diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2023-12-14 15:45:08 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2023-12-14 15:45:08 +0100 |
| commit | 71d933b0cd9b03cf3b8acf659c8b4b564ba9431d (patch) | |
| tree | c667d6bf3e48073d98825d2438af36b353d16032 /test/results/flow-info | |
| parent | fbe07fd8821c1ca0f310f83913fb9d4dfac5d01a (diff) | |
Fixed an event issue.
* a "detection-update" event was thrown even if nothing changed
* in some cases "not-detected" events were spammed if detection not completed
* tell `libnDPI` how many packets per flow we want to dissect
* `nDPId-test` validates total active flows in the right way
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info')
35 files changed, 20 insertions, 130 deletions
diff --git a/test/results/flow-info/caches_cfg/teams.pcap.out b/test/results/flow-info/caches_cfg/teams.pcap.out index 9ebd658bc..333036c26 100644 --- a/test/results/flow-info/caches_cfg/teams.pcap.out +++ b/test/results/flow-info/caches_cfg/teams.pcap.out @@ -29,7 +29,6 @@ [IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5] [PKTLENS.....: 64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40] [ENTROPIES...: 4.4,4.9,4.5,5.4,4.6,7.4,7.4,4.7,7.5,4.6,7.6,7.1,4.6,6.6,4.6,7.2,4.7,6.0,4.6,6.2,5.1,7.0,5.4,4.6,4.7,4.6,7.6,4.7,7.8,7.8,7.7,4.7] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type [7/16] @@ -46,8 +45,6 @@ [IATS(ms)....: 43.2,43.3,94.0,139.8,0.2,45.9,0.1,0.1,1.4,46.8,45.4,177.2,0.0,0.0,221.2,44.0,0.0,0.0,0.0,21.3,21.2,0.0,23.0,23.0,0.0,0.0,0.0,1.2,1.2,0.0,0.0] [PKTLENS.....: 64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480] [ENTROPIES...: 4.4,5.2,4.9,5.6,7.3,7.3,4.9,7.7,4.9,5.9,5.5,4.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] - RISK: TLS (probably) Not Carrying HTTPS new: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -148,8 +145,6 @@ [IATS(ms)....: 50.5,50.6,0.3,64.6,72.0,0.2,136.5,0.1,0.1,1.4,68.0,86.2,152.9,2.3,0.0,0.0,46.4,44.1,0.0,0.0,0.0,23.6,23.6,0.0,20.9,20.9,0.0,0.0,0.0,0.8,0.8] [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] - detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] - RISK: TLS (probably) Not Carrying HTTPS new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port @@ -201,7 +196,6 @@ [IATS(ms)....: 12.7,12.8,0.2,12.4,2.5,0.3,14.9,0.5,0.5,0.2,0.0,0.8,4.9,17.1,1.4,0.0,13.1,0.0,0.2,0.3,0.1,11.8,0.0,11.2,0.1,0.6,112.9,113.7,1998.1,2009.8,174.6] [PKTLENS.....: 64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345] [ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.540| 0.024| 0.095| 8949.939| 1.900] @@ -212,7 +206,6 @@ [IATS(ms)....: 11.5,11.6,0.3,11.9,32.5,0.1,44.2,0.2,0.0,0.2,3.8,7.7,0.3,0.1,14.6,1.5,0.0,4.2,0.0,0.3,6.5,0.5,6.7,4.3,9.9,14.2,10.7,10.7,539.6,0.0,0.3] [PKTLENS.....: 64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248] [ENTROPIES...: 4.4,4.9,4.5,5.4,4.5,6.7,7.5,4.6,7.6,5.7,4.7,6.5,6.2,7.6,6.5,4.5,7.2,5.8,4.6,4.6,5.3,4.5,5.4,4.6,4.5,7.7,4.7,7.3,4.7,7.8,7.7,7.0] - detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com] new: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] @@ -265,8 +258,6 @@ [IATS(ms)....: 12.9,13.0,0.5,12.4,2.0,1.5,15.4,0.1,0.1,0.1,0.0,0.1,21.6,33.0,11.5,11.7,0.1,11.8,0.6,13.4,140.4,0.7,154.0,0.2,0.2,0.2,0.2,0.5,0.0,0.1,0.2] [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - RISK: TLS (probably) Not Carrying HTTPS new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -326,8 +317,6 @@ [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] - detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] - RISK: TLS (probably) Not Carrying HTTPS detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com] new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] diff --git a/test/results/flow-info/default/KakaoTalk_chat.pcap.out b/test/results/flow-info/default/KakaoTalk_chat.pcap.out index 9c8f48f45..3bfc7430e 100644 --- a/test/results/flow-info/default/KakaoTalk_chat.pcap.out +++ b/test/results/flow-info/default/KakaoTalk_chat.pcap.out @@ -128,8 +128,6 @@ [IATS(ms)....: 995.9,1037.9,49.3,6.7,695.5,683.6,56.0,2329.9,2320.4,251.6,299.0,4.5,4.4,4.1,3.7,105.5,239.4,242.2,376.5,82.6,125.8,244.5,287.3,18.1,164.6,239.0,428.1,146.0,274.1,3803.0,24.7] [PKTLENS.....: 60,60,44,40,224,44,40,44,224,40,1320,40,1320,40,1027,40,162,40,87,40,694,40,69,40,342,40,83,40,180,40,67,116] [ENTROPIES...: 4.7,4.7,5.0,4.9,5.2,5.1,5.0,4.7,5.2,4.9,6.5,4.7,7.1,4.8,6.7,4.9,6.6,4.9,5.7,4.8,7.7,4.9,5.5,4.9,7.4,5.0,5.9,4.8,6.8,5.0,5.6,6.4] - detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][] - RISK: Obsolete TLS (v1.1 or older) new: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] detected: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS][Facebook][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) diff --git a/test/results/flow-info/default/alexa-app.pcapng.out b/test/results/flow-info/default/alexa-app.pcapng.out index a9798896f..c1a8768fe 100644 --- a/test/results/flow-info/default/alexa-app.pcapng.out +++ b/test/results/flow-info/default/alexa-app.pcapng.out @@ -131,7 +131,6 @@ [IATS(ms)....: 47.0,53.0,0.3,73.2,0.1,18.9,0.4,0.3,0.4,88.2,0.3,0.7,0.2,8.1,32.8,75.3,63.7,49.4,70.9,0.8,90.5,2.0,0.4,0.5,0.4,0.5,0.7,0.0,5.3,0.3,1.1] [PKTLENS.....: 60,60,52,254,52,52,1500,1500,1500,819,52,52,52,52,178,1082,294,52,52,1500,1500,52,1500,1500,1500,450,1500,1112,86,52,52,52] [ENTROPIES...: 4.6,5.3,5.1,5.6,5.0,5.0,6.9,7.2,7.5,7.6,5.0,5.0,5.0,5.0,6.3,7.8,7.0,5.1,5.0,7.9,7.9,5.0,7.9,7.9,7.9,7.5,7.9,7.8,5.8,5.0,5.0,4.9] - detection-update: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] new: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] @@ -194,7 +193,6 @@ [IATS(ms)....: 54.2,55.4,0.5,50.3,258.9,520.1,785.3,3.8,0.2,0.1,0.0,60.8,0.3,0.1,0.1,52.1,11.0,287.0,223.9,2.7,139.2,0.2,171.9,179.9,0.1,402.7,22.4,216.5,783.8,835.9,50.5] [PKTLENS.....: 60,48,40,245,46,245,245,46,1500,1500,1500,674,40,40,40,40,166,1500,91,468,46,46,466,40,1500,1196,46,343,40,40,46,40] [ENTROPIES...: 4.6,5.1,4.9,5.6,4.5,5.6,5.6,4.6,7.1,7.3,7.4,7.6,4.8,4.9,4.8,4.8,6.3,7.9,5.9,7.5,4.6,4.6,7.5,4.8,7.9,7.8,4.6,7.4,4.9,4.9,4.6,4.9] - detection-update: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com] new: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] detected: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com] detection-update: [....50] [ip4][..tcp] [..172.16.42.216][45680] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com] @@ -285,8 +283,6 @@ [IATS(ms)....: 92.4,95.4,2.4,97.4,1.9,14.1,0.3,0.1,113.4,0.3,0.2,49.6,132.6,83.3,183.9,0.3,326.1,293.1,272.4,0.1,443.7,0.4,0.5,0.0,276.5,199.2,0.5,0.0,0.7,486.1,0.4] [PKTLENS.....: 60,48,40,261,46,46,1500,1500,450,40,40,40,166,91,40,1500,533,46,1500,46,46,1500,1500,1500,211,1500,1500,1500,211,1500,1500,1500] [ENTROPIES...: 4.7,5.1,4.7,5.4,4.6,4.6,7.2,7.3,7.4,4.8,4.8,4.8,6.6,5.8,4.7,7.9,7.6,4.7,7.9,4.5,4.5,7.8,7.9,7.9,7.0,7.8,7.9,7.9,7.0,7.8,7.8,7.9] - detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][api.amazon.com] - RISK: TLS (probably) Not Carrying HTTPS new: [....66] [ip4][..tcp] [..172.16.42.216][49606] -> [..52.94.232.134][...80] new: [....67] [ip4][..tcp] [..172.16.42.216][45693] -> [..52.94.232.134][..443] new: [....68] [ip4][..tcp] [..172.16.42.216][45694] -> [..52.94.232.134][..443] @@ -516,8 +512,6 @@ [IATS(ms)....: 123.6,128.0,5.4,470.5,0.6,0.6,0.0,1232.5,1.5,5.0,0.7,0.7,10.0,973.2,0.5,0.1,0.0,190.9,73.2,0.3,171.9,0.1,117.0,408.2,413.7,66.7,140.9,83.3,0.1,166.3,19096.2] [PKTLENS.....: 60,48,40,232,46,1500,1500,522,232,232,40,40,40,166,46,46,46,85,40,1500,276,46,198,104,278,233,232,46,46,258,40,342] [ENTROPIES...: 4.7,5.1,4.8,5.5,4.6,7.2,7.3,7.6,5.5,5.5,4.8,4.9,4.7,6.3,4.5,4.5,4.8,5.6,4.8,7.9,7.2,4.5,6.8,6.0,7.1,7.0,6.9,4.5,4.6,7.0,4.8,7.3] - detection-update: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][dp-gw-na-js.amazon.com] - RISK: TLS (probably) Not Carrying HTTPS new: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] detected: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com] detection-update: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com] @@ -669,8 +663,6 @@ [IATS(ms)....: 77.1,79.5,13.2,60.9,0.4,0.6,0.1,48.6,1.8,3.6,177.8,227.4,44.5,20.0,267.2,445.6,122.6,0.1,0.0,0.0,282.5,8.7,270.5,1.6,407.0,0.1,164.1,0.1,290.0,120002.8,0.1] [PKTLENS.....: 60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52] [ENTROPIES...: 4.7,5.3,5.0,5.4,5.1,7.0,7.2,7.6,5.0,5.1,5.0,6.6,7.2,5.0,7.9,7.9,5.1,7.9,7.3,6.1,5.8,5.1,5.1,7.9,7.8,5.1,5.1,7.9,5.9,5.1,5.6,5.1] - detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] - RISK: TLS (probably) Not Carrying HTTPS new: [...134] [ip4][..tcp] [..172.16.42.216][45751] -> [..52.94.232.134][..443] detected: [...134] [ip4][..tcp] [..172.16.42.216][45751] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com] detection-update: [...134] [ip4][..tcp] [..172.16.42.216][45751] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com] @@ -792,8 +784,6 @@ [IATS(ms)....: 133.8,140.4,3.2,141.6,1.3,0.1,137.2,0.3,0.1,2.7,82.2,0.2,95.7,0.4,359.1,405.4,633.6,688.6,100.8,373.1,50.8,202.6,7767.1,1.6,8001.1,353.8,410.1,314.8,108.3,0.2,84.0] [PKTLENS.....: 60,48,40,247,1500,1500,385,40,40,40,366,46,99,1500,190,46,1500,99,40,1500,46,669,40,1500,286,46,40,46,1500,46,46,40] [ENTROPIES...: 4.7,5.2,4.8,5.6,6.8,7.3,7.4,4.7,4.8,4.9,7.4,4.6,6.0,7.9,6.9,4.6,7.9,6.0,4.8,7.9,4.7,7.7,4.8,7.9,7.3,4.5,4.8,4.5,7.9,4.6,4.6,4.9] - detection-update: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com] - RISK: Weak TLS Cipher detected: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS][AmazonAWS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][] @@ -825,7 +815,6 @@ [IATS(ms)....: 42.7,43.7,0.7,45.0,4.0,0.5,0.6,0.3,50.6,0.8,0.3,1.1,7.3,12.7,0.3,65.6,42.6,4.2,48.9,0.4,25.2,76.4,106.0,0.2,0.6,0.6,0.3,0.0,102.0,2.9,1.9] [PKTLENS.....: 60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52] [ENTROPIES...: 4.7,5.2,5.0,5.6,5.0,6.9,7.2,7.5,7.6,5.1,4.9,5.0,4.9,6.3,7.9,7.7,5.2,6.3,7.9,5.1,7.1,5.0,5.0,7.9,7.9,7.9,7.7,7.6,6.3,5.0,6.5,4.8] - detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com] new: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] detected: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][images-na.ssl-images-amazon.com] detection-update: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][images-na.ssl-images-amazon.com] @@ -901,7 +890,6 @@ [IATS(ms)....: 22.8,24.0,0.9,22.8,6.6,0.6,0.6,0.3,39.7,0.1,0.1,0.2,6.8,37.6,46.2,226.7,213.1,3.9,222.3,264.1,0.1,55.3,103.4,0.1,10.4,183.9,242.5,1.0,0.1,38.6,0.1] [PKTLENS.....: 60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52] [ENTROPIES...: 4.7,5.3,5.1,5.7,5.1,7.1,7.3,7.5,7.6,5.1,5.0,5.1,5.0,6.4,7.2,7.9,7.2,5.0,7.9,7.9,7.8,5.8,5.8,5.1,5.1,5.1,7.8,7.9,7.9,7.5,5.1,5.1] - detection-update: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com] detection-update: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com] new: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] detected: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com] @@ -916,7 +904,6 @@ [IATS(ms)....: 168.5,171.2,1.5,108.9,4.4,1.7,0.7,112.7,0.3,4.1,0.2,6.2,0.1,10.4,13.1,1.1,0.3,290.4,0.0,0.0,0.1,299.4,0.7,529.3,1065.9,2114.2,3665.4,7470.6,595.2,595.1,1817.1] [PKTLENS.....: 60,48,40,267,46,46,1500,1500,40,40,1500,655,40,40,166,1500,1424,360,46,46,91,46,40,1424,1424,1424,1424,40,46,1424,46,46] [ENTROPIES...: 4.6,5.1,4.8,5.7,4.6,4.5,7.1,7.3,4.8,4.8,7.4,7.6,4.9,4.8,6.3,7.9,7.9,7.3,4.4,4.3,5.9,4.4,4.7,7.9,7.9,7.9,7.9,4.8,4.3,7.9,4.5,4.5] - detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com] detected: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com] detection-update: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com] detection-update: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com] diff --git a/test/results/flow-info/default/anyconnect-vpn.pcap.out b/test/results/flow-info/default/anyconnect-vpn.pcap.out index db5087883..0aa87a3fc 100644 --- a/test/results/flow-info/default/anyconnect-vpn.pcap.out +++ b/test/results/flow-info/default/anyconnect-vpn.pcap.out @@ -53,8 +53,6 @@ [IATS(ms)....: 39.5,39.5,0.4,43.7,1.2,44.5,40.9,0.0,40.9,0.0,38.2,0.0,38.3,0.0,33.2,0.0,0.0,71.5,0.0,38.3,6.1,35.1,41.2,0.2,42.3,2.9,0.0,0.0,44.9,0.0,0.1] [PKTLENS.....: 64,56,52,219,52,1500,52,1500,1500,52,52,1500,1167,52,52,1500,1500,1319,52,52,663,52,127,52,1161,52,345,697,105,52,52,52] [ENTROPIES...: 4.3,5.1,4.8,5.5,4.8,7.3,4.8,7.1,7.2,4.9,4.8,7.4,5.9,4.8,4.8,6.8,7.2,7.5,4.7,4.8,7.6,4.7,6.2,4.8,7.8,4.9,7.3,7.7,5.8,4.9,4.8,4.8] - detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] detected: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][local] detection-update: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][local] @@ -146,8 +144,6 @@ [IATS(ms)....: 42.4,42.4,2.0,46.9,1.2,46.1,40.3,0.0,40.3,0.0,37.2,0.0,37.2,0.0,97.2,138.0,40.9,1.2,43.3,9.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,51.2,0.0,0.0,0.0] [PKTLENS.....: 64,56,52,204,52,1500,52,1500,1500,52,52,1500,1167,52,52,406,127,52,1017,52,1500,209,1500,209,1500,209,1500,209,52,52,52,52] [ENTROPIES...: 4.2,5.0,4.7,5.5,4.7,7.3,4.7,7.1,7.2,4.8,4.8,7.4,5.9,4.8,4.8,7.4,6.2,4.8,7.8,4.9,7.9,6.9,7.9,6.9,7.9,6.7,7.8,6.8,4.8,4.8,4.8,4.8] - detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [....39] [ip4][..tcp] [.....10.0.0.227][56865] -> [.....10.0.0.149][.8008] [MIDSTREAM] new: [....40] [ip4][..tcp] [.....10.0.0.227][56866] -> [.....10.0.0.151][.8060] [MIDSTREAM] new: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] diff --git a/test/results/flow-info/default/anydesk.pcapng.out b/test/results/flow-info/default/anydesk.pcapng.out index 26d6ef703..f83683ddf 100644 --- a/test/results/flow-info/default/anydesk.pcapng.out +++ b/test/results/flow-info/default/anydesk.pcapng.out @@ -21,10 +21,8 @@ [IATS(ms)....: 164.8,164.9,0.6,1.1,165.0,165.4,0.5,0.5,0.3,0.3,1.8,2.0,164.9,165.2,0.2,0.2,0.2,0.3,218.6,218.7,0.6,0.9,1215.5,1216.3,0.0,0.1,0.9,0.0,0.0,1602.9,0.1] [PKTLENS.....: 60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180] [ENTROPIES...: 4.8,4.9,4.8,5.4,4.4,7.5,4.8,7.8,4.8,4.6,4.7,7.6,4.4,5.8,4.8,5.8,4.8,6.7,4.4,6.8,4.8,6.3,4.4,6.4,7.9,7.9,7.8,4.4,4.4,4.4,7.9,7.8] - detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][AnyDesk][RemoteAccess][Acceptable][] - RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing DAEMON-EVENT: [Processed: 61 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] new: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] detected: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com] detection-update: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com] @@ -56,7 +54,7 @@ [PKTLENS.....: 52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116] [ENTROPIES...: 4.5,4.7,4.7,5.4,4.2,4.3,7.7,6.2,4.7,7.7,4.3,7.8,5.6,4.6,5.7,4.2,5.5,5.6,4.3,5.6,4.7,8.0,4.2,4.3,4.2,5.7,4.3,6.5,4.6,6.0,4.3,6.2] DAEMON-EVENT: [Processed: 120 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0] + DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] detected: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable][] RISK: Missing SNI TLS Extn, Desktop/File Sharing, Uncommon TLS ALPN diff --git a/test/results/flow-info/default/bets.pcapng.out b/test/results/flow-info/default/bets.pcapng.out index 6a07916db..e07e77127 100644 --- a/test/results/flow-info/default/bets.pcapng.out +++ b/test/results/flow-info/default/bets.pcapng.out @@ -14,6 +14,5 @@ [IATS(ms)....: 45.1,45.1,0.7,45.8,1.5,46.5,0.2,0.2,0.4,0.4,0.5,0.0,0.5,2.5,0.0,0.1,0.1,44.5,1.0,0.9,0.0,0.1,43.8,0.2,0.2,0.1,3.0,3.0,1.7,39.8,5.7] [PKTLENS.....: 64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52] [ENTROPIES...: 4.4,5.3,5.1,6.2,5.1,7.8,5.0,7.8,5.2,7.9,5.1,7.8,6.0,5.1,4.9,6.1,6.5,6.1,5.2,5.2,5.2,5.2,6.8,5.1,6.2,5.2,5.6,7.8,5.1,5.0,5.2,5.2] - detection-update: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] end: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/emotet.pcap.out b/test/results/flow-info/default/emotet.pcap.out index 43d8d91f1..fc37e719e 100644 --- a/test/results/flow-info/default/emotet.pcap.out +++ b/test/results/flow-info/default/emotet.pcap.out @@ -79,8 +79,6 @@ [IATS(ms)....: 109.4,109.6,14.1,123.8,13.2,122.9,52.7,132.9,80.3,6.5,151.9,1117.1,0.1,0.2,1262.5,0.1,2.9,0.1,3.1,96.9,0.1,96.9,3.1,0.1,0.2,0.1,3.3,0.0,0.1,2.9,0.1] [PKTLENS.....: 52,52,46,189,46,1418,46,133,282,46,520,46,1428,1428,1428,46,46,1428,1428,52,1428,1428,60,1428,1428,1428,1428,60,60,60,1428,1428] [ENTROPIES...: 4.7,4.9,4.5,5.4,4.6,7.5,4.6,5.9,7.1,4.5,7.5,4.5,7.9,7.9,7.9,4.5,4.5,7.9,7.9,5.0,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,5.1,5.1,7.8,7.9] - detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] - RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] detected: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn diff --git a/test/results/flow-info/default/ftp-start-tls.pcap.out b/test/results/flow-info/default/ftp-start-tls.pcap.out index 50f461b1e..7057706ae 100644 --- a/test/results/flow-info/default/ftp-start-tls.pcap.out +++ b/test/results/flow-info/default/ftp-start-tls.pcap.out @@ -20,8 +20,6 @@ [IATS(ms)....: 0.4,0.1,1.3,15.0,0.1,17.8,3.9,0.1,0.8,0.0,4.3,3.3,0.1,1.0,0.0,0.0,0.0,0.1,0.0,2.6,8.5,40.4,0.1,34.7,4.5,0.7,2.2,1.8,0.3,2.7,2.2] [PKTLENS.....: 46,46,46,46,113,113,50,46,46,71,71,190,46,46,552,552,255,552,552,255,46,370,91,91,77,122,122,77,122,122,85,130] [ENTROPIES...: 4.2,4.8,4.8,4.4,5.4,5.4,5.0,4.3,4.3,5.3,5.3,5.2,4.4,4.4,6.8,7.2,7.0,6.8,7.2,7.0,4.5,7.2,5.9,5.9,5.7,6.2,6.2,5.8,6.3,6.3,6.0,6.3] - detection-update: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Unknown][Download][Unsafe] - RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Unsafe Protocol, Missing SNI TLS Extn idle: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Unknown][Download][Unsafe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Unsafe Protocol, Missing SNI TLS Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/geforcenow.pcapng.out b/test/results/flow-info/default/geforcenow.pcapng.out index 4b878fa29..5ade85c21 100644 --- a/test/results/flow-info/default/geforcenow.pcapng.out +++ b/test/results/flow-info/default/geforcenow.pcapng.out @@ -18,8 +18,6 @@ [IATS(ms)....: 41.2,41.2,0.2,42.7,42.5,0.1,0.0,5.9,47.3,42.0,42.4,0.0,42.0,0.2,4.2,2.5,15.9,0.0,0.0,0.0,9.3,25.2,0.0,25.2,4.2,4.3,11.8,11.7,0.0,0.0,0.0] [PKTLENS.....: 60,60,52,569,2948,52,575,52,145,326,721,324,235,52,217,96,96,2948,2948,2948,1500,52,2948,2948,52,2948,52,2948,52,2948,52,2948] [ENTROPIES...: 4.8,5.3,5.2,4.8,7.3,5.2,7.6,5.2,6.1,7.2,7.7,7.3,7.0,5.2,6.9,5.8,5.7,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,5.2,7.9,5.3,7.9,5.2,7.9] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun][80-84-167-206.cloudmatchbeta.nvidiagrid.net] - RISK: Known Proto on Non Std Port new: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] detected: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable][] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/default/imap-starttls.pcap.out b/test/results/flow-info/default/imap-starttls.pcap.out index 4ab4f6cfd..bd2068a73 100644 --- a/test/results/flow-info/default/imap-starttls.pcap.out +++ b/test/results/flow-info/default/imap-starttls.pcap.out @@ -20,8 +20,6 @@ [IATS(ms)....: 189.8,189.9,188.3,188.3,0.1,192.5,0.3,192.6,0.2,186.5,0.0,186.4,0.4,197.4,0.2,197.1,2.0,0.2,2.2,0.1,3.7,191.6,187.9,1487.0,1677.8,0.2,190.8,0.0,0.3,0.0,189.4] [PKTLENS.....: 64,52,40,311,40,54,46,267,40,52,72,46,40,358,1500,1500,40,1500,622,40,40,166,91,40,79,119,71,40,40,71,40,46] [ENTROPIES...: 4.6,4.7,4.5,5.4,4.7,5.1,4.5,5.2,4.7,5.0,5.3,4.5,4.8,5.4,6.9,7.2,4.7,7.1,7.7,4.4,4.7,6.5,5.5,4.7,5.7,6.1,5.1,4.7,4.7,5.5,4.5,3.9] - detection-update: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Unknown][Email][Safe] - RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn end: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Unknown][Email][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/instagram.pcap.out b/test/results/flow-info/default/instagram.pcap.out index b2f0a707c..d22e00bdf 100644 --- a/test/results/flow-info/default/instagram.pcap.out +++ b/test/results/flow-info/default/instagram.pcap.out @@ -18,7 +18,6 @@ [IATS(ms)....: 88.9,75.9,165.0,1522.7,1572.5,340.3,390.0,2.2,2.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,0.1,29.9,30.0,0.7,0.7,0.7,0.7] [PKTLENS.....: 1417,52,665,52,1049,52,1450,52,195,52,1450,52,1283,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52] [ENTROPIES...: 7.9,5.1,7.7,5.0,7.8,5.0,7.9,5.1,6.7,5.1,7.9,5.1,7.8,5.1,7.9,5.0,7.8,5.1,7.9,5.1,7.8,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.1] - detection-update: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe] new: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun][photos-h.ak.instagram.com] new: [.....4] [ip4][..tcp] [..192.168.0.103][57936] -> [...82.85.26.162][...80] [MIDSTREAM] @@ -169,7 +168,7 @@ update: [....10] [ip4][..udp] [..192.168.0.106][17500] -> [..192.168.0.255][17500] [Dropbox][Unknown][Cloud][Acceptable] update: [....11] [ip4][..udp] [....192.168.0.1][..520] -> [..192.168.0.255][..520] DAEMON-EVENT: [Processed: 633 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 32 / 32|skipped: 0|!detected: 0|guessed: 0|detection-updates: 13|updates: 4] + DAEMON-EVENT: [Flows][active: 32 / 32|skipped: 0|!detected: 0|guessed: 0|detection-updates: 12|updates: 4] new: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] detected: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] detection-update: [....33] [ip4][..tcp] [...192.168.2.17][49355] -> [....31.13.86.52][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com] diff --git a/test/results/flow-info/default/iphone.pcap.out b/test/results/flow-info/default/iphone.pcap.out index db40cc79d..aed7c6528 100644 --- a/test/results/flow-info/default/iphone.pcap.out +++ b/test/results/flow-info/default/iphone.pcap.out @@ -176,7 +176,6 @@ [IATS(ms)....: 146.0,171.0,0.4,171.3,2.7,0.1,11.1,1.3,11.2,179.7,0.0,0.1,0.1,15.6,168.2,146.4,161.4,0.7,308.7,51.5,198.2,655.7,0.2,0.2,0.3,803.5,1.3,180.3,0.3,0.3,0.2] [PKTLENS.....: 64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492] [ENTROPIES...: 4.4,5.0,4.9,4.7,5.0,6.2,4.6,7.1,7.5,7.5,4.9,4.9,4.9,4.8,6.0,5.6,5.0,7.8,7.2,5.1,7.8,4.9,7.8,7.9,7.9,7.9,5.0,5.0,7.9,7.9,7.9,7.8] - detection-update: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-keyvalueservice.icloud.com] new: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] detected: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][sync.itunes.apple.com] detection-update: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][sync.itunes.apple.com] diff --git a/test/results/flow-info/default/long_tls_certificate.pcap.out b/test/results/flow-info/default/long_tls_certificate.pcap.out index 15c9d3771..5f66361d8 100644 --- a/test/results/flow-info/default/long_tls_certificate.pcap.out +++ b/test/results/flow-info/default/long_tls_certificate.pcap.out @@ -15,6 +15,5 @@ [IATS(ms)....: 370.8,370.9,9.4,360.9,2.8,0.1,0.1,354.4,0.1,0.1,0.1,0.1,8.1,8.1,5.8,200.3,194.6,174.3,0.0,174.3,0.0,2.3,0.1,0.1,0.1,0.1,94.1,91.5,274.6,0.0,0.0] [PKTLENS.....: 64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52] [ENTROPIES...: 4.4,4.3,4.7,4.4,4.6,6.2,4.7,4.7,4.6,6.8,4.7,7.5,4.6,7.5,4.7,6.3,6.2,4.9,5.9,6.2,4.7,4.7,5.7,5.7,5.2,6.0,5.3,6.1,4.8,5.1,5.0,5.1] - detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable][beacon-api.aliyuncs.com] end: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/nest_log_sink.pcap.out b/test/results/flow-info/default/nest_log_sink.pcap.out index ea3b570c7..92c99f38d 100644 --- a/test/results/flow-info/default/nest_log_sink.pcap.out +++ b/test/results/flow-info/default/nest_log_sink.pcap.out @@ -15,7 +15,6 @@ [PKTLENS.....: 46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40] [ENTROPIES...: 4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9,4.4,4.9,4.9,4.4,4.5,4.9,4.5,4.9,4.9,4.5,4.5,4.9] guessed: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] - detected: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable] DAEMON-EVENT: [Processed: 60 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0] new: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] diff --git a/test/results/flow-info/default/netflix.pcap.out b/test/results/flow-info/default/netflix.pcap.out index abeadd9ed..02d78dc9a 100644 --- a/test/results/flow-info/default/netflix.pcap.out +++ b/test/results/flow-info/default/netflix.pcap.out @@ -88,8 +88,6 @@ [IATS(ms)....: 50.8,52.1,3.9,68.9,0.5,14.7,80.5,16.9,16.6,16.1,0.4,0.2,66.7,0.8,50.7,3.2,0.3,61.4,291.2,0.1,350.1,11.8,12.8,24.1,12.5,12.3,13.9,13.7,2.7,13.3,16.3] [PKTLENS.....: 64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52] [ENTROPIES...: 4.6,5.2,5.1,6.0,5.2,7.3,7.3,5.1,7.0,5.1,6.3,5.0,6.0,5.2,5.9,5.1,7.9,7.7,5.2,7.9,7.9,5.1,7.9,7.9,5.1,7.9,5.0,7.1,5.1,7.9,7.8,5.1] - detection-update: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] detected: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][sha2.san.akam.nflximg.net] detection-update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][sha2.san.akam.nflximg.net] @@ -107,8 +105,6 @@ [IATS(ms)....: 49.5,50.9,4.4,54.3,2.4,1.0,53.5,43.0,42.8,12.7,0.3,0.2,57.4,5.1,49.3,4.2,0.4,50.0,75.8,32.1,2.0,0.9,5.1,4.7,0.1,7402.2,0.1,7507.8,0.9,35.7,1.0] [PKTLENS.....: 64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474] [ENTROPIES...: 4.6,5.3,5.1,6.0,5.2,7.3,7.3,5.1,7.1,5.1,6.4,5.1,6.0,5.2,6.0,5.2,7.9,7.7,5.2,5.2,6.8,6.1,5.9,5.2,5.2,5.2,7.9,7.7,5.2,5.2,7.9,7.5] - detection-update: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] - RISK: TLS (probably) Not Carrying HTTPS new: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] detected: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][artwork.akam.nflximg.net] detection-update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][artwork.akam.nflximg.net] @@ -372,7 +368,6 @@ [IATS(ms)....: 47.0,48.4,1.7,53.1,2.6,1.0,62.3,11.1,6.0,10.8,0.3,0.3,60.3,3.4,50.1,4.4,0.9,0.6,55.9,50.5,0.3,42.7,4.0,5.1,5.2,0.1,57.7,0.3,30033.4,30086.0,0.8] [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52] [ENTROPIES...: 4.5,5.3,5.1,5.8,5.1,7.3,7.3,5.1,6.9,5.1,6.1,5.0,6.0,5.2,6.0,5.2,7.9,7.9,7.9,5.2,7.8,7.4,5.1,5.1,5.1,7.8,6.3,5.2,5.1,5.1,5.8,5.1] - detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] new: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] new: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] detected: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141] @@ -399,7 +394,6 @@ [IATS(ms)....: 44.9,46.3,7.4,58.2,1.8,1.0,55.8,12.1,9.9,9.3,0.3,0.2,60.5,0.1,50.8,11.5,0.5,0.2,72.1,60.9,0.3,50.8,0.4,15.7,16.9,0.1,0.1,82.9,0.3,0.1,30431.5] [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52] [ENTROPIES...: 4.6,5.3,5.1,5.8,5.2,7.2,7.3,5.1,7.0,5.2,6.3,5.1,5.9,5.3,6.1,5.2,7.9,7.9,7.9,5.2,7.9,7.3,5.2,5.3,5.3,7.8,6.2,5.9,5.2,5.2,5.2,5.0] - detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] detected: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] RISK: TLS (probably) Not Carrying HTTPS detected: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] @@ -425,8 +419,6 @@ [IATS(ms)....: 50.8,52.1,6.3,61.1,40.7,74.7,170.4,11.8,79.4,67.6,2.0,57.4,55.8,1.7,0.8,0.2,0.2,82.5,79.7,0.2,94.6,127.5,60.6,282.5,10.6,27.6,38.0,39.9,42.9,7.7,0.7] [PKTLENS.....: 64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52] [ENTROPIES...: 4.6,5.4,5.2,4.4,5.2,7.2,7.7,5.2,6.5,6.0,5.1,7.8,6.2,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.4,5.2,5.2,7.8,5.2,7.9,7.9,5.2,6.2,5.2,5.8,5.1] - detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com] - RISK: TLS (probably) Not Carrying HTTPS analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.333| 0.059| 0.083| 6944.879| 3.800] @@ -437,7 +429,6 @@ [IATS(ms)....: 69.5,71.0,2.6,55.6,49.1,64.4,167.9,331.9,332.6,26.5,0.7,0.7,87.7,0.5,60.7,8.8,7.1,0.4,81.1,62.8,0.8,0.2,0.1,68.1,67.1,0.8,0.2,0.1,111.2,109.6,2.5] [PKTLENS.....: 64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500] [ENTROPIES...: 4.6,5.3,5.2,5.8,5.1,7.2,7.3,5.2,6.9,5.2,6.2,5.1,6.1,5.2,6.0,5.2,7.9,7.9,7.9,5.2,7.9,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9] - detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com] analyse: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.005| 0.731| 0.102| 0.156| 24231.225| 4.000] @@ -530,7 +521,6 @@ [IATS(ms)....: 58.3,61.2,1.8,70.6,2.9,1.0,71.3,11.6,12.3,13.1,0.1,0.1,65.7,0.8,52.3,3.6,0.2,91.6,51.8,0.3,140.2,3.7,3.4,3.9,5.5,6.4,5.0,437.2,0.9,500.9,291.9] [PKTLENS.....: 64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500] [ENTROPIES...: 4.6,5.3,5.2,4.1,5.0,7.3,7.3,5.2,7.0,5.2,6.3,5.1,6.0,5.1,6.0,5.2,7.9,7.8,5.2,7.9,7.5,5.2,7.6,5.1,7.7,5.2,6.0,5.2,7.9,7.7,5.0,7.9] - detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com] analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.100| 0.036| 0.022| 464.586| 4.700] diff --git a/test/results/flow-info/default/pinterest.pcap.out b/test/results/flow-info/default/pinterest.pcap.out index 2046e48c2..83e2461a6 100644 --- a/test/results/flow-info/default/pinterest.pcap.out +++ b/test/results/flow-info/default/pinterest.pcap.out @@ -17,7 +17,6 @@ [IATS(ms)....: 17.6,17.7,0.5,40.0,1.7,0.0,0.0,41.2,0.0,0.0,0.2,0.0,0.0,0.2,0.0,0.0,7.0,0.3,0.4,41.6,0.0,0.0,33.9,0.5,0.0,0.5,0.2,42.0,172.4,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1120,1120,1120,72,72,72,1120,1120,154,72,72,72,165,171,437,72,72,330,72,138,72,72,110,72,1120,1120,549] [ENTROPIES...: 4.8,5.2,5.2,4.5,5.0,6.8,4.5,6.6,5.2,5.2,5.3,7.1,7.6,6.3,5.2,5.2,5.1,6.1,6.4,7.4,5.1,5.0,7.1,5.3,6.2,5.1,5.2,5.6,5.1,7.8,7.8,7.6] - detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][www.pinterest.fr] new: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] new: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38514] -> [.......................2a04:4e42:1d::84][..443] new: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38516] -> [.......................2a04:4e42:1d::84][..443] @@ -99,7 +98,6 @@ [IATS(ms)....: 39.8,39.9,0.4,39.9,1.9,0.0,41.3,0.0,0.1,0.0,0.0,0.0,0.6,0.0,0.6,0.0,2.9,2.6,0.6,39.8,0.1,1.1,1.9,0.0,36.8,0.0,0.2,49.7,40.1,0.0,89.6] [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72] [ENTROPIES...: 4.8,5.1,5.1,4.6,5.0,6.8,4.4,5.2,5.1,6.6,7.1,5.2,5.2,7.6,6.2,5.2,5.2,6.1,6.3,7.3,5.0,5.0,5.0,7.0,6.2,5.2,5.2,5.6,5.0,7.5,6.9,5.2] - detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com] analyse: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.050| 0.008| 0.015| 236.626| 2.900] @@ -110,7 +108,6 @@ [IATS(ms)....: 50.3,50.3,0.2,31.7,3.1,0.0,34.6,0.0,0.7,0.7,1.2,0.0,1.2,0.0,2.6,0.1,0.2,32.3,0.0,0.0,0.0,0.0,29.5,0.0,0.5,0.0,0.0,0.5,0.0,0.0,0.6] [PKTLENS.....: 80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460] [ENTROPIES...: 4.7,5.1,5.1,4.5,5.0,6.7,4.9,5.1,5.1,7.4,5.1,7.3,7.6,5.1,5.2,5.9,6.3,7.4,5.0,5.0,5.0,7.1,6.2,5.2,5.1,7.9,7.9,7.9,5.1,5.1,5.1,7.8] - detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe][images.unsplash.com] new: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Google][Web][Acceptable][www.gstatic.com] new: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] @@ -212,7 +209,6 @@ [IATS(ms)....: 46.5,46.6,0.4,49.8,3.6,0.0,52.9,0.0,1.3,0.0,1.3,0.0,2.4,0.3,0.5,109.0,0.0,0.0,0.0,0.0,0.0,105.9,0.0,0.0,6.5,35.8,111.1,136.0,0.0,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460] [ENTROPIES...: 4.7,5.1,5.1,4.5,5.0,6.4,5.2,5.2,5.2,7.3,7.6,5.2,5.1,6.1,6.3,7.2,5.0,5.0,7.1,6.1,4.9,7.5,5.2,5.1,5.2,5.6,5.0,6.7,5.0,7.9,7.8,7.8] - detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][assets.pinterest.com] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][js-agent.newrelic.com] detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][js-agent.newrelic.com] @@ -227,7 +223,6 @@ [IATS(ms)....: 21.0,21.0,0.5,37.1,8.9,0.0,45.5,0.0,2.0,0.0,0.0,0.0,2.0,0.0,0.0,0.0,0.1,0.0,7.8,0.5,0.4,31.0,0.0,0.4,0.0,22.8,0.0,0.4,8.3,2.6,0.0] [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120] [ENTROPIES...: 4.8,5.1,5.2,4.5,5.1,6.9,5.1,5.2,5.2,6.7,7.2,7.3,7.6,5.2,5.1,5.2,5.2,5.6,5.2,6.0,6.4,7.1,5.1,5.1,7.0,6.2,5.2,5.2,5.7,5.0,7.8,7.8] - detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][js-agent.newrelic.com] guessed: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] [TLS][Google][Web][Safe] idle: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] idle: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe] diff --git a/test/results/flow-info/default/pop3_stls.pcap.out b/test/results/flow-info/default/pop3_stls.pcap.out index 4299af780..f1998b6f9 100644 --- a/test/results/flow-info/default/pop3_stls.pcap.out +++ b/test/results/flow-info/default/pop3_stls.pcap.out @@ -20,8 +20,6 @@ [IATS(ms)....: 68.2,69.0,68.7,120.6,119.8,1003.1,1075.3,72.5,0.5,70.8,70.3,69.5,71.0,0.2,69.9,69.1,0.3,69.2,7.0,114.4,36.0,229.4,154.0,2002.9,2072.1,69.1,0.7,117.2,116.7,68.9,75.8] [PKTLENS.....: 52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89] [ENTROPIES...: 4.5,4.8,4.7,5.2,5.0,4.5,5.4,5.0,4.5,5.5,5.0,5.4,5.5,7.1,7.1,4.7,6.9,7.2,4.8,7.4,4.5,7.0,5.8,4.5,5.8,5.7,4.5,7.0,5.9,6.0,5.7,5.9] - detection-update: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Unknown][Email][Safe] - RISK: Obsolete TLS (v1.1 or older), Unsafe Protocol end: [.....1] [ip4][..tcp] [..192.168.20.18][50583] -> [...72.249.41.52][..110] [POPS][Unknown][Email][Safe] RISK: Obsolete TLS (v1.1 or older), Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/psiphon3.pcap.out b/test/results/flow-info/default/psiphon3.pcap.out index f300a8205..051968a71 100644 --- a/test/results/flow-info/default/psiphon3.pcap.out +++ b/test/results/flow-info/default/psiphon3.pcap.out @@ -18,8 +18,6 @@ [IATS(ms)....: 6.0,17.4,0.0,14.4,0.0,0.0,1.0,16.0,7.0,5.0,0.0,0.0,3.0,28.0,2.0,3.0,1.0,0.0,7.0,25.9,0.0,1.4,0.0,0.0,4.0,20.8,1.0,46.1,1.0,0.0,0.0] [PKTLENS.....: 60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048] [ENTROPIES...: 4.6,4.6,4.8,4.8,4.8,5.4,4.8,5.4,4.8,4.8,7.0,7.2,7.0,7.2,4.8,4.8,4.8,4.8,5.9,5.9,4.8,4.8,7.0,6.0,7.0,6.0,4.7,4.7,6.3,7.3,5.4,7.8] - detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable][] - RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch end: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable] RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/reddit.pcap.out b/test/results/flow-info/default/reddit.pcap.out index b1ea3f106..6944b206f 100644 --- a/test/results/flow-info/default/reddit.pcap.out +++ b/test/results/flow-info/default/reddit.pcap.out @@ -99,7 +99,6 @@ [IATS(ms)....: 44.6,44.7,0.3,51.0,1.8,0.0,0.0,0.0,52.5,0.0,0.0,0.0,2.4,0.7,0.1,0.1,49.0,0.0,45.8,0.1,0.2,1.2,0.0,0.0,0.0,1.4,0.0,0.0,0.1,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1120,1120,1120,602,72,72,72,72,165,171,389,153,72,330,72,72,72,138,72,1120,1118,72,72,72,1120,72,1120] [ENTROPIES...: 4.9,5.4,5.3,4.6,5.1,6.9,7.3,7.4,7.5,5.2,5.2,5.2,5.3,6.1,6.4,7.3,6.1,5.1,7.1,5.3,5.1,5.0,6.2,5.1,7.8,7.8,5.3,5.2,5.3,7.8,5.2,7.8] - detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][emoji.redditmedia.com] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][b.thumbs.redditmedia.com] detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][b.thumbs.redditmedia.com] @@ -114,7 +113,6 @@ [IATS(ms)....: 25.8,25.9,0.4,66.4,26.1,92.0,0.8,0.0,0.0,0.8,0.0,0.0,1.6,0.1,0.3,42.1,0.0,0.0,6.2,0.0,0.0,0.0,0.0,0.0,46.4,0.0,0.0,0.0,0.0,0.0,0.9] [PKTLENS.....: 80,80,72,589,72,1120,72,1120,1120,623,72,72,72,165,171,403,72,72,72,346,138,1120,1120,1120,1120,72,72,72,72,72,72,110] [ENTROPIES...: 4.9,5.3,5.3,4.6,5.1,7.0,5.3,7.3,7.3,7.6,5.3,5.3,5.3,6.1,6.5,7.3,5.1,5.2,5.2,7.2,6.2,7.8,7.8,7.8,7.8,5.3,5.3,5.3,5.3,5.3,5.3,5.7] - detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][b.thumbs.redditmedia.com] new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] new: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] @@ -144,7 +142,6 @@ [IATS(ms)....: 38.5,38.6,0.4,37.3,14.2,0.0,0.0,0.0,0.0,51.0,0.0,0.0,0.0,0.0,2.4,0.1,0.1,31.3,0.0,1.6,0.0,30.2,0.1,3.4,0.0,0.0,0.0,3.2,0.0,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1460,1460,1460,1460,387,72,72,72,72,72,136,164,330,72,72,72,143,72,103,1460,1460,1460,1460,72,72,72,72] [ENTROPIES...: 4.8,5.2,5.2,4.5,5.1,7.8,7.8,7.9,7.8,7.4,5.2,5.2,5.2,5.2,5.1,6.1,6.5,7.3,5.0,5.0,5.1,6.3,5.2,5.9,7.9,7.8,7.9,7.8,5.2,5.2,5.3,5.3] - detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable][c.amazon-adsystem.com] new: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] detected: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] [TLS.Google][Unknown][Advertisement][Acceptable][securepubads.g.doubleclick.net] new: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] @@ -195,7 +192,6 @@ [IATS(ms)....: 41.3,41.4,0.2,45.6,16.1,0.0,0.0,61.5,0.0,0.0,3.9,0.4,0.1,94.0,180.2,10.5,0.0,92.3,0.1,0.4,5.5,8.0,1.9,14.9,15.5,0.0,15.5,0.0,0.3,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1460,1460,660,72,72,72,198,171,330,330,72,346,141,72,72,110,72,72,110,72,1460,1460,72,72,1460,1460,1460] [ENTROPIES...: 5.3,5.6,5.5,4.7,5.4,6.9,7.4,7.6,5.4,5.4,5.3,6.5,6.4,7.2,7.2,5.4,7.2,6.3,5.5,5.5,5.8,5.4,5.4,6.0,5.4,7.9,7.9,5.5,5.5,7.9,7.9,7.9] - detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe][secure.quantserve.com] new: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] new: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] @@ -225,7 +221,6 @@ [IATS(ms)....: 29.2,29.3,0.2,29.5,187.3,216.6,0.3,0.0,0.3,0.0,1.8,0.2,0.0,70.3,211.9,6.5,0.0,182.9,58.3,20.2,41.8,0.1,0.0,0.9,11.7,10.9,9.9,6.2,112.5,128.6,76.1] [PKTLENS.....: 80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338] [ENTROPIES...: 4.8,5.2,5.2,4.6,5.1,6.8,5.2,7.4,7.6,5.2,5.2,6.4,6.3,7.1,7.1,5.1,5.1,5.1,6.4,5.1,7.0,5.2,5.9,5.2,5.6,5.9,5.2,5.1,5.1,7.5,5.2,7.3] - detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][syndication.twitter.com] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun][cdn.syndication.twimg.com] detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun][cdn.syndication.twimg.com] @@ -291,7 +286,6 @@ [IATS(ms)....: 25.7,25.8,0.2,144.2,0.0,0.0,144.0,0.0,0.1,0.0,0.0,0.0,2.5,0.6,1.3,49.7,0.0,0.0,0.0,45.4,0.0,0.1,0.0,0.1,0.7,0.4,0.9,38.4,2.5,1.1,2.2] [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,587,72,72,165,171,471,72,72,330,138,72,72,72,439,72,110,566,142,72,72,72,114] [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,6.9,7.4,5.2,5.2,7.3,7.5,5.2,5.2,6.1,6.4,7.4,5.2,5.1,7.1,6.2,5.2,5.3,5.1,7.5,5.3,5.6,7.6,6.2,5.1,5.1,5.1,6.0] - detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][gateway.reddit.com] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] new: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.fr] diff --git a/test/results/flow-info/default/roblox.pcapng.out b/test/results/flow-info/default/roblox.pcapng.out index 1c0b2706b..c03a1d842 100644 --- a/test/results/flow-info/default/roblox.pcapng.out +++ b/test/results/flow-info/default/roblox.pcapng.out @@ -16,15 +16,14 @@ [IATS(ms)....: 28.5,194.1,21.5,215.7,0.0,0.0,0.5,0.0,126.9,1.3,3.5,0.3,4.4,2.6,0.5,0.2,137.9,0.1,0.7,108.0,106.8,174.6,10000.2,0.3,357.2,548.0,10785.6,40.1,91.7,5.7,187.6] [PKTLENS.....: 60,60,52,569,1500,1500,1252,1500,891,52,52,52,52,52,116,1076,702,323,323,52,52,578,52,76,52,52,76,52,52,76,52,40] [ENTROPIES...: 4.8,5.3,5.2,4.8,7.9,7.9,7.8,7.9,7.8,5.2,5.2,5.1,5.1,5.0,6.1,7.8,7.7,7.3,7.3,5.2,5.1,7.6,5.2,5.7,5.2,5.1,5.7,5.1,5.1,5.7,5.1,4.0] - detection-update: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] [TLS.Roblox][Roblox][Game][Fun][assetgame.roblox.com] DAEMON-EVENT: [Processed: 47 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....3] [ip4][..udp] [.192.168.12.156][45693] -> [..128.116.44.33][53385] detected: [.....3] [ip4][..udp] [.192.168.12.156][45693] -> [..128.116.44.33][53385] [RakNet][Roblox][Game][Fun] idle: [.....1] [ip4][..udp] [.192.168.12.156][42965] -> [.128.116.89.113][63862] [RakNet][Roblox][Game][Fun] end: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] [TLS.Roblox][Roblox][Game][Fun] DAEMON-EVENT: [Processed: 64 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....4] [ip4][..udp] [.192.168.12.156][46507] -> [..128.116.44.33][51438] detected: [.....4] [ip4][..udp] [.192.168.12.156][46507] -> [..128.116.44.33][51438] [RakNet][Roblox][Game][Fun] idle: [.....3] [ip4][..udp] [.192.168.12.156][45693] -> [..128.116.44.33][53385] [RakNet][Roblox][Game][Fun] diff --git a/test/results/flow-info/default/signal.pcap.out b/test/results/flow-info/default/signal.pcap.out index f570cceff..9dc2a1b9a 100644 --- a/test/results/flow-info/default/signal.pcap.out +++ b/test/results/flow-info/default/signal.pcap.out @@ -114,7 +114,6 @@ [IATS(ms)....: 32.9,39.8,0.1,40.0,2.7,0.0,39.4,7.8,43.4,0.4,0.0,34.7,0.1,7.5,0.5,0.0,0.1,0.4,5.9,0.1,0.4,42.2,0.0,0.5,26.8,7.6,10.7,0.1,0.3,0.3,26.1] [PKTLENS.....: 64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52] [ENTROPIES...: 4.4,5.2,5.0,4.3,5.1,7.1,7.7,5.1,6.3,5.1,6.0,6.4,5.1,5.1,5.7,5.6,5.5,7.0,5.4,7.9,7.9,7.9,4.9,5.9,5.1,7.6,5.1,7.9,7.9,7.9,7.9,5.1] - detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Fun][cdn.signal.org] idle: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] end: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [TLS][Apple][Web][Safe] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/simple-dnscrypt.pcap.out b/test/results/flow-info/default/simple-dnscrypt.pcap.out index 1dfe2adab..4e81440ad 100644 --- a/test/results/flow-info/default/simple-dnscrypt.pcap.out +++ b/test/results/flow-info/default/simple-dnscrypt.pcap.out @@ -15,7 +15,6 @@ [IATS(ms)....: 110.6,111.2,27.9,119.6,18.5,5.2,114.9,3.0,7.5,0.0,0.0,10.6,4.9,14.9,0.1,0.1,0.4,91.8,0.0,71.5,3.1,28.8,0.0,26.8,76.4,36.0,32.6,95.2,61.6,222.0,0.0] [PKTLENS.....: 52,52,40,246,40,1350,1350,40,1350,1350,1350,346,40,166,93,96,82,258,298,109,40,78,40,78,40,40,40,401,40,105,1350,1310] [ENTROPIES...: 4.7,5.1,4.9,5.6,4.9,7.3,7.2,4.7,7.6,7.5,7.6,7.3,4.8,6.4,5.7,5.8,5.5,7.1,7.1,6.1,4.9,5.4,4.9,5.8,4.9,4.9,4.9,7.3,4.9,6.0,7.8,7.8] - detection-update: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable][simplednscrypt.org] new: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] new: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] new: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] @@ -38,7 +37,6 @@ [IATS(ms)....: 76.9,77.0,0.2,75.5,27.7,2.5,105.6,0.6,0.0,0.6,1.3,0.0,1.6,3.3,3.7,0.1,0.1,3.1,0.1,0.0,84.7,0.0,74.1,4.3,0.0,9.6,25.1,23.4,82.0,4.1,98.4] [PKTLENS.....: 52,52,40,250,40,1350,1350,40,1350,1350,40,1350,346,40,166,93,96,82,320,119,118,298,109,40,40,78,40,78,40,402,401,40] [ENTROPIES...: 4.7,5.0,4.8,5.5,4.8,7.3,7.3,4.8,7.6,7.5,4.7,7.6,7.4,4.8,6.3,5.6,5.8,5.5,7.3,6.0,6.1,7.2,6.3,4.9,4.9,5.8,4.8,5.4,4.9,7.5,7.4,4.9] - detection-update: [.....4] [ip4][..tcp] [.192.168.43.167][50259] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable][simplednscrypt.org] idle: [.....1] [ip4][..tcp] [.192.168.43.167][50233] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable] idle: [.....2] [ip4][..tcp] [.192.168.43.167][50253] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable] idle: [.....3] [ip4][..tcp] [.192.168.43.167][50258] -> [..134.119.26.24][..443] [TLS.DNScrypt][Unknown][Network][Acceptable] diff --git a/test/results/flow-info/default/sites.pcapng.out b/test/results/flow-info/default/sites.pcapng.out index 53efbbef8..a7aa66b10 100644 --- a/test/results/flow-info/default/sites.pcapng.out +++ b/test/results/flow-info/default/sites.pcapng.out @@ -32,10 +32,9 @@ [IATS(ms)....: 46.8,50.1,2.2,52.9,0.2,0.0,0.0,0.0,52.2,0.0,0.0,0.0,1.5,0.6,2.4,52.4,0.0,0.8,3.1,0.0,0.2,0.0,0.0,0.0,0.0,0.0,0.2,47.9,0.0,0.0,0.2] [PKTLENS.....: 60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83] [ENTROPIES...: 4.7,5.2,5.0,5.4,5.1,7.8,7.9,7.8,6.5,5.0,5.0,5.1,5.1,6.3,6.9,7.1,7.4,6.0,5.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.4,5.1,5.0,5.1,5.6] - detection-update: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Unknown][Web][Safe][upload.wikimedia.org] end: [.....3] [ip4][..tcp] [..192.168.1.227][50071] -> [...52.73.71.226][..443] [TLS.Fuze][AmazonAWS][VoIP][Acceptable] DAEMON-EVENT: [Processed: 118 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 0] new: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] detected: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][Unknown][SocialNetwork][Fun][videosnap.like.video] analyse: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][Unknown][SocialNetwork][Fun] @@ -50,31 +49,31 @@ [ENTROPIES...: 4.7,4.9,4.3,5.7,4.3,7.7,7.9,7.8,7.9,7.9,7.9,7.9,4.3,4.3,4.3,4.3,4.3,4.3,4.3,5.7,7.7,7.9,7.9,7.9,4.3,4.3,7.9,7.9,4.3,4.3,4.3,4.3] end: [.....4] [ip4][..tcp] [..192.168.1.128][50620] -> [.91.198.174.208][..443] [TLS.Wikipedia][Unknown][Web][Safe] DAEMON-EVENT: [Processed: 230 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 0] new: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] detected: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Unknown][Streaming][Fun][f.vimeocdn.com] detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Unknown][Streaming][Fun][f.vimeocdn.com] detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Unknown][Streaming][Fun][f.vimeocdn.com] end: [.....5] [ip4][..tcp] [..192.168.1.250][39890] -> [...45.82.241.51][...80] [HTTP.Likee][Unknown][SocialNetwork][Fun] DAEMON-EVENT: [Processed: 255 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 8|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0] new: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] detected: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][AmazonAWS][Streaming][Fun][prod-static.disney-plus.net] detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][AmazonAWS][Streaming][Fun][prod-static.disney-plus.net] end: [.....6] [ip4][..tcp] [..192.168.1.128][46724] -> [.199.232.82.109][..443] [TLS.Vimeo][Unknown][Streaming][Fun] DAEMON-EVENT: [Processed: 284 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 9|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 8|updates: 0] new: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] detected: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Unknown][Web][Fun][api.accuweather.com] detection-update: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Unknown][Web][Fun][api.accuweather.com] end: [.....7] [ip4][..tcp] [..192.168.1.128][48918] -> [...143.204.9.65][..443] [TLS.DisneyPlus][AmazonAWS][Streaming][Fun] DAEMON-EVENT: [Processed: 314 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 10|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 9|updates: 0] new: [.....9] [ip4][..udp] [..192.168.1.123][59102] -> [..216.58.209.46][..443] detected: [.....9] [ip4][..udp] [..192.168.1.123][59102] -> [..216.58.209.46][..443] [QUIC.GoogleClassroom][Google][Collaborative][Safe][classroom.google.com] end: [.....8] [ip4][..tcp] [.192.168.12.169][39248] -> [...23.12.104.83][..443] [TLS.AccuWeather][Unknown][Web][Fun] DAEMON-EVENT: [Processed: 315 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 10|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 9|updates: 0] new: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] detected: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] [TLS.Badoo][Unknown][SocialNetwork][Fun][www.badoo.com] detection-update: [....10] [ip4][..tcp] [..192.168.1.128][35054] -> [..31.222.67.112][..443] [TLS.Badoo][Unknown][SocialNetwork][Fun][www.badoo.com] @@ -158,7 +157,7 @@ detected: [....36] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] [TLS.Outlook][Outlook][Email][Acceptable][outlook.com] detection-update: [....36] [ip4][..tcp] [..192.168.1.128][39828] -> [....40.97.160.2][..443] [TLS.Outlook][Outlook][Email][Acceptable][outlook.com] DAEMON-EVENT: [Processed: 457 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 27 / 36|skipped: 0|!detected: 0|guessed: 0|detection-updates: 39|updates: 0] + DAEMON-EVENT: [Flows][active: 27 / 36|skipped: 0|!detected: 0|guessed: 0|detection-updates: 38|updates: 0] new: [....37] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] detected: [....37] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AmazonAWS][VirtAssistant][Acceptable][guzzoni.apple.com] detection-update: [....37] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AmazonAWS][VirtAssistant][Acceptable][guzzoni.apple.com] @@ -222,7 +221,7 @@ detected: [....46] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] [QUIC.GooglePlus][Google][SocialNetwork][Fun][plus.google.com] update: [....44] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Google][Web][Acceptable] DAEMON-EVENT: [Processed: 512 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 10 / 46|skipped: 0|!detected: 0|guessed: 4|detection-updates: 48|updates: 1] + DAEMON-EVENT: [Flows][active: 10 / 46|skipped: 0|!detected: 0|guessed: 4|detection-updates: 47|updates: 1] new: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] detected: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Unknown][Streaming][Fun][pandora.com] detection-update: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Unknown][Streaming][Fun][pandora.com] diff --git a/test/results/flow-info/default/teams.pcap.out b/test/results/flow-info/default/teams.pcap.out index 9ebd658bc..333036c26 100644 --- a/test/results/flow-info/default/teams.pcap.out +++ b/test/results/flow-info/default/teams.pcap.out @@ -29,7 +29,6 @@ [IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5] [PKTLENS.....: 64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40] [ENTROPIES...: 4.4,4.9,4.5,5.4,4.6,7.4,7.4,4.7,7.5,4.6,7.6,7.1,4.6,6.6,4.6,7.2,4.7,6.0,4.6,6.2,5.1,7.0,5.4,4.6,4.7,4.6,7.6,4.7,7.8,7.8,7.7,4.7] - detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type [7/16] @@ -46,8 +45,6 @@ [IATS(ms)....: 43.2,43.3,94.0,139.8,0.2,45.9,0.1,0.1,1.4,46.8,45.4,177.2,0.0,0.0,221.2,44.0,0.0,0.0,0.0,21.3,21.2,0.0,23.0,23.0,0.0,0.0,0.0,1.2,1.2,0.0,0.0] [PKTLENS.....: 64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480] [ENTROPIES...: 4.4,5.2,4.9,5.6,7.3,7.3,4.9,7.7,4.9,5.9,5.5,4.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9] - detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] - RISK: TLS (probably) Not Carrying HTTPS new: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -148,8 +145,6 @@ [IATS(ms)....: 50.5,50.6,0.3,64.6,72.0,0.2,136.5,0.1,0.1,1.4,68.0,86.2,152.9,2.3,0.0,0.0,46.4,44.1,0.0,0.0,0.0,23.6,23.6,0.0,20.9,20.9,0.0,0.0,0.0,0.8,0.8] [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] - detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] - RISK: TLS (probably) Not Carrying HTTPS new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] RISK: Known Proto on Non Std Port @@ -201,7 +196,6 @@ [IATS(ms)....: 12.7,12.8,0.2,12.4,2.5,0.3,14.9,0.5,0.5,0.2,0.0,0.8,4.9,17.1,1.4,0.0,13.1,0.0,0.2,0.3,0.1,11.8,0.0,11.2,0.1,0.6,112.9,113.7,1998.1,2009.8,174.6] [PKTLENS.....: 64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345] [ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3] - detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.540| 0.024| 0.095| 8949.939| 1.900] @@ -212,7 +206,6 @@ [IATS(ms)....: 11.5,11.6,0.3,11.9,32.5,0.1,44.2,0.2,0.0,0.2,3.8,7.7,0.3,0.1,14.6,1.5,0.0,4.2,0.0,0.3,6.5,0.5,6.7,4.3,9.9,14.2,10.7,10.7,539.6,0.0,0.3] [PKTLENS.....: 64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248] [ENTROPIES...: 4.4,4.9,4.5,5.4,4.5,6.7,7.5,4.6,7.6,5.7,4.7,6.5,6.2,7.6,6.5,4.5,7.2,5.8,4.6,4.6,5.3,4.5,5.4,4.6,4.5,7.7,4.7,7.3,4.7,7.8,7.7,7.0] - detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com] new: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] @@ -265,8 +258,6 @@ [IATS(ms)....: 12.9,13.0,0.5,12.4,2.0,1.5,15.4,0.1,0.1,0.1,0.0,0.1,21.6,33.0,11.5,11.7,0.1,11.8,0.6,13.4,140.4,0.7,154.0,0.2,0.2,0.2,0.2,0.5,0.0,0.1,0.2] [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] - detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] - RISK: TLS (probably) Not Carrying HTTPS new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -326,8 +317,6 @@ [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] - detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] - RISK: TLS (probably) Not Carrying HTTPS detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com] new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] diff --git a/test/results/flow-info/default/telnet.pcap.out b/test/results/flow-info/default/telnet.pcap.out index d73c4881f..64d6454eb 100644 --- a/test/results/flow-info/default/telnet.pcap.out +++ b/test/results/flow-info/default/telnet.pcap.out @@ -18,8 +18,6 @@ [IATS(ms)....: 2.5,2.6,1.6,147.8,146.2,0.2,1.6,1.7,3.3,1.3,0.6,1.8,1.1,2.4,3.6,0.6,1.2,22.3,20.4,1.2,13.8,15.0,1.2,0.8,12.8,12.2,20.0,1107.3,1100.0,1232.8,1.4] [PKTLENS.....: 60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52] [ENTROPIES...: 4.3,4.8,4.8,5.0,4.8,4.8,4.9,4.7,5.1,5.3,4.6,5.0,5.0,4.8,4.8,4.8,5.6,4.9,4.9,4.9,4.8,4.9,4.9,4.7,4.9,4.8,5.5,4.8,5.0,4.7,5.0,4.8] - detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][Unknown][RemoteAccess][Unsafe] - RISK: Unsafe Protocol end: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][Unknown][RemoteAccess][Unsafe] RISK: Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls-appdata.pcap.out b/test/results/flow-info/default/tls-appdata.pcap.out index 109222e93..64d8dba2e 100644 --- a/test/results/flow-info/default/tls-appdata.pcap.out +++ b/test/results/flow-info/default/tls-appdata.pcap.out @@ -23,12 +23,11 @@ [IATS(ms)....: 2.0,15.0,3.0,0.0,16.0,0.0,0.0,0.0,0.0,1.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,15941.0,1.0,15956.0,5.0,0.0,19.0,1.0,1.0] [PKTLENS.....: 1492,60,46,1492,2944,40,2944,40,40,2944,2871,40,40,40,40,1492,60,46,1492,2944,40,2944,40,2944,1492,60,46,1492,2944,40,2944,40] [ENTROPIES...: 7.9,5.5,4.7,7.9,7.9,5.0,7.9,4.9,4.9,7.9,7.9,5.0,4.9,4.9,5.0,7.9,5.5,4.6,7.9,7.9,4.9,7.9,4.9,7.9,7.9,5.6,4.5,7.9,7.9,4.9,7.9,4.9] - detection-update: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] [TLS][Twitch][Web][Safe] DAEMON-EVENT: [Processed: 45 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] DAEMON-EVENT: [Processed: 75 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] DAEMON-EVENT: [Processed: 105 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] idle: [.....2] [ip4][..tcp] [..192.168.2.100][58976] -> [...52.223.198.7][..443] [TLS][Twitch][Web][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls_verylong_certificate.pcap.out b/test/results/flow-info/default/tls_verylong_certificate.pcap.out index 781f329b5..2cfc0bcb4 100644 --- a/test/results/flow-info/default/tls_verylong_certificate.pcap.out +++ b/test/results/flow-info/default/tls_verylong_certificate.pcap.out @@ -15,6 +15,5 @@ [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tumblr.pcap.out b/test/results/flow-info/default/tumblr.pcap.out index 55bcbd32c..5ef517eb7 100644 --- a/test/results/flow-info/default/tumblr.pcap.out +++ b/test/results/flow-info/default/tumblr.pcap.out @@ -52,7 +52,6 @@ [IATS(ms)....: 0.4,4.8,0.4,27.2,3.0,0.3,2.7,17.3,45.1,0.5,0.5,0.6,0.0,0.6,0.0,7.3,0.0,7.3,0.0,0.3,0.0,0.2,0.0,0.2,0.0,0.2,0.0,1.0,0.0,1.0,0.0] [PKTLENS.....: 184,111,183,172,72,72,72,72,1472,72,1472,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72] [ENTROPIES...: 6.6,5.9,6.6,6.5,5.0,5.0,4.9,5.0,7.9,5.1,7.9,5.1,7.9,7.8,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1] - detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Unknown][Web][Safe] new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] @@ -87,7 +86,6 @@ [IATS(ms)....: 0.4,0.1,0.4,0.2,26.4,36.6,2.2,0.0,0.4,0.0,10.0,21.7,0.2,0.2,0.2,0.2,0.0,0.4,0.0,0.2,0.5,0.0,0.0,0.6,0.1,0.1,0.1,0.2,0.5,0.0,0.6] [PKTLENS.....: 192,111,201,202,143,108,72,72,72,72,72,1472,72,1472,72,1460,84,1472,72,72,1460,84,1327,103,72,72,111,1460,72,84,1460,72] [ENTROPIES...: 6.8,5.7,6.6,6.7,6.3,5.8,5.0,5.0,5.0,5.0,5.0,7.8,5.1,7.9,5.1,7.8,5.3,7.9,5.1,5.0,7.9,5.3,7.9,5.6,5.1,5.1,5.7,7.9,5.1,5.3,7.9,5.1] - detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Unknown][Web][Safe] new: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [MIDSTREAM] detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [TLS][Unknown][Web][Safe] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [TLS][Unknown][Web][Safe] @@ -136,7 +134,6 @@ [IATS(ms)....: 21.4,21.5,0.5,29.5,160.4,189.4,0.2,0.0,0.2,0.0,0.8,0.8,3.8,0.1,0.2,28.7,0.0,1.0,78.0,0.0,103.6,0.1,0.7,29.8,79.1,108.2,0.1,0.1,0.4,0.4,0.1] [PKTLENS.....: 80,80,72,589,72,1472,72,1472,1368,72,72,1073,72,157,163,523,72,72,72,338,142,72,72,102,72,1472,72,1472,72,1472,72,1472] [ENTROPIES...: 4.8,5.3,5.3,4.6,5.1,7.2,5.2,7.3,7.6,5.2,5.2,7.6,5.2,6.2,6.5,7.6,5.1,5.1,5.1,7.0,6.3,5.2,5.2,5.7,5.1,7.9,5.2,7.9,5.2,7.9,5.2,7.9] - detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun][catasters.tumblr.com] new: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe] RISK: Unidirectional Traffic @@ -153,7 +150,6 @@ [IATS(ms)....: 19473.3,0.3,19513.6,0.0,40.0,0.1,0.0,0.0,0.0,0.0,0.0,0.6,0.6,1.1,0.0,0.0,0.0,0.0,0.0,0.0,1.1,0.0,0.1,0.0,0.0,0.0,0.0,0.1,0.0,0.0,0.0] [PKTLENS.....: 72,158,118,72,1120,72,1120,1120,72,72,1120,72,1120,72,1120,1120,1120,1120,1120,1120,1120,72,72,72,72,72,72,72,1120,1120,1120,1120] [ENTROPIES...: 5.3,6.2,5.8,5.1,7.8,5.2,7.8,7.8,5.2,5.2,7.8,5.2,7.8,5.3,7.8,7.8,7.8,7.8,7.8,7.8,7.8,5.3,5.2,5.3,5.3,5.2,5.2,5.3,7.8,7.8,7.8,7.8] - detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe] detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][ajax.googleapis.com] detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com] detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][ajax.googleapis.com] diff --git a/test/results/flow-info/default/viber.pcap.out b/test/results/flow-info/default/viber.pcap.out index 425179c1c..9dbacd4d2 100644 --- a/test/results/flow-info/default/viber.pcap.out +++ b/test/results/flow-info/default/viber.pcap.out @@ -42,7 +42,6 @@ [IATS(ms)....: 19.5,21.7,1.0,22.3,3.2,0.2,0.0,0.2,39.4,0.1,0.6,0.3,10.8,47.8,22.3,40.8,0.3,0.1,0.2,0.3,0.0,0.2,0.3,0.2,0.2,0.5,41.2,0.1,0.0,0.0,1.1] [PKTLENS.....: 60,60,52,235,52,1500,1500,1500,397,52,52,52,52,178,294,760,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,794,52,52,52,52,52] [ENTROPIES...: 4.6,5.2,5.2,5.6,5.1,7.2,7.5,7.5,7.3,5.1,5.2,5.2,5.2,6.4,7.2,7.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.7,5.2,5.2,5.1,5.2,5.1] - detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com] new: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443] new: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] detected: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS.Google][Unknown][Network][Acceptable][app-measurement.com] @@ -114,7 +113,7 @@ update: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS.Facebook][Unknown][Network][Fun] update: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 420 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 26 / 26|skipped: 0|!detected: 0|guessed: 0|detection-updates: 20|updates: 4] + DAEMON-EVENT: [Flows][active: 26 / 26|skipped: 0|!detected: 0|guessed: 0|detection-updates: 19|updates: 4] new: [....27] [ip4][..tcp] [..192.168.2.100][48690] -> [...52.0.252.145][.4244] detected: [....27] [ip4][..tcp] [..192.168.2.100][48690] -> [...52.0.252.145][.4244] [Viber][Viber][VoIP][Fun] end: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe] @@ -148,11 +147,11 @@ end: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443] idle: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS.Viber][Unknown][Network][Fun] DAEMON-EVENT: [Processed: 435 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 27|skipped: 0|!detected: 0|guessed: 4|detection-updates: 20|updates: 4] + DAEMON-EVENT: [Flows][active: 1 / 27|skipped: 0|!detected: 0|guessed: 4|detection-updates: 19|updates: 4] new: [....28] [ip4][..tcp] [..192.168.2.100][41184] -> [.....52.0.252.2][.5242] detected: [....28] [ip4][..tcp] [..192.168.2.100][41184] -> [.....52.0.252.2][.5242] [Viber][Viber][VoIP][Fun] DAEMON-EVENT: [Processed: 446 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 2 / 28|skipped: 0|!detected: 0|guessed: 4|detection-updates: 20|updates: 4] + DAEMON-EVENT: [Flows][active: 2 / 28|skipped: 0|!detected: 0|guessed: 4|detection-updates: 19|updates: 4] new: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [MIDSTREAM] detected: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [Viber][AmazonAWS][VoIP][Fun] idle: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [Viber][AmazonAWS][VoIP][Fun] diff --git a/test/results/flow-info/default/vk.pcapng.out b/test/results/flow-info/default/vk.pcapng.out index a628ea051..29687ef00 100644 --- a/test/results/flow-info/default/vk.pcapng.out +++ b/test/results/flow-info/default/vk.pcapng.out @@ -23,8 +23,6 @@ [IATS(ms)....: 1010.0,14.6,15.3,1.7,16.3,0.0,0.0,0.0,0.0,15.1,0.0,227.7,0.0,0.0,0.0,2.7,0.0,12.8,0.0,1.5,0.0,0.0,1.5,1.1,1.6,11.1,2.5,1.5,0.0,0.8,1.2] [PKTLENS.....: 638,758,52,596,501,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,64,64,64,64,64,52,52,52,52,52,52] [ENTROPIES...: 7.7,7.8,5.2,7.6,7.6,5.2,5.2,5.2,5.3,5.3,5.2,5.2,5.2,5.3,5.2,5.1,5.3,5.2,5.2,5.2,5.2,5.3,5.3,5.2,5.3,5.3,5.2,5.3,5.2,5.2,5.2,5.2] - detection-update: [.....3] [ip4][..tcp] [..192.168.1.249][60436] -> [..87.240.132.78][..443] [TLS][VK][Web][Safe] - RISK: Unidirectional Traffic new: [.....4] [ip4][..tcp] [..192.168.1.249][59154] -> [.87.240.185.137][..443] new: [.....5] [ip4][..tcp] [..192.168.1.249][32990] -> [..87.240.169.10][..443] detected: [.....4] [ip4][..tcp] [..192.168.1.249][59154] -> [.87.240.185.137][..443] [TLS.VK][VK][SocialNetwork][Fun][sun9-10.userapi.com] @@ -45,8 +43,6 @@ [IATS(ms)....: 0.0,14.3,23.0,2006.6,0.0,0.8,13.5,98.2,1614.5,0.3,0.1,0.3,0.3,13.2,1.2,18.4,1.7,0.9,6.9,22.6,0.0,179.8,0.0,14.1,67.4,0.0,0.0,579.5,0.0,1.0,13.7] [PKTLENS.....: 247,332,52,52,240,776,565,52,52,385,563,339,564,1017,52,52,52,52,52,52,52,52,243,316,52,52,52,52,250,563,429,52] [ENTROPIES...: 7.2,7.4,5.2,5.2,7.0,7.7,7.6,5.1,5.2,7.4,7.6,7.3,7.6,7.8,5.1,5.1,5.1,5.1,5.1,5.1,5.1,5.1,7.1,7.3,5.1,5.1,5.2,5.1,7.2,7.6,7.5,5.1] - detection-update: [.....2] [ip4][..tcp] [..192.168.1.249][40344] -> [.87.240.129.140][..443] [TLS][VK][Web][Safe] - RISK: Unidirectional Traffic new: [.....7] [ip4][..tcp] [..192.168.1.249][47934] -> [...87.240.169.3][..443] new: [.....8] [ip4][..tcp] [..192.168.1.249][59722] -> [..87.240.169.11][..443] detected: [.....7] [ip4][..tcp] [..192.168.1.249][47934] -> [...87.240.169.3][..443] [TLS.VK][VK][SocialNetwork][Fun][sun9-80.userapi.com] diff --git a/test/results/flow-info/default/waze.pcap.out b/test/results/flow-info/default/waze.pcap.out index fb8d61969..753e6544a 100644 --- a/test/results/flow-info/default/waze.pcap.out +++ b/test/results/flow-info/default/waze.pcap.out @@ -77,8 +77,6 @@ [IATS(ms)....: 1.2,10.9,357.2,367.1,474.4,475.3,8.1,9.0,265.9,317.7,52.0,0.9,0.6,0.3,0.3,1430.1,1483.3,119.5,172.8,51.4,51.9,1.4,0.9,0.5,0.4,0.3,0.4,1601.9,1658.8,0.2,57.1] [PKTLENS.....: 60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40] [ENTROPIES...: 4.3,4.7,4.7,5.2,4.7,7.4,4.6,7.3,4.7,7.0,6.9,4.6,7.6,4.7,6.1,4.6,8.0,4.7,6.8,4.6,7.6,4.6,7.7,4.6,7.6,4.7,6.2,4.7,8.0,4.6,6.8,4.6] - detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] - RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS][AmazonAWS][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] @@ -142,8 +140,6 @@ [IATS(ms)....: 2.4,2.8,291.8,292.5,279.8,332.4,52.7,50.7,425.1,475.7,259.9,310.7,0.7,51.4,0.6,0.7,0.5,0.3,293.9,546.0,252.8,1.5,20.2,21.2,56.9,56.8,156.2,205.9,52.7,4.2,1449.2] [PKTLENS.....: 60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40] [ENTROPIES...: 4.4,4.8,4.8,5.2,4.7,7.0,4.8,7.6,4.6,6.6,4.7,7.0,4.7,7.6,4.8,7.4,4.7,5.7,4.7,8.0,4.8,8.0,4.7,7.8,4.7,8.0,4.8,7.8,4.8,8.0,4.7,4.8] - detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][] - RISK: Obsolete TLS (v1.1 or older) analyse: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 5.891| 1.026| 1.779| 3164212.036| 3.400] diff --git a/test/results/flow-info/default/webex.pcap.out b/test/results/flow-info/default/webex.pcap.out index d9accedc8..f3d4f355e 100644 --- a/test/results/flow-info/default/webex.pcap.out +++ b/test/results/flow-info/default/webex.pcap.out @@ -16,8 +16,6 @@ [IATS(ms)....: 6.5,6.7,0.2,0.6,505.7,557.3,57.9,60.1,0.9,55.6,257.5,309.3,10.1,61.4,0.8,0.7,299.2,351.3,56.0,56.2,0.8,52.9,0.4,2.8,268.6,322.3,52.3,51.9,18.4,69.5,0.5] [PKTLENS.....: 60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504] [ENTROPIES...: 4.4,4.7,4.7,5.5,4.7,7.3,4.8,7.1,4.7,7.2,4.6,5.6,4.6,7.7,4.5,6.3,4.6,7.9,4.7,7.8,4.8,7.6,4.6,7.3,4.7,7.9,4.7,7.7,4.7,7.6,4.5,7.6] - detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] - RISK: TLS (probably) Not Carrying HTTPS new: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] detected: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] RISK: TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow-info/default/wechat.pcap.out b/test/results/flow-info/default/wechat.pcap.out index 52bfd3a29..a9fd8499b 100644 --- a/test/results/flow-info/default/wechat.pcap.out +++ b/test/results/flow-info/default/wechat.pcap.out @@ -205,7 +205,6 @@ [IATS(ms)....: 360.8,360.9,1.1,320.2,2.0,321.1,0.8,0.8,0.5,0.5,2.5,331.8,329.8,339.6,0.8,339.8,0.5,4.5,5.1,2.5,2.5,1.1,1.1,271.4,646.7,0.8,376.1,0.5,0.9,1.5,0.5] [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1140,1480,1480,52,1480,1480,52,2908,52,3120,52,1140,1480,1480,52,1480,1480,52,1480] [ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,6.8,5.1,7.5,5.0,7.3,5.0,6.4,5.8,7.9,7.9,7.9,5.1,7.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8,7.9,7.9,5.0,7.9,7.9,5.1,7.9] - detection-update: [....35] [ip4][..tcp] [..192.168.1.103][54103] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com] analyse: [....33] [ip4][..tcp] [..192.168.1.103][54101] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.952| 0.213| 0.233| 54375.543| 4.000] @@ -471,7 +470,6 @@ [IATS(ms)....: 268.3,268.4,0.5,270.4,0.8,270.7,0.4,0.4,1.0,1.0,2.8,273.1,271.4,0.2,0.0,0.0,0.0,0.0,1.2,289.4,22.8,22.4,9.7,380.7,1255.6,5.0,1577.0,73.3,351.0,6.0,3.3] [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1232,1480,1480,1480,1480,1480,315,52,52,52,143,52,1220,513,52,283,52,1292,527] [ENTROPIES...: 4.7,5.2,4.9,5.8,5.0,6.8,4.8,7.5,4.8,7.2,4.9,6.3,5.9,7.8,7.9,7.9,7.9,7.9,7.9,7.2,5.0,4.8,4.9,6.4,5.0,7.8,7.5,5.1,7.2,4.9,7.8,7.5] - detection-update: [....72] [ip4][..tcp] [..192.168.1.103][58040] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com] detected: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com] detection-update: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com] detection-update: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com] @@ -507,7 +505,7 @@ update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun] update: [....68] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 1552 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 30 / 75|skipped: 0|!detected: 0|guessed: 11|detection-updates: 63|updates: 72] + DAEMON-EVENT: [Flows][active: 30 / 75|skipped: 0|!detected: 0|guessed: 11|detection-updates: 61|updates: 72] new: [....76] [ip4][..tcp] [..192.168.1.103][54183] -> [203.205.151.162][..443] [MIDSTREAM] detected: [....76] [ip4][..tcp] [..192.168.1.103][54183] -> [203.205.151.162][..443] [TLS][Unknown][Web][Safe] new: [....77] [ip4][..tcp] [..192.168.1.103][54205] -> [.64.233.167.188][..443] [MIDSTREAM] diff --git a/test/results/flow-info/default/whatsapp_login_call.pcap.out b/test/results/flow-info/default/whatsapp_login_call.pcap.out index b9df754f8..f58bc5b27 100644 --- a/test/results/flow-info/default/whatsapp_login_call.pcap.out +++ b/test/results/flow-info/default/whatsapp_login_call.pcap.out @@ -41,8 +41,6 @@ [IATS(ms)....: 281.8,283.2,8.7,294.4,1.1,0.0,286.0,0.8,0.5,0.6,39.8,0.2,0.3,326.4,1.4,0.4,3.0,289.9,5.8,0.5,0.0,317.5,1.9,68.9,0.6,382.6,405.2,0.7,0.0,712.5,2.0] [PKTLENS.....: 64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40] [ENTROPIES...: 4.5,4.9,4.7,5.6,7.2,7.4,6.9,4.9,4.9,4.9,4.8,7.2,4.8,5.7,4.8,4.8,4.8,5.8,4.9,7.9,7.9,6.7,4.7,4.7,7.9,7.8,4.9,7.9,7.8,6.7,4.8,4.8] - detection-update: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Apple][Web][Safe][query.ess.apple.com] - RISK: TLS (probably) Not Carrying HTTPS new: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] analyse: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Unknown][Chat][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/default/zoom.pcap.out b/test/results/flow-info/default/zoom.pcap.out index 1a3feed97..781f6c8c4 100644 --- a/test/results/flow-info/default/zoom.pcap.out +++ b/test/results/flow-info/default/zoom.pcap.out @@ -72,7 +72,6 @@ [IATS(ms)....: 112.4,112.5,31.1,144.0,1.8,0.2,0.0,114.8,0.2,0.2,7.2,2.9,121.9,111.9,4.3,0.0,116.6,98.0,0.5,0.0,210.7,0.0,0.2,0.1,0.2,0.1,0.1,0.2,0.1,0.0,0.1] [PKTLENS.....: 64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40] [ENTROPIES...: 4.4,4.9,4.5,4.1,4.5,7.1,7.3,7.3,4.7,7.6,4.6,4.7,6.9,5.7,4.7,7.7,7.7,4.5,7.9,7.9,7.9,4.7,4.6,7.9,7.9,4.7,7.9,7.9,4.6,7.9,7.5,4.6] - detection-update: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Zoom][Video][Acceptable][www3.zoom.us] new: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621] detected: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun] new: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] |