] [ip4][..udp] [....192.168.2.4][52794] -> [...1.194.90.191][51727] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] - detected: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -194,9 +194,9 @@ update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] update: [....43] [ip6][..udp] [................fe80::da30:62ff:fe56:1c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] new: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] - detected: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] + detected: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] + detection-update: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe][p53-buy.itunes.apple.com] RISK: TLS (probably) Not Carrying HTTPS analyse: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][SoftwareUpdate][Safe] min| max| avg| stddev| variance| entropy @@ -208,11 +208,11 @@ [IATS(ms)....: 139.9,225.1,4.2,228.9,0.1,2.7,200.7,0.3,1.4,0.2,2.3,0.3,0.4,198.2,1.0,14.2,4.7,5.0,13.2,0.0,199.9,0.3,34.7,0.4,0.1,217.0,5.8,16.0,0.0,271.8,0.3] [PKTLENS.....: 64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40] [ENTROPIES...: 4.5,4.8,4.7,5.9,4.8,6.0,5.8,4.9,4.9,4.8,5.7,7.9,7.6,7.7,4.8,4.9,4.9,4.8,4.8,7.8,7.5,4.9,4.9,7.9,7.6,7.7,4.8,4.9,7.8,7.4,4.9,4.9] - guessed: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] [HTTP][Web][Acceptable] + guessed: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] [HTTP][Web][Acceptable][] end: [.....7] [ip4][..tcp] [....192.168.2.4][49174] -> [....5.178.42.26][...80] - guessed: [.....5] [ip4][..tcp] [....192.168.2.4][49173] -> [..93.186.135.82][...80] [HTTP][Web][Acceptable] + guessed: [.....5] [ip4][..tcp] [....192.168.2.4][49173] -> [..93.186.135.82][...80] [HTTP][Web][Acceptable][] end: [.....5] [ip4][..tcp] [....192.168.2.4][49173] -> [..93.186.135.82][...80] - guessed: [....18] [ip4][..tcp] [....192.168.2.4][49192] -> [...93.186.135.8][...80] [HTTP][Web][Acceptable] + guessed: [....18] [ip4][..tcp] [....192.168.2.4][49192] -> [...93.186.135.8][...80] [HTTP][Web][Acceptable][] end: [....18] [ip4][..tcp] [....192.168.2.4][49192] -> [...93.186.135.8][...80] guessed: [.....3] [ip4][..tcp] [....192.168.2.4][49163] -> [..17.154.66.111][..443] [TLS.Apple][Web][Safe] end: [.....3] [ip4][..tcp] [....192.168.2.4][49163] -> [..17.154.66.111][..443] diff --git a/test/results/flow-info/whatsapp_login_chat.pcap.out b/test/results/flow-info/whatsapp_login_chat.pcap.out index 0dc6548a7..8706d8ab6 100644 --- a/test/results/flow-info/whatsapp_login_chat.pcap.out +++ b/test/results/flow-info/whatsapp_login_chat.pcap.out @@ -4,8 +4,8 @@ new: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] detected: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable] new: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] - detected: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] - detection-update: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] + detected: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][e12.whatsapp.net] + detection-update: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][e12.whatsapp.net] new: [.....3] [ip4][..tcp] [....192.168.2.4][49206] -> [...158.85.58.15][.5222] detected: [.....3] [ip4][..tcp] [....192.168.2.4][49206] -> [...158.85.58.15][.5222] [WhatsApp][Chat][Acceptable] new: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [MIDSTREAM] @@ -23,11 +23,11 @@ new: [.....5] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] detected: [.....5] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable] new: [.....6] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [.....6] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [.....6] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][lucas-imac] new: [.....7] [ip4][..udp] [....192.168.2.4][.5353] -> [....224.0.0.251][.5353] - detected: [.....7] [ip4][..udp] [....192.168.2.4][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....7] [ip4][..udp] [....192.168.2.4][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] new: [.....8] [ip6][..udp] [...............fe80::189c:c31b:1298:224][.5353] -> [...............................ff02::fb][.5353] - detected: [.....8] [ip6][..udp] [...............fe80::189c:c31b:1298:224][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [.....8] [ip6][..udp] [...............fe80::189c:c31b:1298:224][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] new: [.....9] [ip4][..tcp] [..17.110.229.14][.5223] -> [....192.168.2.4][49193] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [..17.110.229.14][.5223] -> [....192.168.2.4][49193] [TLS.Apple][Web][Safe] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/whatsapp_voice_and_message.pcap.out b/test/results/flow-info/whatsapp_voice_and_message.pcap.out index c01ea41cb..8ed3c5651 100644 --- a/test/results/flow-info/whatsapp_voice_and_message.pcap.out +++ b/test/results/flow-info/whatsapp_voice_and_message.pcap.out @@ -4,21 +4,21 @@ new: [.....1] [ip4][..tcp] [.......10.8.0.1][35480] -> [.184.173.179.46][..443] detected: [.....1] [ip4][..tcp] [.......10.8.0.1][35480] -> [.184.173.179.46][..443] [WhatsApp][Chat][Acceptable] new: [.....2] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.84.48][.3478] - detected: [.....2] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.84.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....2] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.84.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....3] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.74.48][.3478] - detected: [.....3] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.74.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....3] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.74.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....4] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.64.48][.3478] - detected: [.....4] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.64.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....4] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.64.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....5] [ip4][..udp] [.......10.8.0.1][53620] -> [..173.252.121.1][.3478] - detected: [.....5] [ip4][..udp] [.......10.8.0.1][53620] -> [..173.252.121.1][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....5] [ip4][..udp] [.......10.8.0.1][53620] -> [..173.252.121.1][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....6] [ip4][..udp] [.......10.8.0.1][53620] -> [..179.60.192.48][.3478] - detected: [.....6] [ip4][..udp] [.......10.8.0.1][53620] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....6] [ip4][..udp] [.......10.8.0.1][53620] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....7] [ip4][..udp] [.......10.8.0.1][53620] -> [...31.13.79.192][.3478] - detected: [.....7] [ip4][..udp] [.......10.8.0.1][53620] -> [...31.13.79.192][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....7] [ip4][..udp] [.......10.8.0.1][53620] -> [...31.13.79.192][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....8] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.93.48][.3478] - detected: [.....8] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.93.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....8] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.93.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [.....9] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.73.48][.3478] - detected: [.....9] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.73.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [.....9] [ip4][..udp] [.......10.8.0.1][53620] -> [....31.13.73.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][35480] -> [.184.173.179.46][..443] [WhatsApp][Chat][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.749| 0.839| 2.600| 6759456.965| 2.200] diff --git a/test/results/flow-info/whatsappfiles.pcap.out b/test/results/flow-info/whatsappfiles.pcap.out index b19582f3c..e9cb433f1 100644 --- a/test/results/flow-info/whatsappfiles.pcap.out +++ b/test/results/flow-info/whatsappfiles.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] - detected: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] - detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] - detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] + detected: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable][mmg-fna.whatsapp.net] + detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable][mmg-fna.whatsapp.net] + detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable][mmg-fna.whatsapp.net] analyse: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 24.640| 0.846| 4.345| 18880535.724| 0.500] @@ -16,8 +16,8 @@ [PKTLENS.....: 64,60,52,295,52,1450,1450,464,52,52,52,178,310,133,52,52,105,102,94,235,90,52,90,52,162,52,52,52,275,1450,1450,1450] [ENTROPIES...: 4.4,5.2,5.0,5.6,5.2,6.9,7.3,7.4,5.1,5.1,4.9,6.3,7.1,6.4,5.0,5.0,5.6,5.7,5.4,6.9,5.4,5.2,5.9,5.2,6.6,5.0,5.1,5.2,7.0,7.9,7.8,7.9] new: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] - detected: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] - detection-update: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] + detected: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable][mmg-fna.whatsapp.net] + detection-update: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable][mmg-fna.whatsapp.net] analyse: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][Download][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.108| 0.019| 0.031| 953.946| 3.300] diff --git a/test/results/flow-info/whois.pcapng.out b/test/results/flow-info/whois.pcapng.out index 856aa3adb..398a1efb4 100644 --- a/test/results/flow-info/whois.pcapng.out +++ b/test/results/flow-info/whois.pcapng.out @@ -2,19 +2,19 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] - detected: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] [Whois-DAS][Network][Acceptable] + detected: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] [Whois-DAS][Network][Acceptable][example.com] DAEMON-EVENT: [Processed: 11 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] - detected: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Web][Safe] + detected: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn - detection-update: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Web][Safe] + detection-update: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Web][Safe][] RISK: Known Proto on Non Std Port, Missing SNI TLS Extn end: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] [Whois-DAS][Network][Acceptable] DAEMON-EVENT: [Processed: 18 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] idle: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] - guessed: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] [Whois-DAS][Network][Acceptable] + guessed: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] [Whois-DAS][Network][Acceptable][] end: [.....3] [ip4][..tcp] [...192.30.45.30][...43] -> [..10.160.63.128][53217] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/windowsupdate_over_http.pcap.out b/test/results/flow-info/windowsupdate_over_http.pcap.out index d7dd4aa91..63ae42f3b 100644 --- a/test/results/flow-info/windowsupdate_over_http.pcap.out +++ b/test/results/flow-info/windowsupdate_over_http.pcap.out @@ -1,8 +1,8 @@ DAEMON-EVENT: init new: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] - detected: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][SoftwareUpdate][Safe] + detected: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][SoftwareUpdate][Safe][151.99.72.125] RISK: HTTP Numeric IP Address - detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Download][Safe] + detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Download][Safe][151.99.72.125] RISK: Binary App Transfer, HTTP Numeric IP Address idle: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Download][Safe] RISK: Binary App Transfer, HTTP Numeric IP Address diff --git a/test/results/flow-info/wow.pcap.out b/test/results/flow-info/wow.pcap.out index 76706fc0d..59a8b7798 100644 --- a/test/results/flow-info/wow.pcap.out +++ b/test/results/flow-info/wow.pcap.out @@ -3,8 +3,8 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.192.168.178.20][39309] -> [..12.129.222.53][...80] new: [.....2] [ip4][..tcp] [.192.168.178.20][39312] -> [...24.105.29.21][...80] - detected: [.....1] [ip4][..tcp] [.192.168.178.20][39309] -> [..12.129.222.53][...80] [HTTP.WorldOfWarcraft][Game][Fun] - detected: [.....2] [ip4][..tcp] [.192.168.178.20][39312] -> [...24.105.29.21][...80] [HTTP.WorldOfWarcraft][Game][Fun] + detected: [.....1] [ip4][..tcp] [.192.168.178.20][39309] -> [..12.129.222.53][...80] [HTTP.WorldOfWarcraft][Game][Fun][us.scan.worldofwarcraft.com] + detected: [.....2] [ip4][..tcp] [.192.168.178.20][39312] -> [...24.105.29.21][...80] [HTTP.WorldOfWarcraft][Game][Fun][launcher.worldofwarcraft.com] new: [.....3] [ip4][..tcp] [.192.168.178.20][39329] -> [.12.129.228.153][.3724] detected: [.....3] [ip4][..tcp] [.192.168.178.20][39329] -> [.12.129.228.153][.3724] [WorldOfWarcraft][Game][Fun] new: [.....4] [ip4][..tcp] [.192.168.178.20][39364] -> [.12.129.228.153][.3724] diff --git a/test/results/flow-info/xiaomi.pcap.out b/test/results/flow-info/xiaomi.pcap.out index 00d057785..72bd9a38d 100644 --- a/test/results/flow-info/xiaomi.pcap.out +++ b/test/results/flow-info/xiaomi.pcap.out @@ -2,32 +2,32 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Web][Acceptable][] DAEMON-EVENT: [Processed: 1 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [.115.164.74.232][.5222] -> [192.168.244.219][45904] - detected: [.....2] [ip4][..tcp] [.115.164.74.232][.5222] -> [192.168.244.219][45904] [Xiaomi][Web][Acceptable] + detected: [.....2] [ip4][..tcp] [.115.164.74.232][.5222] -> [192.168.244.219][45904] [Xiaomi][Web][Acceptable][47.241.35.73] new: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018] - detected: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018] [Xiaomi][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018] [Xiaomi][Web][Acceptable][47.241.35.73] idle: [.....1] [ip4][..tcp] [....47.241.7.88][.5222] -> [..10.52.151.160][39180] [Xiaomi][Web][Acceptable] new: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488] - detected: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488] [Xiaomi][Web][Acceptable] + detected: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488] [Xiaomi][Web][Acceptable][47.241.59.87] DAEMON-EVENT: [Processed: 18 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..tcp] [..192.168.2.100][37708] -> [...3.127.176.74][.5222] - detected: [.....5] [ip4][..tcp] [..192.168.2.100][37708] -> [...3.127.176.74][.5222] [Xiaomi][Web][Acceptable] + detected: [.....5] [ip4][..tcp] [..192.168.2.100][37708] -> [...3.127.176.74][.5222] [Xiaomi][Web][Acceptable][fr-app-chat-global-xiaomi-net1-1667981913.eu-central-1.elb.amazonaws.com] idle: [.....2] [ip4][..tcp] [.115.164.74.232][.5222] -> [192.168.244.219][45904] [Xiaomi][Web][Acceptable] idle: [.....4] [ip4][..tcp] [..97.39.119.172][.5222] -> [..192.168.93.59][51488] [Xiaomi][Web][Acceptable] idle: [.....3] [ip4][..tcp] [.115.164.74.232][.5222] -> [.192.168.247.13][38018] [Xiaomi][Web][Acceptable] DAEMON-EVENT: [Processed: 33 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] - detected: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] [Xiaomi][Web][Acceptable] + detected: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] [Xiaomi][Web][Acceptable][fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com] idle: [.....5] [ip4][..tcp] [..192.168.2.100][37708] -> [...3.127.176.74][.5222] [Xiaomi][Web][Acceptable] DAEMON-EVENT: [Processed: 48 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] - detected: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] [HTTP.Xiaomi][Web][Acceptable] + detected: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] [HTTP.Xiaomi][Web][Acceptable][203.107.1.65] RISK: HTTP Numeric IP Address idle: [.....7] [ip4][..tcp] [..192.168.2.100][48698] -> [...203.107.1.65][...80] idle: [.....6] [ip4][..tcp] [..192.168.2.100][45106] -> [.18.193.233.122][.5222] [Xiaomi][Web][Acceptable] diff --git a/test/results/flow-info/xss.pcap.out b/test/results/flow-info/xss.pcap.out index c2c916fac..3bf8e6be6 100644 --- a/test/results/flow-info/xss.pcap.out +++ b/test/results/flow-info/xss.pcap.out @@ -3,10 +3,10 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.3.109][53514] -> [..192.168.3.107][...80] new: [.....2] [ip4][..tcp] [..192.168.3.109][53516] -> [..192.168.3.107][...80] - detected: [.....1] [ip4][..tcp] [..192.168.3.109][53514] -> [..192.168.3.107][...80] [HTTP][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.3.109][53514] -> [..192.168.3.107][...80] [HTTP][Web][Acceptable][192.168.3.107] RISK: HTTP Numeric IP Address idle: [.....1] [ip4][..tcp] [..192.168.3.109][53514] -> [..192.168.3.107][...80] [HTTP][Web][Acceptable] RISK: XSS Attack, HTTP Numeric IP Address - guessed: [.....2] [ip4][..tcp] [..192.168.3.109][53516] -> [..192.168.3.107][...80] [HTTP][Web][Acceptable] + guessed: [.....2] [ip4][..tcp] [..192.168.3.109][53516] -> [..192.168.3.107][...80] [HTTP][Web][Acceptable][] idle: [.....2] [ip4][..tcp] [..192.168.3.109][53516] -> [..192.168.3.107][...80] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/youtube_quic.pcap.out b/test/results/flow-info/youtube_quic.pcap.out index 59acb8ff0..97e2256c3 100644 --- a/test/results/flow-info/youtube_quic.pcap.out +++ b/test/results/flow-info/youtube_quic.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....192.168.1.7][54997] -> [..216.58.205.66][..443] - detected: [.....1] [ip4][..udp] [....192.168.1.7][54997] -> [..216.58.205.66][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [.....1] [ip4][..udp] [....192.168.1.7][54997] -> [..216.58.205.66][..443] [QUIC.Google][Advertisement][Acceptable][pagead2.googlesyndication.com] new: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] - detected: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Media][Fun] + detected: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Media][Fun][yt3.ggpht.com] analyse: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.047| 0.007| 0.013| 177.503| 3.300] @@ -16,7 +16,7 @@ [PKTLENS.....: 1378,1378,1378,1378,445,163,164,63,1378,59,69,69,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1016,1378] [ENTROPIES...: 2.5,7.5,2.6,5.5,7.5,6.7,6.7,5.2,7.9,5.3,5.5,5.6,7.8,7.8,5.6,7.9,7.9,5.6,7.9,7.9,5.5,7.9,7.9,5.6,7.9,7.9,5.6,7.9,7.9,5.5,7.8,7.9] new: [.....3] [ip4][..udp] [....192.168.1.7][53859] -> [..216.58.205.66][..443] - detected: [.....3] [ip4][..udp] [....192.168.1.7][53859] -> [..216.58.205.66][..443] [QUIC.Google][Advertisement][Acceptable] + detected: [.....3] [ip4][..udp] [....192.168.1.7][53859] -> [..216.58.205.66][..443] [QUIC.Google][Advertisement][Acceptable][googleads.g.doubleclick.net] idle: [.....2] [ip4][..udp] [....192.168.1.7][56074] -> [..216.58.198.33][..443] [QUIC.YouTube][Media][Fun] idle: [.....1] [ip4][..udp] [....192.168.1.7][54997] -> [..216.58.205.66][..443] [QUIC.Google][Advertisement][Acceptable] idle: [.....3] [ip4][..udp] [....192.168.1.7][53859] -> [..216.58.205.66][..443] [QUIC.Google][Advertisement][Acceptable] diff --git a/test/results/flow-info/youtubeupload.pcap.out b/test/results/flow-info/youtubeupload.pcap.out index 679195203..25db54d46 100644 --- a/test/results/flow-info/youtubeupload.pcap.out +++ b/test/results/flow-info/youtubeupload.pcap.out @@ -2,13 +2,13 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.2.27][51925] -> [.172.217.23.111][..443] - detected: [.....1] [ip4][..udp] [...192.168.2.27][51925] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] + detected: [.....1] [ip4][..udp] [...192.168.2.27][51925] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun][upload.youtube.com] new: [.....2] [ip4][..tcp] [...192.168.2.27][57452] -> [.172.217.23.111][..443] - detected: [.....2] [ip4][..tcp] [...192.168.2.27][57452] -> [.172.217.23.111][..443] [TLS.YouTubeUpload][Media][Fun] - detection-update: [.....2] [ip4][..tcp] [...192.168.2.27][57452] -> [.172.217.23.111][..443] [TLS.YouTubeUpload][Media][Fun] - detection-update: [.....2] [ip4][..tcp] [...192.168.2.27][57452] -> [.172.217.23.111][..443] [TLS.YouTubeUpload][Media][Fun] + detected: [.....2] [ip4][..tcp] [...192.168.2.27][57452] -> [.172.217.23.111][..443] [TLS.YouTubeUpload][Media][Fun][upload.youtube.com] + detection-update: [.....2] [ip4][..tcp] [...192.168.2.27][57452] -> [.172.217.23.111][..443] [TLS.YouTubeUpload][Media][Fun][upload.youtube.com] + detection-update: [.....2] [ip4][..tcp] [...192.168.2.27][57452] -> [.172.217.23.111][..443] [TLS.YouTubeUpload][Media][Fun][upload.youtube.com] new: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443] - detected: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] + detected: [.....3] [ip4][..udp] [...192.168.2.27][62232] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun][upload.youtube.com] analyse: [.....1] [ip4][..udp] [...192.168.2.27][51925] -> [.172.217.23.111][..443] [QUIC.YouTubeUpload][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.883| 0.207| 0.510| 259988.193| 2.400] diff --git a/test/results/flow-info/zattoo.pcap.out b/test/results/flow-info/zattoo.pcap.out index af672b0ee..eac78063f 100644 --- a/test/results/flow-info/zattoo.pcap.out +++ b/test/results/flow-info/zattoo.pcap.out @@ -2,12 +2,12 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.101.0.2][.2930] -> [.....10.102.0.2][..443] - detected: [.....1] [ip4][..tcp] [.....10.101.0.2][.2930] -> [.....10.102.0.2][..443] [TLS.Zattoo][Video][Fun] + detected: [.....1] [ip4][..tcp] [.....10.101.0.2][.2930] -> [.....10.102.0.2][..443] [TLS.Zattoo][Video][Fun][zattoo.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [.....10.101.0.2][.2930] -> [.....10.102.0.2][..443] [TLS.Zattoo][Video][Fun] + detection-update: [.....1] [ip4][..tcp] [.....10.101.0.2][.2930] -> [.....10.102.0.2][..443] [TLS.Zattoo][Video][Fun][zattoo.com] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS new: [.....2] [ip4][..tcp] [.....10.101.0.2][.2936] -> [.....10.102.0.2][...80] - detected: [.....2] [ip4][..tcp] [.....10.101.0.2][.2936] -> [.....10.102.0.2][...80] [HTTP.Zattoo][Video][Fun] + detected: [.....2] [ip4][..tcp] [.....10.101.0.2][.2936] -> [.....10.102.0.2][...80] [HTTP.Zattoo][Video][Fun][zattosecurehd2-f.akamaihd.net] end: [.....1] [ip4][..tcp] [.....10.101.0.2][.2930] -> [.....10.102.0.2][..443] end: [.....2] [ip4][..tcp] [.....10.101.0.2][.2936] -> [.....10.102.0.2][...80] [HTTP.Zattoo][Video][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/zoom.pcap.out b/test/results/flow-info/zoom.pcap.out index 1e01c9419..c7e953124 100644 --- a/test/results/flow-info/zoom.pcap.out +++ b/test/results/flow-info/zoom.pcap.out @@ -2,41 +2,41 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.117][54854] -> [..172.217.21.72][..443] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [..192.168.1.117][54854] -> [..172.217.21.72][..443] [TLS.GoogleServices][Web][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.1.117][54854] -> [..172.217.21.72][..443] [TLS.GoogleServices][Web][Acceptable][www.googletagmanager.com] RISK: Obsolete TLS (v1.1 or older) new: [.....2] [ip4][..udp] [..192.168.1.117][.5353] -> [....224.0.0.251][.5353] - detected: [.....2] [ip4][..udp] [..192.168.1.117][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.1.117][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_spotify-connect._tcp.local] new: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] - detected: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe] + detected: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS - detection-update: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe] + detection-update: [.....3] [ip4][..tcp] [..192.168.1.117][54863] -> [.167.99.215.164][.4434] [TLS.ntop][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type new: [.....4] [ip4][..tcp] [..192.168.1.117][54341] -> [.62.149.152.153][..993] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [..192.168.1.117][54341] -> [.62.149.152.153][..993] [IMAPS][Email][Safe] new: [.....5] [ip4][..udp] [..192.168.1.117][57025] -> [239.255.255.250][.1900] - detected: [.....5] [ip4][..udp] [..192.168.1.117][57025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [.....5] [ip4][..udp] [..192.168.1.117][57025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [.....6] [ip4][..udp] [..192.168.1.117][..137] -> [..192.168.1.255][..137] - detected: [.....6] [ip4][..udp] [..192.168.1.117][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] + detected: [.....6] [ip4][..udp] [..192.168.1.117][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable][workgroup] new: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] - detected: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] - detection-update: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] + detected: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][log.zoom.us] + detection-update: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][log.zoom.us] new: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] new: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] - detected: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] - detection-update: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] [DNS][Network][Acceptable] + detected: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][local] + detection-update: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][local] new: [....10] [ip4][.icmp] [..192.168.1.117] -> [....192.168.1.1] detected: [....10] [ip4][.icmp] [..192.168.1.117] -> [....192.168.1.1] [ICMP][Network][Acceptable] new: [....11] [ip4][..tcp] [..192.168.1.117][54798] -> [..13.225.84.182][..443] [MIDSTREAM] - detected: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Video][Acceptable] + detected: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Video][Acceptable][log.zoom.us] new: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] - detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Video][Acceptable] - detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Video][Acceptable] - detected: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] [STUN.Zoom][Video][Acceptable] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Video][Acceptable][log.zoom.us] + detection-update: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Video][Acceptable][log.zoom.us] + detected: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] [STUN.Zoom][Video][Acceptable][] new: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] - detected: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] [STUN.Zoom][Video][Acceptable] + detected: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] [STUN.Zoom][Video][Acceptable][] new: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] - detected: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] [STUN.Zoom][Video][Acceptable] + detected: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] [STUN.Zoom][Video][Acceptable][] RISK: Known Proto on Non Std Port new: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] [MIDSTREAM] new: [....16] [ip4][..tcp] [..192.168.1.117][53872] -> [..35.186.224.53][..443] [MIDSTREAM] @@ -45,18 +45,18 @@ detected: [....17] [ip4][.icmp] [..192.168.1.117] -> [..162.255.38.14] [ICMP][Network][Acceptable] ERROR-EVENT: Unknown packet type new: [....18] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] - detected: [....18] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [....18] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][tl-sg116e] new: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] new: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] - detected: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] - detection-update: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] + detected: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][www3.zoom.us] + detection-update: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][www3.zoom.us] new: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] - detected: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Video][Acceptable] - detected: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] - detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Video][Acceptable] - detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Video][Acceptable] - detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] - detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] + detected: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Video][Acceptable][zoom.us] + detected: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable][www3.zoom.us] + detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Video][Acceptable][zoom.us] + detection-update: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Video][Acceptable][zoom.us] + detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable][www3.zoom.us] + detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable][www3.zoom.us] analyse: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.211| 0.038| 0.059| 3527.760| 3.300] @@ -67,52 +67,52 @@ [IATS(ms)....: 112.4,112.5,31.1,144.0,1.8,0.2,0.0,114.8,0.2,0.2,7.2,2.9,121.9,111.9,4.3,0.0,116.6,98.0,0.5,0.0,210.7,0.0,0.2,0.1,0.2,0.1,0.1,0.2,0.1,0.0,0.1] [PKTLENS.....: 64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40] [ENTROPIES...: 4.4,4.9,4.5,4.1,4.5,7.1,7.3,7.3,4.7,7.6,4.6,4.7,6.9,5.7,4.7,7.7,7.7,4.5,7.9,7.9,7.9,4.7,4.6,7.9,7.9,4.7,7.9,7.9,4.6,7.9,7.5,4.6] - detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Video][Acceptable][www3.zoom.us] new: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621] detected: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable] new: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] - detected: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] + detected: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][zoomfr85zc.zoom.us] new: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] - detected: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] + detected: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][zoomfr84zc.zoom.us] new: [....25] [ip4][..tcp] [..192.168.1.117][54867] -> [.213.19.144.105][..443] new: [....26] [ip4][..tcp] [..192.168.1.117][54868] -> [.213.19.144.104][..443] - detection-update: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] + detection-update: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][zoomfr85zc.zoom.us] new: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443] - detected: [....25] [ip4][..tcp] [..192.168.1.117][54867] -> [.213.19.144.105][..443] [TLS.Zoom][Video][Acceptable] + detected: [....25] [ip4][..tcp] [..192.168.1.117][54867] -> [.213.19.144.105][..443] [TLS.Zoom][Video][Acceptable][zoomam105zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] + detection-update: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][zoomfr84zc.zoom.us] new: [....28] [ip4][..tcp] [..192.168.1.117][54870] -> [.213.244.140.84][..443] - detected: [....26] [ip4][..tcp] [..192.168.1.117][54868] -> [.213.19.144.104][..443] [TLS.Zoom][Video][Acceptable] + detected: [....26] [ip4][..tcp] [..192.168.1.117][54868] -> [.213.19.144.104][..443] [TLS.Zoom][Video][Acceptable][zoomam104zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detected: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443] [TLS.Zoom][Video][Acceptable] + detected: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443] [TLS.Zoom][Video][Acceptable][zoomfr85zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detected: [....28] [ip4][..tcp] [..192.168.1.117][54870] -> [.213.244.140.84][..443] [TLS.Zoom][Video][Acceptable] + detected: [....28] [ip4][..tcp] [..192.168.1.117][54870] -> [.213.244.140.84][..443] [TLS.Zoom][Video][Acceptable][zoomfr84zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....25] [ip4][..tcp] [..192.168.1.117][54867] -> [.213.19.144.105][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....25] [ip4][..tcp] [..192.168.1.117][54867] -> [.213.19.144.105][..443] [TLS.Zoom][Video][Acceptable][zoomam105zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443] [TLS.Zoom][Video][Acceptable][zoomfr85zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....25] [ip4][..tcp] [..192.168.1.117][54867] -> [.213.19.144.105][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....25] [ip4][..tcp] [..192.168.1.117][54867] -> [.213.19.144.105][..443] [TLS.Zoom][Video][Acceptable][zoomam105zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....26] [ip4][..tcp] [..192.168.1.117][54868] -> [.213.19.144.104][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....26] [ip4][..tcp] [..192.168.1.117][54868] -> [.213.19.144.104][..443] [TLS.Zoom][Video][Acceptable][zoomam104zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443] [TLS.Zoom][Video][Acceptable][zoomfr85zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....28] [ip4][..tcp] [..192.168.1.117][54870] -> [.213.244.140.84][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....28] [ip4][..tcp] [..192.168.1.117][54870] -> [.213.244.140.84][..443] [TLS.Zoom][Video][Acceptable][zoomfr84zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....26] [ip4][..tcp] [..192.168.1.117][54868] -> [.213.19.144.104][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....26] [ip4][..tcp] [..192.168.1.117][54868] -> [.213.19.144.104][..443] [TLS.Zoom][Video][Acceptable][zoomam104zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....28] [ip4][..tcp] [..192.168.1.117][54870] -> [.213.244.140.84][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....28] [ip4][..tcp] [..192.168.1.117][54870] -> [.213.244.140.84][..443] [TLS.Zoom][Video][Acceptable][zoomfr84zc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS new: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] - detected: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] - detection-update: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable] + detected: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][zoomfrn99mmr.zoom.us] + detection-update: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS.Zoom][Video][Acceptable][zoomfrn99mmr.zoom.us] new: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] - detected: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable] + detected: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable][zoomfrn99mmr.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable][zoomfrn99mmr.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable][zoomfrn99mmr.zoom.us] RISK: TLS (probably) Not Carrying HTTPS analyse: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Video][Acceptable] min| max| avg| stddev| variance| entropy @@ -151,7 +151,7 @@ idle: [.....1] [ip4][..tcp] [..192.168.1.117][54854] -> [..172.217.21.72][..443] idle: [.....6] [ip4][..udp] [..192.168.1.117][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable] idle: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] [Zoom][Video][Acceptable] - guessed: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] [HTTP.Google][Web][Acceptable] + guessed: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] [HTTP.Google][Web][Acceptable][] idle: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] idle: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] idle: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] diff --git a/test/results/flow-info/zoom2.pcap.out b/test/results/flow-info/zoom2.pcap.out index 677e3364f..004531f38 100644 --- a/test/results/flow-info/zoom2.pcap.out +++ b/test/results/flow-info/zoom2.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable] + detected: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable][zoomsjccv154mmr.sjc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable][zoomsjccv154mmr.sjc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable][zoomsjccv154mmr.sjc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Video][Acceptable] min| max| avg| stddev| variance| entropy |