summaryrefslogtreecommitdiff
path: root/test/results/KakaoTalk_talk.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/KakaoTalk_talk.pcap.out')
-rw-r--r--test/results/KakaoTalk_talk.pcap.out4
1 files changed, 2 insertions, 2 deletions
diff --git a/test/results/KakaoTalk_talk.pcap.out b/test/results/KakaoTalk_talk.pcap.out
index 925df1f58..b0a09180f 100644
--- a/test/results/KakaoTalk_talk.pcap.out
+++ b/test/results/KakaoTalk_talk.pcap.out
@@ -46,7 +46,7 @@
00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":32,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00434{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":101813,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADSw2UAALwZAmG5MjzIKGFK8H5CAyJJ42pH3Edl4gBAAH0+uAAABAQgKRNtqrAALPx0="}
01586{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":107489,"pkt_caplen":920,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":920,"pkt_l4_len":884,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA4iw2kAALwY9Q25MjzIKGFK8H5CAyJJ42pH3Edl4gBgAH7fkAAABAQgKRNtqrAALPx0WAwEANQIAADEDAVU9H6vNjsmWl+mtXVDPy8rMyQaSc89TIWgiy02NST4MAAAvAAAJ\/wEAAQAAIwAAFgMBAwwLAAMIAAMFAAMCMIIC\/jCCAeYCCQC35xiTrUC9NTANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wHhcNMTExMjA1MDkxOTI1WhcNMjExMjAyMDkxOTI1WjBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVZgoiuC3vyjGQwWN1Y\/G2gLXrzYhnrYdBpXUgl5541Si1DUFeXudmto2X8JviTwtPM9bOMLk8c2gLTUKJmOdptp9qXnubsD89+qNi++nC9dmz3LRvRaWz6J0w7DFv5AsMOJ6cjJsqNbLBGSrO1bhrnXo6ZUpil+wYGT35WXJhxIkgnTWohNEsT6RlAImB9cuCGQz8DM7bHDsPNGhu5sjgZnnk+AeKK8FY9VV9dESDYb4of9Dakayp+JrR5MYVfASmd\/mbBSqJ+opCRNyVxwfhKPWkeZLD7Ahtlj6AFmso\/rwThAqCi3wI8KUooZ95z\/VLccaEg8vY7PgA0+0py+pNAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGDrJdN5Ppz9OPTa3HDXzLQwJHAUfiipBZSXzoL\/uy1yA8U26AfNtg2jWEpQ8ijR6FlqlZLcJAiiKbRMWUuNkOUJlsmzZ7AOn+R1zo\/KyIIKnOlLOSWubKfFVXNqD1W9f0XUQIQ2bEb4Hp2TPGMTxuo6H6v5HXSSpMerZD7k73HKwZDU\/jVO10Zk5dVEruTzrBbq8qa6dAJ6FxvSZ74FqIv+LOAIok4AksbSUeKWI+q\/HFIO\/kDDpqvjTP9dO3NHPgBjO42w3TF\/CywiY5NXQizBUR7JsOxh255g2sA7XIjS1vYreiyrMDXuEy+gjnwQReXnI3sA9\/dVI5HUoqdx0F4WAwEABA4AAAA="}
-01022{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_tot_l4_data_len":1202,"flow_min_l4_data_len":32,"flow_max_l4_data_len":884,"flow_avg_l4_data_len":200,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
+01023{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_tot_l4_data_len":1202,"flow_min_l4_data_len":32,"flow_max_l4_data_len":884,"flow_avg_l4_data_len":200,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00435{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":110633,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn6EAAPwb5iAoYUrxuTI8ygMgfkPcR2XiSeN3lgBAAgEvhAAABAQgKAAs\/NUTbaqw="}
00881{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":115912,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":394,"pkt_l4_len":358,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAXrn6UAAPwb4QQoYUrxuTI8ygMgfkPcR2XiSeN3lgBgAgCLKAAABAQgKAAs\/NUTbaqwWAwEBBhAAAQIBAC3VG74GEarKyWIAfC1t3eoICv9n3lOUl6EdMRLyzveqov7VqeSb+vUiADXEjvo2Ph4IxpM0uTEgRWks1OlyfQ8CpwOpaewjRrLbZ7\/Fm\/zPeyjp\/P3pk4lJ3FI5zqrJ+HgUULMWeKr6+AzQok+GHygmyw546qkveS2ASJI9J6rEx+UzswY8LaAepNuCXF3tLOS+Q6cMYhvlQdUkmCdPIAcy6\/aHTOZuAgr4sXjBSc2SXkXTU6DK9\/jA8GFEWxiX8kUmiD3\/ackC7YfCdwyMFwNA3nsgDZ0dDkRS1g9MwGH7v5u3hV0JEYUJn7rk3hkF2jdqDJRkYOH1L3bPWYU69dEUAwEAAQEWAwEAMF\/O2kD5pbKQHNWRGYU5syhmJpfV2RQgn4wrixRc1VRvmCK4dV8HuEl4xxthAnsmJw=="}
00756{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":376410,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":302,"pkt_l4_len":266,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR6w20AALwY\/rG5MjzIKGFK8H5CAyJJ43eX3Edq+gBgAIYO0AAABAQgKRNtrvAALPzUWAwEAqgQAAKYAAAAAAKD3FZSkod9AGBhY\/5X2U\/i0ZlUT19StXS97iyKpOUa4IW\/fyXON8W7ON1PPWxIsbCFlSHKfXZzC9eGaF0YcZ5Vky\/m+ZkbJO7AxjCAJ7euFadRchQdVzPIZk2Ua8ouf0\/EszfOXqattY5O6GsHl+975F0cZKKkRi1W0P3N5xnbqZMkVk7o5HtDEVFhjV0OWYTBoGuJ3dvVMfhwnAHMV19wcFAMBAAEBFgMBADA5UfCcpaWCvMf6Zr8mRRWhn9ER98GyiCk9DWgwLjFlP9ZoGBTEoN6zfrpW\/0ayigQ="}
@@ -70,7 +70,7 @@
00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":32,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00434{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":311164,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTyhUAALwb+625MjzIKGFK8Iynl6dfwna8taY45gBAAH2ZiAAABAQgKRNtvZgACx08="}
01587{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":314856,"pkt_caplen":920,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":920,"pkt_l4_len":884,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA4jyhkAALwb7lm5MjzIKGFK8Iynl6dfwna8taY45gBgAH9xBAAABAQgKRNtvZgACx08WAwEANQIAADEDAVU9H62U6W1lEs2MeG\/MWzGrR859HfrcOD055G7M8hnkAAAvAAAJ\/wEAAQAAIwAAFgMBAwwLAAMIAAMFAAMCMIIC\/jCCAeYCCQC35xiTrUC9NTANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wHhcNMTExMjA1MDkxOTI1WhcNMjExMjAyMDkxOTI1WjBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVZgoiuC3vyjGQwWN1Y\/G2gLXrzYhnrYdBpXUgl5541Si1DUFeXudmto2X8JviTwtPM9bOMLk8c2gLTUKJmOdptp9qXnubsD89+qNi++nC9dmz3LRvRaWz6J0w7DFv5AsMOJ6cjJsqNbLBGSrO1bhrnXo6ZUpil+wYGT35WXJhxIkgnTWohNEsT6RlAImB9cuCGQz8DM7bHDsPNGhu5sjgZnnk+AeKK8FY9VV9dESDYb4of9Dakayp+JrR5MYVfASmd\/mbBSqJ+opCRNyVxwfhKPWkeZLD7Ahtlj6AFmso\/rwThAqCi3wI8KUooZ95z\/VLccaEg8vY7PgA0+0py+pNAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGDrJdN5Ppz9OPTa3HDXzLQwJHAUfiipBZSXzoL\/uy1yA8U26AfNtg2jWEpQ8ijR6FlqlZLcJAiiKbRMWUuNkOUJlsmzZ7AOn+R1zo\/KyIIKnOlLOSWubKfFVXNqD1W9f0XUQIQ2bEb4Hp2TPGMTxuo6H6v5HXSSpMerZD7k73HKwZDU\/jVO10Zk5dVEruTzrBbq8qa6dAJ6FxvSZ74FqIv+LOAIok4AksbSUeKWI+q\/HFIO\/kDDpqvjTP9dO3NHPgBjO42w3TF\/CywiY5NXQizBUR7JsOxh255g2sA7XIjS1vYreiyrMDXuEy+gjnwQReXnI3sA9\/dVI5HUoqdx0F4WAwEABA4AAAA="}
-01022{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_tot_l4_data_len":1202,"flow_min_l4_data_len":32,"flow_max_l4_data_len":884,"flow_avg_l4_data_len":200,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
+01023{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_tot_l4_data_len":1202,"flow_min_l4_data_len":32,"flow_max_l4_data_len":884,"flow_avg_l4_data_len":200,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00434{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":315131,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKmEAAQAaV2QoYUrxuTI8y5ekjKS1pjjnX8KEDgBAB61p5AAABAQgKAALHYkTbb2Y="}
00879{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":337348,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":394,"pkt_l4_len":358,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAXpKmUAAQAaUkgoYUrxuTI8y5ekjKS1pjjnX8KEDgBgB60dYAAABAQgKAALHZETbb2YWAwEBBhAAAQIBAG0K85NVFhEZ7hFhOhKGxgyRETHunT8FGQj+gdYeJNGhl2iTodXARNpfVdu2p053PylRQ5i17tdvDyWHd72xyqohbELbToOfcGXrnB1e7OX6cfVBE2zPFq0LzHRh4WqlvJXmbdFC2c4\/OpXZ2J+AGS8oH4hFdJk55dD0Rqcg8k1yD8PtOCz3JTFofSJ5kPB9RlClZrWGmobdIODyW\/2SxycPTbIi3MtCy\/FJ+NV\/9XPOkhUES1aafiJUriL+AMVrSMXheyGDPbeIKAuUk9lHZQ+IKt5wU9hANFmjVausdYO\/AuzpyLfh859Mv2bMtHxFPWKKtvvMTDOSS378pAbYlfUUAwEAAQEWAwEAMBFMJwdLm84p2UKtLmvOwh+jBKFAAqnH7y6vsO7dMR4yZ5w0K8GnLcpOy\/dsnWL+mg=="}
00756{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":543250,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":302,"pkt_l4_len":266,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR7yh0AALwb9\/25MjzIKGFK8Iynl6dfwoQMtaY9\/gBgAIdQvAAABAQgKRNtwRAACx2QWAwEAqgQAAKYAAAAAAKD3FZSkod9AGBhY\/5X2U\/i0MpxTcOThL2vCJOwLIHctIhJhbVKqgMfsPsuGU5ppnVaNIPFHIucQJJetyUxYwc8IhWUYpft5eIUS37zm3nqwElJYuHYbM1VBVwEB2pGGvRa\/DZ9VlXyqfltmwRg2q1MNtPiUKvMPFjKqhG9\/ANXnhI08gMpLwXhXDj2NqXHPjC\/WZDwihyPmSLrv32HhPTuuFAMBAAEBFgMBADCrg01tB59jb9CJJs57uREHyiJPkvP6NWrj9Js4EKD9Il3eVHOg10A0ygs0IDyUSAc="}
Powered by cgit, Themed by Ted Yin.