diff options
Diffstat (limited to 'test/results/flow-captured/default')
526 files changed, 3921 insertions, 0 deletions
diff --git a/test/results/flow-captured/default/1kxun.pcap.out b/test/results/flow-captured/default/1kxun.pcap.out new file mode 100644 index 000000000..e68307bbc --- /dev/null +++ b/test/results/flow-captured/default/1kxun.pcap.out @@ -0,0 +1,115 @@ +Flow 37 risky: tcp 192.168.115.8:49606 -> 106.185.35.110:80 +Flow 41 risky: tcp 192.168.115.8:49609 -> 42.120.51.152:8080 +Flow 14 risky: udp 192.168.115.8:51024 -> 8.8.8.8:53 +Flow 20 risky: udp 192.168.3.95:58779 -> 224.0.0.252:5355 +Flow 19 risky: udp fe80::e98f:bae2:19f7:6b0f:58779 -> ff02::1:3:5355 +Flow 24 risky: udp 192.168.115.8:52723 -> 168.95.1.1:53 +Flow 16 risky: udp 192.168.115.8:52723 -> 8.8.8.8:53 +Flow 35 risky: udp 192.168.5.67:138 -> 192.168.255.255:138 +Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355 +Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53 +Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53 +Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355 +Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947 +Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976 +Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976 +Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355 +Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678 +Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138 +Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099 +Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976 +Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947 +Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80 +Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80 +Flow 45 risky: tcp 192.168.5.16:53623 -> 192.168.115.75:443 +Flow 87 risky: tcp 192.168.5.16:53625 -> 192.168.115.75:443 +Flow 107 risky: tcp 192.168.5.16:53626 -> 192.168.115.75:443 +Flow 117 risky: tcp 192.168.5.16:53629 -> 192.168.115.75:443 +Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976 +Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976 +Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976 +Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678 +Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678 +Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80 +Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80 +Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678 +Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678 +Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355 +Flow 86 not-detected: udp 59.120.208.212:32768 -> 255.255.255.255:1947 +Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80 +Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80 +Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80 +Flow 158 midstream: tcp 192.168.2.126:49372 -> 14.136.136.108:80 +Flow 150 midstream: tcp 192.168.2.126:45416 -> 161.117.13.29:80 +Flow 147 midstream: tcp 192.168.2.126:45388 -> 161.117.13.29:80 +Flow 148 midstream: tcp 192.168.2.126:45398 -> 161.117.13.29:80 +Flow 163 risky: tcp 192.168.2.126:44368 -> 172.217.18.98:80 +Flow 163 midstream: tcp 192.168.2.126:44368 -> 172.217.18.98:80 +Flow 178 risky: tcp 192.168.2.126:56826 -> 8.209.97.107:80 +Flow 178 midstream: tcp 192.168.2.126:56826 -> 8.209.97.107:80 +Flow 149 midstream: tcp 192.168.2.126:45414 -> 161.117.13.29:80 +Flow 151 midstream: tcp 192.168.2.126:45422 -> 161.117.13.29:80 +Flow 152 midstream: tcp 192.168.2.126:45424 -> 161.117.13.29:80 +Flow 192 midstream: tcp 192.168.2.126:54810 -> 18.233.123.55:80 +Flow 184 midstream: tcp 192.168.2.126:36636 -> 18.64.103.30:80 +Flow 185 midstream: tcp 192.168.2.126:36640 -> 18.64.103.30:80 +Flow 186 midstream: tcp 192.168.2.126:36654 -> 18.64.103.30:80 +Flow 180 midstream: tcp 192.168.2.126:58758 -> 202.153.196.53:80 +Flow 181 midstream: tcp 192.168.2.126:58760 -> 202.153.196.53:80 +Flow 170 midstream: tcp 192.168.2.126:38314 -> 172.105.121.82:80 +Flow 171 midstream: tcp 192.168.2.126:38316 -> 172.105.121.82:80 +Flow 169 midstream: tcp 192.168.2.126:38326 -> 172.105.121.82:80 +Flow 193 midstream: tcp 192.168.2.126:40204 -> 18.235.204.9:80 +Flow 155 midstream: tcp 192.168.2.126:38354 -> 142.250.186.34:80 +Flow 157 midstream: tcp 192.168.2.126:49354 -> 14.136.136.108:80 +Flow 159 midstream: tcp 192.168.2.126:49370 -> 14.136.136.108:80 +Flow 162 midstream: tcp 192.168.2.126:49396 -> 14.136.136.108:80 +Flow 140 risky: tcp 192.168.2.126:49242 -> 172.104.119.80:80 +Flow 140 midstream: tcp 192.168.2.126:49242 -> 172.104.119.80:80 +Flow 161 midstream: tcp 192.168.2.126:49412 -> 14.136.136.108:80 +Flow 179 midstream: tcp 192.168.2.126:43272 -> 18.64.79.58:80 +Flow 164 midstream: tcp 192.168.2.126:50140 -> 161.117.13.29:80 +Flow 165 midstream: tcp 192.168.2.126:50148 -> 161.117.13.29:80 +Flow 166 midstream: tcp 192.168.2.126:50164 -> 161.117.13.29:80 +Flow 167 midstream: tcp 192.168.2.126:50166 -> 161.117.13.29:80 +Flow 168 midstream: tcp 192.168.2.126:50176 -> 161.117.13.29:80 +Flow 153 risky: tcp 192.168.2.126:41390 -> 18.64.79.37:80 +Flow 153 midstream: tcp 192.168.2.126:41390 -> 18.64.79.37:80 +Flow 197 midstream: tcp 192.168.2.126:51686 -> 18.64.79.64:80 +Flow 156 midstream: tcp 192.168.2.126:36732 -> 142.250.186.174:80 +Flow 194 risky: tcp 192.168.2.126:53416 -> 172.217.16.142:80 +Flow 194 midstream: tcp 192.168.2.126:53416 -> 172.217.16.142:80 +Flow 189 midstream: tcp 192.168.2.126:42554 -> 35.156.44.13:80 +Flow 190 risky: tcp 192.168.2.126:42566 -> 35.156.44.13:80 +Flow 190 midstream: tcp 192.168.2.126:42566 -> 35.156.44.13:80 +Flow 195 midstream: tcp 192.168.2.126:33042 -> 3.122.190.70:80 +Flow 173 midstream: tcp 192.168.2.126:56094 -> 3.72.69.158:80 +Flow 175 midstream: tcp 192.168.2.126:56096 -> 3.72.69.158:80 +Flow 174 midstream: tcp 192.168.2.126:56098 -> 3.72.69.158:80 +Flow 176 midstream: tcp 192.168.2.126:56104 -> 3.72.69.158:80 +Flow 134 midstream: tcp 192.168.2.126:41134 -> 129.226.107.77:80 +Flow 130 risky: tcp 192.168.2.126:60962 -> 172.104.93.92:1234 +Flow 130 midstream: tcp 192.168.2.126:60962 -> 172.104.93.92:1234 +Flow 131 risky: tcp 192.168.2.126:60972 -> 172.104.93.92:1234 +Flow 131 midstream: tcp 192.168.2.126:60972 -> 172.104.93.92:1234 +Flow 132 risky: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 +Flow 132 midstream: tcp 192.168.2.126:60984 -> 172.104.93.92:1234 +Flow 196 risky: tcp 192.168.2.126:35426 -> 8.209.112.118:80 +Flow 196 midstream: tcp 192.168.2.126:35426 -> 8.209.112.118:80 +Flow 191 midstream: tcp 192.168.2.126:41940 -> 18.64.79.50:80 +Flow 139 midstream: tcp 192.168.2.126:60148 -> 172.105.121.82:80 +Flow 172 midstream: tcp 192.168.2.126:59324 -> 104.117.221.10:80 +Flow 138 risky: tcp 192.168.2.126:38834 -> 119.45.78.184:80 +Flow 138 midstream: tcp 192.168.2.126:38834 -> 119.45.78.184:80 +Flow 182 midstream: tcp 192.168.2.126:35664 -> 18.66.2.90:80 +Flow 141 midstream: tcp 192.168.2.126:46184 -> 172.105.121.82:80 +Flow 133 risky: tcp 192.168.2.126:47230 -> 161.117.13.29:80 +Flow 133 midstream: tcp 192.168.2.126:47230 -> 161.117.13.29:80 +Flow 188 risky: tcp 192.168.2.126:37100 -> 52.29.177.177:80 +Flow 188 midstream: tcp 192.168.2.126:37100 -> 52.29.177.177:80 +Flow 143 midstream: tcp 192.168.2.126:46200 -> 172.105.121.82:80 +Flow 135 midstream: tcp 192.168.2.126:47246 -> 161.117.13.29:80 +Flow 144 midstream: tcp 192.168.2.126:46212 -> 172.105.121.82:80 +Flow 136 midstream: tcp 192.168.2.126:47262 -> 161.117.13.29:80 +Flow 137 midstream: tcp 192.168.2.126:47272 -> 161.117.13.29:80 +Flow 145 midstream: tcp 192.168.2.126:35200 -> 103.29.71.30:80 diff --git a/test/results/flow-captured/default/443-chrome.pcap.out b/test/results/flow-captured/default/443-chrome.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-chrome.pcap.out diff --git a/test/results/flow-captured/default/443-curl.pcap.out b/test/results/flow-captured/default/443-curl.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-curl.pcap.out diff --git a/test/results/flow-captured/default/443-firefox.pcap.out b/test/results/flow-captured/default/443-firefox.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-firefox.pcap.out diff --git a/test/results/flow-captured/default/443-git.pcap.out b/test/results/flow-captured/default/443-git.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-git.pcap.out diff --git a/test/results/flow-captured/default/443-opvn.pcap.out b/test/results/flow-captured/default/443-opvn.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-opvn.pcap.out diff --git a/test/results/flow-captured/default/443-safari.pcap.out b/test/results/flow-captured/default/443-safari.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/443-safari.pcap.out diff --git a/test/results/flow-captured/default/4in4tunnel.pcap.out b/test/results/flow-captured/default/4in4tunnel.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/4in4tunnel.pcap.out diff --git a/test/results/flow-captured/default/4in6tunnel.pcap.out b/test/results/flow-captured/default/4in6tunnel.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/4in6tunnel.pcap.out diff --git a/test/results/flow-captured/default/6in4tunnel.pcap.out b/test/results/flow-captured/default/6in4tunnel.pcap.out new file mode 100644 index 000000000..57993fe03 --- /dev/null +++ b/test/results/flow-captured/default/6in4tunnel.pcap.out @@ -0,0 +1 @@ +Flow 1 not-detected: 41 174.3.73.24 -> 184.105.255.26 diff --git a/test/results/flow-captured/default/6in6tunnel.pcap.out b/test/results/flow-captured/default/6in6tunnel.pcap.out new file mode 100644 index 000000000..b1c056b9b --- /dev/null +++ b/test/results/flow-captured/default/6in6tunnel.pcap.out @@ -0,0 +1,2 @@ +Flow 1 not-detected: 41 2001:4f8:4:7:2e0:81ff:fe52:ffff -> 2001:4f8:4:7:2e0:81ff:fe52:9a6b +Flow 2 not-detected: 41 feed::beef -> feed::cafe diff --git a/test/results/flow-captured/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/flow-captured/default/BGP_Cisco_hdlc_slarp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/BGP_Cisco_hdlc_slarp.pcap.out diff --git a/test/results/flow-captured/default/BGP_redist.pcap.out b/test/results/flow-captured/default/BGP_redist.pcap.out new file mode 100644 index 000000000..d8ff02094 --- /dev/null +++ b/test/results/flow-captured/default/BGP_redist.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 2.2.2.2:179 -> 5.5.5.5:49433 diff --git a/test/results/flow-captured/default/EAQ.pcap.out b/test/results/flow-captured/default/EAQ.pcap.out new file mode 100644 index 000000000..14208209c --- /dev/null +++ b/test/results/flow-captured/default/EAQ.pcap.out @@ -0,0 +1,23 @@ +Flow 17 risky: udp 10.8.0.1:48563 -> 200.194.141.67:6000 +Flow 14 risky: udp 10.8.0.1:48666 -> 200.194.129.66:6000 +Flow 21 risky: udp 10.8.0.1:57004 -> 200.194.133.67:6000 +Flow 23 risky: udp 10.8.0.1:36552 -> 200.194.136.66:6000 +Flow 2 risky: tcp 10.8.0.1:40467 -> 173.194.119.24:80 +Flow 26 risky: udp 10.8.0.1:59098 -> 200.194.134.68:6000 +Flow 28 risky: udp 10.8.0.1:36577 -> 200.194.149.68:6000 +Flow 22 risky: udp 10.8.0.1:53059 -> 200.194.133.68:6000 +Flow 9 risky: udp 10.8.0.1:34687 -> 200.194.141.68:6000 +Flow 11 risky: udp 10.8.0.1:53354 -> 200.194.137.66:6000 +Flow 25 risky: udp 10.8.0.1:47346 -> 200.194.134.66:6000 +Flow 10 risky: udp 10.8.0.1:39221 -> 200.194.137.67:6000 +Flow 1 risky: tcp 10.8.0.1:53497 -> 173.194.119.48:80 +Flow 6 risky: udp 10.8.0.1:41438 -> 200.194.141.66:6000 +Flow 12 risky: udp 10.8.0.1:59959 -> 200.194.137.68:6000 +Flow 30 risky: udp 10.8.0.1:33356 -> 200.194.149.66:6000 +Flow 15 risky: udp 10.8.0.1:47714 -> 200.194.129.68:6000 +Flow 29 risky: udp 10.8.0.1:60013 -> 200.194.136.67:6000 +Flow 20 risky: udp 10.8.0.1:56128 -> 200.194.133.66:6000 +Flow 24 risky: udp 10.8.0.1:43934 -> 200.194.136.68:6000 +Flow 27 risky: udp 10.8.0.1:50175 -> 200.194.149.67:6000 +Flow 13 risky: udp 10.8.0.1:37985 -> 200.194.129.67:6000 +Flow 31 risky: udp 10.8.0.1:40058 -> 200.194.134.67:6000 diff --git a/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out diff --git a/test/results/flow-captured/default/IEC104.pcap.out b/test/results/flow-captured/default/IEC104.pcap.out new file mode 100644 index 000000000..7437a9743 --- /dev/null +++ b/test/results/flow-captured/default/IEC104.pcap.out @@ -0,0 +1,4 @@ +Flow 1 risky: tcp 10.175.211.1:2404 -> 10.119.105.26:54768 +Flow 1 midstream: tcp 10.175.211.1:2404 -> 10.119.105.26:54768 +Flow 2 risky: tcp 10.175.211.3:2404 -> 10.119.105.26:54769 +Flow 2 midstream: tcp 10.175.211.3:2404 -> 10.119.105.26:54769 diff --git a/test/results/flow-captured/default/KakaoTalk_chat.pcap.out b/test/results/flow-captured/default/KakaoTalk_chat.pcap.out new file mode 100644 index 000000000..fe86462c2 --- /dev/null +++ b/test/results/flow-captured/default/KakaoTalk_chat.pcap.out @@ -0,0 +1,5 @@ +Flow 26 risky: tcp 10.24.82.188:43581 -> 31.13.68.70:443 +Flow 34 risky: tcp 10.24.82.188:35511 -> 173.252.97.2:443 +Flow 15 risky: tcp 10.24.82.188:35503 -> 173.252.97.2:443 +Flow 37 midstream: tcp 10.24.82.188:49217 -> 216.58.220.174:443 +Flow 22 midstream: tcp 31.13.68.73:443 -> 10.24.82.188:47007 diff --git a/test/results/flow-captured/default/KakaoTalk_talk.pcap.out b/test/results/flow-captured/default/KakaoTalk_talk.pcap.out new file mode 100644 index 000000000..68d1bf6a1 --- /dev/null +++ b/test/results/flow-captured/default/KakaoTalk_talk.pcap.out @@ -0,0 +1,4 @@ +Flow 6 risky: tcp 10.24.82.188:32968 -> 110.76.143.50:8080 +Flow 8 risky: tcp 10.24.82.188:58857 -> 110.76.143.50:9001 +Flow 19 risky: tcp 10.24.82.188:59954 -> 173.252.88.128:443 +Flow 14 midstream: tcp 10.24.82.188:49217 -> 216.58.220.174:443 diff --git a/test/results/flow-captured/default/NTPv2.pcap.out b/test/results/flow-captured/default/NTPv2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/NTPv2.pcap.out diff --git a/test/results/flow-captured/default/NTPv3.pcap.out b/test/results/flow-captured/default/NTPv3.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/NTPv3.pcap.out diff --git a/test/results/flow-captured/default/NTPv4.pcap.out b/test/results/flow-captured/default/NTPv4.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/NTPv4.pcap.out diff --git a/test/results/flow-captured/default/Oscar.pcap.out b/test/results/flow-captured/default/Oscar.pcap.out new file mode 100644 index 000000000..3bc3973f8 --- /dev/null +++ b/test/results/flow-captured/default/Oscar.pcap.out @@ -0,0 +1,2 @@ +Flow 1 guessed: tcp 10.30.29.3:63357 -> 178.237.24.249:443 +Flow 1 not-detected: tcp 10.30.29.3:63357 -> 178.237.24.249:443 diff --git a/test/results/flow-captured/default/TivoDVR.pcap.out b/test/results/flow-captured/default/TivoDVR.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/TivoDVR.pcap.out diff --git a/test/results/flow-captured/default/WebattackRCE.pcap.out b/test/results/flow-captured/default/WebattackRCE.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/WebattackRCE.pcap.out diff --git a/test/results/flow-captured/default/WebattackSQLinj.pcap.out b/test/results/flow-captured/default/WebattackSQLinj.pcap.out new file mode 100644 index 000000000..7a43f2378 --- /dev/null +++ b/test/results/flow-captured/default/WebattackSQLinj.pcap.out @@ -0,0 +1,9 @@ +Flow 1 risky: tcp 172.16.0.1:36196 -> 192.168.10.50:80 +Flow 2 risky: tcp 172.16.0.1:36198 -> 192.168.10.50:80 +Flow 3 risky: tcp 172.16.0.1:36200 -> 192.168.10.50:80 +Flow 4 risky: tcp 172.16.0.1:36202 -> 192.168.10.50:80 +Flow 5 risky: tcp 172.16.0.1:36204 -> 192.168.10.50:80 +Flow 6 risky: tcp 172.16.0.1:36206 -> 192.168.10.50:80 +Flow 7 risky: tcp 172.16.0.1:36208 -> 192.168.10.50:80 +Flow 8 risky: tcp 172.16.0.1:36210 -> 192.168.10.50:80 +Flow 9 risky: tcp 172.16.0.1:36212 -> 192.168.10.50:80 diff --git a/test/results/flow-captured/default/WebattackXSS.pcap.out b/test/results/flow-captured/default/WebattackXSS.pcap.out new file mode 100644 index 000000000..4793dfb6e --- /dev/null +++ b/test/results/flow-captured/default/WebattackXSS.pcap.out @@ -0,0 +1,22 @@ +Flow 5 risky: tcp 172.16.0.1:52200 -> 192.168.10.50:80 +Flow 9 risky: tcp 172.16.0.1:52298 -> 192.168.10.50:80 +Flow 41 risky: tcp 172.16.0.1:52910 -> 192.168.10.50:80 +Flow 1 risky: tcp 172.16.0.1:52098 -> 192.168.10.50:80 +Flow 78 risky: tcp 172.16.0.1:53584 -> 192.168.10.50:80 +Flow 10 risky: tcp 172.16.0.1:52300 -> 192.168.10.50:80 +Flow 11 risky: tcp 172.16.0.1:52318 -> 192.168.10.50:80 +Flow 114 risky: tcp 172.16.0.1:54268 -> 192.168.10.50:80 +Flow 152 risky: tcp 172.16.0.1:54956 -> 192.168.10.50:80 +Flow 190 risky: tcp 172.16.0.1:55632 -> 192.168.10.50:80 +Flow 227 risky: tcp 172.16.0.1:56306 -> 192.168.10.50:80 +Flow 265 risky: tcp 172.16.0.1:56994 -> 192.168.10.50:80 +Flow 304 risky: tcp 172.16.0.1:57684 -> 192.168.10.50:80 +Flow 342 risky: tcp 172.16.0.1:58360 -> 192.168.10.50:80 +Flow 380 risky: tcp 172.16.0.1:59042 -> 192.168.10.50:80 +Flow 419 risky: tcp 172.16.0.1:59732 -> 192.168.10.50:80 +Flow 458 risky: tcp 172.16.0.1:60464 -> 192.168.10.50:80 +Flow 495 risky: tcp 172.16.0.1:32906 -> 192.168.10.50:80 +Flow 532 risky: tcp 172.16.0.1:33580 -> 192.168.10.50:80 +Flow 569 risky: tcp 172.16.0.1:34278 -> 192.168.10.50:80 +Flow 606 risky: tcp 172.16.0.1:34940 -> 192.168.10.50:80 +Flow 643 risky: tcp 172.16.0.1:35626 -> 192.168.10.50:80 diff --git a/test/results/flow-captured/default/activision.pcap.out b/test/results/flow-captured/default/activision.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/activision.pcap.out diff --git a/test/results/flow-captured/default/adult_content.pcap.out b/test/results/flow-captured/default/adult_content.pcap.out new file mode 100644 index 000000000..76c4502d8 --- /dev/null +++ b/test/results/flow-captured/default/adult_content.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.199:42759 -> 31.220.27.69:80 diff --git a/test/results/flow-captured/default/afp.pcap.out b/test/results/flow-captured/default/afp.pcap.out new file mode 100644 index 000000000..894c05a8a --- /dev/null +++ b/test/results/flow-captured/default/afp.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.27.57:64987 -> 192.168.27.139:548 diff --git a/test/results/flow-captured/default/agora-sd-rtn.pcap.out b/test/results/flow-captured/default/agora-sd-rtn.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/agora-sd-rtn.pcap.out diff --git a/test/results/flow-captured/default/ah.pcapng.out b/test/results/flow-captured/default/ah.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ah.pcapng.out diff --git a/test/results/flow-captured/default/ajp.pcap.out b/test/results/flow-captured/default/ajp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ajp.pcap.out diff --git a/test/results/flow-captured/default/alexa-app.pcapng.out b/test/results/flow-captured/default/alexa-app.pcapng.out new file mode 100644 index 000000000..b3d3ac84c --- /dev/null +++ b/test/results/flow-captured/default/alexa-app.pcapng.out @@ -0,0 +1,64 @@ +Flow 28 risky: tcp 172.16.42.216:45661 -> 52.94.232.134:443 +Flow 14 risky: icmp 172.16.42.1 -> 172.16.42.216 +Flow 80 risky: tcp 172.16.42.216:45703 -> 52.94.232.134:443 +Flow 87 risky: tcp 172.16.42.216:45710 -> 52.94.232.134:443 +Flow 89 risky: tcp 172.16.42.216:45712 -> 52.94.232.134:443 +Flow 107 risky: tcp 172.16.42.216:40856 -> 54.239.29.253:443 +Flow 105 risky: tcp 172.16.42.216:40854 -> 54.239.29.253:443 +Flow 88 risky: tcp 172.16.42.216:45711 -> 52.94.232.134:443 +Flow 120 risky: tcp 172.16.42.216:51986 -> 52.84.63.56:80 +Flow 125 risky: tcp 172.16.42.216:40871 -> 54.239.29.253:443 +Flow 129 risky: tcp 172.16.42.216:51995 -> 52.84.63.56:80 +Flow 126 risky: tcp 172.16.42.216:51992 -> 52.84.63.56:80 +Flow 45 risky: tcp 172.16.42.216:49589 -> 52.94.232.134:80 +Flow 29 risky: tcp 172.16.42.216:45662 -> 52.94.232.134:443 +Flow 30 risky: tcp 172.16.42.216:45663 -> 52.94.232.134:443 +Flow 43 risky: tcp 172.16.42.216:45673 -> 52.94.232.134:443 +Flow 44 risky: tcp 172.16.42.216:45674 -> 52.94.232.134:443 +Flow 46 risky: tcp 172.16.42.216:45676 -> 52.94.232.134:443 +Flow 47 risky: tcp 172.16.42.216:45677 -> 52.94.232.134:443 +Flow 48 risky: tcp 172.16.42.216:45678 -> 52.94.232.134:443 +Flow 49 risky: tcp 172.16.42.216:45679 -> 52.94.232.134:443 +Flow 50 risky: tcp 172.16.42.216:45680 -> 52.94.232.134:443 +Flow 53 risky: tcp 172.16.42.216:45683 -> 52.94.232.134:443 +Flow 57 risky: tcp 172.16.42.216:45687 -> 52.94.232.134:443 +Flow 59 risky: tcp 172.16.42.216:45688 -> 52.94.232.134:443 +Flow 67 risky: tcp 172.16.42.216:45693 -> 52.94.232.134:443 +Flow 70 risky: tcp 172.16.42.216:45695 -> 52.94.232.134:443 +Flow 71 risky: tcp 172.16.42.216:45696 -> 52.94.232.134:443 +Flow 72 risky: tcp 172.16.42.216:45697 -> 52.94.232.134:443 +Flow 74 risky: tcp 172.16.42.216:45698 -> 52.94.232.134:443 +Flow 157 risky: tcp 172.16.42.216:38483 -> 52.85.209.143:443 +Flow 142 risky: tcp 172.16.42.216:50799 -> 54.239.28.178:443 +Flow 119 risky: tcp 172.16.42.216:51985 -> 52.84.63.56:80 +Flow 121 risky: tcp 172.16.42.216:51987 -> 52.84.63.56:80 +Flow 122 risky: tcp 172.16.42.216:51988 -> 52.84.63.56:80 +Flow 123 risky: tcp 172.16.42.216:51989 -> 52.84.63.56:80 +Flow 124 risky: tcp 172.16.42.216:51990 -> 52.84.63.56:80 +Flow 127 risky: tcp 172.16.42.216:51993 -> 52.84.63.56:80 +Flow 128 risky: tcp 172.16.42.216:51994 -> 52.84.63.56:80 +Flow 130 risky: tcp 172.16.42.216:51996 -> 52.84.63.56:80 +Flow 131 risky: tcp 172.16.42.216:51997 -> 52.84.63.56:80 +Flow 93 risky: tcp 172.16.42.216:49630 -> 52.94.232.134:80 +Flow 117 risky: tcp 172.16.42.216:40864 -> 54.239.29.253:443 +Flow 132 risky: tcp 172.16.42.216:40878 -> 54.239.29.253:443 +Flow 75 risky: tcp 172.16.42.216:37113 -> 52.94.232.134:443 +Flow 81 risky: tcp 172.16.42.216:45704 -> 52.94.232.134:443 +Flow 82 risky: tcp 172.16.42.216:45705 -> 52.94.232.134:443 +Flow 86 risky: tcp 172.16.42.216:45709 -> 52.94.232.134:443 +Flow 91 risky: tcp 172.16.42.216:45714 -> 52.94.232.134:443 +Flow 92 risky: tcp 172.16.42.216:45715 -> 52.94.232.134:443 +Flow 109 risky: tcp 172.16.42.216:45728 -> 52.94.232.134:443 +Flow 110 risky: tcp 172.16.42.216:45729 -> 52.94.232.134:443 +Flow 111 risky: tcp 172.16.42.216:45730 -> 52.94.232.134:443 +Flow 112 risky: tcp 172.16.42.216:45731 -> 52.94.232.134:443 +Flow 113 risky: tcp 172.16.42.216:45732 -> 52.94.232.134:443 +Flow 133 risky: tcp 172.16.42.216:45750 -> 52.94.232.134:443 +Flow 134 risky: tcp 172.16.42.216:45751 -> 52.94.232.134:443 +Flow 137 risky: tcp 172.16.42.216:45752 -> 52.94.232.134:443 +Flow 136 risky: tcp 172.16.42.216:39750 -> 52.94.232.134:443 +Flow 156 risky: tcp 172.16.42.216:58048 -> 54.239.28.178:443 +Flow 65 risky: tcp 172.16.42.216:41691 -> 54.239.29.146:443 +Flow 99 risky: tcp 172.16.42.216:44001 -> 176.32.101.52:443 +Flow 11 risky: tcp 172.16.42.216:42878 -> 173.194.223.188:5228 +Flow 16 risky: tcp 172.16.42.216:55242 -> 52.85.209.197:443 diff --git a/test/results/flow-captured/default/alicloud.pcap.out b/test/results/flow-captured/default/alicloud.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/alicloud.pcap.out diff --git a/test/results/flow-captured/default/among_us.pcap.out b/test/results/flow-captured/default/among_us.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/among_us.pcap.out diff --git a/test/results/flow-captured/default/amqp.pcap.out b/test/results/flow-captured/default/amqp.pcap.out new file mode 100644 index 000000000..525dbc442 --- /dev/null +++ b/test/results/flow-captured/default/amqp.pcap.out @@ -0,0 +1,3 @@ +Flow 1 midstream: tcp 127.0.0.1:44205 -> 127.0.1.1:5672 +Flow 2 midstream: tcp 127.0.1.1:5672 -> 127.0.0.1:44204 +Flow 3 midstream: tcp 127.0.0.1:44206 -> 127.0.1.1:5672 diff --git a/test/results/flow-captured/default/android.pcap.out b/test/results/flow-captured/default/android.pcap.out new file mode 100644 index 000000000..ea5892663 --- /dev/null +++ b/test/results/flow-captured/default/android.pcap.out @@ -0,0 +1,7 @@ +Flow 3 risky: tcp 17.248.176.75:443 -> 192.168.2.17:50580 +Flow 3 midstream: tcp 17.248.176.75:443 -> 192.168.2.17:50580 +Flow 2 risky: tcp 17.248.176.75:443 -> 192.168.2.17:50584 +Flow 2 midstream: tcp 17.248.176.75:443 -> 192.168.2.17:50584 +Flow 5 midstream: tcp 17.248.185.10:443 -> 192.168.2.17:50702 +Flow 39 risky: tcp 192.168.2.16:36834 -> 173.194.79.114:80 +Flow 52 risky: tcp 192.168.2.16:36848 -> 173.194.79.114:80 diff --git a/test/results/flow-captured/default/anyconnect-vpn.pcap.out b/test/results/flow-captured/default/anyconnect-vpn.pcap.out new file mode 100644 index 000000000..1dbcad056 --- /dev/null +++ b/test/results/flow-captured/default/anyconnect-vpn.pcap.out @@ -0,0 +1,21 @@ +Flow 30 risky: tcp 10.0.0.227:56921 -> 8.37.96.194:4287 +Flow 25 midstream: tcp 10.0.0.227:56884 -> 184.25.56.77:80 +Flow 24 midstream: tcp 10.0.0.227:56917 -> 184.25.56.77:80 +Flow 26 risky: udp 10.0.0.227:54851 -> 75.75.76.76:53 +Flow 16 risky: udp 10.0.0.227:63107 -> 75.75.76.76:53 +Flow 34 risky: udp 10.0.0.227:52879 -> 75.75.75.75:53 +Flow 58 risky: udp 10.0.0.227:54107 -> 8.37.102.91:443 +Flow 36 risky: udp 10.0.0.227:57017 -> 75.75.75.75:53 +Flow 35 risky: udp 10.0.0.227:59222 -> 75.75.75.75:53 +Flow 33 risky: udp 10.0.0.227:57261 -> 75.75.75.75:53 +Flow 3 risky: tcp 10.0.0.227:56320 -> 10.0.0.149:8009 +Flow 3 midstream: tcp 10.0.0.227:56320 -> 10.0.0.149:8009 +Flow 44 risky: tcp 10.0.0.227:56886 -> 17.57.144.116:5223 +Flow 44 midstream: tcp 10.0.0.227:56886 -> 17.57.144.116:5223 +Flow 15 risky: tcp 10.0.0.227:56919 -> 8.37.102.91:443 +Flow 38 risky: tcp 10.0.0.227:56929 -> 8.37.102.91:443 +Flow 40 not-detected: tcp 10.0.0.227:56866 -> 10.0.0.151:8060 +Flow 40 midstream: tcp 10.0.0.227:56866 -> 10.0.0.151:8060 +Flow 62 risky: tcp 10.0.0.227:56954 -> 10.0.0.149:8008 +Flow 63 risky: tcp 10.0.0.227:56955 -> 10.0.0.151:8060 +Flow 60 not-detected: udp 10.0.0.227:52595 -> 10.0.0.1:192 diff --git a/test/results/flow-captured/default/anydesk.pcapng.out b/test/results/flow-captured/default/anydesk.pcapng.out new file mode 100644 index 000000000..9f090eeb4 --- /dev/null +++ b/test/results/flow-captured/default/anydesk.pcapng.out @@ -0,0 +1,5 @@ +Flow 1 risky: tcp 192.168.149.129:36351 -> 51.83.239.144:80 +Flow 1 midstream: tcp 192.168.149.129:36351 -> 51.83.239.144:80 +Flow 2 risky: tcp 192.168.149.129:43535 -> 51.83.238.219:80 +Flow 5 risky: tcp 192.168.1.187:54164 -> 192.168.1.178:7070 +Flow 7 risky: tcp 192.168.1.128:48260 -> 195.181.174.176:443 diff --git a/test/results/flow-captured/default/atg.pcap.out b/test/results/flow-captured/default/atg.pcap.out new file mode 100644 index 000000000..39087a13a --- /dev/null +++ b/test/results/flow-captured/default/atg.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.0.105:3134 -> 20.108.25.119:10001 diff --git a/test/results/flow-captured/default/avast.pcap.out b/test/results/flow-captured/default/avast.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/avast.pcap.out diff --git a/test/results/flow-captured/default/avast_securedns.pcapng.out b/test/results/flow-captured/default/avast_securedns.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/avast_securedns.pcapng.out diff --git a/test/results/flow-captured/default/bacnet.pcap.out b/test/results/flow-captured/default/bacnet.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bacnet.pcap.out diff --git a/test/results/flow-captured/default/bad-dns-traffic.pcap.out b/test/results/flow-captured/default/bad-dns-traffic.pcap.out new file mode 100644 index 000000000..7969bda5b --- /dev/null +++ b/test/results/flow-captured/default/bad-dns-traffic.pcap.out @@ -0,0 +1,3 @@ +Flow 2 risky: udp 192.168.43.91:56354 -> 4.2.2.4:53 +Flow 1 risky: udp 192.168.43.91:35966 -> 4.2.2.4:53 +Flow 3 risky: udp 192.168.43.91:46961 -> 4.2.2.4:53 diff --git a/test/results/flow-captured/default/badpackets.pcap.out b/test/results/flow-captured/default/badpackets.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/badpackets.pcap.out diff --git a/test/results/flow-captured/default/beckhoff_ads.pcapng.out b/test/results/flow-captured/default/beckhoff_ads.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/beckhoff_ads.pcapng.out diff --git a/test/results/flow-captured/default/bets.pcapng.out b/test/results/flow-captured/default/bets.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bets.pcapng.out diff --git a/test/results/flow-captured/default/bfcp.pcapng.out b/test/results/flow-captured/default/bfcp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bfcp.pcapng.out diff --git a/test/results/flow-captured/default/bfd.pcap.out b/test/results/flow-captured/default/bfd.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bfd.pcap.out diff --git a/test/results/flow-captured/default/bitcoin.pcap.out b/test/results/flow-captured/default/bitcoin.pcap.out new file mode 100644 index 000000000..41b6b1707 --- /dev/null +++ b/test/results/flow-captured/default/bitcoin.pcap.out @@ -0,0 +1,6 @@ +Flow 3 midstream: tcp 192.168.1.142:55348 -> 74.89.181.229:8333 +Flow 4 midstream: tcp 192.168.1.142:55383 -> 66.68.83.22:8333 +Flow 5 midstream: tcp 192.168.1.142:55400 -> 195.218.16.178:8333 +Flow 6 midstream: tcp 192.168.1.142:55487 -> 184.58.165.119:8333 +Flow 1 midstream: tcp 192.168.1.142:55317 -> 188.165.213.169:8333 +Flow 2 midstream: tcp 192.168.1.142:55328 -> 69.118.54.122:8333 diff --git a/test/results/flow-captured/default/bittorrent.pcap.out b/test/results/flow-captured/default/bittorrent.pcap.out new file mode 100644 index 000000000..05cf521a2 --- /dev/null +++ b/test/results/flow-captured/default/bittorrent.pcap.out @@ -0,0 +1,46 @@ +Flow 17 risky: tcp 192.168.1.3:52915 -> 198.100.146.9:60163 +Flow 17 midstream: tcp 192.168.1.3:52915 -> 198.100.146.9:60163 +Flow 2 risky: tcp 192.168.1.3:52887 -> 82.57.97.83:53137 +Flow 2 midstream: tcp 192.168.1.3:52887 -> 82.57.97.83:53137 +Flow 11 risky: tcp 192.168.1.3:52906 -> 82.57.97.83:53137 +Flow 11 midstream: tcp 192.168.1.3:52906 -> 82.57.97.83:53137 +Flow 3 midstream: tcp 192.168.1.3:52895 -> 83.216.184.241:51413 +Flow 22 midstream: tcp 192.168.1.3:52927 -> 83.216.184.241:51413 +Flow 21 risky: tcp 192.168.1.3:52922 -> 95.237.193.34:11321 +Flow 21 midstream: tcp 192.168.1.3:52922 -> 95.237.193.34:11321 +Flow 13 risky: tcp 192.168.1.3:52912 -> 151.72.255.163:59928 +Flow 13 midstream: tcp 192.168.1.3:52912 -> 151.72.255.163:59928 +Flow 6 risky: tcp 192.168.1.3:52897 -> 151.26.95.30:22673 +Flow 6 midstream: tcp 192.168.1.3:52897 -> 151.26.95.30:22673 +Flow 12 risky: tcp 192.168.1.3:52911 -> 151.26.95.30:22673 +Flow 12 midstream: tcp 192.168.1.3:52911 -> 151.26.95.30:22673 +Flow 20 risky: tcp 192.168.1.3:52921 -> 95.234.159.16:41205 +Flow 20 midstream: tcp 192.168.1.3:52921 -> 95.234.159.16:41205 +Flow 23 risky: tcp 192.168.1.3:52926 -> 93.65.249.100:31336 +Flow 23 midstream: tcp 192.168.1.3:52926 -> 93.65.249.100:31336 +Flow 24 risky: tcp 192.168.1.3:52925 -> 93.65.227.100:19116 +Flow 24 midstream: tcp 192.168.1.3:52925 -> 93.65.227.100:19116 +Flow 9 risky: tcp 192.168.1.3:52902 -> 190.103.195.56:46633 +Flow 9 midstream: tcp 192.168.1.3:52902 -> 190.103.195.56:46633 +Flow 18 risky: tcp 192.168.1.3:52914 -> 190.103.195.56:46633 +Flow 18 midstream: tcp 192.168.1.3:52914 -> 190.103.195.56:46633 +Flow 4 risky: tcp 192.168.1.3:52896 -> 79.53.228.2:14627 +Flow 4 midstream: tcp 192.168.1.3:52896 -> 79.53.228.2:14627 +Flow 14 risky: tcp 192.168.1.3:52909 -> 79.53.228.2:14627 +Flow 14 midstream: tcp 192.168.1.3:52909 -> 79.53.228.2:14627 +Flow 7 risky: tcp 192.168.1.3:52893 -> 79.55.129.22:12097 +Flow 7 midstream: tcp 192.168.1.3:52893 -> 79.55.129.22:12097 +Flow 16 risky: tcp 192.168.1.3:52908 -> 79.55.129.22:12097 +Flow 16 midstream: tcp 192.168.1.3:52908 -> 79.55.129.22:12097 +Flow 19 risky: tcp 192.168.1.3:52917 -> 151.15.48.189:47001 +Flow 19 midstream: tcp 192.168.1.3:52917 -> 151.15.48.189:47001 +Flow 8 risky: tcp 192.168.1.3:52903 -> 198.100.146.9:60163 +Flow 8 midstream: tcp 192.168.1.3:52903 -> 198.100.146.9:60163 +Flow 1 risky: tcp 192.168.1.3:52888 -> 82.58.216.115:38305 +Flow 1 midstream: tcp 192.168.1.3:52888 -> 82.58.216.115:38305 +Flow 10 risky: tcp 192.168.1.3:52907 -> 82.58.216.115:38305 +Flow 10 midstream: tcp 192.168.1.3:52907 -> 82.58.216.115:38305 +Flow 5 risky: tcp 192.168.1.3:52894 -> 120.62.33.241:39332 +Flow 5 midstream: tcp 192.168.1.3:52894 -> 120.62.33.241:39332 +Flow 15 risky: tcp 192.168.1.3:52910 -> 120.62.33.241:39332 +Flow 15 midstream: tcp 192.168.1.3:52910 -> 120.62.33.241:39332 diff --git a/test/results/flow-captured/default/bittorrent_tcp_miss.pcapng.out b/test/results/flow-captured/default/bittorrent_tcp_miss.pcapng.out new file mode 100644 index 000000000..294e2dd8f --- /dev/null +++ b/test/results/flow-captured/default/bittorrent_tcp_miss.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.122.34:48987 -> 178.71.206.1:6881 diff --git a/test/results/flow-captured/default/bittorrent_utp.pcap.out b/test/results/flow-captured/default/bittorrent_utp.pcap.out new file mode 100644 index 000000000..ab9151e51 --- /dev/null +++ b/test/results/flow-captured/default/bittorrent_utp.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp 82.243.113.43:64969 -> 192.168.1.5:40959 +Flow 2 risky: udp 127.0.0.1:49861 -> 127.0.0.1:33333 diff --git a/test/results/flow-captured/default/bjnp.pcap.out b/test/results/flow-captured/default/bjnp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bjnp.pcap.out diff --git a/test/results/flow-captured/default/bot.pcap.out b/test/results/flow-captured/default/bot.pcap.out new file mode 100644 index 000000000..ccacd19f0 --- /dev/null +++ b/test/results/flow-captured/default/bot.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 40.77.167.36:64768 -> 89.31.72.220:80 diff --git a/test/results/flow-captured/default/bt-dns.pcap.out b/test/results/flow-captured/default/bt-dns.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bt-dns.pcap.out diff --git a/test/results/flow-captured/default/bt-http.pcapng.out b/test/results/flow-captured/default/bt-http.pcapng.out new file mode 100644 index 000000000..8fa10a571 --- /dev/null +++ b/test/results/flow-captured/default/bt-http.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.128:46882 -> 176.31.225.118:80 diff --git a/test/results/flow-captured/default/bt_search.pcap.out b/test/results/flow-captured/default/bt_search.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/bt_search.pcap.out diff --git a/test/results/flow-captured/default/c1222.pcapng.out b/test/results/flow-captured/default/c1222.pcapng.out new file mode 100644 index 000000000..8b5d392c6 --- /dev/null +++ b/test/results/flow-captured/default/c1222.pcapng.out @@ -0,0 +1 @@ +Flow 2 midstream: tcp 192.168.1.101:1577 -> 192.168.100.124:1153 diff --git a/test/results/flow-captured/default/cachefly.pcapng.out b/test/results/flow-captured/default/cachefly.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cachefly.pcapng.out diff --git a/test/results/flow-captured/default/can.pcap.out b/test/results/flow-captured/default/can.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/can.pcap.out diff --git a/test/results/flow-captured/default/capwap.pcap.out b/test/results/flow-captured/default/capwap.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/capwap.pcap.out diff --git a/test/results/flow-captured/default/capwap_data.pcapng.out b/test/results/flow-captured/default/capwap_data.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/capwap_data.pcapng.out diff --git a/test/results/flow-captured/default/cassandra.pcap.out b/test/results/flow-captured/default/cassandra.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cassandra.pcap.out diff --git a/test/results/flow-captured/default/ceph.pcap.out b/test/results/flow-captured/default/ceph.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ceph.pcap.out diff --git a/test/results/flow-captured/default/check_mk_new.pcap.out b/test/results/flow-captured/default/check_mk_new.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/check_mk_new.pcap.out diff --git a/test/results/flow-captured/default/chrome.pcap.out b/test/results/flow-captured/default/chrome.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/chrome.pcap.out diff --git a/test/results/flow-captured/default/cip_io.pcap.out b/test/results/flow-captured/default/cip_io.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cip_io.pcap.out diff --git a/test/results/flow-captured/default/citrix.pcap.out b/test/results/flow-captured/default/citrix.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/citrix.pcap.out diff --git a/test/results/flow-captured/default/cloudflare-warp.pcap.out b/test/results/flow-captured/default/cloudflare-warp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cloudflare-warp.pcap.out diff --git a/test/results/flow-captured/default/cnp_ip.pcapng.out b/test/results/flow-captured/default/cnp_ip.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cnp_ip.pcapng.out diff --git a/test/results/flow-captured/default/coap_mqtt.pcap.out b/test/results/flow-captured/default/coap_mqtt.pcap.out new file mode 100644 index 000000000..613370f6b --- /dev/null +++ b/test/results/flow-captured/default/coap_mqtt.pcap.out @@ -0,0 +1,7 @@ +Flow 11 risky: tcp 192.168.56.1:53528 -> 192.168.56.101:17501 +Flow 9 risky: tcp 192.168.56.1:53522 -> 192.168.56.101:17501 +Flow 9 midstream: tcp 192.168.56.1:53522 -> 192.168.56.101:17501 +Flow 10 risky: tcp 192.168.56.1:53523 -> 192.168.56.101:17501 +Flow 10 midstream: tcp 192.168.56.1:53523 -> 192.168.56.101:17501 +Flow 13 risky: tcp 192.168.56.101:17501 -> 192.168.56.1:53524 +Flow 13 midstream: tcp 192.168.56.101:17501 -> 192.168.56.1:53524 diff --git a/test/results/flow-captured/default/codm.pcap.out b/test/results/flow-captured/default/codm.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/codm.pcap.out diff --git a/test/results/flow-captured/default/collectd.pcap.out b/test/results/flow-captured/default/collectd.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/collectd.pcap.out diff --git a/test/results/flow-captured/default/conncheck.pcap.out b/test/results/flow-captured/default/conncheck.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/conncheck.pcap.out diff --git a/test/results/flow-captured/default/corba.pcap.out b/test/results/flow-captured/default/corba.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/corba.pcap.out diff --git a/test/results/flow-captured/default/cpha.pcap.out b/test/results/flow-captured/default/cpha.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/cpha.pcap.out diff --git a/test/results/flow-captured/default/crawler_false_positive.pcapng.out b/test/results/flow-captured/default/crawler_false_positive.pcapng.out new file mode 100644 index 000000000..e8c8d73e4 --- /dev/null +++ b/test/results/flow-captured/default/crawler_false_positive.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.12.156:38291 -> 93.184.220.29:80 diff --git a/test/results/flow-captured/default/crynet.pcap.out b/test/results/flow-captured/default/crynet.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/crynet.pcap.out diff --git a/test/results/flow-captured/default/custom_categories.pcapng.out b/test/results/flow-captured/default/custom_categories.pcapng.out new file mode 100644 index 000000000..b5bcb9602 --- /dev/null +++ b/test/results/flow-captured/default/custom_categories.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 2001:db8:1::1:64720 -> 2001:db8:200::1:20868 +Flow 2 risky: tcp 172.26.219.44:58639 -> 172.30.69.103:22 diff --git a/test/results/flow-captured/default/custom_risk_mask.pcapng.out b/test/results/flow-captured/default/custom_risk_mask.pcapng.out new file mode 100644 index 000000000..066b1921b --- /dev/null +++ b/test/results/flow-captured/default/custom_risk_mask.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp fe80::7c0:e74e:87c3:5d93:6741 -> ff02::1:3:5355 +Flow 2 risky: udp fe80::356b:e047:3695:f741:16765 -> ff02::1:3:5355 diff --git a/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out b/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out new file mode 100644 index 000000000..dd09d4cb7 --- /dev/null +++ b/test/results/flow-captured/default/custom_rules_ipv6.pcapng.out @@ -0,0 +1,5 @@ +Flow 1 not-detected: udp 3ffe:507::1:200:86ff:fe05:80da:21554 -> 3ffe:501:4819::42:5333 +Flow 6 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12718 -> ff02::1:26993 +Flow 5 not-detected: udp fe80::76ac:b9ff:fedd:a1e2:12719 -> ff02::1:26993 +Flow 4 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12719 -> ff02::1:26993 +Flow 7 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12717 -> ff02::1:64315 diff --git a/test/results/flow-captured/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/flow-captured/default/custom_rules_same-ip_multiple_ports.pcapng.out new file mode 100644 index 000000000..9dd279f63 --- /dev/null +++ b/test/results/flow-captured/default/custom_rules_same-ip_multiple_ports.pcapng.out @@ -0,0 +1,2 @@ +Flow 3 not-detected: tcp 192.168.1.245:58288 -> 3.3.3.3:446 +Flow 2 not-detected: tcp 192.168.1.245:59682 -> 3.3.3.3:444 diff --git a/test/results/flow-captured/default/dazn.pcapng.out b/test/results/flow-captured/default/dazn.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dazn.pcapng.out diff --git a/test/results/flow-captured/default/dcerpc.pcap.out b/test/results/flow-captured/default/dcerpc.pcap.out new file mode 100644 index 000000000..c81c9b8b6 --- /dev/null +++ b/test/results/flow-captured/default/dcerpc.pcap.out @@ -0,0 +1,4 @@ +Flow 4 risky: udp 192.168.1.11:49154 -> 192.168.1.20:49162 +Flow 2 risky: udp 192.168.1.20:49161 -> 192.168.1.11:49155 +Flow 1 risky: udp 192.168.1.11:49155 -> 192.168.1.20:34964 +Flow 3 risky: udp 192.168.1.20:49162 -> 192.168.1.11:34964 diff --git a/test/results/flow-captured/default/dhcp-fuzz.pcapng.out b/test/results/flow-captured/default/dhcp-fuzz.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dhcp-fuzz.pcapng.out diff --git a/test/results/flow-captured/default/diameter.pcap.out b/test/results/flow-captured/default/diameter.pcap.out new file mode 100644 index 000000000..8000c1491 --- /dev/null +++ b/test/results/flow-captured/default/diameter.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 10.201.9.245:50957 -> 10.201.9.11:3868 diff --git a/test/results/flow-captured/default/discord.pcap.out b/test/results/flow-captured/default/discord.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/discord.pcap.out diff --git a/test/results/flow-captured/default/discord_mid_flow.pcap.out b/test/results/flow-captured/default/discord_mid_flow.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/discord_mid_flow.pcap.out diff --git a/test/results/flow-captured/default/dlep.pcapng.out b/test/results/flow-captured/default/dlep.pcapng.out new file mode 100644 index 000000000..a99cd40ff --- /dev/null +++ b/test/results/flow-captured/default/dlep.pcapng.out @@ -0,0 +1 @@ +Flow 3 midstream: tcp 10.0.0.1:51762 -> 10.0.0.2:854 diff --git a/test/results/flow-captured/default/dlms.pcap.out b/test/results/flow-captured/default/dlms.pcap.out new file mode 100644 index 000000000..577b71e56 --- /dev/null +++ b/test/results/flow-captured/default/dlms.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.137.20:60797 -> 192.168.137.189:4060 diff --git a/test/results/flow-captured/default/dlt_ppp.pcap.out b/test/results/flow-captured/default/dlt_ppp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dlt_ppp.pcap.out diff --git a/test/results/flow-captured/default/dnp3.pcap.out b/test/results/flow-captured/default/dnp3.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dnp3.pcap.out diff --git a/test/results/flow-captured/default/dns-exf.pcap.out b/test/results/flow-captured/default/dns-exf.pcap.out new file mode 100644 index 000000000..836c2ecdb --- /dev/null +++ b/test/results/flow-captured/default/dns-exf.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.2.225:45290 -> 192.168.2.134:53 diff --git a/test/results/flow-captured/default/dns-google-nsid.pcapng.out b/test/results/flow-captured/default/dns-google-nsid.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns-google-nsid.pcapng.out diff --git a/test/results/flow-captured/default/dns-invalid-chars.pcap.out b/test/results/flow-captured/default/dns-invalid-chars.pcap.out new file mode 100644 index 000000000..fe738fa7f --- /dev/null +++ b/test/results/flow-captured/default/dns-invalid-chars.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 127.0.0.1:35980 -> 127.0.0.1:53 diff --git a/test/results/flow-captured/default/dns-tunnel-iodine.pcap.out b/test/results/flow-captured/default/dns-tunnel-iodine.pcap.out new file mode 100644 index 000000000..b4e116e6d --- /dev/null +++ b/test/results/flow-captured/default/dns-tunnel-iodine.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 10.0.2.30:44639 -> 10.0.2.20:53 diff --git a/test/results/flow-captured/default/dns.pcap.out b/test/results/flow-captured/default/dns.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns.pcap.out diff --git a/test/results/flow-captured/default/dns2tcp_tunnel.pcap.out b/test/results/flow-captured/default/dns2tcp_tunnel.pcap.out new file mode 100644 index 000000000..b80aa936c --- /dev/null +++ b/test/results/flow-captured/default/dns2tcp_tunnel.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.20.211:44404 -> 1.1.1.1:443 diff --git a/test/results/flow-captured/default/dns_ambiguous_names.pcap.out b/test/results/flow-captured/default/dns_ambiguous_names.pcap.out new file mode 100644 index 000000000..512d70709 --- /dev/null +++ b/test/results/flow-captured/default/dns_ambiguous_names.pcap.out @@ -0,0 +1 @@ +Flow 6 risky: udp 10.200.2.11:42790 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/default/dns_doh.pcap.out b/test/results/flow-captured/default/dns_doh.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns_doh.pcap.out diff --git a/test/results/flow-captured/default/dns_dot.pcap.out b/test/results/flow-captured/default/dns_dot.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns_dot.pcap.out diff --git a/test/results/flow-captured/default/dns_exfiltration.pcap.out b/test/results/flow-captured/default/dns_exfiltration.pcap.out new file mode 100644 index 000000000..98f31b78f --- /dev/null +++ b/test/results/flow-captured/default/dns_exfiltration.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.220.56:56373 -> 192.168.203.167:53 diff --git a/test/results/flow-captured/default/dns_fragmented.pcap.out b/test/results/flow-captured/default/dns_fragmented.pcap.out new file mode 100644 index 000000000..31e40f97c --- /dev/null +++ b/test/results/flow-captured/default/dns_fragmented.pcap.out @@ -0,0 +1,9 @@ +Flow 1 risky: udp 172.217.40.76:56680 -> 193.24.227.238:53 +Flow 3 risky: udp 2a00:1450:4013:c06::105:63369 -> 2001:470:765b::a25:53:53 +Flow 7 risky: udp 2a00:1450:4013:c05::10e:34944 -> 2001:470:765b::a25:53:53 +Flow 4 risky: udp 173.194.169.104:59464 -> 193.24.227.238:53 +Flow 6 risky: udp 74.125.47.136:59330 -> 193.24.227.238:53 +Flow 5 risky: udp 2a00:1450:400c:c00::106:54430 -> 2001:470:765b::a25:53:53 +Flow 2 risky: udp 2a00:1450:4013:c03::10a:46433 -> 2001:470:765b::a25:53:53 +Flow 16 risky: udp 2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb:55729 -> 2001:470:765b::a25:53:53 +Flow 17 risky: udp 194.247.5.6:51791 -> 193.24.227.238:53 diff --git a/test/results/flow-captured/default/dns_invert_query.pcapng.out b/test/results/flow-captured/default/dns_invert_query.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dns_invert_query.pcapng.out diff --git a/test/results/flow-captured/default/dns_long_domainname.pcap.out b/test/results/flow-captured/default/dns_long_domainname.pcap.out new file mode 100644 index 000000000..310b46b56 --- /dev/null +++ b/test/results/flow-captured/default/dns_long_domainname.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.168:65311 -> 8.8.8.8:53 diff --git a/test/results/flow-captured/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/flow-captured/default/dnscrypt-v1-and-resolver-pings.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dnscrypt-v1-and-resolver-pings.pcap.out diff --git a/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out b/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out new file mode 100644 index 000000000..402ab903d --- /dev/null +++ b/test/results/flow-captured/default/dnscrypt-v2-doh.pcap.out @@ -0,0 +1,38 @@ +Flow 29 risky: tcp 10.0.0.1:35714 -> 209.250.241.25:443 +Flow 29 midstream: tcp 10.0.0.1:35714 -> 209.250.241.25:443 +Flow 12 midstream: tcp 10.0.0.1:41720 -> 116.203.179.248:443 +Flow 34 risky: tcp 10.0.0.1:35742 -> 209.250.241.25:443 +Flow 34 midstream: tcp 10.0.0.1:35742 -> 209.250.241.25:443 +Flow 25 risky: tcp 10.0.0.1:52028 -> 45.76.113.31:8443 +Flow 25 midstream: tcp 10.0.0.1:52028 -> 45.76.113.31:8443 +Flow 26 midstream: tcp 10.0.0.1:34036 -> 217.169.20.23:443 +Flow 10 midstream: tcp 10.0.0.1:55322 -> 185.134.196.55:443 +Flow 14 midstream: tcp 10.0.0.1:46658 -> 185.233.106.232:443 +Flow 20 midstream: tcp 10.0.0.1:33724 -> 104.28.28.34:443 +Flow 6 midstream: tcp 10.0.0.1:40938 -> 172.104.93.80:443 +Flow 4 midstream: tcp 10.0.0.1:55962 -> 51.158.147.50:443 +Flow 8 risky: tcp 10.0.0.1:38186 -> 185.43.135.1:443 +Flow 8 midstream: tcp 10.0.0.1:38186 -> 185.43.135.1:443 +Flow 13 midstream: tcp 10.0.0.1:60026 -> 195.30.94.28:443 +Flow 31 midstream: tcp 10.0.0.1:57058 -> 46.227.200.54:443 +Flow 17 midstream: tcp 10.0.0.1:44640 -> 185.235.81.1:443 +Flow 21 midstream: tcp 10.0.0.1:53802 -> 1.0.0.1:443 +Flow 28 midstream: tcp 10.0.0.1:54164 -> 193.70.85.11:443 +Flow 27 midstream: tcp 10.0.0.1:43718 -> 146.255.56.98:443 +Flow 33 midstream: tcp 10.0.0.1:44704 -> 185.235.81.1:443 +Flow 18 midstream: tcp 10.0.0.1:43106 -> 116.202.176.26:443 +Flow 9 midstream: tcp 10.0.0.1:51770 -> 9.9.9.10:443 +Flow 32 midstream: tcp 10.0.0.1:51846 -> 9.9.9.10:443 +Flow 30 midstream: tcp 10.0.0.1:43888 -> 95.216.229.153:443 +Flow 11 midstream: tcp 10.0.0.1:52386 -> 51.15.124.208:443 +Flow 19 midstream: tcp 10.0.0.1:59026 -> 85.5.93.230:443 +Flow 23 midstream: tcp 10.0.0.1:52176 -> 136.144.215.158:443 +Flow 22 midstream: tcp 10.0.0.1:33338 -> 45.90.28.0:443 +Flow 15 risky: tcp 10.0.0.1:36012 -> 149.56.228.45:453 +Flow 15 midstream: tcp 10.0.0.1:36012 -> 149.56.228.45:453 +Flow 7 risky: tcp 10.0.0.1:37530 -> 167.114.220.125:453 +Flow 7 midstream: tcp 10.0.0.1:37530 -> 167.114.220.125:453 +Flow 3 midstream: tcp 10.0.0.1:50614 -> 185.95.218.42:443 +Flow 24 midstream: tcp 10.0.0.1:39214 -> 104.28.0.106:443 +Flow 16 midstream: tcp 10.0.0.1:38018 -> 45.153.187.96:443 +Flow 5 midstream: tcp 10.0.0.1:59404 -> 185.253.154.66:443 diff --git a/test/results/flow-captured/default/dnscrypt-v2.pcap.out b/test/results/flow-captured/default/dnscrypt-v2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dnscrypt-v2.pcap.out diff --git a/test/results/flow-captured/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/flow-captured/default/dnscrypt_skype_false_positive.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dnscrypt_skype_false_positive.pcapng.out diff --git a/test/results/flow-captured/default/doh.pcapng.out b/test/results/flow-captured/default/doh.pcapng.out new file mode 100644 index 000000000..385d1d5db --- /dev/null +++ b/test/results/flow-captured/default/doh.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.253:35996 -> 1.1.1.1:443 diff --git a/test/results/flow-captured/default/doq.pcapng.out b/test/results/flow-captured/default/doq.pcapng.out new file mode 100644 index 000000000..d3d49007c --- /dev/null +++ b/test/results/flow-captured/default/doq.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp ::1:47826 -> ::1:784 diff --git a/test/results/flow-captured/default/doq_adguard.pcapng.out b/test/results/flow-captured/default/doq_adguard.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/doq_adguard.pcapng.out diff --git a/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out b/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out new file mode 100644 index 000000000..773774dce --- /dev/null +++ b/test/results/flow-captured/default/dos_win98_smb_netbeui.pcap.out @@ -0,0 +1 @@ +Flow 4 risky: udp 192.168.239.129:138 -> 192.168.239.255:138 diff --git a/test/results/flow-captured/default/dotenv.pcap.out b/test/results/flow-captured/default/dotenv.pcap.out new file mode 100644 index 000000000..68a4692d0 --- /dev/null +++ b/test/results/flow-captured/default/dotenv.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.2.198:51327 -> 89.31.76.10:80 diff --git a/test/results/flow-captured/default/drda_db2.pcap.out b/test/results/flow-captured/default/drda_db2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/drda_db2.pcap.out diff --git a/test/results/flow-captured/default/dropbox.pcap.out b/test/results/flow-captured/default/dropbox.pcap.out new file mode 100644 index 000000000..1162dcba4 --- /dev/null +++ b/test/results/flow-captured/default/dropbox.pcap.out @@ -0,0 +1,5 @@ +Flow 7 risky: udp 192.168.1.105:50789 -> 192.168.1.254:53 +Flow 6 risky: udp 192.168.1.105:49112 -> 192.168.1.254:53 +Flow 5 risky: udp 192.168.1.105:55407 -> 192.168.1.254:53 +Flow 11 risky: udp 192.168.1.105:33189 -> 192.168.1.254:53 +Flow 8 risky: udp 192.168.1.105:36173 -> 192.168.1.254:53 diff --git a/test/results/flow-captured/default/dtls.pcap.out b/test/results/flow-captured/default/dtls.pcap.out new file mode 100644 index 000000000..bed9794a6 --- /dev/null +++ b/test/results/flow-captured/default/dtls.pcap.out @@ -0,0 +1 @@ +Flow 2 risky: udp 127.0.0.1:40983 -> 127.0.0.1:11111 diff --git a/test/results/flow-captured/default/dtls2.pcap.out b/test/results/flow-captured/default/dtls2.pcap.out new file mode 100644 index 000000000..f9eefd58d --- /dev/null +++ b/test/results/flow-captured/default/dtls2.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 61.68.110.153:53045 -> 212.32.214.39:61457 diff --git a/test/results/flow-captured/default/dtls_certificate.pcapng.out b/test/results/flow-captured/default/dtls_certificate.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dtls_certificate.pcapng.out diff --git a/test/results/flow-captured/default/dtls_certificate_fragments.pcap.out b/test/results/flow-captured/default/dtls_certificate_fragments.pcap.out new file mode 100644 index 000000000..3da344ebd --- /dev/null +++ b/test/results/flow-captured/default/dtls_certificate_fragments.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp 10.186.198.149:39347 -> 35.210.59.134:44443 +Flow 2 risky: udp 192.168.1.26:43594 -> 104.153.87.149:50001 diff --git a/test/results/flow-captured/default/dtls_mid_sessions.pcapng.out b/test/results/flow-captured/default/dtls_mid_sessions.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/dtls_mid_sessions.pcapng.out diff --git a/test/results/flow-captured/default/dtls_old_version.pcapng.out b/test/results/flow-captured/default/dtls_old_version.pcapng.out new file mode 100644 index 000000000..71505ea8d --- /dev/null +++ b/test/results/flow-captured/default/dtls_old_version.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 37.188.4.115:56453 -> 70.66.6.128:443 diff --git a/test/results/flow-captured/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/flow-captured/default/dtls_session_id_and_coockie_both.pcap.out new file mode 100644 index 000000000..224e21f3a --- /dev/null +++ b/test/results/flow-captured/default/dtls_session_id_and_coockie_both.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 185.196.113.239:50257 -> 223.116.105.247:44443 diff --git a/test/results/flow-captured/default/edonkey.pcap.out b/test/results/flow-captured/default/edonkey.pcap.out new file mode 100644 index 000000000..c07858c23 --- /dev/null +++ b/test/results/flow-captured/default/edonkey.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 201.15.177.227:1754 -> 135.192.214.240:7551 diff --git a/test/results/flow-captured/default/egd.pcapng.out b/test/results/flow-captured/default/egd.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/egd.pcapng.out diff --git a/test/results/flow-captured/default/elasticsearch.pcap.out b/test/results/flow-captured/default/elasticsearch.pcap.out new file mode 100644 index 000000000..96a963ce9 --- /dev/null +++ b/test/results/flow-captured/default/elasticsearch.pcap.out @@ -0,0 +1,4 @@ +Flow 7 midstream: tcp 172.16.17.102:47980 -> 172.16.16.106:9300 +Flow 6 midstream: tcp 172.16.17.102:48028 -> 172.16.16.106:9300 +Flow 5 midstream: tcp 172.16.16.107:9300 -> 172.16.17.102:40298 +Flow 4 midstream: tcp 172.16.16.107:9300 -> 172.16.17.102:40342 diff --git a/test/results/flow-captured/default/elf.pcap.out b/test/results/flow-captured/default/elf.pcap.out new file mode 100644 index 000000000..658a3e527 --- /dev/null +++ b/test/results/flow-captured/default/elf.pcap.out @@ -0,0 +1,2 @@ +Flow 2 not-detected: tcp 127.0.0.1:41150 -> 127.0.0.1:33333 +Flow 1 not-detected: udp 127.0.0.1:60150 -> 127.0.0.1:33333 diff --git a/test/results/flow-captured/default/emotet.pcap.out b/test/results/flow-captured/default/emotet.pcap.out new file mode 100644 index 000000000..3eb459004 --- /dev/null +++ b/test/results/flow-captured/default/emotet.pcap.out @@ -0,0 +1,3 @@ +Flow 3 risky: tcp 10.4.20.102:54319 -> 107.161.178.210:80 +Flow 4 risky: tcp 10.4.25.101:49797 -> 77.105.36.156:80 +Flow 6 risky: tcp 10.4.25.101:49804 -> 138.197.147.101:443 diff --git a/test/results/flow-captured/default/encrypted_sni.pcap.out b/test/results/flow-captured/default/encrypted_sni.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/encrypted_sni.pcap.out diff --git a/test/results/flow-captured/default/epicgames.pcapng.out b/test/results/flow-captured/default/epicgames.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/epicgames.pcapng.out diff --git a/test/results/flow-captured/default/esp.pcapng.out b/test/results/flow-captured/default/esp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/esp.pcapng.out diff --git a/test/results/flow-captured/default/ethereum.pcap.out b/test/results/flow-captured/default/ethereum.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ethereum.pcap.out diff --git a/test/results/flow-captured/default/ethernetIP.pcap.out b/test/results/flow-captured/default/ethernetIP.pcap.out new file mode 100644 index 000000000..8ceec982c --- /dev/null +++ b/test/results/flow-captured/default/ethernetIP.pcap.out @@ -0,0 +1,4 @@ +Flow 1 midstream: tcp 141.81.0.10:50275 -> 141.81.0.83:44818 +Flow 4 midstream: tcp 141.81.0.10:62717 -> 141.81.0.23:44818 +Flow 2 midstream: tcp 141.81.0.63:44818 -> 141.81.0.10:52593 +Flow 3 midstream: tcp 141.81.0.10:52594 -> 141.81.0.43:44818 diff --git a/test/results/flow-captured/default/ethersbus.pcap.out b/test/results/flow-captured/default/ethersbus.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ethersbus.pcap.out diff --git a/test/results/flow-captured/default/ethersio.pcap.out b/test/results/flow-captured/default/ethersio.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ethersio.pcap.out diff --git a/test/results/flow-captured/default/exe_download.pcap.out b/test/results/flow-captured/default/exe_download.pcap.out new file mode 100644 index 000000000..b86743bc7 --- /dev/null +++ b/test/results/flow-captured/default/exe_download.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.9.25.101:49165 -> 144.91.69.195:80 diff --git a/test/results/flow-captured/default/exe_download_as_png.pcap.out b/test/results/flow-captured/default/exe_download_as_png.pcap.out new file mode 100644 index 000000000..6f5ec1233 --- /dev/null +++ b/test/results/flow-captured/default/exe_download_as_png.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.9.25.101:49197 -> 185.98.87.185:80 diff --git a/test/results/flow-captured/default/facebook.pcap.out b/test/results/flow-captured/default/facebook.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/facebook.pcap.out diff --git a/test/results/flow-captured/default/false_positives.pcapng.out b/test/results/flow-captured/default/false_positives.pcapng.out new file mode 100644 index 000000000..34f891ca0 --- /dev/null +++ b/test/results/flow-captured/default/false_positives.pcapng.out @@ -0,0 +1 @@ +Flow 2 not-detected: udp 192.168.12.156:37649 -> 57.128.172.97:9981 diff --git a/test/results/flow-captured/default/fastcgi.pcap.out b/test/results/flow-captured/default/fastcgi.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fastcgi.pcap.out diff --git a/test/results/flow-captured/default/fins.pcap.out b/test/results/flow-captured/default/fins.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fins.pcap.out diff --git a/test/results/flow-captured/default/firefox.pcap.out b/test/results/flow-captured/default/firefox.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/firefox.pcap.out diff --git a/test/results/flow-captured/default/fix.pcap.out b/test/results/flow-captured/default/fix.pcap.out new file mode 100644 index 000000000..f2482baf9 --- /dev/null +++ b/test/results/flow-captured/default/fix.pcap.out @@ -0,0 +1,12 @@ +Flow 3 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:45578 +Flow 2 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:47968 +Flow 1 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:43594 +Flow 5 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:45584 +Flow 8 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:40918 +Flow 12 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:40928 +Flow 11 midstream: tcp 217.192.86.32:4000 -> 192.168.0.20:53330 +Flow 4 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:47952 +Flow 6 midstream: tcp 8.17.22.31:4000 -> 192.168.0.20:47962 +Flow 9 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:38646 +Flow 7 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:38652 +Flow 10 midstream: tcp 208.245.107.3:4000 -> 192.168.0.20:39094 diff --git a/test/results/flow-captured/default/fix2.pcap.out b/test/results/flow-captured/default/fix2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fix2.pcap.out diff --git a/test/results/flow-captured/default/flute.pcapng.out b/test/results/flow-captured/default/flute.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/flute.pcapng.out diff --git a/test/results/flow-captured/default/forticlient.pcap.out b/test/results/flow-captured/default/forticlient.pcap.out new file mode 100644 index 000000000..5754031a2 --- /dev/null +++ b/test/results/flow-captured/default/forticlient.pcap.out @@ -0,0 +1 @@ +Flow 5 risky: tcp 192.168.1.178:61820 -> 82.81.46.13:10443 diff --git a/test/results/flow-captured/default/ftp-start-tls.pcap.out b/test/results/flow-captured/default/ftp-start-tls.pcap.out new file mode 100644 index 000000000..c8e78e3dc --- /dev/null +++ b/test/results/flow-captured/default/ftp-start-tls.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.238.26.36:62092 -> 10.220.50.76:21 diff --git a/test/results/flow-captured/default/ftp.pcap.out b/test/results/flow-captured/default/ftp.pcap.out new file mode 100644 index 000000000..d8242ebed --- /dev/null +++ b/test/results/flow-captured/default/ftp.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.1.212:50694 -> 90.130.70.73:21 +Flow 3 not-detected: tcp 192.168.1.212:50696 -> 90.130.70.73:24523 diff --git a/test/results/flow-captured/default/ftp_failed.pcap.out b/test/results/flow-captured/default/ftp_failed.pcap.out new file mode 100644 index 000000000..a016660a3 --- /dev/null +++ b/test/results/flow-captured/default/ftp_failed.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 2a00:d40:1:3:192:12:193:11:44724 -> 2a00:800:1010::1:21 diff --git a/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out new file mode 100644 index 000000000..e6f3619fb --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out @@ -0,0 +1,68 @@ +Flow 17 risky: udp 192.168.1.2:138 -> 192.168.1.251:138 +Flow 22 risky: udp 192.168.1.2:2719 -> 192.168.1.1:53 +Flow 41 not-detected: tcp 192.168.1.2:2721 -> 147.234.1.253:58999 +Flow 41 midstream: tcp 192.168.1.2:2721 -> 147.234.1.253:58999 +Flow 9 not-detected: udp 192.168.1.2:2597 -> 192.168.1.1:29440 +Flow 5 not-detected: udp 192.168.1.2:2712 -> 192.168.1.1:49973 +Flow 15 not-detected: udp 192.168.1.1:9587 -> 192.168.1.2:156 +Flow 47 not-detected: udp 192.168.1.2:2724 -> 192.168.1.1:9587 +Flow 55 not-detected: udp 192.168.1.2:43690 -> 192.170.170.170:43690 +Flow 91 risky: udp 192.168.1.2:5060 -> 200.68.120.81:5060 +Flow 97 risky: udp 192.168.1.1:53 -> 192.168.1.2:2751 +Flow 100 risky: udp 192.168.1.2:4901 -> 200.68.120.81:29440 +Flow 78 not-detected: udp 192.168.1.2:2730 -> 192.168.1.1:43690 +Flow 111 risky: udp 192.168.1.2:2757 -> 192.168.1.1:53 +Flow 82 not-detected: udp 192.168.1.170:43690 -> 170.170.170.170:43690 +Flow 122 risky: udp 192.168.1.1:53 -> 192.168.1.2:2763 +Flow 123 risky: udp 192.168.1.2:2764 -> 192.168.1.1:53 +Flow 126 risky: udp 192.168.1.1:53 -> 192.168.1.2:2765 +Flow 141 risky: udp 192.168.1.2:138 -> 192.168.1.255:138 +Flow 124 not-detected: udp 192.168.1.2:43690 -> 170.170.170.170:43690 +Flow 147 risky: udp 192.168.1.2:2775 -> 192.168.1.1:53 +Flow 58 not-detected: 120 192.168.1.2 -> 212.242.33.35 +Flow 133 not-detected: udp 94.168.1.2:2768 -> 192.168.1.1:4 +Flow 135 not-detected: udp 192.168.1.1:117 -> 192.168.1.2:2769 +Flow 177 risky: udp 192.168.1.1:53 -> 240.168.1.2:2792 +Flow 162 not-detected: udp 212.242.33.35:9587 -> 192.168.1.2:196 +Flow 85 not-detected: 240 192.168.1.2 -> 192.168.1.1 +Flow 173 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690 +Flow 107 not-detected: 118 192.168.1.2 -> 200.68.120.81 +Flow 180 risky: udp 192.168.1.41:138 -> 192.168.1.255:138 +Flow 190 risky: udp 192.168.1.2:2793 -> 192.168.1.1:53 +Flow 193 risky: udp 192.168.1.2:2794 -> 192.168.1.1:53 +Flow 192 risky: udp 192.168.1.2:2795 -> 192.168.1.1:53 +Flow 197 risky: udp 192.168.1.2:2797 -> 192.168.1.1:53 +Flow 186 not-detected: udp 192.168.1.2:43690 -> 192.168.170.170:43690 +Flow 204 risky: udp 192.168.1.2:2801 -> 192.168.1.1:53 +Flow 136 not-detected: 127 192.168.1.2 -> 192.168.1.1 +Flow 214 risky: udp 192.168.1.1:53 -> 192.168.1.2:2807 +Flow 195 not-detected: udp 192.168.170.170:43690 -> 170.170.170.170:43690 +Flow 149 not-detected: 0 192.168.1.2 -> 192.168.1.255 +Flow 203 not-detected: udp 192.168.1.2:2800 -> 192.168.1.1:21 +Flow 230 risky: udp 192.168.1.2:2815 -> 192.168.1.1:53 +Flow 157 not-detected: 19 192.168.1.2 -> 192.168.1.1 +Flow 117 not-detected: 37 192.168.1.1 -> 192.168.1.2 +Flow 211 not-detected: udp 192.168.1.2:2805 -> 192.168.1.1:51 +Flow 215 not-detected: udp 192.168.1.2:2808 -> 192.168.1.1:38709 +Flow 166 not-detected: 0 192.168.1.1 -> 192.168.1.2 +Flow 243 risky: udp 192.168.1.2:138 -> 192.168.1.255:138 +Flow 244 risky: udp 192.168.1.2:2826 -> 192.168.1.1:53 +Flow 33 not-detected: tcp 147.234.1.253:1045 -> 192.168.1.2:2720 +Flow 33 midstream: tcp 147.234.1.253:1045 -> 192.168.1.2:2720 +Flow 29 not-detected: tcp 147.234.1.170:43690 -> 170.170.170.170:43690 +Flow 205 not-detected: 0 192.168.1.2 -> 212.242.33.35 +Flow 249 risky: udp 192.168.1.1:53 -> 192.168.1.2:2572 +Flow 42 not-detected: tcp 147.234.1.253:58999 -> 192.232.1.2:2721 +Flow 42 midstream: tcp 147.234.1.253:58999 -> 192.232.1.2:2721 +Flow 39 not-detected: tcp 192.168.1.6:2721 -> 147.234.1.253:58999 +Flow 254 risky: udp 192.168.1.2:2830 -> 192.168.1.1:53 +Flow 40 not-detected: tcp 37.115.0.253:58999 -> 192.168.1.2:2721 +Flow 37 not-detected: 170 170.170.170.170 -> 170.170.170.170 +Flow 30 not-detected: tcp 147.234.1.249:2069 -> 192.168.1.2:2720 +Flow 30 midstream: tcp 147.234.1.249:2069 -> 192.168.1.2:2720 +Flow 237 not-detected: udp 81.168.1.2:30000 -> 212.242.33.36:40392 +Flow 28 not-detected: tcp 147.234.1.253:120 -> 192.168.1.2:2720 +Flow 28 midstream: tcp 147.234.1.253:120 -> 192.168.1.2:2720 +Flow 233 not-detected: udp 192.168.1.3:30000 -> 212.242.33.36:40392 +Flow 236 not-detected: udp 192.168.1.2:30000 -> 214.242.33.36:40392 +Flow 234 not-detected: udp 192.168.1.2:30000 -> 37.115.0.36:40392 diff --git a/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out new file mode 100644 index 000000000..7ba8a7993 --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out @@ -0,0 +1,11 @@ +Flow 34 risky: tcp 172.20.3.13:53136 -> 172.20.3.5:80 +Flow 34 midstream: tcp 172.20.3.13:53136 -> 172.20.3.5:80 +Flow 39 not-detected: 115 172.20.3.13 -> 172.20.3.5 +Flow 24 not-detected: tcp 170.170.170.170:43690 -> 170.170.170.170:43690 +Flow 11 risky: tcp 172.20.3.5:2602 -> 172.20.3.13:80 +Flow 11 midstream: tcp 172.20.3.5:2602 -> 172.20.3.13:80 +Flow 3 not-detected: tcp 172.20.3.13:81 -> 172.20.3.5:2601 +Flow 3 midstream: tcp 172.20.3.13:81 -> 172.20.3.5:2601 +Flow 18 risky: tcp 172.20.3.5:2604 -> 172.20.3.13:80 +Flow 27 risky: tcp 172.20.3.5:2606 -> 172.20.3.13:80 +Flow 10 not-detected: 170 170.170.170.170 -> 170.170.170.170 diff --git a/test/results/flow-captured/default/fuzz-2020-02-16-11740.pcap.out b/test/results/flow-captured/default/fuzz-2020-02-16-11740.pcap.out new file mode 100644 index 000000000..589d52369 --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2020-02-16-11740.pcap.out @@ -0,0 +1,19 @@ +Flow 4 not-detected: udp 10.12.64.30:29200 -> 198.226.25.53:1796 +Flow 6 not-detected: udp 198.226.25.53:30764 -> 10.12.64.30:12344 +Flow 10 not-detected: udp 198.226.25.53:309 -> 10.12.64.30:12339 +Flow 7 not-detected: udp 198.226.170.170:43690 -> 170.170.170.170:43690 +Flow 13 not-detected: udp 198.162.25.53:1810 -> 10.12.64.30:29200 +Flow 11 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690 +Flow 25 not-detected: udp 198.226.25.53:1895 -> 10.12.64.30:29200 +Flow 17 not-detected: 88 198.226.25.53 -> 10.12.64.30 +Flow 18 not-detected: 254 10.12.64.30 -> 198.226.25.53 +Flow 23 not-detected: 85 198.226.25.62 -> 10.12.64.30 +Flow 43 not-detected: udp 198.226.25.53:1965 -> 10.12.64.30:29200 +Flow 47 not-detected: udp 198.226.25.53:43690 -> 10.12.170.170:43690 +Flow 44 not-detected: 0 10.12.64.30 -> 198.226.25.53 +Flow 64 not-detected: udp 198.226.25.53:3860 -> 14.12.64.30:29200 +Flow 68 not-detected: udp 198.226.25.53:43028 -> 10.12.64.30:29200 +Flow 40 not-detected: 170 170.170.170.170 -> 170.170.170.170 +Flow 74 not-detected: udp 198.226.25.53:1814 -> 10.12.64.30:29200 +Flow 75 not-detected: udp 57.12.64.30:29200 -> 198.226.25.53:28948 +Flow 79 not-detected: 37 198.226.25.53 -> 10.12.64.30 diff --git a/test/results/flow-captured/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/flow-captured/default/fuzz-2021-06-07-c6c72a0a56.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2021-06-07-c6c72a0a56.pcap.out diff --git a/test/results/flow-captured/default/fuzz-2021-10-13.pcap.out b/test/results/flow-captured/default/fuzz-2021-10-13.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/fuzz-2021-10-13.pcap.out diff --git a/test/results/flow-captured/default/gaijin_mobile_mixed.pcap.out b/test/results/flow-captured/default/gaijin_mobile_mixed.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gaijin_mobile_mixed.pcap.out diff --git a/test/results/flow-captured/default/gaijin_warthunder.pcap.out b/test/results/flow-captured/default/gaijin_warthunder.pcap.out new file mode 100644 index 000000000..c764ee911 --- /dev/null +++ b/test/results/flow-captured/default/gaijin_warthunder.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.88.231:36929 -> 185.253.20.249:20021 diff --git a/test/results/flow-captured/default/gearman.pcap.out b/test/results/flow-captured/default/gearman.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gearman.pcap.out diff --git a/test/results/flow-captured/default/geforcenow.pcapng.out b/test/results/flow-captured/default/geforcenow.pcapng.out new file mode 100644 index 000000000..3a86d393a --- /dev/null +++ b/test/results/flow-captured/default/geforcenow.pcapng.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 192.168.1.245:52441 -> 80.84.167.206:18452 +Flow 1 risky: tcp 192.168.1.245:57490 -> 80.84.167.206:49100 diff --git a/test/results/flow-captured/default/genshin-impact.pcap.out b/test/results/flow-captured/default/genshin-impact.pcap.out new file mode 100644 index 000000000..ac357a6b5 --- /dev/null +++ b/test/results/flow-captured/default/genshin-impact.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp 192.168.2.100:58766 -> 47.245.143.85:22101 +Flow 3 risky: udp 192.168.2.100:52575 -> 8.209.69.191:22101 diff --git a/test/results/flow-captured/default/git.pcap.out b/test/results/flow-captured/default/git.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/git.pcap.out diff --git a/test/results/flow-captured/default/gnutella.pcap.out b/test/results/flow-captured/default/gnutella.pcap.out new file mode 100644 index 000000000..56fadb54c --- /dev/null +++ b/test/results/flow-captured/default/gnutella.pcap.out @@ -0,0 +1,761 @@ +Flow 20 risky: udp 10.0.2.15:138 -> 10.0.2.255:138 +Flow 239 risky: tcp 10.0.2.15:50285 -> 75.133.101.93:52367 +Flow 238 risky: tcp 10.0.2.15:50284 -> 104.156.226.72:53258 +Flow 288 risky: tcp 10.0.2.15:50312 -> 104.238.172.250:23548 +Flow 276 risky: tcp 10.0.2.15:50300 -> 188.61.52.183:11852 +Flow 134 risky: udp 10.0.2.15:28681 -> 78.231.73.14:6346 +Flow 128 risky: udp 10.0.2.15:28681 -> 77.141.219.27:37580 +Flow 114 risky: udp 10.0.2.15:28681 -> 86.23.75.69:6346 +Flow 88 risky: udp 10.0.2.15:28681 -> 81.50.24.2:17874 +Flow 96 risky: udp 10.0.2.15:28681 -> 88.160.214.137:6346 +Flow 118 risky: udp 10.0.2.15:28681 -> 5.180.62.100:46385 +Flow 100 risky: udp 10.0.2.15:28681 -> 220.133.122.217:23458 +Flow 117 risky: udp 10.0.2.15:28681 -> 200.120.243.143:6346 +Flow 115 risky: udp 10.0.2.15:28681 -> 154.3.42.104:11804 +Flow 101 risky: udp 10.0.2.15:28681 -> 123.205.126.102:5193 +Flow 98 risky: udp 10.0.2.15:28681 -> 203.222.14.170:23332 +Flow 131 risky: udp 10.0.2.15:28681 -> 86.225.140.186:6346 +Flow 111 risky: udp 10.0.2.15:28681 -> 90.65.141.157:6346 +Flow 106 risky: udp 10.0.2.15:28681 -> 114.39.154.69:4832 +Flow 139 risky: udp 10.0.2.15:28681 -> 165.169.226.142:6346 +Flow 141 risky: udp 10.0.2.15:28681 -> 172.97.199.14:6346 +Flow 126 risky: udp 10.0.2.15:28681 -> 91.69.159.133:28000 +Flow 136 risky: udp 10.0.2.15:28681 -> 80.236.247.120:16047 +Flow 86 risky: udp 10.0.2.15:28681 -> 74.210.244.72:6346 +Flow 85 risky: udp 10.0.2.15:28681 -> 85.138.20.110:6346 +Flow 135 risky: udp 10.0.2.15:28681 -> 193.250.99.158:6346 +Flow 127 risky: udp 10.0.2.15:28681 -> 176.191.49.159:1024 +Flow 112 risky: udp 10.0.2.15:28681 -> 36.239.213.146:21750 +Flow 125 risky: udp 10.0.2.15:28681 -> 83.92.178.182:57302 +Flow 116 risky: udp 10.0.2.15:28681 -> 124.44.190.145:10170 +Flow 133 risky: udp 10.0.2.15:28681 -> 91.175.220.161:15721 +Flow 99 risky: udp 10.0.2.15:28681 -> 114.38.9.82:24223 +Flow 124 risky: udp 10.0.2.15:28681 -> 170.254.19.6:24180 +Flow 130 risky: udp 10.0.2.15:28681 -> 119.224.95.97:46356 +Flow 107 risky: udp 10.0.2.15:28681 -> 202.151.63.59:7624 +Flow 129 risky: udp 10.0.2.15:28681 -> 176.138.50.179:29411 +Flow 103 risky: udp 10.0.2.15:28681 -> 220.134.167.82:5820 +Flow 97 risky: udp 10.0.2.15:28681 -> 24.78.134.188:49046 +Flow 104 risky: udp 10.0.2.15:28681 -> 42.98.115.128:23458 +Flow 137 risky: udp 10.0.2.15:28681 -> 82.65.70.197:21693 +Flow 109 risky: udp 10.0.2.15:28681 -> 88.169.2.153:52414 +Flow 140 risky: udp 10.0.2.15:28681 -> 77.197.111.186:6346 +Flow 102 risky: udp 10.0.2.15:28681 -> 218.164.39.233:20855 +Flow 108 risky: udp 10.0.2.15:28681 -> 112.119.242.110:7922 +Flow 113 risky: udp 10.0.2.15:28681 -> 105.101.132.146:57746 +Flow 132 risky: udp 10.0.2.15:28681 -> 79.86.173.45:6346 +Flow 87 risky: udp 10.0.2.15:28681 -> 92.131.85.245:31743 +Flow 110 risky: udp 10.0.2.15:28681 -> 195.132.75.56:56009 +Flow 105 risky: udp 10.0.2.15:28681 -> 219.85.11.85:10722 +Flow 138 risky: udp 10.0.2.15:28681 -> 167.114.170.156:23844 +Flow 170 risky: udp 10.0.2.15:28681 -> 67.193.8.52:38584 +Flow 166 risky: udp 10.0.2.15:28681 -> 90.59.253.186:15555 +Flow 183 risky: udp 10.0.2.15:28681 -> 91.172.15.182:37829 +Flow 184 risky: udp 10.0.2.15:28681 -> 86.239.62.213:6346 +Flow 196 risky: udp 10.0.2.15:28681 -> 88.127.72.106:6346 +Flow 195 risky: udp 10.0.2.15:28681 -> 177.231.151.16:6346 +Flow 219 risky: udp 10.0.2.15:28681 -> 76.30.86.144:53821 +Flow 217 risky: udp 10.0.2.15:28681 -> 126.117.45.151:19323 +Flow 155 risky: udp 10.0.2.15:28681 -> 88.168.182.103:6346 +Flow 198 risky: udp 10.0.2.15:28681 -> 58.182.171.50:15180 +Flow 191 risky: udp 10.0.2.15:28681 -> 190.153.143.54:65535 +Flow 172 risky: udp 10.0.2.15:28681 -> 87.69.142.133:15471 +Flow 192 risky: udp 10.0.2.15:28681 -> 92.8.59.80:35192 +Flow 181 risky: udp 10.0.2.15:28681 -> 66.177.5.135:6346 +Flow 162 risky: udp 10.0.2.15:28681 -> 88.123.159.111:44729 +Flow 214 risky: udp 10.0.2.15:28681 -> 91.169.215.227:26820 +Flow 193 risky: udp 10.0.2.15:28681 -> 188.44.126.74:54633 +Flow 169 risky: udp 10.0.2.15:28681 -> 91.162.52.93:34799 +Flow 187 risky: udp 10.0.2.15:28681 -> 92.88.92.56:21009 +Flow 190 risky: udp 10.0.2.15:28681 -> 165.169.195.227:6346 +Flow 206 risky: udp 10.0.2.15:28681 -> 213.166.132.204:11194 +Flow 203 risky: udp 10.0.2.15:28681 -> 120.156.204.38:54832 +Flow 199 risky: udp 10.0.2.15:28681 -> 114.73.129.26:53585 +Flow 207 risky: udp 10.0.2.15:28681 -> 81.242.191.215:6346 +Flow 208 risky: udp 10.0.2.15:28681 -> 81.249.64.215:25058 +Flow 173 risky: udp 10.0.2.15:28681 -> 121.99.222.36:44988 +Flow 180 risky: udp 10.0.2.15:28681 -> 66.131.24.72:30711 +Flow 212 risky: udp 10.0.2.15:28681 -> 36.233.3.223:12848 +Flow 197 risky: udp 10.0.2.15:28681 -> 208.92.106.151:32476 +Flow 168 risky: udp 10.0.2.15:28681 -> 89.157.59.43:56919 +Flow 156 risky: udp 10.0.2.15:28681 -> 86.244.228.86:10131 +Flow 215 risky: udp 10.0.2.15:28681 -> 78.159.27.22:17563 +Flow 176 risky: udp 10.0.2.15:28681 -> 41.99.164.4:6346 +Flow 164 risky: udp 10.0.2.15:28681 -> 142.197.219.85:26234 +Flow 157 risky: udp 10.0.2.15:28681 -> 86.227.162.150:6346 +Flow 209 risky: udp 10.0.2.15:28681 -> 91.179.98.234:6346 +Flow 189 risky: udp 10.0.2.15:28681 -> 115.195.105.243:6346 +Flow 159 risky: udp 10.0.2.15:28681 -> 176.163.231.160:6346 +Flow 179 risky: udp 10.0.2.15:28681 -> 178.51.146.115:6346 +Flow 186 risky: udp 10.0.2.15:28681 -> 91.182.44.202:30277 +Flow 213 risky: udp 10.0.2.15:28681 -> 5.180.62.37:6346 +Flow 167 risky: udp 10.0.2.15:28681 -> 93.29.107.176:20363 +Flow 171 risky: udp 10.0.2.15:28681 -> 196.217.132.111:25394 +Flow 160 risky: udp 10.0.2.15:28681 -> 83.150.49.35:32448 +Flow 174 risky: udp 10.0.2.15:28681 -> 196.74.159.56:29271 +Flow 185 risky: udp 10.0.2.15:28681 -> 109.132.196.58:6346 +Flow 165 risky: udp 10.0.2.15:28681 -> 86.75.43.182:43502 +Flow 161 risky: udp 10.0.2.15:28681 -> 213.120.26.86:29946 +Flow 188 risky: udp 10.0.2.15:28681 -> 83.134.107.32:38836 +Flow 177 risky: udp 10.0.2.15:28681 -> 69.157.183.106:6346 +Flow 205 risky: udp 10.0.2.15:28681 -> 96.29.197.138:6346 +Flow 175 risky: udp 10.0.2.15:28681 -> 115.69.62.99:6346 +Flow 182 risky: udp 10.0.2.15:28681 -> 73.3.103.37:35589 +Flow 210 risky: udp 10.0.2.15:28681 -> 41.100.120.146:12838 +Flow 218 risky: udp 10.0.2.15:28681 -> 176.155.52.115:53956 +Flow 211 risky: udp 10.0.2.15:28681 -> 186.93.139.92:6346 +Flow 200 risky: udp 10.0.2.15:28681 -> 138.199.16.123:52993 +Flow 154 risky: udp 10.0.2.15:28681 -> 174.115.111.224:51984 +Flow 201 risky: udp 10.0.2.15:28681 -> 85.170.209.214:46210 +Flow 194 risky: udp 10.0.2.15:28681 -> 176.150.126.156:16471 +Flow 178 risky: udp 10.0.2.15:28681 -> 83.46.253.7:6346 +Flow 163 risky: udp 10.0.2.15:28681 -> 88.126.160.158:6346 +Flow 216 risky: udp 10.0.2.15:28681 -> 212.68.248.153:27223 +Flow 158 risky: udp 10.0.2.15:28681 -> 118.166.226.70:6346 +Flow 204 risky: udp 10.0.2.15:28681 -> 84.126.240.32:45313 +Flow 202 risky: udp 10.0.2.15:28681 -> 176.134.139.39:6346 +Flow 93 risky: tcp 10.0.2.15:50248 -> 109.214.154.216:6346 +Flow 247 risky: udp 10.0.2.15:28681 -> 181.84.178.16:60262 +Flow 307 risky: udp 10.0.2.15:28681 -> 72.201.208.57:38617 +Flow 309 risky: udp 10.0.2.15:28681 -> 47.220.186.140:27641 +Flow 254 risky: udp 10.0.2.15:28681 -> 88.120.73.215:24562 +Flow 258 risky: udp 10.0.2.15:28681 -> 24.26.216.95:13889 +Flow 315 risky: udp 10.0.2.15:28681 -> 92.217.84.16:20223 +Flow 305 risky: udp 10.0.2.15:28681 -> 88.168.175.31:6346 +Flow 310 risky: udp 10.0.2.15:28681 -> 118.240.69.199:6348 +Flow 306 risky: udp 10.0.2.15:28681 -> 41.249.63.200:22582 +Flow 265 risky: udp 10.0.2.15:28681 -> 203.220.198.244:1194 +Flow 318 risky: udp 10.0.2.15:28681 -> 173.183.183.110:59920 +Flow 260 risky: udp 10.0.2.15:28681 -> 46.128.114.107:6578 +Flow 311 risky: udp 10.0.2.15:28681 -> 109.132.188.98:62851 +Flow 308 risky: udp 10.0.2.15:28681 -> 81.205.91.45:40137 +Flow 251 risky: udp 10.0.2.15:28681 -> 185.203.218.92:56962 +Flow 259 risky: udp 10.0.2.15:28681 -> 103.232.107.100:43508 +Flow 250 risky: udp 10.0.2.15:28681 -> 51.68.153.214:26253 +Flow 256 risky: udp 10.0.2.15:28681 -> 96.246.156.126:50297 +Flow 249 risky: udp 10.0.2.15:28681 -> 45.88.117.218:6909 +Flow 257 risky: udp 10.0.2.15:28681 -> 82.181.251.218:36368 +Flow 246 risky: udp 10.0.2.15:28681 -> 96.65.68.194:35481 +Flow 314 risky: udp 10.0.2.15:28681 -> 71.237.202.91:16117 +Flow 317 risky: udp 10.0.2.15:28681 -> 96.236.205.7:34794 +Flow 261 risky: udp 10.0.2.15:28681 -> 60.241.48.194:21301 +Flow 313 risky: udp 10.0.2.15:28681 -> 176.99.176.20:6346 +Flow 255 risky: udp 10.0.2.15:28681 -> 80.61.221.246:30577 +Flow 248 risky: udp 10.0.2.15:28681 -> 66.30.221.181:12012 +Flow 263 risky: udp 10.0.2.15:28681 -> 82.217.176.52:7446 +Flow 253 risky: udp 10.0.2.15:28681 -> 193.37.255.130:61616 +Flow 252 risky: udp 10.0.2.15:28681 -> 72.140.120.41:47739 +Flow 316 risky: udp 10.0.2.15:28681 -> 94.54.66.82:63637 +Flow 262 risky: udp 10.0.2.15:28681 -> 89.75.52.19:46010 +Flow 264 risky: udp 10.0.2.15:28681 -> 95.10.205.67:11603 +Flow 312 risky: udp 10.0.2.15:28681 -> 24.167.201.53:47282 +Flow 329 risky: udp 10.0.2.15:28681 -> 92.117.249.98:6815 +Flow 328 risky: udp 10.0.2.15:28681 -> 203.220.105.27:19260 +Flow 331 risky: udp 10.0.2.15:28681 -> 45.31.152.112:26851 +Flow 320 risky: udp 10.0.2.15:28681 -> 185.236.200.137:48142 +Flow 332 risky: udp 10.0.2.15:28681 -> 213.229.111.224:4876 +Flow 325 risky: udp 10.0.2.15:28681 -> 83.160.143.48:37036 +Flow 323 risky: udp 10.0.2.15:28681 -> 96.246.156.126:56070 +Flow 322 risky: udp 10.0.2.15:28681 -> 45.88.117.219:6909 +Flow 327 risky: udp 10.0.2.15:28681 -> 84.28.53.225:44859 +Flow 321 risky: udp 10.0.2.15:28681 -> 188.165.203.190:21995 +Flow 324 risky: udp 10.0.2.15:28681 -> 73.250.179.237:20848 +Flow 319 risky: udp 10.0.2.15:28681 -> 164.132.10.25:55302 +Flow 330 risky: udp 10.0.2.15:28681 -> 82.64.44.11:1352 +Flow 326 risky: udp 10.0.2.15:28681 -> 100.1.231.138:56558 +Flow 336 risky: udp 10.0.2.15:28681 -> 80.7.252.192:6888 +Flow 349 risky: icmp 84.197.97.94 -> 10.0.2.15 +Flow 338 risky: udp 10.0.2.15:28681 -> 221.198.205.196:20778 +Flow 340 risky: udp 10.0.2.15:28681 -> 38.142.119.234:49732 +Flow 350 risky: udp 10.0.2.15:28681 -> 99.250.253.99:11819 +Flow 343 risky: udp 10.0.2.15:28681 -> 89.212.91.155:5195 +Flow 344 risky: udp 10.0.2.15:28681 -> 207.38.163.228:6778 +Flow 348 risky: udp 10.0.2.15:28681 -> 84.197.97.94:1360 +Flow 346 risky: udp 10.0.2.15:28681 -> 76.226.85.105:6346 +Flow 342 risky: udp 10.0.2.15:28681 -> 98.208.26.154:4994 +Flow 337 risky: udp 10.0.2.15:28681 -> 24.116.64.132:51227 +Flow 347 risky: udp 10.0.2.15:28681 -> 176.10.169.10:12799 +Flow 339 risky: udp 10.0.2.15:28681 -> 87.123.54.234:54130 +Flow 341 risky: udp 10.0.2.15:28681 -> 24.129.233.60:19990 +Flow 354 risky: udp 10.0.2.15:28681 -> 80.236.247.120:1032 +Flow 352 risky: udp 10.0.2.15:28681 -> 176.191.49.159:6346 +Flow 353 risky: udp 10.0.2.15:28681 -> 195.181.151.217:25282 +Flow 351 risky: udp 10.0.2.15:28681 -> 187.37.87.189:6346 +Flow 94 risky: tcp 10.0.2.15:50249 -> 86.208.180.181:45883 +Flow 35 risky: tcp 10.0.2.15:50196 -> 218.250.6.59:12556 +Flow 46 risky: tcp 10.0.2.15:50206 -> 175.181.156.244:8255 +Flow 77 risky: tcp 10.0.2.15:50236 -> 93.29.135.209:6346 +Flow 73 risky: tcp 10.0.2.15:50232 -> 182.155.242.225:15068 +Flow 67 risky: tcp 10.0.2.15:50226 -> 116.241.162.162:15677 +Flow 119 risky: tcp 10.0.2.15:50250 -> 27.94.154.53:6346 +Flow 42 not-detected: tcp 10.0.2.15:50202 -> 61.238.173.128:57648 +Flow 36 risky: tcp 10.0.2.15:50197 -> 118.168.15.71:3931 +Flow 121 risky: tcp 10.0.2.15:50252 -> 123.202.31.113:19768 +Flow 63 not-detected: tcp 10.0.2.15:50222 -> 119.14.143.237:6523 +Flow 61 not-detected: tcp 10.0.2.15:50220 -> 36.233.196.226:3820 +Flow 43 risky: tcp 10.0.2.15:50203 -> 61.222.160.99:18994 +Flow 69 not-detected: tcp 10.0.2.15:50228 -> 111.241.31.96:14384 +Flow 122 risky: tcp 10.0.2.15:50253 -> 103.232.107.100:43508 +Flow 38 risky: tcp 10.0.2.15:50199 -> 47.147.52.21:36728 +Flow 51 risky: tcp 10.0.2.15:50211 -> 14.199.10.60:23458 +Flow 76 risky: tcp 10.0.2.15:50235 -> 45.88.118.70:6906 +Flow 358 risky: udp 10.0.2.15:28681 -> 47.224.174.174:6346 +Flow 357 risky: udp 10.0.2.15:28681 -> 98.35.85.238:32173 +Flow 356 risky: udp 10.0.2.15:28681 -> 63.228.175.169:1936 +Flow 355 risky: udp 10.0.2.15:28681 -> 181.118.53.212:29998 +Flow 293 risky: tcp 10.0.2.15:50317 -> 188.165.203.190:21995 +Flow 292 risky: tcp 10.0.2.15:50316 -> 142.132.165.13:30566 +Flow 289 risky: tcp 10.0.2.15:50313 -> 96.65.68.194:35481 +Flow 223 risky: tcp 10.0.2.15:50269 -> 218.103.139.2:3186 +Flow 148 risky: tcp 10.0.2.15:50261 -> 156.57.42.2:33476 +Flow 280 risky: tcp 10.0.2.15:50304 -> 85.168.34.105:39908 +Flow 143 not-detected: tcp 10.0.2.15:50256 -> 36.233.201.161:2886 +Flow 285 risky: tcp 10.0.2.15:50309 -> 60.241.48.194:21301 +Flow 283 risky: tcp 10.0.2.15:50307 -> 176.99.176.20:6346 +Flow 149 risky: tcp 10.0.2.15:50262 -> 80.61.221.246:30577 +Flow 295 risky: tcp 10.0.2.15:50319 -> 185.187.74.173:53489 +Flow 298 risky: tcp 10.0.2.15:50322 -> 164.132.10.25:55302 +Flow 237 not-detected: tcp 10.0.2.15:50283 -> 51.68.153.214:35004 +Flow 269 risky: tcp 10.0.2.15:50293 -> 97.83.183.148:8890 +Flow 296 risky: tcp 10.0.2.15:50320 -> 194.163.180.126:10825 +Flow 284 risky: tcp 10.0.2.15:50308 -> 193.37.255.130:61616 +Flow 153 not-detected: tcp 10.0.2.15:50266 -> 219.70.175.103:4315 +Flow 37 risky: tcp 10.0.2.15:50198 -> 86.129.196.84:9915 +Flow 287 risky: tcp 10.0.2.15:50311 -> 149.28.163.175:49956 +Flow 291 risky: tcp 10.0.2.15:50315 -> 45.31.152.112:26851 +Flow 279 risky: tcp 10.0.2.15:50303 -> 88.120.73.215:24562 +Flow 271 risky: tcp 10.0.2.15:50295 -> 38.142.119.234:49732 +Flow 221 risky: tcp 10.0.2.15:50267 -> 113.252.86.162:9239 +Flow 270 risky: tcp 10.0.2.15:50294 -> 14.200.255.229:37058 +Flow 272 risky: tcp 10.0.2.15:50296 -> 77.58.211.52:3806 +Flow 275 risky: tcp 10.0.2.15:50299 -> 203.220.198.244:1194 +Flow 294 risky: tcp 10.0.2.15:50318 -> 193.32.126.214:59596 +Flow 274 risky: tcp 10.0.2.15:50298 -> 46.128.114.107:6578 +Flow 146 risky: tcp 10.0.2.15:50259 -> 183.179.90.112:9852 +Flow 222 risky: tcp 10.0.2.15:50268 -> 210.209.249.84:24751 +Flow 273 risky: tcp 10.0.2.15:50297 -> 14.200.255.229:45710 +Flow 299 risky: tcp 10.0.2.15:50323 -> 51.68.153.214:26253 +Flow 361 risky: udp 10.0.2.15:28681 -> 86.129.196.84:9915 +Flow 362 risky: udp 10.0.2.15:28681 -> 190.192.210.182:6754 +Flow 360 risky: udp 10.0.2.15:28681 -> 198.58.218.12:47912 +Flow 277 risky: tcp 10.0.2.15:50301 -> 87.123.54.234:54130 +Flow 282 risky: tcp 10.0.2.15:50306 -> 220.238.145.82:33527 +Flow 278 risky: tcp 10.0.2.15:50302 -> 75.64.6.175:4743 +Flow 366 risky: udp 10.0.2.15:28681 -> 94.8.55.158:51140 +Flow 365 risky: udp 10.0.2.15:28681 -> 188.23.24.213:18561 +Flow 368 risky: udp 10.0.2.15:28681 -> 47.147.52.21:36728 +Flow 363 risky: udp 10.0.2.15:28681 -> 81.205.91.45:38297 +Flow 364 risky: udp 10.0.2.15:28681 -> 194.163.180.126:10825 +Flow 367 risky: udp 10.0.2.15:28681 -> 149.28.163.175:49956 +Flow 267 risky: tcp 10.0.2.15:50291 -> 200.7.155.210:28365 +Flow 345 risky: tcp 10.0.2.15:50330 -> 69.118.162.229:46906 +Flow 220 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:9239 +Flow 31 not-detected: tcp 10.0.2.15:50193 -> 89.75.52.19:46010 +Flow 28 not-detected: tcp 10.0.2.15:50190 -> 80.140.63.147:29545 +Flow 30 not-detected: tcp 10.0.2.15:50192 -> 45.65.87.24:16201 +Flow 29 not-detected: tcp 10.0.2.15:50191 -> 207.38.163.228:6778 +Flow 371 risky: udp 10.0.2.15:28681 -> 109.131.202.24:44748 +Flow 370 risky: udp 10.0.2.15:28681 -> 91.172.56.198:11984 +Flow 374 risky: udp 10.0.2.15:28681 -> 62.35.190.5:18604 +Flow 372 risky: udp 10.0.2.15:28681 -> 91.179.185.126:6346 +Flow 373 risky: udp 10.0.2.15:28681 -> 88.122.233.15:11488 +Flow 433 risky: udp 10.0.2.15:28681 -> 99.255.145.191:47264 +Flow 404 risky: udp 10.0.2.15:28681 -> 86.234.216.251:17845 +Flow 426 risky: udp 10.0.2.15:28681 -> 219.71.44.121:14398 +Flow 411 risky: udp 10.0.2.15:28681 -> 89.143.28.64:6346 +Flow 408 risky: udp 10.0.2.15:28681 -> 90.103.2.245:6346 +Flow 424 risky: udp 10.0.2.15:28681 -> 93.15.216.216:6346 +Flow 422 risky: udp 10.0.2.15:28681 -> 88.123.35.219:42211 +Flow 439 risky: udp 10.0.2.15:28681 -> 176.135.15.86:6346 +Flow 481 risky: udp 10.0.2.15:28681 -> 82.120.219.74:6346 +Flow 435 risky: udp 10.0.2.15:28681 -> 109.24.146.101:6346 +Flow 465 risky: udp 10.0.2.15:28681 -> 2.28.39.18:15672 +Flow 421 risky: udp 10.0.2.15:28681 -> 175.182.39.11:12977 +Flow 416 risky: udp 10.0.2.15:28681 -> 92.139.61.103:24096 +Flow 413 risky: udp 10.0.2.15:28681 -> 87.65.188.29:24676 +Flow 412 risky: udp 10.0.2.15:28681 -> 58.177.52.73:6346 +Flow 418 risky: udp 10.0.2.15:28681 -> 75.129.149.103:6346 +Flow 468 risky: udp 10.0.2.15:28681 -> 94.214.12.247:44001 +Flow 466 risky: udp 10.0.2.15:28681 -> 70.119.248.5:49929 +Flow 428 risky: udp 10.0.2.15:28681 -> 86.162.97.8:6346 +Flow 425 risky: udp 10.0.2.15:28681 -> 145.82.53.165:6346 +Flow 401 risky: udp 10.0.2.15:28681 -> 173.178.192.76:6346 +Flow 484 risky: udp 10.0.2.15:28681 -> 107.4.56.177:10000 +Flow 406 risky: udp 10.0.2.15:28681 -> 109.27.3.68:57380 +Flow 467 risky: udp 10.0.2.15:28681 -> 61.64.177.53:23458 +Flow 431 risky: udp 10.0.2.15:28681 -> 88.124.71.246:49035 +Flow 402 risky: udp 10.0.2.15:28681 -> 78.219.202.2:6346 +Flow 420 risky: udp 10.0.2.15:28681 -> 86.227.127.34:6346 +Flow 417 risky: udp 10.0.2.15:28681 -> 94.187.236.179:6346 +Flow 485 risky: udp 10.0.2.15:28681 -> 154.3.42.209:6346 +Flow 427 risky: udp 10.0.2.15:28681 -> 81.249.13.30:15138 +Flow 405 risky: udp 10.0.2.15:28681 -> 176.155.31.118:6346 +Flow 415 risky: udp 10.0.2.15:28681 -> 90.247.160.96:17817 +Flow 486 risky: udp 10.0.2.15:28681 -> 88.68.45.203:6346 +Flow 410 risky: udp 10.0.2.15:28681 -> 93.28.130.131:6346 +Flow 423 risky: udp 10.0.2.15:28681 -> 119.247.6.226:9713 +Flow 438 risky: udp 10.0.2.15:28681 -> 71.86.190.163:14142 +Flow 403 risky: udp 10.0.2.15:28681 -> 197.244.171.132:6346 +Flow 429 risky: udp 10.0.2.15:28681 -> 165.169.215.213:23576 +Flow 436 risky: udp 10.0.2.15:28681 -> 219.68.179.137:6406 +Flow 414 risky: udp 10.0.2.15:28681 -> 175.181.156.244:8255 +Flow 409 risky: udp 10.0.2.15:28681 -> 86.194.53.68:33770 +Flow 482 risky: udp 10.0.2.15:28681 -> 86.193.23.172:42227 +Flow 400 risky: udp 10.0.2.15:28681 -> 129.45.47.167:6346 +Flow 407 risky: udp 10.0.2.15:28681 -> 195.181.151.217:6346 +Flow 440 risky: udp 10.0.2.15:28681 -> 203.165.170.112:37087 +Flow 437 risky: udp 10.0.2.15:28681 -> 31.38.163.2:6346 +Flow 419 risky: udp 10.0.2.15:28681 -> 78.193.236.8:46557 +Flow 432 risky: udp 10.0.2.15:28681 -> 104.6.118.53:6346 +Flow 434 risky: udp 10.0.2.15:28681 -> 114.24.182.130:22232 +Flow 430 risky: udp 10.0.2.15:28681 -> 90.8.95.165:40763 +Flow 488 risky: udp 10.0.2.15:28681 -> 183.179.90.112:9852 +Flow 490 risky: udp 10.0.2.15:28681 -> 90.3.215.132:20356 +Flow 489 risky: udp 10.0.2.15:28681 -> 108.44.45.25:6346 +Flow 487 risky: udp 10.0.2.15:28681 -> 24.78.134.188:49046 +Flow 491 risky: udp 10.0.2.15:28681 -> 36.233.42.210:5512 +Flow 492 risky: udp 10.0.2.15:28681 -> 172.94.41.71:6346 +Flow 90 not-detected: tcp 10.0.2.15:50245 -> 73.62.225.181:46843 +Flow 300 not-detected: udp 10.0.2.15:28681 -> 104.238.172.250:23548 +Flow 745 risky: icmp 164.132.10.25 -> 10.0.2.15 +Flow 509 risky: udp 10.0.2.15:28681 -> 92.142.109.190:41370 +Flow 511 risky: udp 10.0.2.15:28681 -> 68.47.223.27:6346 +Flow 496 risky: udp 10.0.2.15:28681 -> 218.173.230.98:19004 +Flow 495 risky: udp 10.0.2.15:28681 -> 81.247.89.20:6346 +Flow 516 risky: udp 10.0.2.15:28681 -> 119.246.147.72:4572 +Flow 501 risky: udp 10.0.2.15:28681 -> 88.160.214.137:6346 +Flow 506 risky: udp 10.0.2.15:28681 -> 136.32.84.139:6346 +Flow 508 risky: udp 10.0.2.15:28681 -> 92.144.99.73:10745 +Flow 513 risky: udp 10.0.2.15:28681 -> 78.196.216.12:58910 +Flow 499 risky: udp 10.0.2.15:28681 -> 1.161.80.82:8656 +Flow 503 risky: udp 10.0.2.15:28681 -> 74.210.244.72:6346 +Flow 505 risky: udp 10.0.2.15:28681 -> 42.2.62.28:6387 +Flow 494 risky: udp 10.0.2.15:28681 -> 86.210.81.59:6346 +Flow 498 risky: udp 10.0.2.15:28681 -> 8.44.149.207:30551 +Flow 504 risky: udp 10.0.2.15:28681 -> 85.203.45.107:6346 +Flow 502 risky: udp 10.0.2.15:28681 -> 47.156.58.211:6346 +Flow 507 risky: udp 10.0.2.15:28681 -> 50.4.204.220:6346 +Flow 512 risky: udp 10.0.2.15:28681 -> 209.204.207.5:49256 +Flow 518 risky: udp 10.0.2.15:28681 -> 202.151.63.59:7624 +Flow 500 risky: udp 10.0.2.15:28681 -> 220.143.34.225:20071 +Flow 514 risky: udp 10.0.2.15:28681 -> 83.114.40.175:23552 +Flow 517 risky: udp 10.0.2.15:28681 -> 36.239.162.27:7986 +Flow 519 risky: udp 10.0.2.15:28681 -> 219.70.48.23:8070 +Flow 510 risky: udp 10.0.2.15:28681 -> 79.94.85.113:6346 +Flow 497 risky: udp 10.0.2.15:28681 -> 84.100.76.123:39628 +Flow 515 risky: udp 10.0.2.15:28681 -> 220.137.106.173:11625 +Flow 301 not-detected: udp 10.0.2.15:28681 -> 188.61.52.183:11852 +Flow 243 not-detected: udp 10.0.2.15:28681 -> 104.156.226.72:53258 +Flow 242 not-detected: udp 10.0.2.15:28681 -> 75.133.101.93:52367 +Flow 750 risky: udp 10.0.2.15:28681 -> 67.193.8.52:38584 +Flow 752 risky: udp 10.0.2.15:28681 -> 78.231.73.14:6346 +Flow 748 risky: udp 10.0.2.15:28681 -> 92.8.59.80:35192 +Flow 751 risky: udp 10.0.2.15:28681 -> 142.115.218.152:5900 +Flow 749 risky: udp 10.0.2.15:28681 -> 78.159.27.22:17563 +Flow 753 risky: udp 10.0.2.15:28681 -> 165.84.140.96:14400 +Flow 369 not-detected: udp 10.0.2.15:28681 -> 89.187.171.240:6346 +Flow 755 risky: udp 10.0.2.15:28681 -> 83.134.107.32:38836 +Flow 756 risky: udp 10.0.2.15:28681 -> 41.100.68.255:12838 +Flow 398 not-detected: udp 10.0.2.15:28681 -> 62.102.148.166:31332 +Flow 392 not-detected: udp 10.0.2.15:28681 -> 42.0.69.215:12608 +Flow 304 not-detected: udp 10.0.2.15:28681 -> 193.32.126.214:59596 +Flow 389 not-detected: udp 10.0.2.15:28681 -> 94.215.183.71:31310 +Flow 385 not-detected: udp 10.0.2.15:28681 -> 66.223.143.31:47978 +Flow 399 not-detected: udp 10.0.2.15:28681 -> 175.39.219.223:31728 +Flow 303 not-detected: udp 10.0.2.15:28681 -> 142.132.165.13:30566 +Flow 395 not-detected: udp 10.0.2.15:28681 -> 191.114.88.39:18751 +Flow 387 not-detected: udp 10.0.2.15:28681 -> 220.135.8.7:1219 +Flow 390 not-detected: udp 10.0.2.15:28681 -> 144.134.132.206:16401 +Flow 391 not-detected: udp 10.0.2.15:28681 -> 161.81.38.67:9539 +Flow 397 not-detected: udp 10.0.2.15:28681 -> 80.7.252.192:24634 +Flow 396 not-detected: udp 10.0.2.15:28681 -> 112.119.59.24:28755 +Flow 483 not-detected: udp 10.0.2.2:1026 -> 10.0.2.15:28681 +Flow 759 risky: udp 10.0.2.15:28681 -> 104.238.172.250:23548 +Flow 757 risky: udp 10.0.2.15:28681 -> 104.156.226.72:53258 +Flow 577 not-detected: udp 10.0.2.15:28681 -> 59.148.100.237:23459 +Flow 586 not-detected: udp 10.0.2.15:28681 -> 221.124.66.33:13060 +Flow 618 not-detected: udp 10.0.2.15:28681 -> 1.172.184.48:13281 +Flow 377 not-detected: udp 10.0.2.15:28681 -> 180.200.236.13:12082 +Flow 526 not-detected: udp 10.0.2.15:28681 -> 36.234.197.93:1483 +Flow 669 not-detected: udp 10.0.2.15:28681 -> 218.164.200.235:2846 +Flow 609 not-detected: udp 10.0.2.15:28681 -> 116.241.162.162:59016 +Flow 690 not-detected: udp 10.0.2.15:28681 -> 61.18.212.223:50637 +Flow 441 not-detected: udp 10.0.2.15:28681 -> 36.237.199.108:56040 +Flow 700 not-detected: udp 10.0.2.15:28681 -> 91.206.27.26:6578 +Flow 450 not-detected: udp 10.0.2.15:28681 -> 113.252.206.254:23458 +Flow 592 not-detected: udp 10.0.2.15:28681 -> 1.36.249.91:7190 +Flow 701 not-detected: udp 10.0.2.15:28681 -> 119.237.190.184:64163 +Flow 479 not-detected: udp 10.0.2.15:28681 -> 123.205.13.148:51896 +Flow 603 not-detected: udp 10.0.2.15:28681 -> 1.36.249.91:64577 +Flow 394 not-detected: udp 10.0.2.15:28681 -> 165.84.134.136:21407 +Flow 740 not-detected: udp 10.0.2.15:28681 -> 36.237.25.47:21293 +Flow 646 not-detected: udp 10.0.2.15:28681 -> 36.237.10.152:21293 +Flow 621 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3227 +Flow 733 not-detected: udp 10.0.2.15:28681 -> 99.199.148.6:4338 +Flow 597 not-detected: udp 10.0.2.15:28681 -> 36.236.203.37:52274 +Flow 675 not-detected: udp 10.0.2.15:28681 -> 123.205.118.77:62191 +Flow 738 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3256 +Flow 628 not-detected: udp 10.0.2.15:28681 -> 45.65.87.24:16201 +Flow 616 not-detected: udp 10.0.2.15:28681 -> 220.208.167.152:30628 +Flow 596 not-detected: udp 10.0.2.15:28681 -> 61.18.212.223:58954 +Flow 474 not-detected: udp 10.0.2.15:28681 -> 80.61.221.246:45880 +Flow 713 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:51379 +Flow 593 not-detected: udp 10.0.2.15:28681 -> 124.218.26.16:9747 +Flow 571 not-detected: udp 10.0.2.15:28681 -> 114.40.163.123:55341 +Flow 524 not-detected: udp 10.0.2.15:28681 -> 80.193.171.146:65362 +Flow 642 not-detected: udp 10.0.2.15:28681 -> 220.39.142.122:6346 +Flow 477 not-detected: udp 10.0.2.15:28681 -> 94.54.66.82:45640 +Flow 444 not-detected: udp 10.0.2.15:28681 -> 122.117.100.78:9010 +Flow 572 not-detected: udp 10.0.2.15:28681 -> 86.153.21.93:36696 +Flow 478 not-detected: udp 10.0.2.15:28681 -> 36.235.85.44:64914 +Flow 449 not-detected: udp 10.0.2.15:28681 -> 61.238.173.128:8826 +Flow 649 not-detected: udp 10.0.2.15:28681 -> 122.117.100.78:56128 +Flow 461 not-detected: udp 10.0.2.15:28681 -> 69.27.193.124:50555 +Flow 520 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3339 +Flow 335 not-detected: udp 10.0.2.15:28681 -> 14.200.255.229:37058 +Flow 635 not-detected: udp 10.0.2.15:28681 -> 219.70.48.23:2556 +Flow 636 not-detected: udp 10.0.2.15:28681 -> 80.193.171.146:53143 +Flow 637 not-detected: udp 10.0.2.15:28681 -> 36.233.194.73:1995 +Flow 676 not-detected: udp 10.0.2.15:28681 -> 1.64.208.110:55550 +Flow 722 not-detected: udp 10.0.2.15:28681 -> 213.32.245.121:12333 +Flow 578 not-detected: udp 10.0.2.15:28681 -> 77.205.243.44:46006 +Flow 737 not-detected: udp 10.0.2.15:28681 -> 174.115.127.251:23897 +Flow 584 not-detected: udp 10.0.2.15:28681 -> 80.193.171.146:18360 +Flow 472 not-detected: udp 10.0.2.15:28681 -> 94.54.66.82:45744 +Flow 471 not-detected: udp 10.0.2.15:28681 -> 80.7.252.192:43457 +Flow 744 not-detected: udp 10.0.2.15:28681 -> 164.132.10.25:48250 +Flow 707 not-detected: udp 10.0.2.15:28681 -> 183.179.14.31:64871 +Flow 476 not-detected: udp 10.0.2.15:28681 -> 98.18.172.208:63172 +Flow 381 not-detected: udp 10.0.2.15:28681 -> 77.58.211.52:3806 +Flow 683 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:54459 +Flow 386 not-detected: udp 10.0.2.15:28681 -> 85.172.10.90:40162 +Flow 619 not-detected: udp 10.0.2.15:28681 -> 1.163.14.246:1630 +Flow 691 not-detected: udp 10.0.2.15:28681 -> 61.93.150.146:62507 +Flow 620 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:53516 +Flow 667 not-detected: udp 10.0.2.15:28681 -> 223.18.211.177:18085 +Flow 720 not-detected: udp 10.0.2.15:28681 -> 76.26.178.132:10053 +Flow 443 not-detected: udp 10.0.2.15:28681 -> 183.179.14.31:54754 +Flow 697 not-detected: udp 10.0.2.15:28681 -> 14.199.10.60:53906 +Flow 622 not-detected: udp 10.0.2.15:28681 -> 36.234.18.166:61319 +Flow 714 not-detected: udp 10.0.2.15:28681 -> 76.174.174.69:21358 +Flow 614 not-detected: udp 10.0.2.15:28681 -> 123.205.118.77:60482 +Flow 746 not-detected: udp 10.0.2.15:28681 -> 123.205.126.102:5193 +Flow 606 not-detected: udp 10.0.2.15:28681 -> 149.28.163.175:42288 +Flow 739 not-detected: udp 10.0.2.15:28681 -> 104.156.226.72:19814 +Flow 587 not-detected: udp 10.0.2.15:28681 -> 94.134.154.158:54130 +Flow 550 not-detected: udp 10.0.2.15:28681 -> 220.238.145.82:33527 +Flow 688 not-detected: udp 10.0.2.15:28681 -> 114.36.234.196:11629 +Flow 670 not-detected: udp 10.0.2.15:28681 -> 36.236.203.37:52669 +Flow 598 not-detected: udp 10.0.2.15:28681 -> 1.172.184.48:1512 +Flow 685 not-detected: udp 10.0.2.15:28681 -> 111.241.31.96:8349 +Flow 721 not-detected: udp 10.0.2.15:28681 -> 123.203.72.224:9897 +Flow 631 not-detected: udp 10.0.2.15:28681 -> 36.231.59.187:62234 +Flow 591 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:53707 +Flow 594 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7375 +Flow 613 not-detected: udp 10.0.2.15:28681 -> 119.247.152.218:51920 +Flow 617 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7380 +Flow 582 not-detected: udp 10.0.2.15:28681 -> 223.16.83.5:10624 +Flow 568 not-detected: udp 10.0.2.15:28681 -> 123.205.118.77:56562 +Flow 446 not-detected: udp 10.0.2.15:28681 -> 61.70.199.107:60475 +Flow 470 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:46790 +Flow 623 not-detected: udp 10.0.2.15:28681 -> 210.209.249.84:24751 +Flow 629 not-detected: udp 10.0.2.15:28681 -> 14.200.255.229:45710 +Flow 692 not-detected: udp 10.0.2.15:28681 -> 76.110.153.177:40022 +Flow 604 not-detected: udp 10.0.2.15:28681 -> 123.202.31.113:53291 +Flow 718 not-detected: udp 10.0.2.15:28681 -> 218.102.208.175:9167 +Flow 447 not-detected: udp 10.0.2.15:28681 -> 14.199.10.60:23458 +Flow 451 not-detected: udp 10.0.2.15:28681 -> 218.35.66.21:22234 +Flow 600 not-detected: udp 10.0.2.15:28681 -> 1.64.156.63:60092 +Flow 645 not-detected: udp 10.0.2.15:28681 -> 59.104.173.5:49803 +Flow 661 not-detected: udp 10.0.2.15:28681 -> 24.127.1.235:37814 +Flow 626 not-detected: udp 10.0.2.15:28681 -> 59.104.173.5:49815 +Flow 384 not-detected: udp 10.0.2.15:28681 -> 75.64.6.175:4743 +Flow 378 not-detected: udp 10.0.2.15:28681 -> 118.241.204.61:43366 +Flow 703 not-detected: udp 10.0.2.15:28681 -> 114.40.67.191:14971 +Flow 656 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:54914 +Flow 727 not-detected: udp 10.0.2.15:28681 -> 101.136.187.253:10914 +Flow 456 not-detected: udp 10.0.2.15:28681 -> 89.241.112.255:14766 +Flow 521 not-detected: udp 10.0.2.15:28681 -> 113.255.250.32:23458 +Flow 375 not-detected: udp 10.0.2.15:28681 -> 73.182.136.42:27873 +Flow 455 not-detected: udp 10.0.2.15:28681 -> 58.153.206.183:16919 +Flow 453 not-detected: udp 10.0.2.15:28681 -> 74.127.26.138:3083 +Flow 704 not-detected: udp 10.0.2.15:28681 -> 123.192.83.59:33513 +Flow 641 not-detected: udp 10.0.2.15:28681 -> 36.233.199.103:2625 +Flow 460 not-detected: udp 10.0.2.15:28681 -> 210.194.116.78:8342 +Flow 717 not-detected: udp 10.0.2.15:28681 -> 79.191.58.38:48157 +Flow 742 not-detected: udp 10.0.2.15:28681 -> 194.163.180.126:36780 +Flow 454 not-detected: udp 10.0.2.15:28681 -> 223.16.121.156:23183 +Flow 674 not-detected: udp 10.0.2.15:28681 -> 219.70.1.236:9369 +Flow 672 not-detected: udp 10.0.2.15:28681 -> 223.16.83.5:4765 +Flow 681 not-detected: udp 10.0.2.15:28681 -> 61.220.41.241:53072 +Flow 640 not-detected: udp 10.0.2.15:28681 -> 1.36.249.91:65430 +Flow 682 not-detected: udp 10.0.2.15:28681 -> 203.220.198.244:50896 +Flow 679 not-detected: udp 10.0.2.15:28681 -> 113.252.83.132:57131 +Flow 694 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:6514 +Flow 469 not-detected: udp 10.0.2.15:28681 -> 87.123.54.234:47184 +Flow 665 not-detected: udp 10.0.2.15:28681 -> 82.36.106.134:3927 +Flow 660 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:6527 +Flow 615 not-detected: udp 10.0.2.15:28681 -> 74.195.236.249:18557 +Flow 716 not-detected: udp 10.0.2.15:28681 -> 98.249.190.8:25198 +Flow 731 not-detected: udp 10.0.2.15:28681 -> 50.58.238.163:6564 +Flow 388 not-detected: udp 10.0.2.15:28681 -> 121.7.145.36:33905 +Flow 735 not-detected: udp 10.0.2.15:28681 -> 45.31.152.112:52420 +Flow 747 not-detected: udp 10.0.2.15:28681 -> 50.58.238.163:6599 +Flow 634 not-detected: udp 10.0.2.15:28681 -> 24.179.18.242:47329 +Flow 527 not-detected: udp 10.0.2.15:28681 -> 42.72.149.140:37848 +Flow 643 not-detected: udp 10.0.2.15:28681 -> 31.20.248.147:30706 +Flow 711 not-detected: udp 10.0.2.15:28681 -> 220.129.86.65:49723 +Flow 563 not-detected: udp 10.0.2.15:28681 -> 112.105.52.2:6831 +Flow 639 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7849 +Flow 729 not-detected: udp 10.0.2.15:28681 -> 114.47.227.91:54463 +Flow 732 not-detected: udp 10.0.2.15:28681 -> 85.168.34.105:39908 +Flow 633 not-detected: udp 10.0.2.15:28681 -> 68.174.18.115:50679 +Flow 607 not-detected: udp 10.0.2.15:28681 -> 111.241.31.96:4814 +Flow 705 not-detected: udp 10.0.2.15:28681 -> 124.218.26.16:8658 +Flow 698 not-detected: udp 10.0.2.15:28681 -> 70.81.219.111:19210 +Flow 595 not-detected: udp 10.0.2.15:28681 -> 175.182.21.156:13732 +Flow 723 not-detected: udp 10.0.2.15:28681 -> 175.39.219.223:13482 +Flow 376 not-detected: udp 10.0.2.15:28681 -> 156.57.42.2:33476 +Flow 673 not-detected: udp 10.0.2.15:28681 -> 125.59.215.249:14571 +Flow 611 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:59384 +Flow 724 not-detected: udp 10.0.2.15:28681 -> 1.65.217.224:9070 +Flow 666 not-detected: udp 10.0.2.15:28681 -> 159.196.95.223:2003 +Flow 644 not-detected: udp 10.0.2.15:28681 -> 173.22.22.94:34245 +Flow 648 not-detected: udp 10.0.2.15:28681 -> 180.218.135.222:4548 +Flow 579 not-detected: udp 10.0.2.15:28681 -> 223.16.170.108:23458 +Flow 677 not-detected: udp 10.0.2.15:28681 -> 223.16.83.5:9128 +Flow 706 not-detected: udp 10.0.2.15:28681 -> 218.164.200.235:1968 +Flow 654 not-detected: udp 10.0.2.15:28681 -> 84.118.116.198:44616 +Flow 725 not-detected: udp 10.0.2.15:28681 -> 219.91.30.216:61635 +Flow 302 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:53489 +Flow 668 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:64731 +Flow 741 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:4364 +Flow 696 not-detected: udp 10.0.2.15:28681 -> 188.165.203.190:55050 +Flow 585 not-detected: udp 10.0.2.15:28681 -> 51.68.153.214:35004 +Flow 686 not-detected: udp 10.0.2.15:28681 -> 119.14.143.237:13965 +Flow 662 not-detected: udp 10.0.2.15:28681 -> 96.59.117.166:33192 +Flow 602 not-detected: udp 10.0.2.15:28681 -> 123.203.72.224:53658 +Flow 589 not-detected: udp 10.0.2.15:28681 -> 113.255.250.32:52647 +Flow 653 not-detected: udp 10.0.2.15:28681 -> 82.12.1.136:6348 +Flow 458 not-detected: udp 10.0.2.15:28681 -> 118.165.228.167:12201 +Flow 525 not-detected: udp 10.0.2.15:28681 -> 113.255.250.32:52660 +Flow 610 not-detected: udp 10.0.2.15:28681 -> 61.10.174.159:4841 +Flow 734 not-detected: udp 10.0.2.15:28681 -> 113.252.91.201:4297 +Flow 627 not-detected: udp 10.0.2.15:28681 -> 73.62.225.181:46843 +Flow 380 not-detected: udp 10.0.2.15:28681 -> 83.86.49.195:12019 +Flow 702 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10728 +Flow 650 not-detected: udp 10.0.2.15:28681 -> 114.47.227.91:58856 +Flow 581 not-detected: udp 10.0.2.15:28681 -> 58.115.108.10:4641 +Flow 612 not-detected: udp 10.0.2.15:28681 -> 106.104.88.139:7423 +Flow 583 not-detected: udp 10.0.2.15:28681 -> 87.75.180.80:35361 +Flow 671 not-detected: udp 10.0.2.15:28681 -> 180.218.135.222:49867 +Flow 574 not-detected: udp 10.0.2.15:28681 -> 223.17.132.18:23458 +Flow 678 not-detected: udp 10.0.2.15:28681 -> 150.116.225.105:51438 +Flow 715 not-detected: udp 10.0.2.15:28681 -> 219.71.72.88:58808 +Flow 659 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10791 +Flow 457 not-detected: udp 10.0.2.15:28681 -> 119.247.240.113:13867 +Flow 564 not-detected: udp 10.0.2.15:28681 -> 61.222.160.99:53144 +Flow 647 not-detected: udp 10.0.2.15:28681 -> 61.18.212.223:58290 +Flow 699 not-detected: udp 10.0.2.15:28681 -> 77.222.213.44:26536 +Flow 651 not-detected: udp 10.0.2.15:28681 -> 1.64.156.63:65023 +Flow 658 not-detected: udp 10.0.2.15:28681 -> 119.14.143.237:8075 +Flow 712 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:59978 +Flow 657 not-detected: udp 10.0.2.15:28681 -> 61.222.160.99:53195 +Flow 576 not-detected: udp 10.0.2.15:28681 -> 104.238.172.250:42925 +Flow 570 not-detected: udp 10.0.2.15:28681 -> 97.83.183.148:8890 +Flow 680 not-detected: udp 10.0.2.15:28681 -> 61.227.198.100:6910 +Flow 566 not-detected: udp 10.0.2.15:28681 -> 58.176.62.40:52755 +Flow 599 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:59875 +Flow 601 not-detected: udp 10.0.2.15:28681 -> 113.255.200.161:65274 +Flow 638 not-detected: udp 10.0.2.15:28681 -> 182.155.242.225:15068 +Flow 463 not-detected: udp 10.0.2.15:28681 -> 200.7.155.210:28365 +Flow 726 not-detected: udp 10.0.2.15:28681 -> 1.171.82.65:50072 +Flow 452 not-detected: udp 10.0.2.15:28681 -> 68.227.193.37:27481 +Flow 608 not-detected: udp 10.0.2.15:28681 -> 1.163.14.246:23461 +Flow 736 not-detected: udp 10.0.2.15:28681 -> 118.166.252.163:14391 +Flow 448 not-detected: udp 10.0.2.15:28681 -> 116.241.162.162:15677 +Flow 549 not-detected: udp 10.0.2.15:28681 -> 84.211.151.48:11105 +Flow 459 not-detected: udp 10.0.2.15:28681 -> 100.89.84.59:11603 +Flow 625 not-detected: udp 10.0.2.15:28681 -> 113.252.206.254:49737 +Flow 580 not-detected: udp 10.0.2.15:28681 -> 76.119.55.28:20347 +Flow 624 not-detected: udp 10.0.2.15:28681 -> 61.238.173.128:57492 +Flow 567 not-detected: udp 10.0.2.15:28681 -> 58.176.62.40:52889 +Flow 684 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:54436 +Flow 743 not-detected: udp 10.0.2.15:28681 -> 27.94.154.53:6346 +Flow 730 not-detected: udp 10.0.2.15:28681 -> 124.217.188.105:62849 +Flow 710 not-detected: udp 10.0.2.15:28681 -> 113.254.140.225:63637 +Flow 709 not-detected: udp 10.0.2.15:28681 -> 223.16.121.156:3624 +Flow 687 not-detected: udp 10.0.2.15:28681 -> 66.30.221.181:53454 +Flow 445 not-detected: udp 10.0.2.15:28681 -> 118.165.153.100:4509 +Flow 652 not-detected: udp 10.0.2.15:28681 -> 94.139.21.182:50110 +Flow 569 not-detected: udp 10.0.2.15:28681 -> 73.89.249.8:50649 +Flow 393 not-detected: udp 10.0.2.15:28681 -> 58.115.158.103:5110 +Flow 464 not-detected: udp 10.0.2.15:28681 -> 101.128.66.8:34512 +Flow 522 not-detected: udp 10.0.2.15:28681 -> 119.247.152.218:51153 +Flow 480 not-detected: udp 10.0.2.15:28681 -> 112.119.74.26:65498 +Flow 382 not-detected: udp 10.0.2.15:28681 -> 76.175.11.126:40958 +Flow 590 not-detected: udp 10.0.2.15:28681 -> 95.10.205.67:48380 +Flow 605 not-detected: udp 10.0.2.15:28681 -> 180.149.125.139:6578 +Flow 689 not-detected: udp 10.0.2.15:28681 -> 1.65.217.224:3688 +Flow 664 not-detected: udp 10.0.2.15:28681 -> 1.172.183.237:4983 +Flow 708 not-detected: udp 10.0.2.15:28681 -> 124.244.68.65:51967 +Flow 655 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:2566 +Flow 728 not-detected: udp 10.0.2.15:28681 -> 112.10.134.44:19739 +Flow 548 not-detected: udp 10.0.2.15:28681 -> 74.50.147.205:17735 +Flow 632 not-detected: udp 10.0.2.15:28681 -> 188.149.2.44:20964 +Flow 475 not-detected: udp 10.0.2.15:28681 -> 188.61.52.183:63978 +Flow 473 not-detected: udp 10.0.2.15:28681 -> 142.132.165.13:33564 +Flow 575 not-detected: udp 10.0.2.15:28681 -> 123.202.31.113:19768 +Flow 588 not-detected: udp 10.0.2.15:28681 -> 219.70.175.103:4315 +Flow 379 not-detected: udp 10.0.2.15:28681 -> 80.140.63.147:29545 +Flow 719 not-detected: udp 10.0.2.15:28681 -> 219.85.11.85:10722 +Flow 442 not-detected: udp 10.0.2.15:28681 -> 89.204.130.55:29545 +Flow 630 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:3931 +Flow 565 not-detected: udp 10.0.2.15:28681 -> 114.45.40.28:2656 +Flow 523 not-detected: udp 10.0.2.15:28681 -> 1.162.138.200:24018 +Flow 693 not-detected: udp 10.0.2.15:28681 -> 98.215.130.156:12405 +Flow 760 risky: udp 10.0.2.15:138 -> 10.0.2.255:138 +Flow 764 risky: udp 10.0.2.15:28681 -> 208.92.106.151:32476 +Flow 762 risky: udp 10.0.2.15:28681 -> 86.75.43.182:43502 +Flow 763 risky: udp 10.0.2.15:28681 -> 85.170.209.214:46210 +Flow 761 risky: udp 10.0.2.15:28681 -> 195.132.75.56:56009 +Flow 544 not-detected: udp 10.0.2.15:28681 -> 111.184.29.35:30582 +Flow 533 not-detected: udp 10.0.2.15:28681 -> 36.229.185.60:6898 +Flow 553 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3259 +Flow 546 not-detected: udp 10.0.2.15:28681 -> 38.142.119.234:49867 +Flow 531 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:51497 +Flow 534 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:54436 +Flow 562 not-detected: udp 10.0.2.15:28681 -> 112.119.242.110:59879 +Flow 542 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:51675 +Flow 551 not-detected: udp 10.0.2.15:28681 -> 92.24.129.230:14766 +Flow 555 not-detected: udp 10.0.2.15:28681 -> 124.218.26.16:20387 +Flow 538 not-detected: udp 10.0.2.15:28681 -> 124.218.41.253:14339 +Flow 536 not-detected: udp 10.0.2.15:28681 -> 118.167.222.160:56121 +Flow 558 not-detected: udp 10.0.2.15:28681 -> 112.105.52.2:6466 +Flow 556 not-detected: udp 10.0.2.15:28681 -> 59.104.173.5:49787 +Flow 560 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:53883 +Flow 559 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:55080 +Flow 529 not-detected: udp 10.0.2.15:28681 -> 116.241.162.162:57929 +Flow 539 not-detected: udp 10.0.2.15:28681 -> 119.14.143.237:7510 +Flow 545 not-detected: udp 10.0.2.15:28681 -> 116.49.159.77:55915 +Flow 663 not-detected: udp 10.0.2.15:28681 -> 50.58.238.163:6594 +Flow 554 not-detected: udp 10.0.2.15:28681 -> 123.203.72.224:55577 +Flow 528 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:58442 +Flow 537 not-detected: udp 10.0.2.15:28681 -> 218.164.200.235:2034 +Flow 535 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10655 +Flow 532 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10677 +Flow 695 not-detected: udp 10.0.2.15:28681 -> 76.189.72.230:8161 +Flow 552 not-detected: udp 10.0.2.15:28681 -> 218.250.6.59:60012 +Flow 543 not-detected: udp 10.0.2.15:28681 -> 114.39.159.60:56896 +Flow 557 not-detected: udp 10.0.2.15:28681 -> 61.222.160.99:53163 +Flow 561 not-detected: udp 10.0.2.15:28681 -> 61.238.173.128:57466 +Flow 541 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:11141 +Flow 547 not-detected: udp 10.0.2.15:28681 -> 213.229.111.224:43316 +Flow 530 not-detected: udp 10.0.2.15:28681 -> 118.167.248.220:59304 +Flow 540 not-detected: udp 10.0.2.15:28681 -> 36.236.203.37:52131 +Flow 783 risky: icmp 65.182.231.232 -> 10.0.2.15 +Flow 754 not-detected: udp 10.0.2.15:28681 -> 84.125.218.84:17561 +Flow 573 not-detected: udp 10.0.2.15:28681 -> 71.239.173.18:23327 +Flow 383 not-detected: udp 10.0.2.15:28681 -> 84.71.243.60:34498 +Flow 787 risky: udp 10.0.2.15:28681 -> 220.133.122.217:23458 +Flow 793 risky: udp 10.0.2.15:28681 -> 123.205.126.102:5193 +Flow 792 risky: udp 10.0.2.15:28681 -> 36.239.213.146:21750 +Flow 786 risky: udp 10.0.2.15:28681 -> 114.38.9.82:24223 +Flow 788 risky: udp 10.0.2.15:28681 -> 220.134.167.82:5820 +Flow 789 risky: udp 10.0.2.15:28681 -> 42.98.115.128:23458 +Flow 790 risky: udp 10.0.2.15:28681 -> 218.164.39.233:20855 +Flow 785 risky: udp 10.0.2.15:28681 -> 176.134.139.39:6346 +Flow 791 risky: udp 10.0.2.15:28681 -> 219.85.11.85:10722 +Flow 797 risky: icmp 154.3.42.209 -> 10.0.2.15 +Flow 52 not-detected: tcp 10.0.2.15:50212 -> 95.17.124.40:6776 +Flow 777 not-detected: udp 10.0.2.15:28681 -> 124.244.211.43:23459 +Flow 245 not-detected: tcp 10.0.2.15:50289 -> 74.195.236.249:18557 +Flow 776 not-detected: udp 10.0.2.15:28681 -> 219.85.10.83:8797 +Flow 227 not-detected: tcp 10.0.2.15:50273 -> 24.179.18.242:47329 +Flow 767 not-detected: udp 10.0.2.15:28681 -> 45.65.87.24:16201 +Flow 72 not-detected: tcp 10.0.2.15:50231 -> 76.68.138.207:45079 +Flow 228 not-detected: tcp 10.0.2.15:50274 -> 68.174.18.115:50679 +Flow 778 not-detected: udp 10.0.2.15:28681 -> 122.117.100.78:9010 +Flow 773 not-detected: udp 10.0.2.15:28681 -> 86.153.21.93:36696 +Flow 779 not-detected: udp 10.0.2.15:28681 -> 1.65.217.224:18381 +Flow 768 not-detected: udp 10.0.2.15:28681 -> 14.200.255.229:37058 +Flow 765 not-detected: udp 10.0.2.15:28681 -> 213.229.111.224:4876 +Flow 75 not-detected: tcp 10.0.2.15:50234 -> 66.189.28.17:16269 +Flow 240 not-detected: tcp 10.0.2.15:50286 -> 84.118.116.198:44616 +Flow 74 not-detected: tcp 10.0.2.15:50233 -> 1.163.14.246:12854 +Flow 152 not-detected: tcp 10.0.2.15:50265 -> 113.255.250.32:52647 +Flow 796 risky: udp 10.0.2.15:28681 -> 41.249.63.200:22582 +Flow 233 not-detected: tcp 10.0.2.15:50279 -> 113.252.91.201:4297 +Flow 123 not-detected: tcp 10.0.2.15:50254 -> 24.78.134.188:49046 +Flow 333 risky: tcp 10.0.2.15:50327 -> 69.118.162.229:46906 +Flow 64 not-detected: tcp 10.0.2.15:50223 -> 118.167.248.220:63108 +Flow 59 not-detected: tcp 10.0.2.15:50218 -> 90.103.247.94:59045 +Flow 49 not-detected: tcp 10.0.2.15:50209 -> 113.252.206.254:49587 +Flow 65 not-detected: tcp 10.0.2.15:50224 -> 78.125.63.97:6346 +Flow 68 not-detected: tcp 10.0.2.15:50227 -> 111.246.157.94:51175 +Flow 56 not-detected: tcp 10.0.2.15:50215 -> 124.244.64.237:4704 +Flow 71 not-detected: tcp 10.0.2.15:50230 -> 73.3.103.37:17296 +Flow 244 not-detected: tcp 10.0.2.15:50288 -> 76.119.55.28:20347 +Flow 47 not-detected: tcp 10.0.2.15:50207 -> 90.78.171.204:6346 +Flow 281 not-detected: tcp 10.0.2.15:50305 -> 94.54.66.82:63637 +Flow 48 not-detected: tcp 10.0.2.15:50208 -> 119.237.116.22:8683 +Flow 266 not-detected: tcp 10.0.2.15:50290 -> 73.89.249.8:50649 +Flow 78 not-detected: tcp 10.0.2.15:50237 -> 88.123.202.175:37910 +Flow 151 not-detected: tcp 10.0.2.15:50264 -> 95.10.205.67:48380 +Flow 89 not-detected: tcp 10.0.2.15:50244 -> 188.61.52.183:63978 +Flow 92 not-detected: tcp 10.0.2.15:50247 -> 66.30.221.181:51560 +Flow 784 not-detected: udp 10.0.2.15:28681 -> 23.19.141.110:6346 +Flow 774 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:6599 +Flow 268 not-detected: tcp 10.0.2.15:50292 -> 95.10.205.67:11603 +Flow 84 not-detected: tcp 10.0.2.15:50243 -> 176.138.129.252:27962 +Flow 142 not-detected: tcp 10.0.2.15:50255 -> 36.236.203.37:52165 +Flow 241 not-detected: tcp 10.0.2.15:50287 -> 98.215.130.156:12405 +Flow 236 not-detected: tcp 10.0.2.15:50282 -> 221.124.66.33:13060 +Flow 226 not-detected: tcp 10.0.2.15:50272 -> 1.172.184.48:13298 +Flow 225 not-detected: tcp 10.0.2.15:50271 -> 218.164.198.27:60202 +Flow 224 not-detected: tcp 10.0.2.15:50270 -> 114.27.24.95:11427 +Flow 145 not-detected: tcp 10.0.2.15:50258 -> 122.100.216.210:7097 +Flow 147 not-detected: tcp 10.0.2.15:50260 -> 113.255.200.161:51394 +Flow 81 not-detected: tcp 10.0.2.15:50240 -> 36.237.10.152:21293 +Flow 57 not-detected: tcp 10.0.2.15:50216 -> 182.155.128.228:3256 +Flow 44 not-detected: tcp 10.0.2.15:50204 -> 124.218.26.16:9728 +Flow 771 not-detected: udp 10.0.2.15:28681 -> 202.27.193.6:6346 +Flow 234 not-detected: tcp 10.0.2.15:50280 -> 99.199.148.6:4338 +Flow 229 not-detected: tcp 10.0.2.15:50275 -> 122.117.100.78:9010 +Flow 781 not-detected: udp 10.0.2.15:28681 -> 112.105.52.2:23458 +Flow 782 not-detected: udp 10.0.2.15:28681 -> 65.182.231.232:7890 +Flow 39 not-detected: tcp 10.0.2.15:50200 -> 176.128.217.128:45194 +Flow 769 not-detected: udp 10.0.2.15:28681 -> 123.110.61.169:11973 +Flow 53 not-detected: tcp 10.0.2.15:50213 -> 85.117.153.7:50138 +Flow 82 not-detected: tcp 10.0.2.15:50241 -> 98.18.172.208:63172 +Flow 297 not-detected: tcp 10.0.2.15:50321 -> 213.229.111.224:4876 +Flow 775 not-detected: udp 10.0.2.15:28681 -> 223.17.132.18:23458 +Flow 79 not-detected: tcp 10.0.2.15:50238 -> 124.218.41.253:59144 +Flow 230 not-detected: tcp 10.0.2.15:50276 -> 96.246.156.126:56070 +Flow 70 not-detected: tcp 10.0.2.15:50229 -> 1.36.249.91:64920 +Flow 795 risky: udp 10.0.2.15:28681 -> 213.120.26.86:29946 +Flow 33 not-detected: tcp 10.0.2.15:50195 -> 162.157.143.201:29762 +Flow 91 not-detected: tcp 10.0.2.15:50246 -> 80.7.252.192:45685 +Flow 50 not-detected: tcp 10.0.2.15:50210 -> 36.234.18.166:61404 +Flow 45 not-detected: tcp 10.0.2.15:50205 -> 114.46.139.171:52120 +Flow 772 not-detected: udp 10.0.2.15:28681 -> 73.192.231.237:9676 +Flow 770 not-detected: udp 10.0.2.15:28681 -> 97.83.183.148:8890 +Flow 235 not-detected: tcp 10.0.2.15:50281 -> 94.134.154.158:54130 +Flow 60 not-detected: tcp 10.0.2.15:50219 -> 193.121.165.12:55376 +Flow 334 risky: tcp 10.0.2.15:50328 -> 189.147.72.83:26108 +Flow 80 not-detected: tcp 10.0.2.15:50239 -> 112.105.52.2:6384 +Flow 232 not-detected: tcp 10.0.2.15:50278 -> 36.231.59.187:62234 +Flow 766 not-detected: udp 10.0.2.15:28681 -> 76.119.55.28:20347 +Flow 120 not-detected: tcp 10.0.2.15:50251 -> 24.127.1.235:37814 +Flow 144 not-detected: tcp 10.0.2.15:50257 -> 219.70.48.23:3054 +Flow 286 not-detected: tcp 10.0.2.15:50310 -> 76.110.153.177:40022 +Flow 40 not-detected: tcp 10.0.2.15:50201 -> 78.122.93.185:6346 +Flow 58 not-detected: tcp 10.0.2.15:50217 -> 113.252.86.162:54958 +Flow 32 not-detected: tcp 10.0.2.15:50194 -> 92.152.66.153:43771 +Flow 83 not-detected: tcp 10.0.2.15:50242 -> 109.210.203.131:6346 +Flow 66 not-detected: tcp 10.0.2.15:50225 -> 109.210.81.147:24800 +Flow 150 not-detected: tcp 10.0.2.15:50263 -> 73.182.136.42:27873 +Flow 62 not-detected: tcp 10.0.2.15:50221 -> 59.104.173.5:49956 +Flow 780 not-detected: udp 10.0.2.15:28681 -> 68.66.94.132:17735 +Flow 55 not-detected: tcp 10.0.2.15:50214 -> 80.193.171.146:53808 +Flow 231 not-detected: tcp 10.0.2.15:50277 -> 82.181.251.218:36368 diff --git a/test/results/flow-captured/default/google_chat.pcapng.out b/test/results/flow-captured/default/google_chat.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/google_chat.pcapng.out diff --git a/test/results/flow-captured/default/google_meet.pcapng.out b/test/results/flow-captured/default/google_meet.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/google_meet.pcapng.out diff --git a/test/results/flow-captured/default/google_ssl.pcap.out b/test/results/flow-captured/default/google_ssl.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/google_ssl.pcap.out diff --git a/test/results/flow-captured/default/googledns_android10.pcap.out b/test/results/flow-captured/default/googledns_android10.pcap.out new file mode 100644 index 000000000..6814757f0 --- /dev/null +++ b/test/results/flow-captured/default/googledns_android10.pcap.out @@ -0,0 +1,4 @@ +Flow 4 risky: tcp 192.168.1.159:48048 -> 8.8.4.4:853 +Flow 5 risky: icmp 192.168.1.159 -> 8.8.8.8 +Flow 7 risky: tcp 192.168.1.159:48098 -> 8.8.4.4:853 +Flow 8 risky: tcp 192.168.1.159:48210 -> 8.8.4.4:853 diff --git a/test/results/flow-captured/default/gquic.pcap.out b/test/results/flow-captured/default/gquic.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gquic.pcap.out diff --git a/test/results/flow-captured/default/gquic_only_from_server.pcap.out b/test/results/flow-captured/default/gquic_only_from_server.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gquic_only_from_server.pcap.out diff --git a/test/results/flow-captured/default/gre.pcapng.out b/test/results/flow-captured/default/gre.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gre.pcapng.out diff --git a/test/results/flow-captured/default/gtp_c.pcap.out b/test/results/flow-captured/default/gtp_c.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gtp_c.pcap.out diff --git a/test/results/flow-captured/default/gtp_false_positive.pcapng.out b/test/results/flow-captured/default/gtp_false_positive.pcapng.out new file mode 100644 index 000000000..beb143597 --- /dev/null +++ b/test/results/flow-captured/default/gtp_false_positive.pcapng.out @@ -0,0 +1 @@ +Flow 1 not-detected: udp 24.1.33.66:29255 -> 62.56.122.232:3386 diff --git a/test/results/flow-captured/default/gtp_prime.pcapng.out b/test/results/flow-captured/default/gtp_prime.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/gtp_prime.pcapng.out diff --git a/test/results/flow-captured/default/h323-overflow.pcap.out b/test/results/flow-captured/default/h323-overflow.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/h323-overflow.pcap.out diff --git a/test/results/flow-captured/default/h323.pcap.out b/test/results/flow-captured/default/h323.pcap.out new file mode 100644 index 000000000..6ddc4dba2 --- /dev/null +++ b/test/results/flow-captured/default/h323.pcap.out @@ -0,0 +1,2 @@ +Flow 2 risky: tcp 10.1.3.143:32804 -> 10.1.6.18:1232 +Flow 5 midstream: tcp 17.2.0.124:3032 -> 17.2.0.122:1720 diff --git a/test/results/flow-captured/default/haproxy.pcap.out b/test/results/flow-captured/default/haproxy.pcap.out new file mode 100644 index 000000000..ab80d1b74 --- /dev/null +++ b/test/results/flow-captured/default/haproxy.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 1.1.1.1:48502 -> 2.2.2.2:443 +Flow 1 midstream: tcp 1.1.1.1:48502 -> 2.2.2.2:443 diff --git a/test/results/flow-captured/default/hart_ip.pcap.out b/test/results/flow-captured/default/hart_ip.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hart_ip.pcap.out diff --git a/test/results/flow-captured/default/heuristic_tcp_ack_payload.pcap.out b/test/results/flow-captured/default/heuristic_tcp_ack_payload.pcap.out new file mode 100644 index 000000000..adb904d07 --- /dev/null +++ b/test/results/flow-captured/default/heuristic_tcp_ack_payload.pcap.out @@ -0,0 +1,8 @@ +Flow 1 guessed: tcp 194.226.199.21:58155 -> 52.18.127.189:443 +Flow 1 not-detected: tcp 194.226.199.21:58155 -> 52.18.127.189:443 +Flow 3 guessed: tcp 194.226.199.61:27453 -> 35.241.9.150:443 +Flow 3 not-detected: tcp 194.226.199.61:27453 -> 35.241.9.150:443 +Flow 6 guessed: tcp 194.226.199.61:6946 -> 2.22.40.186:443 +Flow 6 not-detected: tcp 194.226.199.61:6946 -> 2.22.40.186:443 +Flow 5 guessed: tcp 194.226.199.103:62580 -> 217.69.139.59:443 +Flow 5 not-detected: tcp 194.226.199.103:62580 -> 217.69.139.59:443 diff --git a/test/results/flow-captured/default/hislip.pcap.out b/test/results/flow-captured/default/hislip.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hislip.pcap.out diff --git a/test/results/flow-captured/default/hl7.pcap.out b/test/results/flow-captured/default/hl7.pcap.out new file mode 100644 index 000000000..a656e9571 --- /dev/null +++ b/test/results/flow-captured/default/hl7.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.0.0.155:49242 -> 10.0.0.126:6661 diff --git a/test/results/flow-captured/default/hls.pcapng.out b/test/results/flow-captured/default/hls.pcapng.out new file mode 100644 index 000000000..c5dfa168e --- /dev/null +++ b/test/results/flow-captured/default/hls.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.215.173.1:41644 -> 192.168.88.231:8080 diff --git a/test/results/flow-captured/default/hots.pcapng.out b/test/results/flow-captured/default/hots.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hots.pcapng.out diff --git a/test/results/flow-captured/default/hpvirtgrp.pcap.out b/test/results/flow-captured/default/hpvirtgrp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hpvirtgrp.pcap.out diff --git a/test/results/flow-captured/default/hsrp0.pcap.out b/test/results/flow-captured/default/hsrp0.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hsrp0.pcap.out diff --git a/test/results/flow-captured/default/hsrp2.pcap.out b/test/results/flow-captured/default/hsrp2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/hsrp2.pcap.out diff --git a/test/results/flow-captured/default/hsrp2_ipv6.pcapng.out b/test/results/flow-captured/default/hsrp2_ipv6.pcapng.out new file mode 100644 index 000000000..b1302caae --- /dev/null +++ b/test/results/flow-captured/default/hsrp2_ipv6.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp fe80::1:2029 -> ff02::66:2029 +Flow 2 risky: udp fe80::2:2029 -> ff02::66:2029 diff --git a/test/results/flow-captured/default/http-crash-content-disposition.pcap.out b/test/results/flow-captured/default/http-crash-content-disposition.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http-crash-content-disposition.pcap.out diff --git a/test/results/flow-captured/default/http-lines-split.pcap.out b/test/results/flow-captured/default/http-lines-split.pcap.out new file mode 100644 index 000000000..732e4e5bc --- /dev/null +++ b/test/results/flow-captured/default/http-lines-split.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.1:39236 -> 192.168.0.20:31337 diff --git a/test/results/flow-captured/default/http-manipulated.pcap.out b/test/results/flow-captured/default/http-manipulated.pcap.out new file mode 100644 index 000000000..b5694910f --- /dev/null +++ b/test/results/flow-captured/default/http-manipulated.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.0.20:33632 -> 192.168.0.7:8080 +Flow 2 risky: tcp 192.168.0.20:33684 -> 192.168.0.7:8080 diff --git a/test/results/flow-captured/default/http-proxy.pcapng.out b/test/results/flow-captured/default/http-proxy.pcapng.out new file mode 100644 index 000000000..8ef1ee897 --- /dev/null +++ b/test/results/flow-captured/default/http-proxy.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.103:1241 -> 192.168.1.146:8080 diff --git a/test/results/flow-captured/default/http.pcapng.out b/test/results/flow-captured/default/http.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http.pcapng.out diff --git a/test/results/flow-captured/default/http2.pcapng.out b/test/results/flow-captured/default/http2.pcapng.out new file mode 100644 index 000000000..9fc14eec9 --- /dev/null +++ b/test/results/flow-captured/default/http2.pcapng.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 127.0.0.1:37824 -> 127.0.0.1:29518 diff --git a/test/results/flow-captured/default/http_asymmetric.pcapng.out b/test/results/flow-captured/default/http_asymmetric.pcapng.out new file mode 100644 index 000000000..e72b81357 --- /dev/null +++ b/test/results/flow-captured/default/http_asymmetric.pcapng.out @@ -0,0 +1,2 @@ +Flow 2 risky: tcp 192.168.1.146:80 -> 192.168.1.103:1044 +Flow 1 risky: tcp 192.168.0.1:1044 -> 10.10.10.1:80 diff --git a/test/results/flow-captured/default/http_auth.pcap.out b/test/results/flow-captured/default/http_auth.pcap.out new file mode 100644 index 000000000..f64f8755f --- /dev/null +++ b/test/results/flow-captured/default/http_auth.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.4:54337 -> 192.254.189.169:80 diff --git a/test/results/flow-captured/default/http_connect.pcap.out b/test/results/flow-captured/default/http_connect.pcap.out new file mode 100644 index 000000000..9b8177c39 --- /dev/null +++ b/test/results/flow-captured/default/http_connect.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.103:1714 -> 192.168.1.146:8080 diff --git a/test/results/flow-captured/default/http_guessed_host_and_guessed.pcapng.out b/test/results/flow-captured/default/http_guessed_host_and_guessed.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http_guessed_host_and_guessed.pcapng.out diff --git a/test/results/flow-captured/default/http_invalid_server.pcap.out b/test/results/flow-captured/default/http_invalid_server.pcap.out new file mode 100644 index 000000000..6ef4eba5e --- /dev/null +++ b/test/results/flow-captured/default/http_invalid_server.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.1.29:51536 -> 143.204.14.183:80 diff --git a/test/results/flow-captured/default/http_ipv6.pcap.out b/test/results/flow-captured/default/http_ipv6.pcap.out new file mode 100644 index 000000000..5ac0c101b --- /dev/null +++ b/test/results/flow-captured/default/http_ipv6.pcap.out @@ -0,0 +1 @@ +Flow 12 risky: tcp 2a00:d40:1:3:7aac:c0ff:fea7:d4c:37506 -> 2a03:b0c0:3:d0::70:1001:443 diff --git a/test/results/flow-captured/default/http_on_sip_port.pcap.out b/test/results/flow-captured/default/http_on_sip_port.pcap.out new file mode 100644 index 000000000..fc0712800 --- /dev/null +++ b/test/results/flow-captured/default/http_on_sip_port.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 82.178.111.221:5060 -> 45.58.148.2:8888 diff --git a/test/results/flow-captured/default/http_origin_different_than_host.pcap.out b/test/results/flow-captured/default/http_origin_different_than_host.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http_origin_different_than_host.pcap.out diff --git a/test/results/flow-captured/default/http_starting_with_reply.pcapng.out b/test/results/flow-captured/default/http_starting_with_reply.pcapng.out new file mode 100644 index 000000000..9b306b725 --- /dev/null +++ b/test/results/flow-captured/default/http_starting_with_reply.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.1.146:80 -> 192.168.1.103:1044 +Flow 1 midstream: tcp 192.168.1.146:80 -> 192.168.1.103:1044 diff --git a/test/results/flow-captured/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/flow-captured/default/http_ua_splitted_in_two_pkts.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/http_ua_splitted_in_two_pkts.pcapng.out diff --git a/test/results/flow-captured/default/i3d.pcap.out b/test/results/flow-captured/default/i3d.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/i3d.pcap.out diff --git a/test/results/flow-captured/default/iax.pcap.out b/test/results/flow-captured/default/iax.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/iax.pcap.out diff --git a/test/results/flow-captured/default/icmp-tunnel.pcap.out b/test/results/flow-captured/default/icmp-tunnel.pcap.out new file mode 100644 index 000000000..3373684f9 --- /dev/null +++ b/test/results/flow-captured/default/icmp-tunnel.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: icmp 192.168.154.131 -> 192.168.154.132 diff --git a/test/results/flow-captured/default/iec60780-5-104.pcap.out b/test/results/flow-captured/default/iec60780-5-104.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/iec60780-5-104.pcap.out diff --git a/test/results/flow-captured/default/ieee_c37118.pcap.out b/test/results/flow-captured/default/ieee_c37118.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ieee_c37118.pcap.out diff --git a/test/results/flow-captured/default/imap-starttls.pcap.out b/test/results/flow-captured/default/imap-starttls.pcap.out new file mode 100644 index 000000000..712597ffd --- /dev/null +++ b/test/results/flow-captured/default/imap-starttls.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.17.53:49640 -> 212.227.17.186:143 diff --git a/test/results/flow-captured/default/imap.pcap.out b/test/results/flow-captured/default/imap.pcap.out new file mode 100644 index 000000000..a86b94957 --- /dev/null +++ b/test/results/flow-captured/default/imap.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.40.4.2:46045 -> 10.40.3.2:143 diff --git a/test/results/flow-captured/default/imaps.pcap.out b/test/results/flow-captured/default/imaps.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/imaps.pcap.out diff --git a/test/results/flow-captured/default/imo.pcap.out b/test/results/flow-captured/default/imo.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/imo.pcap.out diff --git a/test/results/flow-captured/default/instagram.pcap.out b/test/results/flow-captured/default/instagram.pcap.out new file mode 100644 index 000000000..30265e546 --- /dev/null +++ b/test/results/flow-captured/default/instagram.pcap.out @@ -0,0 +1,17 @@ +Flow 3 midstream: tcp 192.168.0.103:38816 -> 46.33.70.160:80 +Flow 4 midstream: tcp 192.168.0.103:57936 -> 82.85.26.162:80 +Flow 5 midstream: tcp 192.168.0.103:44379 -> 82.85.26.186:80 +Flow 26 midstream: tcp 192.168.0.103:58052 -> 82.85.26.162:80 +Flow 30 midstream: tcp 192.168.0.103:58690 -> 46.33.70.159:443 +Flow 7 guessed: tcp 192.168.0.103:33976 -> 77.67.29.17:80 +Flow 7 not-detected: tcp 192.168.0.103:33976 -> 77.67.29.17:80 +Flow 7 midstream: tcp 192.168.0.103:33976 -> 77.67.29.17:80 +Flow 28 guessed: tcp 31.13.86.52:80 -> 192.168.0.103:58216 +Flow 28 not-detected: tcp 31.13.86.52:80 -> 192.168.0.103:58216 +Flow 28 midstream: tcp 31.13.86.52:80 -> 192.168.0.103:58216 +Flow 1 risky: tcp 192.168.0.103:56382 -> 173.252.107.4:443 +Flow 29 guessed: tcp 2.22.236.51:80 -> 192.168.0.103:44151 +Flow 29 not-detected: tcp 2.22.236.51:80 -> 192.168.0.103:44151 +Flow 29 midstream: tcp 2.22.236.51:80 -> 192.168.0.103:44151 +Flow 2 midstream: tcp 192.168.0.103:33936 -> 31.13.93.52:443 +Flow 11 not-detected: udp 192.168.0.1:520 -> 192.168.0.255:520 diff --git a/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out b/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out new file mode 100644 index 000000000..e491612da --- /dev/null +++ b/test/results/flow-captured/default/ip_fragmented_garbage.pcap.out @@ -0,0 +1,5 @@ +Flow 4 not-detected: tcp 10.0.0.2:16417 -> 10.128.0.2:16419 +Flow 1 not-detected: tcp 10.0.0.2:24102 -> 10.128.0.2:10792 +Flow 2 not-detected: tcp 10.0.0.2:18730 -> 10.128.0.2:20304 +Flow 2 midstream: tcp 10.0.0.2:18730 -> 10.128.0.2:20304 +Flow 3 not-detected: tcp 10.0.0.2:9253 -> 10.128.0.2:24102 diff --git a/test/results/flow-captured/default/iphone.pcap.out b/test/results/flow-captured/default/iphone.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/iphone.pcap.out diff --git a/test/results/flow-captured/default/ipp.pcap.out b/test/results/flow-captured/default/ipp.pcap.out new file mode 100644 index 000000000..81e3094da --- /dev/null +++ b/test/results/flow-captured/default/ipp.pcap.out @@ -0,0 +1,3 @@ +Flow 2 risky: tcp 10.10.10.49:55342 -> 10.10.10.251:631 +Flow 1 risky: tcp 10.10.10.49:55341 -> 10.10.10.251:631 +Flow 3 risky: tcp 10.10.10.49:55343 -> 10.10.10.251:631 diff --git a/test/results/flow-captured/default/ipsec_isakmp_esp.pcap.out b/test/results/flow-captured/default/ipsec_isakmp_esp.pcap.out new file mode 100644 index 000000000..14323e6a2 --- /dev/null +++ b/test/results/flow-captured/default/ipsec_isakmp_esp.pcap.out @@ -0,0 +1,2 @@ +Flow 10 risky: udp 192.168.2.100:14500 -> 109.237.187.225:4500 +Flow 11 risky: udp 192.168.2.100:10500 -> 109.237.187.131:500 diff --git a/test/results/flow-captured/default/ipv6_in_gtp.pcap.out b/test/results/flow-captured/default/ipv6_in_gtp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ipv6_in_gtp.pcap.out diff --git a/test/results/flow-captured/default/iqiyi.pcap.out b/test/results/flow-captured/default/iqiyi.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/iqiyi.pcap.out diff --git a/test/results/flow-captured/default/irc.pcap.out b/test/results/flow-captured/default/irc.pcap.out new file mode 100644 index 000000000..ffa979fdc --- /dev/null +++ b/test/results/flow-captured/default/irc.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.180.156.249:45921 -> 38.229.70.20:8000 diff --git a/test/results/flow-captured/default/iso9506-1-mms.pcap.out b/test/results/flow-captured/default/iso9506-1-mms.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/iso9506-1-mms.pcap.out diff --git a/test/results/flow-captured/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/flow-captured/default/ja3_lots_of_cipher_suites.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ja3_lots_of_cipher_suites.pcap.out diff --git a/test/results/flow-captured/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/flow-captured/default/ja3_lots_of_cipher_suites_2_anon.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ja3_lots_of_cipher_suites_2_anon.pcap.out diff --git a/test/results/flow-captured/default/jabber.pcap.out b/test/results/flow-captured/default/jabber.pcap.out new file mode 100644 index 000000000..50068dc3c --- /dev/null +++ b/test/results/flow-captured/default/jabber.pcap.out @@ -0,0 +1,4 @@ +Flow 3 midstream: tcp 172.16.0.62:57126 -> 172.16.1.138:5222 +Flow 6 risky: tcp 172.16.0.62:57149 -> 172.16.1.138:5222 +Flow 6 midstream: tcp 172.16.0.62:57149 -> 172.16.1.138:5222 +Flow 4 midstream: tcp 172.16.0.62:57129 -> 172.16.1.138:5222 diff --git a/test/results/flow-captured/default/jrmi.pcap.out b/test/results/flow-captured/default/jrmi.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/jrmi.pcap.out diff --git a/test/results/flow-captured/default/jsonrpc.pcap.out b/test/results/flow-captured/default/jsonrpc.pcap.out new file mode 100644 index 000000000..f1f919c62 --- /dev/null +++ b/test/results/flow-captured/default/jsonrpc.pcap.out @@ -0,0 +1 @@ +Flow 2 risky: tcp 192.168.8.251:51084 -> 179.99.210.200:80 diff --git a/test/results/flow-captured/default/kafka.pcapng.out b/test/results/flow-captured/default/kafka.pcapng.out new file mode 100644 index 000000000..4b06bf53e --- /dev/null +++ b/test/results/flow-captured/default/kafka.pcapng.out @@ -0,0 +1,7 @@ +Flow 1 midstream: tcp 172.16.17.101:49280 -> 172.30.0.237:9092 +Flow 3 midstream: tcp 172.16.17.101:40042 -> 172.30.0.237:9092 +Flow 4 midstream: tcp 172.16.17.101:56556 -> 172.30.0.237:9092 +Flow 5 midstream: tcp 172.16.17.101:38176 -> 172.30.0.237:9092 +Flow 8 midstream: tcp 172.16.17.101:53052 -> 172.30.0.237:9092 +Flow 6 midstream: tcp 172.16.17.101:53768 -> 172.30.0.237:9092 +Flow 7 midstream: tcp 172.16.17.101:58300 -> 172.30.0.237:9092 diff --git a/test/results/flow-captured/default/kcp.pcap.out b/test/results/flow-captured/default/kcp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/kcp.pcap.out diff --git a/test/results/flow-captured/default/kerberos-error.pcap.out b/test/results/flow-captured/default/kerberos-error.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/kerberos-error.pcap.out diff --git a/test/results/flow-captured/default/kerberos-login.pcap.out b/test/results/flow-captured/default/kerberos-login.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/kerberos-login.pcap.out diff --git a/test/results/flow-captured/default/kerberos.pcap.out b/test/results/flow-captured/default/kerberos.pcap.out new file mode 100644 index 000000000..63e68b934 --- /dev/null +++ b/test/results/flow-captured/default/kerberos.pcap.out @@ -0,0 +1,11 @@ +Flow 11 not-detected: tcp 172.16.8.201:49165 -> 172.16.8.8:49155 +Flow 11 midstream: tcp 172.16.8.201:49165 -> 172.16.8.8:49155 +Flow 26 not-detected: tcp 172.16.8.201:49185 -> 172.16.8.8:49155 +Flow 26 midstream: tcp 172.16.8.201:49185 -> 172.16.8.8:49155 +Flow 1 midstream: tcp 172.16.8.201:49157 -> 172.16.8.8:88 +Flow 4 midstream: tcp 172.16.8.201:49160 -> 172.16.8.8:88 +Flow 8 midstream: tcp 172.16.8.201:49166 -> 172.16.8.8:88 +Flow 14 midstream: tcp 172.16.8.201:49171 -> 172.16.8.8:88 +Flow 18 midstream: tcp 172.16.8.201:49176 -> 172.16.8.8:88 +Flow 22 midstream: tcp 172.16.8.201:49181 -> 172.16.8.8:88 +Flow 27 midstream: tcp 172.16.8.201:49187 -> 172.16.8.8:88 diff --git a/test/results/flow-captured/default/kerberos_fuzz.pcapng.out b/test/results/flow-captured/default/kerberos_fuzz.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/kerberos_fuzz.pcapng.out diff --git a/test/results/flow-captured/default/kismet.pcap.out b/test/results/flow-captured/default/kismet.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/kismet.pcap.out diff --git a/test/results/flow-captured/default/knxip.pcapng.out b/test/results/flow-captured/default/knxip.pcapng.out new file mode 100644 index 000000000..18731b8a5 --- /dev/null +++ b/test/results/flow-captured/default/knxip.pcapng.out @@ -0,0 +1 @@ +Flow 2 midstream: tcp 192.168.1.28:3671 -> 192.168.1.24:54445 diff --git a/test/results/flow-captured/default/ldp.pcap.out b/test/results/flow-captured/default/ldp.pcap.out new file mode 100644 index 000000000..fa2de810f --- /dev/null +++ b/test/results/flow-captured/default/ldp.pcap.out @@ -0,0 +1 @@ +Flow 3 midstream: tcp 10.0.1.1:45334 -> 10.0.0.6:646 diff --git a/test/results/flow-captured/default/line.pcap.out b/test/results/flow-captured/default/line.pcap.out new file mode 100644 index 000000000..03fb8f673 --- /dev/null +++ b/test/results/flow-captured/default/line.pcap.out @@ -0,0 +1,2 @@ +Flow 2 midstream: tcp 10.200.3.125:57841 -> 147.92.165.194:443 +Flow 3 risky: tcp 10.200.3.125:58160 -> 147.92.242.232:443 diff --git a/test/results/flow-captured/default/linecall_falsepositve.pcap.out b/test/results/flow-captured/default/linecall_falsepositve.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/linecall_falsepositve.pcap.out diff --git a/test/results/flow-captured/default/lisp_registration.pcap.out b/test/results/flow-captured/default/lisp_registration.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/lisp_registration.pcap.out diff --git a/test/results/flow-captured/default/log4j-webapp-exploit.pcap.out b/test/results/flow-captured/default/log4j-webapp-exploit.pcap.out new file mode 100644 index 000000000..e4f62e7b7 --- /dev/null +++ b/test/results/flow-captured/default/log4j-webapp-exploit.pcap.out @@ -0,0 +1,7 @@ +Flow 4 not-detected: tcp 172.16.238.10:55408 -> 10.10.10.31:9001 +Flow 5 risky: tcp 172.16.238.10:57742 -> 172.16.238.11:1389 +Flow 1 risky: tcp 172.16.238.1:1984 -> 172.16.238.10:8080 +Flow 7 not-detected: tcp 172.16.238.10:55498 -> 10.10.10.31:9001 +Flow 3 risky: tcp 172.16.238.10:48444 -> 172.16.238.11:80 +Flow 6 risky: tcp 172.16.238.10:48534 -> 172.16.238.11:80 +Flow 2 risky: tcp 172.16.238.10:57650 -> 172.16.238.11:1389 diff --git a/test/results/flow-captured/default/lol_wild_rift_udp.pcap.out b/test/results/flow-captured/default/lol_wild_rift_udp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/lol_wild_rift_udp.pcap.out diff --git a/test/results/flow-captured/default/long_tls_certificate.pcap.out b/test/results/flow-captured/default/long_tls_certificate.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/long_tls_certificate.pcap.out diff --git a/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out b/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out new file mode 100644 index 000000000..0247c3886 --- /dev/null +++ b/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out @@ -0,0 +1,4 @@ +Flow 2 risky: udp 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881 -> 3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27:60506 +Flow 7 risky: udp 2118:ec33:112b:7908:2c80:27ff:fef7:d71f:48415 -> 32fb:f967:681e:e96b:face:b00c::74fd:3478 +Flow 12 risky: udp 3069:c624:1d42:9469:98b1:67ff:fe43:325:56131 -> 32fb:f967:681e:e96b:face:b00c::74fd:3478 +Flow 3 risky: udp 2a2f:8509:1cb2:466d:ecbf:69d6:109c:608:62229 -> 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881 diff --git a/test/results/flow-captured/default/lustre.pcapng.out b/test/results/flow-captured/default/lustre.pcapng.out new file mode 100644 index 000000000..9baf21d09 --- /dev/null +++ b/test/results/flow-captured/default/lustre.pcapng.out @@ -0,0 +1 @@ +Flow 2 midstream: tcp 192.168.88.118:1023 -> 192.168.88.119:988 diff --git a/test/results/flow-captured/default/malformed_dns.pcap.out b/test/results/flow-captured/default/malformed_dns.pcap.out new file mode 100644 index 000000000..392b85044 --- /dev/null +++ b/test/results/flow-captured/default/malformed_dns.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 127.0.0.1:50435 -> 127.0.0.1:53 diff --git a/test/results/flow-captured/default/malformed_icmp.pcap.out b/test/results/flow-captured/default/malformed_icmp.pcap.out new file mode 100644 index 000000000..b0a82a373 --- /dev/null +++ b/test/results/flow-captured/default/malformed_icmp.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: icmp 218.152.179.213 -> 218.152.179.54 diff --git a/test/results/flow-captured/default/malware.pcap.out b/test/results/flow-captured/default/malware.pcap.out new file mode 100644 index 000000000..27b5d9923 --- /dev/null +++ b/test/results/flow-captured/default/malware.pcap.out @@ -0,0 +1 @@ +Flow 2 risky: icmp 192.168.7.7 -> 144.139.247.220 diff --git a/test/results/flow-captured/default/memcached.cap.out b/test/results/flow-captured/default/memcached.cap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/memcached.cap.out diff --git a/test/results/flow-captured/default/merakicloud.pcapng.out b/test/results/flow-captured/default/merakicloud.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/merakicloud.pcapng.out diff --git a/test/results/flow-captured/default/mgcp.pcap.out b/test/results/flow-captured/default/mgcp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mgcp.pcap.out diff --git a/test/results/flow-captured/default/mining.pcapng.out b/test/results/flow-captured/default/mining.pcapng.out new file mode 100644 index 000000000..272753c06 --- /dev/null +++ b/test/results/flow-captured/default/mining.pcapng.out @@ -0,0 +1,4 @@ +Flow 1 risky: tcp 147.229.13.222:49307 -> 185.71.66.39:9999 +Flow 2 risky: tcp 192.168.2.92:55190 -> 178.32.196.217:9050 +Flow 3 risky: tcp 192.168.2.148:46838 -> 94.23.199.191:3333 +Flow 4 risky: tcp 192.168.2.148:53846 -> 116.211.167.195:3333 diff --git a/test/results/flow-captured/default/modbus.pcap.out b/test/results/flow-captured/default/modbus.pcap.out new file mode 100644 index 000000000..92aa2f084 --- /dev/null +++ b/test/results/flow-captured/default/modbus.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.110.131:2074 -> 192.168.110.138:502 diff --git a/test/results/flow-captured/default/monero.pcap.out b/test/results/flow-captured/default/monero.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/monero.pcap.out diff --git a/test/results/flow-captured/default/mongo_false_positive.pcapng.out b/test/results/flow-captured/default/mongo_false_positive.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mongo_false_positive.pcapng.out diff --git a/test/results/flow-captured/default/mongodb.pcap.out b/test/results/flow-captured/default/mongodb.pcap.out new file mode 100644 index 000000000..a3a4febda --- /dev/null +++ b/test/results/flow-captured/default/mongodb.pcap.out @@ -0,0 +1 @@ +Flow 5 risky: tcp 10.10.10.18:64566 -> 10.10.10.19:30000 diff --git a/test/results/flow-captured/default/mpeg-dash.pcap.out b/test/results/flow-captured/default/mpeg-dash.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mpeg-dash.pcap.out diff --git a/test/results/flow-captured/default/mpeg.pcap.out b/test/results/flow-captured/default/mpeg.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mpeg.pcap.out diff --git a/test/results/flow-captured/default/mpegts.pcap.out b/test/results/flow-captured/default/mpegts.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mpegts.pcap.out diff --git a/test/results/flow-captured/default/mqtt.pcap.out b/test/results/flow-captured/default/mqtt.pcap.out new file mode 100644 index 000000000..3d37db6a1 --- /dev/null +++ b/test/results/flow-captured/default/mqtt.pcap.out @@ -0,0 +1 @@ +Flow 2 midstream: tcp 100.67.35.238:35035 -> 51.137.28.239:1883 diff --git a/test/results/flow-captured/default/mssql_tds.pcap.out b/test/results/flow-captured/default/mssql_tds.pcap.out new file mode 100644 index 000000000..d4890f968 --- /dev/null +++ b/test/results/flow-captured/default/mssql_tds.pcap.out @@ -0,0 +1,11 @@ +Flow 1 midstream: tcp 10.111.111.111:1111 -> 10.0.0.1:1433 +Flow 10 midstream: tcp 10.111.111.111:11111 -> 10.0.0.1:1433 +Flow 3 midstream: tcp 10.111.111.111:3333 -> 10.0.0.1:1433 +Flow 5 midstream: tcp 10.111.111.111:5555 -> 10.0.0.1:1433 +Flow 7 midstream: tcp 10.111.111.111:7777 -> 10.0.0.1:1433 +Flow 11 midstream: tcp 10.111.111.111:22222 -> 10.0.0.1:1433 +Flow 9 midstream: tcp 10.111.111.111:9999 -> 10.0.0.1:1433 +Flow 2 midstream: tcp 10.111.111.111:2222 -> 10.0.0.1:1433 +Flow 4 midstream: tcp 10.111.111.111:4444 -> 10.0.0.1:1433 +Flow 12 midstream: tcp 10.111.111.111:33333 -> 10.0.0.1:1433 +Flow 8 midstream: tcp 10.111.111.111:8888 -> 10.0.0.1:1433 diff --git a/test/results/flow-captured/default/mullvad_dns.pcap.out b/test/results/flow-captured/default/mullvad_dns.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mullvad_dns.pcap.out diff --git a/test/results/flow-captured/default/mullvad_wireguard.pcap.out b/test/results/flow-captured/default/mullvad_wireguard.pcap.out new file mode 100644 index 000000000..50b22645f --- /dev/null +++ b/test/results/flow-captured/default/mullvad_wireguard.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.122.11:22595 -> 198.54.131.98:5060 diff --git a/test/results/flow-captured/default/mumble.pcapng.out b/test/results/flow-captured/default/mumble.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mumble.pcapng.out diff --git a/test/results/flow-captured/default/munin.pcap.out b/test/results/flow-captured/default/munin.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/munin.pcap.out diff --git a/test/results/flow-captured/default/mysql.pcapng.out b/test/results/flow-captured/default/mysql.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/mysql.pcapng.out diff --git a/test/results/flow-captured/default/nano.pcapng.out b/test/results/flow-captured/default/nano.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/nano.pcapng.out diff --git a/test/results/flow-captured/default/natpmp.pcap.out b/test/results/flow-captured/default/natpmp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/natpmp.pcap.out diff --git a/test/results/flow-captured/default/nats.pcap.out b/test/results/flow-captured/default/nats.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/nats.pcap.out diff --git a/test/results/flow-captured/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/flow-captured/default/ndpi_match_string_subprotocol__error.pcapng.out new file mode 100644 index 000000000..e70ca0572 --- /dev/null +++ b/test/results/flow-captured/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.3.9.19:40632 -> 10.68.137.118:8091 diff --git a/test/results/flow-captured/default/nest_log_sink.pcap.out b/test/results/flow-captured/default/nest_log_sink.pcap.out new file mode 100644 index 000000000..dea8bb13a --- /dev/null +++ b/test/results/flow-captured/default/nest_log_sink.pcap.out @@ -0,0 +1,4 @@ +Flow 1 guessed: tcp 192.168.242.15:63340 -> 35.174.82.237:11095 +Flow 1 not-detected: tcp 192.168.242.15:63340 -> 35.174.82.237:11095 +Flow 1 midstream: tcp 192.168.242.15:63340 -> 35.174.82.237:11095 +Flow 10 risky: udp 192.168.242.15:52849 -> 192.168.242.1:53 diff --git a/test/results/flow-captured/default/netbios.pcap.out b/test/results/flow-captured/default/netbios.pcap.out new file mode 100644 index 000000000..63bf50e5d --- /dev/null +++ b/test/results/flow-captured/default/netbios.pcap.out @@ -0,0 +1,3 @@ +Flow 3 risky: udp 10.0.5.9:138 -> 10.0.5.255:138 +Flow 12 risky: udp 10.0.5.93:138 -> 10.0.5.255:138 +Flow 16 midstream: tcp 10.19.71.184:55489 -> 10.17.113.129:139 diff --git a/test/results/flow-captured/default/netbios_wildcard_dns_query.pcap.out b/test/results/flow-captured/default/netbios_wildcard_dns_query.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/netbios_wildcard_dns_query.pcap.out diff --git a/test/results/flow-captured/default/netease_games.pcapng.out b/test/results/flow-captured/default/netease_games.pcapng.out new file mode 100644 index 000000000..30bd2a758 --- /dev/null +++ b/test/results/flow-captured/default/netease_games.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.88.231:49377 -> 172.17.8.75:53 diff --git a/test/results/flow-captured/default/netflix.pcap.out b/test/results/flow-captured/default/netflix.pcap.out new file mode 100644 index 000000000..2b4cb701c --- /dev/null +++ b/test/results/flow-captured/default/netflix.pcap.out @@ -0,0 +1,28 @@ +Flow 30 risky: tcp 192.168.1.7:53163 -> 23.246.11.145:80 +Flow 32 risky: tcp 192.168.1.7:53171 -> 23.246.3.140:80 +Flow 41 risky: tcp 192.168.1.7:53180 -> 23.246.11.141:80 +Flow 38 risky: tcp 192.168.1.7:53177 -> 23.246.11.141:80 +Flow 36 risky: tcp 192.168.1.7:53175 -> 23.246.11.141:80 +Flow 34 risky: tcp 192.168.1.7:53173 -> 23.246.11.133:80 +Flow 43 risky: tcp 192.168.1.7:53182 -> 23.246.11.141:80 +Flow 35 risky: tcp 192.168.1.7:53174 -> 23.246.11.141:80 +Flow 42 risky: tcp 192.168.1.7:53181 -> 23.246.11.141:80 +Flow 33 risky: tcp 192.168.1.7:53172 -> 23.246.11.133:80 +Flow 39 risky: tcp 192.168.1.7:53178 -> 23.246.11.141:80 +Flow 40 risky: tcp 192.168.1.7:53179 -> 23.246.11.141:80 +Flow 37 risky: tcp 192.168.1.7:53176 -> 23.246.11.141:80 +Flow 44 risky: tcp 192.168.1.7:53183 -> 23.246.3.140:80 +Flow 2 risky: udp 192.168.1.7:51543 -> 192.168.1.1:53 +Flow 57 risky: tcp 192.168.1.7:53249 -> 52.41.30.5:443 +Flow 47 risky: tcp 192.168.1.7:53202 -> 54.191.17.51:443 +Flow 8 risky: tcp 192.168.1.7:53117 -> 52.32.196.36:443 +Flow 28 risky: tcp 192.168.1.7:53153 -> 184.25.204.24:80 +Flow 14 risky: tcp 192.168.1.7:53132 -> 52.89.39.139:443 +Flow 15 risky: tcp 192.168.1.7:53133 -> 52.89.39.139:443 +Flow 16 risky: tcp 192.168.1.7:53134 -> 52.89.39.139:443 +Flow 52 risky: udp 192.168.1.7:51622 -> 192.168.1.1:53 +Flow 58 risky: tcp 192.168.1.7:53250 -> 52.41.30.5:443 +Flow 31 risky: tcp 192.168.1.7:53164 -> 23.246.10.139:80 +Flow 45 risky: tcp 192.168.1.7:53184 -> 23.246.11.141:80 +Flow 50 risky: tcp 192.168.1.7:53210 -> 23.246.11.133:80 +Flow 51 risky: tcp 192.168.1.7:53217 -> 23.246.11.141:80 diff --git a/test/results/flow-captured/default/netflow-fritz.pcap.out b/test/results/flow-captured/default/netflow-fritz.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/netflow-fritz.pcap.out diff --git a/test/results/flow-captured/default/netflowv9.pcap.out b/test/results/flow-captured/default/netflowv9.pcap.out new file mode 100644 index 000000000..4d62d7491 --- /dev/null +++ b/test/results/flow-captured/default/netflowv9.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.2.134:48629 -> 192.168.2.222:2057 diff --git a/test/results/flow-captured/default/nfsv2.pcap.out b/test/results/flow-captured/default/nfsv2.pcap.out new file mode 100644 index 000000000..0f5483abe --- /dev/null +++ b/test/results/flow-captured/default/nfsv2.pcap.out @@ -0,0 +1,5 @@ +Flow 1 risky: udp 139.25.22.2:3289 -> 139.25.22.102:111 +Flow 3 risky: udp 139.25.22.2:3291 -> 139.25.22.102:111 +Flow 6 risky: udp 139.25.22.2:3293 -> 139.25.22.102:111 +Flow 2 risky: udp 139.25.22.2:671 -> 139.25.22.102:1048 +Flow 7 risky: udp 139.25.22.2:686 -> 139.25.22.102:1048 diff --git a/test/results/flow-captured/default/nfsv3.pcap.out b/test/results/flow-captured/default/nfsv3.pcap.out new file mode 100644 index 000000000..8c97e0992 --- /dev/null +++ b/test/results/flow-captured/default/nfsv3.pcap.out @@ -0,0 +1,6 @@ +Flow 1 risky: udp 139.25.22.2:3295 -> 139.25.22.102:111 +Flow 4 risky: udp 139.25.22.2:3297 -> 139.25.22.102:111 +Flow 7 risky: udp 139.25.22.2:3299 -> 139.25.22.102:111 +Flow 3 risky: udp 139.25.22.2:706 -> 139.25.22.102:1048 +Flow 8 risky: udp 139.25.22.2:722 -> 139.25.22.102:1048 +Flow 2 risky: udp 139.25.22.2:3296 -> 139.25.22.102:1048 diff --git a/test/results/flow-captured/default/nintendo.pcap.out b/test/results/flow-captured/default/nintendo.pcap.out new file mode 100644 index 000000000..ff0ee8d8c --- /dev/null +++ b/test/results/flow-captured/default/nintendo.pcap.out @@ -0,0 +1 @@ +Flow 4 midstream: tcp 54.187.10.185:443 -> 192.168.12.114:48328 diff --git a/test/results/flow-captured/default/nntp.pcap.out b/test/results/flow-captured/default/nntp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/nntp.pcap.out diff --git a/test/results/flow-captured/default/no_sni.pcap.out b/test/results/flow-captured/default/no_sni.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/no_sni.pcap.out diff --git a/test/results/flow-captured/default/nomachine.pcapng.out b/test/results/flow-captured/default/nomachine.pcapng.out new file mode 100644 index 000000000..53ac60eb1 --- /dev/null +++ b/test/results/flow-captured/default/nomachine.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.88.231:48084 -> 192.168.88.208:4000 +Flow 2 risky: udp 192.168.88.231:56019 -> 192.168.88.208:4000 diff --git a/test/results/flow-captured/default/ocs.pcap.out b/test/results/flow-captured/default/ocs.pcap.out new file mode 100644 index 000000000..90f35e706 --- /dev/null +++ b/test/results/flow-captured/default/ocs.pcap.out @@ -0,0 +1,7 @@ +Flow 13 risky: tcp 192.168.180.2:49881 -> 178.248.208.54:80 +Flow 20 risky: tcp 192.168.180.2:42590 -> 178.248.208.210:80 +Flow 6 risky: tcp 192.168.180.2:39263 -> 23.21.230.199:443 +Flow 15 risky: tcp 192.168.180.2:36680 -> 178.248.208.54:443 +Flow 16 risky: tcp 192.168.180.2:32946 -> 64.233.184.188:443 +Flow 10 risky: tcp 192.168.180.2:41223 -> 216.58.208.46:443 +Flow 18 risky: tcp 192.168.180.2:47803 -> 64.233.166.95:443 diff --git a/test/results/flow-captured/default/ocsp.pcapng.out b/test/results/flow-captured/default/ocsp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ocsp.pcapng.out diff --git a/test/results/flow-captured/default/oicq.pcap.out b/test/results/flow-captured/default/oicq.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/oicq.pcap.out diff --git a/test/results/flow-captured/default/ookla.pcap.out b/test/results/flow-captured/default/ookla.pcap.out new file mode 100644 index 000000000..76a45ed58 --- /dev/null +++ b/test/results/flow-captured/default/ookla.pcap.out @@ -0,0 +1,2 @@ +Flow 3 risky: tcp 192.168.1.7:51207 -> 46.44.253.187:80 +Flow 6 risky: tcp 192.168.1.128:35830 -> 89.96.108.170:8080 diff --git a/test/results/flow-captured/default/opc-ua.pcap.out b/test/results/flow-captured/default/opc-ua.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/opc-ua.pcap.out diff --git a/test/results/flow-captured/default/openflow.pcap.out b/test/results/flow-captured/default/openflow.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/openflow.pcap.out diff --git a/test/results/flow-captured/default/openvpn-tlscrypt.pcap.out b/test/results/flow-captured/default/openvpn-tlscrypt.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/openvpn-tlscrypt.pcap.out diff --git a/test/results/flow-captured/default/openvpn.pcap.out b/test/results/flow-captured/default/openvpn.pcap.out new file mode 100644 index 000000000..3578cc0d1 --- /dev/null +++ b/test/results/flow-captured/default/openvpn.pcap.out @@ -0,0 +1,8 @@ +Flow 2 risky: udp 69.197.143.179:443 -> 10.0.2.15:60201 +Flow 1 risky: udp 192.168.75.18:60201 -> 166.161.181.18:443 +Flow 4 risky: tcp 192.168.1.77:60140 -> 46.101.231.218:443 +Flow 5 risky: udp 192.168.43.12:41507 -> 139.59.151.137:13680 +Flow 6 risky: udp 192.168.43.18:13680 -> 139.59.151.137:13680 +Flow 8 risky: tcp 127.0.0.1:36138 -> 127.0.0.1:443 +Flow 10 risky: udp 192.168.12.156:37383 -> 217.138.197.43:1234 +Flow 9 risky: udp 192.168.12.156:41133 -> 107.161.86.131:443 diff --git a/test/results/flow-captured/default/openvpn_nohmac.pcapng.out b/test/results/flow-captured/default/openvpn_nohmac.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/openvpn_nohmac.pcapng.out diff --git a/test/results/flow-captured/default/openvpn_nohmac_tcp.pcapng.out b/test/results/flow-captured/default/openvpn_nohmac_tcp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/openvpn_nohmac_tcp.pcapng.out diff --git a/test/results/flow-captured/default/openwire.pcapng.out b/test/results/flow-captured/default/openwire.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/openwire.pcapng.out diff --git a/test/results/flow-captured/default/opera-vpn.pcapng.out b/test/results/flow-captured/default/opera-vpn.pcapng.out new file mode 100644 index 000000000..cc77e416b --- /dev/null +++ b/test/results/flow-captured/default/opera-vpn.pcapng.out @@ -0,0 +1 @@ +Flow 32 risky: tcp 192.168.1.29:51429 -> 77.111.247.69:443 diff --git a/test/results/flow-captured/default/oracle12.pcapng.out b/test/results/flow-captured/default/oracle12.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/oracle12.pcapng.out diff --git a/test/results/flow-captured/default/os_detected.pcapng.out b/test/results/flow-captured/default/os_detected.pcapng.out new file mode 100644 index 000000000..669422d95 --- /dev/null +++ b/test/results/flow-captured/default/os_detected.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.1.128:39821 -> 8.8.8.8:443 diff --git a/test/results/flow-captured/default/ospfv2_add_new_prefix.pcap.out b/test/results/flow-captured/default/ospfv2_add_new_prefix.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ospfv2_add_new_prefix.pcap.out diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out new file mode 100644 index 000000000..612ea67f0 --- /dev/null +++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -0,0 +1,15 @@ +Flow 2 risky: udp 127.0.0.1:1119 -> 127.0.0.1:1120 +Flow 7 not-detected: udp 127.0.0.1:100 -> 127.0.0.1:200 +Flow 4 risky: tcp 192.168.1.128:1 -> 121.254.200.130:1119 +Flow 4 midstream: tcp 192.168.1.128:1 -> 121.254.200.130:1119 +Flow 6 risky: tcp 192.168.1.128:1 -> 12.129.236.254:1119 +Flow 6 midstream: tcp 192.168.1.128:1 -> 12.129.236.254:1119 +Flow 3 risky: tcp 192.168.1.128:1 -> 12.129.206.130:1119 +Flow 3 midstream: tcp 192.168.1.128:1 -> 12.129.206.130:1119 +Flow 5 risky: tcp 192.168.1.128:1 -> 202.9.66.76:1119 +Flow 5 midstream: tcp 192.168.1.128:1 -> 202.9.66.76:1119 +Flow 8 not-detected: udp 127.0.0.1:17788 -> 127.0.0.1:17788 +Flow 9 risky: tcp 192.168.1.128:1 -> 1.2.3.4:10 +Flow 9 midstream: tcp 192.168.1.128:1 -> 1.2.3.4:10 +Flow 10 risky: tcp 192.168.1.128:1 -> 1.2.3.4:11 +Flow 10 midstream: tcp 192.168.1.128:1 -> 1.2.3.4:11 diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out new file mode 100644 index 000000000..de380358f --- /dev/null +++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.1:8787 -> 10.10.10.1:32177 diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_3.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_3.pcapng.out diff --git a/test/results/flow-captured/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_4.pcapng.out new file mode 100644 index 000000000..02806735d --- /dev/null +++ b/test/results/flow-captured/default/ossfuzz_seed_fake_traces_4.pcapng.out @@ -0,0 +1 @@ +Flow 1 not-detected: udp 127.0.0.1:100 -> 127.0.0.1:200 diff --git a/test/results/flow-captured/default/path_of_exile.pcapng.out b/test/results/flow-captured/default/path_of_exile.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/path_of_exile.pcapng.out diff --git a/test/results/flow-captured/default/pfcp.pcapng.out b/test/results/flow-captured/default/pfcp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pfcp.pcapng.out diff --git a/test/results/flow-captured/default/pgm.pcap.out b/test/results/flow-captured/default/pgm.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pgm.pcap.out diff --git a/test/results/flow-captured/default/pgsql.pcap.out b/test/results/flow-captured/default/pgsql.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pgsql.pcap.out diff --git a/test/results/flow-captured/default/pgsql2.pcapng.out b/test/results/flow-captured/default/pgsql2.pcapng.out new file mode 100644 index 000000000..b4cc597fd --- /dev/null +++ b/test/results/flow-captured/default/pgsql2.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.220.20.67:58574 -> 10.220.20.67:60102 diff --git a/test/results/flow-captured/default/pia.pcap.out b/test/results/flow-captured/default/pia.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pia.pcap.out diff --git a/test/results/flow-captured/default/pim.pcap.out b/test/results/flow-captured/default/pim.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pim.pcap.out diff --git a/test/results/flow-captured/default/pinterest.pcap.out b/test/results/flow-captured/default/pinterest.pcap.out new file mode 100644 index 000000000..0387bd20d --- /dev/null +++ b/test/results/flow-captured/default/pinterest.pcap.out @@ -0,0 +1,2 @@ +Flow 22 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43562 -> 2a00:1450:4007:805::2003:443 +Flow 22 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43562 -> 2a00:1450:4007:805::2003:443 diff --git a/test/results/flow-captured/default/pluralsight.pcap.out b/test/results/flow-captured/default/pluralsight.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pluralsight.pcap.out diff --git a/test/results/flow-captured/default/pop3.pcap.out b/test/results/flow-captured/default/pop3.pcap.out new file mode 100644 index 000000000..23e99f27c --- /dev/null +++ b/test/results/flow-captured/default/pop3.pcap.out @@ -0,0 +1,4 @@ +Flow 1 risky: tcp 143.225.229.181:35287 -> 74.208.5.28:110 +Flow 6 risky: tcp 192.168.0.4:26383 -> 212.227.15.166:110 +Flow 3 risky: tcp 192.168.0.4:26284 -> 212.227.15.166:110 +Flow 5 risky: tcp 192.168.0.4:26308 -> 212.227.15.166:110 diff --git a/test/results/flow-captured/default/pop3_stls.pcap.out b/test/results/flow-captured/default/pop3_stls.pcap.out new file mode 100644 index 000000000..1952fafdc --- /dev/null +++ b/test/results/flow-captured/default/pop3_stls.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.20.18:50583 -> 72.249.41.52:110 diff --git a/test/results/flow-captured/default/pops.pcapng.out b/test/results/flow-captured/default/pops.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pops.pcapng.out diff --git a/test/results/flow-captured/default/portable_executable.pcap.out b/test/results/flow-captured/default/portable_executable.pcap.out new file mode 100644 index 000000000..53f91eaea --- /dev/null +++ b/test/results/flow-captured/default/portable_executable.pcap.out @@ -0,0 +1 @@ +Flow 1 not-detected: tcp 172.16.99.201:1732 -> 64.227.107.71:4444 diff --git a/test/results/flow-captured/default/pptp.pcap.out b/test/results/flow-captured/default/pptp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/pptp.pcap.out diff --git a/test/results/flow-captured/default/profinet-io-le.pcap.out b/test/results/flow-captured/default/profinet-io-le.pcap.out new file mode 100644 index 000000000..ab08bdd2c --- /dev/null +++ b/test/results/flow-captured/default/profinet-io-le.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 10.10.0.150:1566 -> 10.10.0.129:34964 diff --git a/test/results/flow-captured/default/protobuf.pcap.out b/test/results/flow-captured/default/protobuf.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/protobuf.pcap.out diff --git a/test/results/flow-captured/default/protonvpn.pcap.out b/test/results/flow-captured/default/protonvpn.pcap.out new file mode 100644 index 000000000..7cce13929 --- /dev/null +++ b/test/results/flow-captured/default/protonvpn.pcap.out @@ -0,0 +1 @@ +Flow 2 risky: udp 10.0.2.15:57701 -> 217.23.3.76:443 diff --git a/test/results/flow-captured/default/psiphon3.pcap.out b/test/results/flow-captured/default/psiphon3.pcap.out new file mode 100644 index 000000000..910fc73c4 --- /dev/null +++ b/test/results/flow-captured/default/psiphon3.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.103:40557 -> 104.18.151.190:443 diff --git a/test/results/flow-captured/default/ptpv2.pcap.out b/test/results/flow-captured/default/ptpv2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ptpv2.pcap.out diff --git a/test/results/flow-captured/default/punycode-idn.pcap.out b/test/results/flow-captured/default/punycode-idn.pcap.out new file mode 100644 index 000000000..3e939ada6 --- /dev/null +++ b/test/results/flow-captured/default/punycode-idn.pcap.out @@ -0,0 +1 @@ +Flow 3 risky: tcp 192.168.2.140:56011 -> 170.33.9.230:80 diff --git a/test/results/flow-captured/default/quic-23.pcap.out b/test/results/flow-captured/default/quic-23.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-23.pcap.out diff --git a/test/results/flow-captured/default/quic-24.pcap.out b/test/results/flow-captured/default/quic-24.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-24.pcap.out diff --git a/test/results/flow-captured/default/quic-27.pcap.out b/test/results/flow-captured/default/quic-27.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-27.pcap.out diff --git a/test/results/flow-captured/default/quic-28.pcap.out b/test/results/flow-captured/default/quic-28.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-28.pcap.out diff --git a/test/results/flow-captured/default/quic-29.pcap.out b/test/results/flow-captured/default/quic-29.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-29.pcap.out diff --git a/test/results/flow-captured/default/quic-33.pcapng.out b/test/results/flow-captured/default/quic-33.pcapng.out new file mode 100644 index 000000000..04495fe36 --- /dev/null +++ b/test/results/flow-captured/default/quic-33.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp ::1:51430 -> ::1:4443 diff --git a/test/results/flow-captured/default/quic-34.pcap.out b/test/results/flow-captured/default/quic-34.pcap.out new file mode 100644 index 000000000..db9c8160e --- /dev/null +++ b/test/results/flow-captured/default/quic-34.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.56.1:55880 -> 192.168.56.198:4443 diff --git a/test/results/flow-captured/default/quic-forcing-vn-with-data.pcapng.out b/test/results/flow-captured/default/quic-forcing-vn-with-data.pcapng.out new file mode 100644 index 000000000..6a938acab --- /dev/null +++ b/test/results/flow-captured/default/quic-forcing-vn-with-data.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.56.103:55523 -> 192.168.56.104:4433 diff --git a/test/results/flow-captured/default/quic-fuzz-overflow.pcapng.out b/test/results/flow-captured/default/quic-fuzz-overflow.pcapng.out new file mode 100644 index 000000000..dfb714c6f --- /dev/null +++ b/test/results/flow-captured/default/quic-fuzz-overflow.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 255.255.255.255:8224 -> 255.255.255.32:8224 diff --git a/test/results/flow-captured/default/quic-mvfst-22.pcap.out b/test/results/flow-captured/default/quic-mvfst-22.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-mvfst-22.pcap.out diff --git a/test/results/flow-captured/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/flow-captured/default/quic-mvfst-22_decryption_error.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-mvfst-22_decryption_error.pcap.out diff --git a/test/results/flow-captured/default/quic-mvfst-27.pcapng.out b/test/results/flow-captured/default/quic-mvfst-27.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-mvfst-27.pcapng.out diff --git a/test/results/flow-captured/default/quic-mvfst-exp.pcap.out b/test/results/flow-captured/default/quic-mvfst-exp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic-mvfst-exp.pcap.out diff --git a/test/results/flow-captured/default/quic-v2.pcapng.out b/test/results/flow-captured/default/quic-v2.pcapng.out new file mode 100644 index 000000000..160408163 --- /dev/null +++ b/test/results/flow-captured/default/quic-v2.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp ::1:42086 -> ::1:4443 diff --git a/test/results/flow-captured/default/quic.pcap.out b/test/results/flow-captured/default/quic.pcap.out new file mode 100644 index 000000000..5494eefc1 --- /dev/null +++ b/test/results/flow-captured/default/quic.pcap.out @@ -0,0 +1 @@ +Flow 2 risky: udp 10.0.0.4:40134 -> 10.0.0.3:6121 diff --git a/test/results/flow-captured/default/quic046.pcap.out b/test/results/flow-captured/default/quic046.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic046.pcap.out diff --git a/test/results/flow-captured/default/quic_0RTT.pcap.out b/test/results/flow-captured/default/quic_0RTT.pcap.out new file mode 100644 index 000000000..82a581b30 --- /dev/null +++ b/test/results/flow-captured/default/quic_0RTT.pcap.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 192.168.2.100:51972 -> 142.250.181.227:443 +Flow 1 risky: udp ::1:60459 -> ::1:4443 diff --git a/test/results/flow-captured/default/quic_cc_ack.pcapng.out b/test/results/flow-captured/default/quic_cc_ack.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_cc_ack.pcapng.out diff --git a/test/results/flow-captured/default/quic_crypto_aes_auth_size.pcap.out b/test/results/flow-captured/default/quic_crypto_aes_auth_size.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_crypto_aes_auth_size.pcap.out diff --git a/test/results/flow-captured/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/flow-captured/default/quic_frags_ch_in_multiple_packets.pcapng.out new file mode 100644 index 000000000..f4fbad9ba --- /dev/null +++ b/test/results/flow-captured/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp ::1:58822 -> ::1:4443 diff --git a/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out diff --git a/test/results/flow-captured/default/quic_frags_different_dcid.pcapng.out b/test/results/flow-captured/default/quic_frags_different_dcid.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_frags_different_dcid.pcapng.out diff --git a/test/results/flow-captured/default/quic_interop_V.pcapng.out b/test/results/flow-captured/default/quic_interop_V.pcapng.out new file mode 100644 index 000000000..a3bfc5fcb --- /dev/null +++ b/test/results/flow-captured/default/quic_interop_V.pcapng.out @@ -0,0 +1,36 @@ +Flow 21 risky: udp 192.168.1.128:59171 -> 193.190.10.98:4433 +Flow 8 risky: udp 192.168.1.128:46576 -> 40.112.191.60:4433 +Flow 34 risky: icmp 131.159.24.198 -> 192.168.1.128 +Flow 1 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:38077 -> 2400:8902::f03c:91ff:fe69:a454:443 +Flow 13 risky: udp 192.168.1.128:60784 -> 3.121.242.54:4433 +Flow 38 risky: udp 192.168.1.128:50289 -> 71.202.41.169:4434 +Flow 15 risky: udp 192.168.1.128:34511 -> 131.159.24.198:443 +Flow 45 risky: udp 192.168.1.128:59515 -> 193.190.10.98:4434 +Flow 31 risky: udp 192.168.1.128:38933 -> 202.238.220.92:443 +Flow 26 risky: udp 192.168.1.128:37784 -> 140.227.52.92:443 +Flow 11 risky: icmp 3.121.242.54 -> 192.168.1.128 +Flow 56 risky: udp 192.168.1.128:39975 -> 138.91.188.147:443 +Flow 52 risky: udp 192.168.1.128:35263 -> 202.238.220.92:4434 +Flow 55 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:44924 -> 2400:8902::f03c:91ff:fe69:a454:4434 +Flow 36 risky: udp 192.168.1.128:42456 -> 133.242.206.244:443 +Flow 75 risky: icmp 133.242.206.244 -> 192.168.1.128 +Flow 28 risky: udp 192.168.1.128:49658 -> 193.190.10.98:443 +Flow 62 risky: udp 192.168.1.128:42468 -> 138.91.188.147:4433 +Flow 57 risky: udp 192.168.1.128:50705 -> 138.91.188.147:4434 +Flow 64 risky: udp 192.168.1.128:53402 -> 3.121.242.54:4434 +Flow 48 risky: udp 192.168.1.128:44619 -> 140.227.52.92:4433 +Flow 44 risky: udp 192.168.1.128:53791 -> 40.112.191.60:4434 +Flow 18 risky: udp 192.168.1.128:49151 -> 133.242.206.244:4433 +Flow 12 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:32957 -> 2606:4700:10::6816:826:4433 +Flow 72 risky: icmp 18.189.84.245 -> 192.168.1.128 +Flow 47 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:46242 -> 2600:1f18:2310:d230:5103:7d9e:7d75:374f:443 +Flow 10 risky: udp 192.168.1.128:38366 -> 202.238.220.92:4433 +Flow 23 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:56213 -> 2400:8902::f03c:91ff:fe69:a454:4433 +Flow 30 risky: icmp 51.158.105.98 -> 192.168.1.128 +Flow 25 risky: udp 192.168.1.128:37661 -> 71.202.41.169:4433 +Flow 71 risky: icmp 202.238.220.92 -> 192.168.1.128 +Flow 9 risky: udp 192.168.1.128:46334 -> 40.112.191.60:443 +Flow 42 risky: udp 192.168.1.128:45855 -> 133.242.206.244:4434 +Flow 58 risky: udp 2001:b07:ac9:d5ae:a4d3:fe47:691e:807d:41857 -> 2606:4700:10::6816:826:4434 +Flow 2 risky: udp 192.168.1.128:37643 -> 71.202.41.169:443 +Flow 66 risky: udp 192.168.1.128:57926 -> 140.227.52.92:4434 diff --git a/test/results/flow-captured/default/quic_q39.pcap.out b/test/results/flow-captured/default/quic_q39.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q39.pcap.out diff --git a/test/results/flow-captured/default/quic_q43.pcap.out b/test/results/flow-captured/default/quic_q43.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q43.pcap.out diff --git a/test/results/flow-captured/default/quic_q46.pcap.out b/test/results/flow-captured/default/quic_q46.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q46.pcap.out diff --git a/test/results/flow-captured/default/quic_q46_b.pcap.out b/test/results/flow-captured/default/quic_q46_b.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q46_b.pcap.out diff --git a/test/results/flow-captured/default/quic_q50.pcap.out b/test/results/flow-captured/default/quic_q50.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_q50.pcap.out diff --git a/test/results/flow-captured/default/quic_t50.pcap.out b/test/results/flow-captured/default/quic_t50.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_t50.pcap.out diff --git a/test/results/flow-captured/default/quic_t51.pcap.out b/test/results/flow-captured/default/quic_t51.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/quic_t51.pcap.out diff --git a/test/results/flow-captured/default/quickplay.pcap.out b/test/results/flow-captured/default/quickplay.pcap.out new file mode 100644 index 000000000..ab414a2de --- /dev/null +++ b/test/results/flow-captured/default/quickplay.pcap.out @@ -0,0 +1,18 @@ +Flow 11 midstream: tcp 10.54.169.250:52009 -> 120.28.35.40:80 +Flow 13 risky: tcp 10.54.169.250:54885 -> 203.205.151.160:80 +Flow 13 midstream: tcp 10.54.169.250:54885 -> 203.205.151.160:80 +Flow 1 midstream: tcp 10.54.169.250:50668 -> 120.28.35.41:80 +Flow 2 midstream: tcp 10.54.169.250:50669 -> 120.28.35.41:80 +Flow 7 midstream: tcp 10.54.169.250:44793 -> 31.13.68.49:80 +Flow 12 risky: tcp 10.54.169.250:42761 -> 203.205.129.101:80 +Flow 12 midstream: tcp 10.54.169.250:42761 -> 203.205.129.101:80 +Flow 14 risky: tcp 10.54.169.250:42762 -> 203.205.129.101:80 +Flow 14 midstream: tcp 10.54.169.250:42762 -> 203.205.129.101:80 +Flow 6 midstream: tcp 10.54.169.250:33277 -> 120.28.26.231:80 +Flow 16 risky: tcp 10.54.169.250:56381 -> 54.179.140.65:80 +Flow 16 midstream: tcp 10.54.169.250:56381 -> 54.179.140.65:80 +Flow 19 midstream: tcp 10.54.169.250:52019 -> 120.28.35.40:80 +Flow 4 midstream: tcp 10.54.169.250:52285 -> 173.252.74.22:80 +Flow 5 midstream: tcp 10.54.169.250:52288 -> 173.252.74.22:80 +Flow 15 risky: tcp 10.54.169.250:35670 -> 203.205.147.215:80 +Flow 15 midstream: tcp 10.54.169.250:35670 -> 203.205.147.215:80 diff --git a/test/results/flow-captured/default/radius_false_positive.pcapng.out b/test/results/flow-captured/default/radius_false_positive.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/radius_false_positive.pcapng.out diff --git a/test/results/flow-captured/default/radmin3.pcapng.out b/test/results/flow-captured/default/radmin3.pcapng.out new file mode 100644 index 000000000..55aacf056 --- /dev/null +++ b/test/results/flow-captured/default/radmin3.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.88.208:49736 -> 192.168.88.197:4899 +Flow 2 risky: tcp 192.168.88.208:49739 -> 192.168.88.197:4899 diff --git a/test/results/flow-captured/default/raft.pcap.out b/test/results/flow-captured/default/raft.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/raft.pcap.out diff --git a/test/results/flow-captured/default/raknet.pcap.out b/test/results/flow-captured/default/raknet.pcap.out new file mode 100644 index 000000000..47048865a --- /dev/null +++ b/test/results/flow-captured/default/raknet.pcap.out @@ -0,0 +1,6 @@ +Flow 5 risky: udp 192.168.2.100:32952 -> 148.153.35.205:60021 +Flow 7 risky: udp 192.168.2.100:32953 -> 148.153.35.205:60021 +Flow 6 risky: udp 148.153.35.205:60025 -> 192.168.2.100:32951 +Flow 8 not-detected: udp 192.168.2.100:60690 -> 148.153.35.205:60028 +Flow 11 risky: udp 192.168.2.100:44501 -> 148.153.35.205:59935 +Flow 12 not-detected: udp 148.153.35.205:43582 -> 192.168.2.100:44501 diff --git a/test/results/flow-captured/default/rdp.pcap.out b/test/results/flow-captured/default/rdp.pcap.out new file mode 100644 index 000000000..39b09f22b --- /dev/null +++ b/test/results/flow-captured/default/rdp.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 172.16.2.185:52494 -> 192.168.2.142:3389 diff --git a/test/results/flow-captured/default/rdp2.pcap.out b/test/results/flow-captured/default/rdp2.pcap.out new file mode 100644 index 000000000..5ad8dfd30 --- /dev/null +++ b/test/results/flow-captured/default/rdp2.pcap.out @@ -0,0 +1,3 @@ +Flow 1 risky: udp 192.168.122.181:54759 -> 192.168.122.2:3389 +Flow 2 risky: udp 10.8.37.100:51652 -> 10.100.2.87:3389 +Flow 3 risky: udp 10.50.181.210:60355 -> 10.50.73.36:3389 diff --git a/test/results/flow-captured/default/rdp3.pcap.out b/test/results/flow-captured/default/rdp3.pcap.out new file mode 100644 index 000000000..b9990a485 --- /dev/null +++ b/test/results/flow-captured/default/rdp3.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.150.9.21:1685 -> 10.157.4.161:3389 diff --git a/test/results/flow-captured/default/reasm_crash_anon.pcapng.out b/test/results/flow-captured/default/reasm_crash_anon.pcapng.out new file mode 100644 index 000000000..2a89264e9 --- /dev/null +++ b/test/results/flow-captured/default/reasm_crash_anon.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 not-detected: tcp 192.168.145.147:51218 -> 10.209.8.148:21999 +Flow 1 midstream: tcp 192.168.145.147:51218 -> 10.209.8.148:21999 diff --git a/test/results/flow-captured/default/reasm_segv_anon.pcapng.out b/test/results/flow-captured/default/reasm_segv_anon.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/reasm_segv_anon.pcapng.out diff --git a/test/results/flow-captured/default/reddit.pcap.out b/test/results/flow-captured/default/reddit.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/reddit.pcap.out diff --git a/test/results/flow-captured/default/resp.pcap.out b/test/results/flow-captured/default/resp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/resp.pcap.out diff --git a/test/results/flow-captured/default/riot.pcapng.out b/test/results/flow-captured/default/riot.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/riot.pcapng.out diff --git a/test/results/flow-captured/default/riotgames.pcap.out b/test/results/flow-captured/default/riotgames.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/riotgames.pcap.out diff --git a/test/results/flow-captured/default/ripe_atlas.pcap.out b/test/results/flow-captured/default/ripe_atlas.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ripe_atlas.pcap.out diff --git a/test/results/flow-captured/default/rmcp.pcap.out b/test/results/flow-captured/default/rmcp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rmcp.pcap.out diff --git a/test/results/flow-captured/default/roblox.pcapng.out b/test/results/flow-captured/default/roblox.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/roblox.pcapng.out diff --git a/test/results/flow-captured/default/roughtime.pcap.out b/test/results/flow-captured/default/roughtime.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/roughtime.pcap.out diff --git a/test/results/flow-captured/default/rsh-syslog-false-positive.pcap.out b/test/results/flow-captured/default/rsh-syslog-false-positive.pcap.out new file mode 100644 index 000000000..2d31a37f5 --- /dev/null +++ b/test/results/flow-captured/default/rsh-syslog-false-positive.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 172.31.78.129:9039 -> 172.29.43.201:514 diff --git a/test/results/flow-captured/default/rsh.pcap.out b/test/results/flow-captured/default/rsh.pcap.out new file mode 100644 index 000000000..bf66d2b8e --- /dev/null +++ b/test/results/flow-captured/default/rsh.pcap.out @@ -0,0 +1,2 @@ +Flow 2 risky: tcp 127.0.0.1:1021 -> 127.0.0.1:514 +Flow 1 risky: tcp 127.0.0.1:1023 -> 127.0.0.1:514 diff --git a/test/results/flow-captured/default/rsync.pcap.out b/test/results/flow-captured/default/rsync.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rsync.pcap.out diff --git a/test/results/flow-captured/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/flow-captured/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out diff --git a/test/results/flow-captured/default/rtmp.pcap.out b/test/results/flow-captured/default/rtmp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rtmp.pcap.out diff --git a/test/results/flow-captured/default/rtp.pcapng.out b/test/results/flow-captured/default/rtp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rtp.pcapng.out diff --git a/test/results/flow-captured/default/rtps.pcap.out b/test/results/flow-captured/default/rtps.pcap.out new file mode 100644 index 000000000..c34f212bc --- /dev/null +++ b/test/results/flow-captured/default/rtps.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 127.0.0.1:28108 -> 127.0.0.1:7410 diff --git a/test/results/flow-captured/default/rtsp.pcap.out b/test/results/flow-captured/default/rtsp.pcap.out new file mode 100644 index 000000000..9d28a9464 --- /dev/null +++ b/test/results/flow-captured/default/rtsp.pcap.out @@ -0,0 +1,8 @@ +Flow 2 risky: tcp 10.1.1.10:52472 -> 10.2.2.2:8554 +Flow 3 risky: tcp 10.1.1.10:52474 -> 10.2.2.2:8554 +Flow 4 risky: tcp 10.1.1.10:52476 -> 10.2.2.2:8554 +Flow 5 risky: tcp 10.1.1.10:52478 -> 10.2.2.2:8554 +Flow 1 risky: tcp 10.1.1.10:52470 -> 10.2.2.2:8554 +Flow 1 midstream: tcp 10.1.1.10:52470 -> 10.2.2.2:8554 +Flow 6 risky: tcp 10.1.1.10:52480 -> 10.2.2.2:8554 +Flow 7 risky: tcp 10.1.1.10:52482 -> 10.2.2.2:8554 diff --git a/test/results/flow-captured/default/rtsp_setup_http.pcapng.out b/test/results/flow-captured/default/rtsp_setup_http.pcapng.out new file mode 100644 index 000000000..bee1eae85 --- /dev/null +++ b/test/results/flow-captured/default/rtsp_setup_http.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 172.28.5.170:63840 -> 172.28.4.26:8554 +Flow 1 midstream: tcp 172.28.5.170:63840 -> 172.28.4.26:8554 diff --git a/test/results/flow-captured/default/rx.pcap.out b/test/results/flow-captured/default/rx.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/rx.pcap.out diff --git a/test/results/flow-captured/default/s7comm-plus.pcap.out b/test/results/flow-captured/default/s7comm-plus.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/s7comm-plus.pcap.out diff --git a/test/results/flow-captured/default/s7comm.pcap.out b/test/results/flow-captured/default/s7comm.pcap.out new file mode 100644 index 000000000..c7c9d0055 --- /dev/null +++ b/test/results/flow-captured/default/s7comm.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.1.10:4185 -> 192.168.1.40:102 diff --git a/test/results/flow-captured/default/safari.pcap.out b/test/results/flow-captured/default/safari.pcap.out new file mode 100644 index 000000000..8b4353ac7 --- /dev/null +++ b/test/results/flow-captured/default/safari.pcap.out @@ -0,0 +1,5 @@ +Flow 4 risky: tcp 192.168.1.178:55267 -> 146.48.58.18:443 +Flow 2 risky: tcp 192.168.1.178:55265 -> 146.48.58.18:443 +Flow 3 risky: tcp 192.168.1.178:55266 -> 146.48.58.18:443 +Flow 5 risky: tcp 192.168.1.178:55268 -> 146.48.58.18:443 +Flow 6 risky: tcp 192.168.1.178:55269 -> 146.48.58.18:443 diff --git a/test/results/flow-captured/default/salesforce.pcap.out b/test/results/flow-captured/default/salesforce.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/salesforce.pcap.out diff --git a/test/results/flow-captured/default/sccp_hw_conf_register.pcapng.out b/test/results/flow-captured/default/sccp_hw_conf_register.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sccp_hw_conf_register.pcapng.out diff --git a/test/results/flow-captured/default/sctp.cap.out b/test/results/flow-captured/default/sctp.cap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sctp.cap.out diff --git a/test/results/flow-captured/default/selfsigned.pcap.out b/test/results/flow-captured/default/selfsigned.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/selfsigned.pcap.out diff --git a/test/results/flow-captured/default/sflow.pcap.out b/test/results/flow-captured/default/sflow.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sflow.pcap.out diff --git a/test/results/flow-captured/default/shadowsocks.pcap.out b/test/results/flow-captured/default/shadowsocks.pcap.out new file mode 100644 index 000000000..07190d818 --- /dev/null +++ b/test/results/flow-captured/default/shadowsocks.pcap.out @@ -0,0 +1 @@ +Flow 2 not-detected: tcp 127.0.0.1:44276 -> 127.0.0.1:8388 diff --git a/test/results/flow-captured/default/shell.pcap.out b/test/results/flow-captured/default/shell.pcap.out new file mode 100644 index 000000000..a84f36af1 --- /dev/null +++ b/test/results/flow-captured/default/shell.pcap.out @@ -0,0 +1,4 @@ +Flow 4 not-detected: tcp 127.0.0.1:54970 -> 127.0.0.1:33333 +Flow 1 not-detected: tcp 127.0.0.1:47638 -> 127.0.0.1:33333 +Flow 2 not-detected: udp 127.0.0.1:54112 -> 127.0.0.1:33333 +Flow 3 not-detected: udp 127.0.0.1:58538 -> 127.0.0.1:33333 diff --git a/test/results/flow-captured/default/signal.pcap.out b/test/results/flow-captured/default/signal.pcap.out new file mode 100644 index 000000000..bc4b0b39d --- /dev/null +++ b/test/results/flow-captured/default/signal.pcap.out @@ -0,0 +1,3 @@ +Flow 8 risky: tcp 192.168.2.17:56996 -> 17.248.146.144:443 +Flow 8 midstream: tcp 192.168.2.17:56996 -> 17.248.146.144:443 +Flow 9 midstream: tcp 192.168.2.17:57017 -> 2.18.232.118:443 diff --git a/test/results/flow-captured/default/simple-dnscrypt.pcap.out b/test/results/flow-captured/default/simple-dnscrypt.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/simple-dnscrypt.pcap.out diff --git a/test/results/flow-captured/default/sip.pcap.out b/test/results/flow-captured/default/sip.pcap.out new file mode 100644 index 000000000..1090142cf --- /dev/null +++ b/test/results/flow-captured/default/sip.pcap.out @@ -0,0 +1 @@ +Flow 4 not-detected: udp 192.168.1.2:30001 -> 212.242.33.36:40393 diff --git a/test/results/flow-captured/default/sip_hello.pcapng.out b/test/results/flow-captured/default/sip_hello.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sip_hello.pcapng.out diff --git a/test/results/flow-captured/default/sites.pcapng.out b/test/results/flow-captured/default/sites.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/sites.pcapng.out diff --git a/test/results/flow-captured/default/skinny.pcap.out b/test/results/flow-captured/default/skinny.pcap.out new file mode 100644 index 000000000..d93757842 --- /dev/null +++ b/test/results/flow-captured/default/skinny.pcap.out @@ -0,0 +1,2 @@ +Flow 1 midstream: tcp 192.168.195.58:49399 -> 192.168.193.12:2000 +Flow 2 midstream: tcp 192.168.193.12:2000 -> 192.168.195.50:51532 diff --git a/test/results/flow-captured/default/skype-conference-call.pcap.out b/test/results/flow-captured/default/skype-conference-call.pcap.out new file mode 100644 index 000000000..34ff2def6 --- /dev/null +++ b/test/results/flow-captured/default/skype-conference-call.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.2.20:49282 -> 104.46.40.49:60642 diff --git a/test/results/flow-captured/default/smb_deletefile.pcap.out b/test/results/flow-captured/default/smb_deletefile.pcap.out new file mode 100644 index 000000000..235f0b2ac --- /dev/null +++ b/test/results/flow-captured/default/smb_deletefile.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.1.118:56848 -> 192.168.1.187:445 diff --git a/test/results/flow-captured/default/smb_frags.pcap.out b/test/results/flow-captured/default/smb_frags.pcap.out new file mode 100644 index 000000000..6de65cbd8 --- /dev/null +++ b/test/results/flow-captured/default/smb_frags.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.202.211.125:54120 -> 10.202.7.8:445 diff --git a/test/results/flow-captured/default/smbv1.pcap.out b/test/results/flow-captured/default/smbv1.pcap.out new file mode 100644 index 000000000..35466a60e --- /dev/null +++ b/test/results/flow-captured/default/smbv1.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 172.16.156.130:50927 -> 10.128.0.243:445 +Flow 1 midstream: tcp 172.16.156.130:50927 -> 10.128.0.243:445 diff --git a/test/results/flow-captured/default/smpp_in_general.pcap.out b/test/results/flow-captured/default/smpp_in_general.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/smpp_in_general.pcap.out diff --git a/test/results/flow-captured/default/smtp-starttls.pcap.out b/test/results/flow-captured/default/smtp-starttls.pcap.out new file mode 100644 index 000000000..e1a4b74a1 --- /dev/null +++ b/test/results/flow-captured/default/smtp-starttls.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 10.0.0.1:57406 -> 173.194.68.26:25 +Flow 2 risky: tcp 2003:de:2016:125:fc36:8317:4e86:cb72:7562 -> 2003:de:2016:120::a08:53:25 diff --git a/test/results/flow-captured/default/smtp.pcap.out b/test/results/flow-captured/default/smtp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/smtp.pcap.out diff --git a/test/results/flow-captured/default/smtps.pcapng.out b/test/results/flow-captured/default/smtps.pcapng.out new file mode 100644 index 000000000..d38150450 --- /dev/null +++ b/test/results/flow-captured/default/smtps.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 62.43.36.99:37682 -> 21.65.95.132:465 diff --git a/test/results/flow-captured/default/snapchat.pcap.out b/test/results/flow-captured/default/snapchat.pcap.out new file mode 100644 index 000000000..81b9eb29b --- /dev/null +++ b/test/results/flow-captured/default/snapchat.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.8.0.1:33233 -> 74.125.136.141:443 diff --git a/test/results/flow-captured/default/snapchat_call.pcapng.out b/test/results/flow-captured/default/snapchat_call.pcapng.out new file mode 100644 index 000000000..44d0ee1f6 --- /dev/null +++ b/test/results/flow-captured/default/snapchat_call.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.12.169:42083 -> 18.184.138.142:443 diff --git a/test/results/flow-captured/default/snapchat_call_v1.pcapng.out b/test/results/flow-captured/default/snapchat_call_v1.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/snapchat_call_v1.pcapng.out diff --git a/test/results/flow-captured/default/snmp.pcap.out b/test/results/flow-captured/default/snmp.pcap.out new file mode 100644 index 000000000..33dbcd827 --- /dev/null +++ b/test/results/flow-captured/default/snmp.pcap.out @@ -0,0 +1,2 @@ +Flow 17 risky: udp 10.99.8.88:43242 -> 10.100.253.146:161 +Flow 16 risky: udp 10.231.2.134:161 -> 10.72.247.4:61088 diff --git a/test/results/flow-captured/default/soap.pcap.out b/test/results/flow-captured/default/soap.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/soap.pcap.out diff --git a/test/results/flow-captured/default/socks.pcap.out b/test/results/flow-captured/default/socks.pcap.out new file mode 100644 index 000000000..569bf505b --- /dev/null +++ b/test/results/flow-captured/default/socks.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.0.0.1:1637 -> 10.0.0.2:21477 diff --git a/test/results/flow-captured/default/softether.pcap.out b/test/results/flow-captured/default/softether.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/softether.pcap.out diff --git a/test/results/flow-captured/default/someip-tp.pcap.out b/test/results/flow-captured/default/someip-tp.pcap.out new file mode 100644 index 000000000..ebd0fb6d6 --- /dev/null +++ b/test/results/flow-captured/default/someip-tp.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 10.0.1.207:56772 -> 10.0.1.1:18193 diff --git a/test/results/flow-captured/default/someip-udp-method-call.pcapng.out b/test/results/flow-captured/default/someip-udp-method-call.pcapng.out new file mode 100644 index 000000000..d2e47e1c7 --- /dev/null +++ b/test/results/flow-captured/default/someip-udp-method-call.pcapng.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 192.168.0.125:49191 -> 192.168.0.1:49201 +Flow 1 risky: udp 192.168.0.1:49190 -> 224.0.0.1:49190 diff --git a/test/results/flow-captured/default/someip_sd_sample.pcap.out b/test/results/flow-captured/default/someip_sd_sample.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/someip_sd_sample.pcap.out diff --git a/test/results/flow-captured/default/source_engine.pcap.out b/test/results/flow-captured/default/source_engine.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/source_engine.pcap.out diff --git a/test/results/flow-captured/default/spotify_tcp.pcap.out b/test/results/flow-captured/default/spotify_tcp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/spotify_tcp.pcap.out diff --git a/test/results/flow-captured/default/sql_injection.pcap.out b/test/results/flow-captured/default/sql_injection.pcap.out new file mode 100644 index 000000000..0b79c73bf --- /dev/null +++ b/test/results/flow-captured/default/sql_injection.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.3.109:53528 -> 192.168.3.107:80 +Flow 1 midstream: tcp 192.168.3.109:53528 -> 192.168.3.107:80 diff --git a/test/results/flow-captured/default/srvloc-v1.pcapng.out b/test/results/flow-captured/default/srvloc-v1.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/srvloc-v1.pcapng.out diff --git a/test/results/flow-captured/default/srvloc.pcap.out b/test/results/flow-captured/default/srvloc.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/srvloc.pcap.out diff --git a/test/results/flow-captured/default/ssdp-m-search-ua.pcap.out b/test/results/flow-captured/default/ssdp-m-search-ua.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ssdp-m-search-ua.pcap.out diff --git a/test/results/flow-captured/default/ssdp-m-search.pcap.out b/test/results/flow-captured/default/ssdp-m-search.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ssdp-m-search.pcap.out diff --git a/test/results/flow-captured/default/ssh.pcap.out b/test/results/flow-captured/default/ssh.pcap.out new file mode 100644 index 000000000..314880526 --- /dev/null +++ b/test/results/flow-captured/default/ssh.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 172.16.238.1:58395 -> 172.16.238.168:22 +Flow 2 risky: tcp 127.0.0.1:58496 -> 127.0.0.1:8000 diff --git a/test/results/flow-captured/default/ssh_unidirectional.pcap.out b/test/results/flow-captured/default/ssh_unidirectional.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ssh_unidirectional.pcap.out diff --git a/test/results/flow-captured/default/ssl-cert-name-mismatch.pcap.out b/test/results/flow-captured/default/ssl-cert-name-mismatch.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ssl-cert-name-mismatch.pcap.out diff --git a/test/results/flow-captured/default/starcraft_battle.pcap.out b/test/results/flow-captured/default/starcraft_battle.pcap.out new file mode 100644 index 000000000..7496cc0bb --- /dev/null +++ b/test/results/flow-captured/default/starcraft_battle.pcap.out @@ -0,0 +1,16 @@ +Flow 15 risky: tcp 192.168.1.100:3508 -> 87.248.221.254:80 +Flow 28 risky: udp 192.168.1.100:53145 -> 192.168.1.254:53 +Flow 44 risky: udp 192.168.1.100:55468 -> 192.168.1.254:53 +Flow 24 midstream: tcp 192.168.1.100:3479 -> 2.228.46.114:443 +Flow 22 midstream: tcp 192.168.1.100:3480 -> 2.228.46.114:443 +Flow 23 midstream: tcp 192.168.1.100:3481 -> 2.228.46.114:443 +Flow 21 midstream: tcp 192.168.1.100:3482 -> 2.228.46.114:443 +Flow 18 midstream: tcp 192.168.1.100:3489 -> 2.228.46.104:443 +Flow 19 midstream: tcp 192.168.1.100:3490 -> 2.228.46.104:443 +Flow 20 midstream: tcp 192.168.1.100:3491 -> 2.228.46.104:443 +Flow 17 midstream: tcp 192.168.1.100:3492 -> 2.228.46.104:443 +Flow 14 risky: udp 192.168.1.100:60026 -> 192.168.1.254:53 +Flow 2 risky: udp 192.168.1.100:58818 -> 192.168.1.254:53 +Flow 4 risky: udp 192.168.1.100:58831 -> 192.168.1.254:53 +Flow 9 risky: udp 192.168.1.100:58851 -> 192.168.1.254:53 +Flow 16 risky: tcp 192.168.1.100:3512 -> 12.129.222.54:80 diff --git a/test/results/flow-captured/default/steam.pcapng.out b/test/results/flow-captured/default/steam.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/steam.pcapng.out diff --git a/test/results/flow-captured/default/stomp.pcapng.out b/test/results/flow-captured/default/stomp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/stomp.pcapng.out diff --git a/test/results/flow-captured/default/stun.pcap.out b/test/results/flow-captured/default/stun.pcap.out new file mode 100644 index 000000000..19e9b46e3 --- /dev/null +++ b/test/results/flow-captured/default/stun.pcap.out @@ -0,0 +1,3 @@ +Flow 2 risky: udp 192.168.12.169:43016 -> 74.125.247.128:3478 +Flow 3 risky: icmp 192.168.12.169 -> 74.125.247.128 +Flow 5 risky: udp 192.168.12.169:38123 -> 31.13.86.54:40003 diff --git a/test/results/flow-captured/default/stun_classic.pcap.out b/test/results/flow-captured/default/stun_classic.pcap.out new file mode 100644 index 000000000..29674b8e3 --- /dev/null +++ b/test/results/flow-captured/default/stun_classic.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: udp 172.16.63.224:55050 -> 172.16.63.21:13958 diff --git a/test/results/flow-captured/default/stun_dtls_rtp.pcapng.out b/test/results/flow-captured/default/stun_dtls_rtp.pcapng.out new file mode 100644 index 000000000..fafa9ec68 --- /dev/null +++ b/test/results/flow-captured/default/stun_dtls_rtp.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 192.168.12.156:37967 -> 142.250.82.76:19305 diff --git a/test/results/flow-captured/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/flow-captured/default/stun_dtls_rtp_unidir.pcapng.out new file mode 100644 index 000000000..d234da29e --- /dev/null +++ b/test/results/flow-captured/default/stun_dtls_rtp_unidir.pcapng.out @@ -0,0 +1,2 @@ +Flow 1 risky: udp 10.10.0.1:65226 -> 10.1.0.3:57730 +Flow 2 risky: udp 10.1.0.3:5853 -> 10.10.0.1:2808 diff --git a/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out b/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/stun_dtls_unidirectional_client.pcap.out diff --git a/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out b/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/stun_dtls_unidirectional_server.pcap.out diff --git a/test/results/flow-captured/default/stun_google_meet.pcapng.out b/test/results/flow-captured/default/stun_google_meet.pcapng.out new file mode 100644 index 000000000..d406e6c37 --- /dev/null +++ b/test/results/flow-captured/default/stun_google_meet.pcapng.out @@ -0,0 +1,4 @@ +Flow 3 risky: udp 192.168.12.156:38152 -> 142.250.82.76:19305 +Flow 2 risky: udp 192.168.12.156:45400 -> 74.125.128.127:19302 +Flow 1 risky: udp 192.168.12.156:38152 -> 74.125.128.127:19302 +Flow 7 risky: udp 2001:b07:a3d:c112:48a1:1094:1227:281e:45572 -> 2001:4860:4864:6::81:19305 diff --git a/test/results/flow-captured/default/stun_msteams_unidir.pcapng.out b/test/results/flow-captured/default/stun_msteams_unidir.pcapng.out new file mode 100644 index 000000000..40a647bab --- /dev/null +++ b/test/results/flow-captured/default/stun_msteams_unidir.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: udp 52.115.136.55:3479 -> 10.0.0.1:50006 diff --git a/test/results/flow-captured/default/stun_signal.pcapng.out b/test/results/flow-captured/default/stun_signal.pcapng.out new file mode 100644 index 000000000..cf96af8df --- /dev/null +++ b/test/results/flow-captured/default/stun_signal.pcapng.out @@ -0,0 +1,16 @@ +Flow 14 risky: udp 192.168.12.169:43068 -> 18.195.131.143:61156 +Flow 7 risky: icmp 35.158.183.167 -> 192.168.12.169 +Flow 3 risky: udp 192.168.12.169:47204 -> 35.158.183.167:443 +Flow 6 risky: udp 192.168.12.169:39518 -> 35.158.183.167:443 +Flow 23 risky: udp 192.168.12.169:47767 -> 18.195.131.143:61498 +Flow 9 risky: udp 192.168.12.169:43068 -> 35.158.183.167:443 +Flow 10 risky: udp 192.168.12.169:43068 -> 172.253.121.127:19302 +Flow 12 risky: udp 192.168.12.169:39950 -> 35.158.183.167:443 +Flow 11 risky: udp 192.168.12.169:39950 -> 172.253.121.127:19302 +Flow 20 risky: udp 192.168.12.169:37970 -> 35.158.122.211:3478 +Flow 17 risky: udp 192.168.12.169:47767 -> 35.158.122.211:443 +Flow 15 risky: udp 192.168.12.169:47767 -> 172.253.121.127:19302 +Flow 18 risky: udp 192.168.12.169:37970 -> 35.158.122.211:443 +Flow 16 risky: udp 192.168.12.169:37970 -> 172.253.121.127:19302 +Flow 21 risky: icmp 35.158.122.211 -> 192.168.12.169 +Flow 19 risky: udp 192.168.12.169:47767 -> 35.158.122.211:3478 diff --git a/test/results/flow-captured/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/flow-captured/default/stun_tcp_multiple_msgs_same_pkt.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/stun_tcp_multiple_msgs_same_pkt.pcap.out diff --git a/test/results/flow-captured/default/stun_wa_call.pcapng.out b/test/results/flow-captured/default/stun_wa_call.pcapng.out new file mode 100644 index 000000000..333efcc49 --- /dev/null +++ b/test/results/flow-captured/default/stun_wa_call.pcapng.out @@ -0,0 +1,13 @@ +Flow 1 risky: udp 192.168.12.156:46652 -> 93.57.123.227:3478 +Flow 6 risky: udp 192.168.12.156:49526 -> 157.240.203.62:3478 +Flow 2 risky: udp 192.168.12.156:46652 -> 157.240.203.62:3478 +Flow 4 risky: udp 192.168.12.156:46652 -> 157.240.21.51:3478 +Flow 5 risky: udp 192.168.12.156:46652 -> 157.240.195.48:3478 +Flow 3 risky: udp 192.168.12.156:46652 -> 157.240.231.62:3478 +Flow 13 risky: icmp 93.63.100.129 -> 192.168.12.156 +Flow 7 risky: udp 192.168.12.156:49526 -> 157.240.231.62:3478 +Flow 8 risky: udp 192.168.12.156:49526 -> 157.240.196.62:3478 +Flow 11 risky: udp 192.168.12.156:49526 -> 10.82.40.241:40436 +Flow 12 risky: udp 192.168.12.156:49526 -> 93.33.118.87:41107 +Flow 9 risky: udp 192.168.12.156:49526 -> 179.60.192.48:3478 +Flow 10 risky: udp 192.168.12.156:49526 -> 185.60.216.51:3478 diff --git a/test/results/flow-captured/default/stun_zoom.pcapng.out b/test/results/flow-captured/default/stun_zoom.pcapng.out new file mode 100644 index 000000000..31ad627b4 --- /dev/null +++ b/test/results/flow-captured/default/stun_zoom.pcapng.out @@ -0,0 +1,2 @@ +Flow 2 risky: udp 192.168.43.169:53065 -> 134.224.90.111:8801 +Flow 1 risky: udp 192.168.43.169:48854 -> 134.224.90.111:8801 diff --git a/test/results/flow-captured/default/syncthing.pcap.out b/test/results/flow-captured/default/syncthing.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/syncthing.pcap.out diff --git a/test/results/flow-captured/default/synscan.pcap.out b/test/results/flow-captured/default/synscan.pcap.out new file mode 100644 index 000000000..256ce0946 --- /dev/null +++ b/test/results/flow-captured/default/synscan.pcap.out @@ -0,0 +1,1854 @@ +Flow 716 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3390 +Flow 1633 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9535 +Flow 789 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3390 +Flow 1708 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9535 +Flow 378 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5440 +Flow 406 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5440 +Flow 990 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50500 +Flow 381 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:19780 +Flow 1057 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50500 +Flow 403 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:19780 +Flow 206 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7496 +Flow 250 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7496 +Flow 1073 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3404 +Flow 1124 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3404 +Flow 597 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7512 +Flow 996 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:19801 +Flow 658 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7512 +Flow 1051 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:19801 +Flow 184 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9575 +Flow 231 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9575 +Flow 423 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9593 +Flow 1044 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9594 +Flow 443 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9593 +Flow 1111 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9594 +Flow 511 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9595 +Flow 560 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9595 +Flow 275 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5500 +Flow 304 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5500 +Flow 455 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:15742 +Flow 493 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:15742 +Flow 687 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:19842 +Flow 760 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:19842 +Flow 794 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5510 +Flow 861 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5510 +Flow 55 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1417 +Flow 73 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1417 +Flow 920 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9618 +Flow 977 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9618 +Flow 1317 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:38292 +Flow 351 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3476 +Flow 1380 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:38292 +Flow 392 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3476 +Flow 1651 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:13722 +Flow 1288 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:44442 +Flow 1362 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:44442 +Flow 1720 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:13722 +Flow 919 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:44443 +Flow 978 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:44443 +Flow 1335 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:56737 +Flow 1643 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:56738 +Flow 1410 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:56737 +Flow 1728 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:56738 +Flow 997 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1443 +Flow 1050 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1443 +Flow 336 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3493 +Flow 366 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3493 +Flow 1254 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5544 +Flow 1306 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5544 +Flow 1621 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5550 +Flow 1684 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5550 +Flow 575 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1455 +Flow 645 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1455 +Flow 1790 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5555 +Flow 1867 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5555 +Flow 432 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1461 +Flow 475 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1461 +Flow 868 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5560 +Flow 937 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5560 +Flow 520 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3517 +Flow 795 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5566 +Flow 551 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3517 +Flow 860 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5566 +Flow 1441 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:52673 +Flow 1505 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:52673 +Flow 264 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9666 +Flow 315 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9666 +Flow 1098 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3527 +Flow 1157 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3527 +Flow 625 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7625 +Flow 712 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7625 +Flow 1539 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7627 +Flow 1799 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50636 +Flow 1614 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7627 +Flow 1858 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50636 +Flow 370 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:44501 +Flow 90 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:17877 +Flow 414 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:44501 +Flow 1021 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:13782 +Flow 119 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:17877 +Flow 1175 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:13783 +Flow 1084 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:13782 +Flow 1232 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:13783 +Flow 688 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3546 +Flow 759 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3546 +Flow 1488 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1500 +Flow 1561 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1500 +Flow 1244 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1501 +Flow 1316 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1501 +Flow 1482 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1503 +Flow 1256 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3551 +Flow 1567 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1503 +Flow 1304 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3551 +Flow 96 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:65000 +Flow 113 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:65000 +Flow 344 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1524 +Flow 399 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1524 +Flow 1039 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3580 +Flow 107 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7676 +Flow 1116 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3580 +Flow 1072 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1533 +Flow 143 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7676 +Flow 1125 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1533 +Flow 356 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5631 +Flow 387 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5631 +Flow 1697 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5633 +Flow 1760 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5633 +Flow 1829 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:42510 +Flow 1902 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:42510 +Flow 1528 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1556 +Flow 1605 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1556 +Flow 1475 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5666 +Flow 1574 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5666 +Flow 580 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:20005 +Flow 640 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:20005 +Flow 948 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:28201 +Flow 1007 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:28201 +Flow 1784 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1580 +Flow 1873 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1580 +Flow 1839 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5678 +Flow 1922 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5678 +Flow 915 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5679 +Flow 190 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1583 +Flow 982 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5679 +Flow 225 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1583 +Flow 95 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1594 +Flow 114 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1594 +Flow 458 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7741 +Flow 490 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7741 +Flow 540 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:20031 +Flow 873 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1600 +Flow 607 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:20031 +Flow 932 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1600 +Flow 801 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:17988 +Flow 854 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:17988 +Flow 890 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3659 +Flow 965 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3659 +Flow 1737 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:52822 +Flow 804 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5718 +Flow 1817 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:52822 +Flow 851 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5718 +Flow 91 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7777 +Flow 913 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7778 +Flow 518 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5730 +Flow 118 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7777 +Flow 984 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7778 +Flow 553 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5730 +Flow 1594 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:26214 +Flow 1656 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:26214 +Flow 1838 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3689 +Flow 565 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:65129 +Flow 186 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1641 +Flow 1923 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3689 +Flow 1093 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3690 +Flow 655 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:65129 +Flow 229 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1641 +Flow 1162 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3690 +Flow 922 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50800 +Flow 134 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:52848 +Flow 975 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50800 +Flow 158 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:52848 +Flow 1589 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3703 +Flow 888 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:18040 +Flow 1661 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3703 +Flow 382 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7800 +Flow 967 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:18040 +Flow 402 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7800 +Flow 724 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1658 +Flow 781 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1658 +Flow 722 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:16000 +Flow 783 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:16000 +Flow 354 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:16001 +Flow 389 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:16001 +Flow 384 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1666 +Flow 400 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1666 +Flow 334 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:52869 +Flow 368 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:52869 +Flow 1472 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:16012 +Flow 1577 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:16012 +Flow 698 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:16016 +Flow 749 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:16016 +Flow 1738 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:16018 +Flow 1816 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:16018 +Flow 743 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9876 +Flow 1893 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9877 +Flow 812 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9876 +Flow 1959 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9877 +Flow 1023 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9878 +Flow 1082 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9878 +Flow 51 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1687 +Flow 440 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1688 +Flow 77 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1687 +Flow 467 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1688 +Flow 337 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3737 +Flow 365 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3737 +Flow 1296 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1700 +Flow 1354 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1700 +Flow 1374 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5801 +Flow 1445 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5801 +Flow 995 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5802 +Flow 188 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9898 +Flow 1052 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5802 +Flow 227 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9898 +Flow 881 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9900 +Flow 924 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9900 +Flow 172 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:14000 +Flow 202 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:14000 +Flow 629 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5810 +Flow 708 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5810 +Flow 430 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5811 +Flow 477 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5811 +Flow 1221 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1717 +Flow 953 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:18101 +Flow 1002 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:18101 +Flow 1277 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1717 +Flow 872 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3766 +Flow 721 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1718 +Flow 1469 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5815 +Flow 933 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3766 +Flow 784 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1718 +Flow 1532 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5815 +Flow 719 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1721 +Flow 786 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1721 +Flow 30 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1723 +Flow 69 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1723 +Flow 112 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9917 +Flow 139 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9917 +Flow 129 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5822 +Flow 255 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:11967 +Flow 163 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5822 +Flow 283 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:11967 +Flow 187 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5825 +Flow 228 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5825 +Flow 420 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3784 +Flow 446 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3784 +Flow 94 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:16080 +Flow 115 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:16080 +Flow 729 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9943 +Flow 776 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9943 +Flow 1251 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3800 +Flow 499 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9944 +Flow 1309 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3800 +Flow 800 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3801 +Flow 532 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9944 +Flow 855 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3801 +Flow 596 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5850 +Flow 1626 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1755 +Flow 659 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5850 +Flow 1715 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1755 +Flow 986 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:12000 +Flow 1061 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:12000 +Flow 545 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1761 +Flow 358 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3809 +Flow 602 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1761 +Flow 385 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3809 +Flow 1641 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5859 +Flow 1700 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5859 +Flow 1889 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5862 +Flow 291 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3814 +Flow 1963 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5862 +Flow 502 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7911 +Flow 329 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3814 +Flow 529 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7911 +Flow 1847 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7920 +Flow 879 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9968 +Flow 1350 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:16113 +Flow 1914 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7920 +Flow 1171 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7921 +Flow 926 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9968 +Flow 1426 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:16113 +Flow 1236 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7921 +Flow 125 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3826 +Flow 357 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3827 +Flow 167 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3826 +Flow 1787 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3828 +Flow 386 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3827 +Flow 1870 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3828 +Flow 1027 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5877 +Flow 1104 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1782 +Flow 1078 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5877 +Flow 1151 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1782 +Flow 1014 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1783 +Flow 1091 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1783 +Flow 1674 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:20221 +Flow 1753 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:20221 +Flow 342 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:20222 +Flow 360 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:20222 +Flow 848 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7937 +Flow 1197 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7938 +Flow 899 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7937 +Flow 1259 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7938 +Flow 1841 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1801 +Flow 1920 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1801 +Flow 885 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:34571 +Flow 614 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3851 +Flow 970 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:34571 +Flow 590 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:34572 +Flow 683 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3851 +Flow 1046 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:34573 +Flow 665 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:34572 +Flow 453 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1805 +Flow 1691 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9998 +Flow 1109 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:34573 +Flow 1022 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5902 +Flow 495 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1805 +Flow 1766 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9998 +Flow 1534 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:55055 +Flow 1083 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5902 +Flow 103 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5903 +Flow 1791 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:55056 +Flow 1619 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:55055 +Flow 1653 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5904 +Flow 147 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5903 +Flow 1866 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:55056 +Flow 1718 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5904 +Flow 577 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10001 +Flow 643 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10001 +Flow 535 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5906 +Flow 272 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10002 +Flow 733 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10003 +Flow 1029 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5907 +Flow 612 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5906 +Flow 307 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10002 +Flow 822 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10003 +Flow 1076 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5907 +Flow 626 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10004 +Flow 711 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10004 +Flow 1298 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5910 +Flow 1774 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5911 +Flow 1352 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5910 +Flow 1835 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5911 +Flow 421 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10009 +Flow 803 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10010 +Flow 445 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10009 +Flow 1803 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5915 +Flow 852 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10010 +Flow 1925 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10012 +Flow 1854 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5915 +Flow 1969 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10012 +Flow 1348 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3869 +Flow 1397 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3869 +Flow 1372 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3871 +Flow 1447 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3871 +Flow 769 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5922 +Flow 828 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5922 +Flow 1805 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5925 +Flow 1852 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5925 +Flow 798 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3878 +Flow 857 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3878 +Flow 1216 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10024 +Flow 89 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3880 +Flow 1536 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10025 +Flow 1282 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10024 +Flow 120 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3880 +Flow 1617 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10025 +Flow 728 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1839 +Flow 777 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1839 +Flow 269 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1840 +Flow 1430 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3889 +Flow 310 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1840 +Flow 1516 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3889 +Flow 1522 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5950 +Flow 1601 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5950 +Flow 1388 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7999 +Flow 1461 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7999 +Flow 1292 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5952 +Flow 427 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8000 +Flow 1358 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5952 +Flow 1344 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8001 +Flow 624 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3905 +Flow 480 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8000 +Flow 1401 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8001 +Flow 713 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3905 +Flow 633 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8002 +Flow 704 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8002 +Flow 500 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1862 +Flow 1176 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8007 +Flow 1936 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1863 +Flow 531 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1862 +Flow 169 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5959 +Flow 1231 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8007 +Flow 1986 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1863 +Flow 1142 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5960 +Flow 865 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1864 +Flow 205 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5959 +Flow 1336 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5961 +Flow 1205 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5960 +Flow 940 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1864 +Flow 1947 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5962 +Flow 1743 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3914 +Flow 1409 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5961 +Flow 1975 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5962 +Flow 1478 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8011 +Flow 1811 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3914 +Flow 343 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5963 +Flow 1571 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8011 +Flow 359 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5963 +Flow 300 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3918 +Flow 320 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3918 +Flow 1652 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3920 +Flow 1719 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3920 +Flow 717 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1875 +Flow 788 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1875 +Flow 519 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8021 +Flow 1789 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8022 +Flow 552 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8021 +Flow 1868 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8022 +Flow 1383 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8031 +Flow 1466 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8031 +Flow 513 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10082 +Flow 1776 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:63331 +Flow 942 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5987 +Flow 558 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10082 +Flow 1881 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:63331 +Flow 1013 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5987 +Flow 570 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5988 +Flow 897 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5989 +Flow 650 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5988 +Flow 958 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5989 +Flow 256 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3945 +Flow 839 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8042 +Flow 282 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3945 +Flow 908 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8042 +Flow 992 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1900 +Flow 1744 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:65389 +Flow 1055 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1900 +Flow 258 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8045 +Flow 1810 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:65389 +Flow 1064 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5998 +Flow 280 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8045 +Flow 1133 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5998 +Flow 628 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5999 +Flow 709 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5999 +Flow 50 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6000 +Flow 1481 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6001 +Flow 78 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6000 +Flow 1568 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6001 +Flow 1392 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6002 +Flow 1457 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6002 +Flow 1217 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6003 +Flow 1741 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6004 +Flow 1281 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6003 +Flow 1944 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6005 +Flow 1813 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6004 +Flow 1978 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6005 +Flow 1695 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6006 +Flow 1762 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6006 +Flow 1190 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6007 +Flow 1266 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6007 +Flow 1347 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6009 +Flow 1398 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6009 +Flow 847 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1914 +Flow 900 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1914 +Flow 292 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:24444 +Flow 328 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:24444 +Flow 955 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3971 +Flow 1000 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3971 +Flow 517 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6025 +Flow 554 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6025 +Flow 875 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:12174 +Flow 930 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:12174 +Flow 1442 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8081 +Flow 1504 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8081 +Flow 1518 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3986 +Flow 736 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8082 +Flow 1648 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8083 +Flow 1580 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3986 +Flow 819 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8082 +Flow 1896 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8084 +Flow 1723 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8083 +Flow 1956 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8084 +Flow 1147 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8085 +Flow 1200 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8085 +Flow 346 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8086 +Flow 1043 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8087 +Flow 397 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8086 +Flow 1218 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8088 +Flow 1112 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8087 +Flow 1280 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8088 +Flow 1094 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8089 +Flow 1161 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8089 +Flow 846 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8090 +Flow 901 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8090 +Flow 1474 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1947 +Flow 691 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3995 +Flow 1575 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1947 +Flow 756 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3995 +Flow 1890 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8093 +Flow 1962 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8093 +Flow 1692 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3998 +Flow 87 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:14238 +Flow 1371 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:51103 +Flow 1765 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3998 +Flow 122 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:14238 +Flow 1448 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:51103 +Flow 1842 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4001 +Flow 1919 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4001 +Flow 1484 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4002 +Flow 1565 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4002 +Flow 634 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8099 +Flow 105 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4003 +Flow 703 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8099 +Flow 501 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8100 +Flow 1290 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4004 +Flow 145 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4003 +Flow 1360 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4004 +Flow 530 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8100 +Flow 374 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4005 +Flow 410 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4005 +Flow 335 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4006 +Flow 367 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4006 +Flow 1781 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6059 +Flow 1876 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6059 +Flow 1164 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1971 +Flow 1250 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1972 +Flow 1243 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1971 +Flow 1310 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1972 +Flow 880 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1974 +Flow 925 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1974 +Flow 1892 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1984 +Flow 1960 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1984 +Flow 615 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10180 +Flow 682 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10180 +Flow 1645 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4045 +Flow 1726 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4045 +Flow 1322 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:57294 +Flow 1319 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1998 +Flow 1423 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:57294 +Flow 1378 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1998 +Flow 764 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1999 +Flow 263 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:40911 +Flow 833 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1999 +Flow 316 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:40911 +Flow 355 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2001 +Flow 388 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2001 +Flow 1185 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2003 +Flow 1381 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6100 +Flow 1271 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2003 +Flow 893 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2004 +Flow 1468 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6100 +Flow 1035 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6101 +Flow 962 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2004 +Flow 101 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2005 +Flow 1120 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6101 +Flow 1693 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2006 +Flow 149 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2005 +Flow 1764 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2006 +Flow 1432 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2007 +Flow 1822 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2008 +Flow 1514 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2007 +Flow 1884 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2008 +Flow 951 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2009 +Flow 1677 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2010 +Flow 1004 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2009 +Flow 582 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6106 +Flow 1750 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2010 +Flow 673 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6106 +Flow 515 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2013 +Flow 556 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2013 +Flow 1172 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6112 +Flow 1235 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6112 +Flow 340 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2020 +Flow 1376 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2021 +Flow 362 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2020 +Flow 1453 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2021 +Flow 741 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2022 +Flow 1540 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10215 +Flow 814 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2022 +Flow 1613 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10215 +Flow 766 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:12265 +Flow 831 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:12265 +Flow 1786 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6123 +Flow 1871 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6123 +Flow 53 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2030 +Flow 75 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2030 +Flow 1888 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2033 +Flow 1735 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6129 +Flow 1964 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2033 +Flow 1945 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2034 +Flow 1819 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6129 +Flow 1977 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2034 +Flow 1031 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2035 +Flow 1074 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2035 +Flow 916 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8180 +Flow 981 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8180 +Flow 746 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8181 +Flow 809 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8181 +Flow 86 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2038 +Flow 123 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2038 +Flow 1785 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2040 +Flow 1872 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2040 +Flow 1258 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2041 +Flow 1302 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2041 +Flow 1140 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2042 +Flow 1545 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2043 +Flow 1207 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2042 +Flow 1608 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2043 +Flow 1779 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2045 +Flow 1878 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2045 +Flow 350 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2046 +Flow 208 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:30718 +Flow 587 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2047 +Flow 393 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2046 +Flow 248 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:30718 +Flow 1935 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49152 +Flow 696 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8192 +Flow 668 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2047 +Flow 637 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2048 +Flow 185 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32768 +Flow 1987 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49152 +Flow 1343 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49153 +Flow 1225 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32769 +Flow 751 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8192 +Flow 944 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1 +Flow 700 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2048 +Flow 542 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8193 +Flow 230 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32768 +Flow 1402 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49153 +Flow 1775 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32770 +Flow 1300 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32769 +Flow 802 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49154 +Flow 1193 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8194 +Flow 1011 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1 +Flow 605 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8193 +Flow 853 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49154 +Flow 1834 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32770 +Flow 1887 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10243 +Flow 1480 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32771 +Flow 1263 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8194 +Flow 544 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3 +Flow 194 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49155 +Flow 1569 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32771 +Flow 1965 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10243 +Flow 1332 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32772 +Flow 793 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49156 +Flow 841 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4 +Flow 603 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3 +Flow 221 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49155 +Flow 1951 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49157 +Flow 1413 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32772 +Flow 1177 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32773 +Flow 906 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4 +Flow 862 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49156 +Flow 1971 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49157 +Flow 1230 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32773 +Flow 954 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49158 +Flow 585 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32774 +Flow 54 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6 +Flow 1627 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49159 +Flow 1001 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49158 +Flow 1843 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32775 +Flow 670 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32774 +Flow 514 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7 +Flow 74 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6 +Flow 1918 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32775 +Flow 1848 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49160 +Flow 1714 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49159 +Flow 588 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8200 +Flow 557 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7 +Flow 509 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32776 +Flow 1913 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49160 +Flow 1489 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49161 +Flow 1642 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32777 +Flow 667 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8200 +Flow 562 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32776 +Flow 371 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9 +Flow 1729 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32777 +Flow 1560 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49161 +Flow 413 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9 +Flow 93 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32778 +Flow 767 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49163 +Flow 792 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32779 +Flow 116 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32778 +Flow 863 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32779 +Flow 830 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49163 +Flow 1174 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6156 +Flow 503 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32780 +Flow 727 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49165 +Flow 528 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32780 +Flow 1373 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:13 +Flow 1233 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6156 +Flow 276 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32781 +Flow 778 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49165 +Flow 1446 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:13 +Flow 770 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32782 +Flow 303 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32781 +Flow 1739 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49167 +Flow 998 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32783 +Flow 827 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32782 +Flow 380 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4111 +Flow 1815 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49167 +Flow 1527 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32784 +Flow 1049 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32783 +Flow 404 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4111 +Flow 1596 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32784 +Flow 1833 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2065 +Flow 436 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32785 +Flow 289 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:17 +Flow 1908 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2065 +Flow 471 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32785 +Flow 331 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:17 +Flow 1139 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:19 +Flow 1647 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2068 +Flow 1208 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:19 +Flow 1724 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2068 +Flow 1443 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49175 +Flow 1503 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49175 +Flow 426 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49176 +Flow 135 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:24 +Flow 481 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49176 +Flow 157 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:24 +Flow 293 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:26 +Flow 327 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:26 +Flow 765 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4125 +Flow 832 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4125 +Flow 463 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4126 +Flow 429 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:30 +Flow 56 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8222 +Flow 485 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4126 +Flow 478 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:30 +Flow 72 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8222 +Flow 132 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:32 +Flow 353 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4129 +Flow 1640 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:33 +Flow 160 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:32 +Flow 1701 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:33 +Flow 390 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4129 +Flow 1368 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:37 +Flow 1451 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:37 +Flow 694 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:42 +Flow 753 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:42 +Flow 1017 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:45100 +Flow 1088 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:45100 +Flow 1485 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49 +Flow 1564 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49 +Flow 217 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2099 +Flow 844 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2100 +Flow 239 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2099 +Flow 903 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2100 +Flow 1931 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2103 +Flow 1991 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2103 +Flow 1636 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2105 +Flow 878 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:12345 +Flow 1705 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2105 +Flow 927 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:12345 +Flow 176 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2106 +Flow 730 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2107 +Flow 198 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2106 +Flow 775 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2107 +Flow 1628 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8254 +Flow 1713 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8254 +Flow 1486 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2111 +Flow 1563 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2111 +Flow 1184 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:70 +Flow 1148 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2119 +Flow 1199 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2119 +Flow 595 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2121 +Flow 660 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2121 +Flow 572 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2126 +Flow 1196 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:79 +Flow 648 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2126 +Flow 1260 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:79 +Flow 1365 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:81 +Flow 1429 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:81 +Flow 466 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:82 +Flow 619 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:83 +Flow 482 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:82 +Flow 799 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:84 +Flow 678 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:83 +Flow 1824 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:85 +Flow 856 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:84 +Flow 1907 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:85 +Flow 1369 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2135 +Flow 1450 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2135 +Flow 1040 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:89 +Flow 1895 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:90 +Flow 1115 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:89 +Flow 1957 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:90 +Flow 177 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:61532 +Flow 197 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:61532 +Flow 1143 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2144 +Flow 1204 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2144 +Flow 1544 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8290 +Flow 1609 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8290 +Flow 377 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:99 +Flow 124 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8291 +Flow 578 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8292 +Flow 1588 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:100 +Flow 407 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:99 +Flow 168 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8291 +Flow 1662 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:100 +Flow 642 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8292 +Flow 918 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:14441 +Flow 979 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:14441 +Flow 1248 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:106 +Flow 108 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:14442 +Flow 1312 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:106 +Flow 142 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:14442 +Flow 254 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8300 +Flow 763 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:109 +Flow 284 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8300 +Flow 834 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:109 +Flow 5 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:111 +Flow 1792 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2160 +Flow 25 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:111 +Flow 1865 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2160 +Flow 465 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2161 +Flow 12 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:113 +Flow 483 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2161 +Flow 1593 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:119 +Flow 1657 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:119 +Flow 1034 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2170 +Flow 1121 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2170 +Flow 523 not-detected: tcp 172.16.0.8:36061 -> 64.13.134.52:113 +Flow 723 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:125 +Flow 782 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:125 +Flow 425 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4224 +Flow 441 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4224 +Flow 1286 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2179 +Flow 1364 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2179 +Flow 1327 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2191 +Flow 1418 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2191 +Flow 1032 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:144 +Flow 1123 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:144 +Flow 1384 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:146 +Flow 1346 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4242 +Flow 1465 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:146 +Flow 1399 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4242 +Flow 594 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2196 +Flow 661 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2196 +Flow 506 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2200 +Flow 525 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2200 +Flow 1634 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:161 +Flow 1707 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:161 +Flow 504 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:163 +Flow 527 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:163 +Flow 49 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2222 +Flow 79 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2222 +Flow 917 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4279 +Flow 980 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4279 +Flow 1669 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8383 +Flow 1733 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8383 +Flow 4 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:199 +Flow 26 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:199 +Flow 461 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6346 +Flow 1851 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2251 +Flow 487 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6346 +Flow 1910 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2251 +Flow 435 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8400 +Flow 472 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8400 +Flow 1096 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8402 +Flow 1159 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8402 +Flow 1030 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:211 +Flow 1075 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:211 +Flow 564 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:212 +Flow 431 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2260 +Flow 656 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:212 +Flow 476 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2260 +Flow 1192 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:222 +Flow 1264 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:222 +Flow 1387 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:24800 +Flow 1699 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4321 +Flow 1462 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:24800 +Flow 1758 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4321 +Flow 1678 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:30951 +Flow 1749 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:30951 +Flow 536 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2288 +Flow 611 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2288 +Flow 266 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6389 +Flow 313 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6389 +Flow 1524 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49400 +Flow 1599 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49400 +Flow 1519 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8443 +Flow 1579 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8443 +Flow 921 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2301 +Flow 976 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2301 +Flow 419 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:254 +Flow 1101 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:255 +Flow 447 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:254 +Flow 1154 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:255 +Flow 37 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:256 +Flow 63 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:256 +Flow 1886 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:259 +Flow 871 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:55555 +Flow 1966 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:259 +Flow 934 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:55555 +Flow 1487 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:264 +Flow 1562 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:264 +Flow 1543 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2323 +Flow 1610 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2323 +Flow 270 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:280 +Flow 309 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:280 +Flow 695 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:51493 +Flow 752 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:51493 +Flow 747 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:301 +Flow 808 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:301 +Flow 579 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:55600 +Flow 641 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:55600 +Flow 1939 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:306 +Flow 1983 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:306 +Flow 1470 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8500 +Flow 1531 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8500 +Flow 1898 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:311 +Flow 1954 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:311 +Flow 1795 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2366 +Flow 985 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:31038 +Flow 1862 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2366 +Flow 1062 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:31038 +Flow 546 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10566 +Flow 601 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10566 +Flow 1016 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2381 +Flow 1089 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2381 +Flow 295 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2382 +Flow 740 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2383 +Flow 325 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2382 +Flow 815 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2383 +Flow 1497 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:340 +Flow 1552 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:340 +Flow 417 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2393 +Flow 1291 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2394 +Flow 449 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2393 +Flow 1359 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2394 +Flow 991 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4443 +Flow 1595 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:20828 +Flow 1195 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4444 +Flow 1056 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4443 +Flow 1655 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:20828 +Flow 1261 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4444 +Flow 1015 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4445 +Flow 1145 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4446 +Flow 1090 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4445 +Flow 1202 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4446 +Flow 1038 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2399 +Flow 1117 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2399 +Flow 1937 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2401 +Flow 617 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4449 +Flow 1985 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2401 +Flow 680 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4449 +Flow 1745 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6502 +Flow 1809 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6502 +Flow 742 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6510 +Flow 726 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:366 +Flow 813 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6510 +Flow 779 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:366 +Flow 1253 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:27000 +Flow 987 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10616 +Flow 1307 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:27000 +Flow 1060 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10616 +Flow 731 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10617 +Flow 774 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10617 +Flow 46 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10621 +Flow 82 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10621 +Flow 131 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10626 +Flow 161 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10626 +Flow 1194 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10628 +Flow 1262 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10628 +Flow 44 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10629 +Flow 84 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10629 +Flow 210 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6543 +Flow 246 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6543 +Flow 638 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6547 +Flow 699 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6547 +Flow 1105 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:406 +Flow 1385 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:407 +Flow 1150 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:406 +Flow 1464 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:407 +Flow 1168 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8600 +Flow 1239 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8600 +Flow 1106 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:22939 +Flow 1149 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:22939 +Flow 1318 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:416 +Flow 1479 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:417 +Flow 1379 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:416 +Flow 1570 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:417 +Flow 1431 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6565 +Flow 1515 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6565 +Flow 1334 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6566 +Flow 1492 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6567 +Flow 1411 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6566 +Flow 1557 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6567 +Flow 170 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:425 +Flow 204 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:425 +Flow 191 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6580 +Flow 224 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6580 +Flow 1435 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2492 +Flow 1672 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:444 +Flow 1755 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:444 +Flow 1511 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2492 +Flow 1491 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2500 +Flow 1558 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2500 +Flow 462 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:57797 +Flow 898 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4550 +Flow 486 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:57797 +Flow 957 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4550 +Flow 216 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8649 +Flow 1294 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:458 +Flow 240 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8649 +Flow 1356 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:458 +Flow 452 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8651 +Flow 1390 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:61900 +Flow 1100 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8652 +Flow 496 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8651 +Flow 1459 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:61900 +Flow 1155 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8652 +Flow 1793 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8654 +Flow 1864 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8654 +Flow 516 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:464 +Flow 555 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:464 +Flow 541 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4567 +Flow 606 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4567 +Flow 349 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2522 +Flow 394 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2522 +Flow 267 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2525 +Flow 312 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2525 +Flow 837 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:481 +Flow 910 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:481 +Flow 178 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:497 +Flow 196 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:497 +Flow 1826 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6646 +Flow 1905 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6646 +Flow 1367 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2557 +Flow 715 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8701 +Flow 1427 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2557 +Flow 790 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8701 +Flow 1950 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:512 +Flow 1972 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:512 +Flow 1341 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:513 +Flow 1404 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:513 +Flow 1623 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:515 +Flow 1682 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:515 +Flow 1899 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6666 +Flow 1953 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6666 +Flow 1675 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6667 +Flow 1752 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6667 +Flow 1167 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6668 +Flow 1135 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:524 +Flow 1240 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6668 +Flow 1212 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:524 +Flow 180 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6669 +Flow 235 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6669 +Flow 720 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:10778 +Flow 785 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:10778 +Flow 1323 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:541 +Flow 1422 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:541 +Flow 1187 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:543 +Flow 1670 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:544 +Flow 1269 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:543 +Flow 1732 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:544 +Flow 956 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6689 +Flow 892 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:545 +Flow 999 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6689 +Flow 963 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:545 +Flow 1541 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6692 +Flow 1612 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6692 +Flow 1219 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:41511 +Flow 1279 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:41511 +Flow 895 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2601 +Flow 1245 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2602 +Flow 960 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2601 +Flow 1315 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2602 +Flow 290 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6699 +Flow 1624 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:555 +Flow 1638 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:18988 +Flow 1717 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:555 +Flow 330 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6699 +Flow 1703 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:18988 +Flow 1840 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2607 +Flow 1921 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2607 +Flow 1293 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2608 +Flow 1357 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2608 +Flow 1894 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:563 +Flow 1958 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:563 +Flow 459 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4662 +Flow 489 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4662 +Flow 1102 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:33354 +Flow 1153 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:33354 +Flow 1622 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2638 +Flow 1683 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2638 +Flow 1391 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:593 +Flow 1458 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:593 +Flow 1933 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8800 +Flow 1019 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:16992 +Flow 1989 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8800 +Flow 1746 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:16993 +Flow 1086 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:16992 +Flow 1808 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:16993 +Flow 1537 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:616 +Flow 1616 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:616 +Flow 773 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:617 +Flow 109 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:31337 +Flow 824 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:617 +Flow 1832 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:625 +Flow 1909 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:625 +Flow 1927 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:60020 +Flow 1967 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:60020 +Flow 1494 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:631 +Flow 1555 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:631 +Flow 627 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6779 +Flow 1583 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:636 +Flow 710 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6779 +Flow 1667 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:636 +Flow 299 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:62078 +Flow 321 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:62078 +Flow 259 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6788 +Flow 279 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6788 +Flow 1499 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6792 +Flow 1495 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:648 +Flow 1554 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:648 +Flow 1550 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6792 +Flow 99 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2701 +Flow 1048 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2702 +Flow 151 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2701 +Flow 1107 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2702 +Flow 1436 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2710 +Flow 1510 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2710 +Flow 1138 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:15000 +Flow 1209 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:15000 +Flow 877 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:15002 +Flow 296 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:666 +Flow 1183 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:15003 +Flow 928 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:15002 +Flow 1024 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:667 +Flow 324 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:666 +Flow 1272 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:15003 +Flow 1639 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:668 +Flow 1081 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:667 +Flow 133 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:15004 +Flow 302 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:19101 +Flow 1702 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:668 +Flow 732 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2717 +Flow 159 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:15004 +Flow 1942 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2718 +Flow 823 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2717 +Flow 318 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:19101 +Flow 1980 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2718 +Flow 1897 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2725 +Flow 1955 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2725 +Flow 1041 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8873 +Flow 1114 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8873 +Flow 57 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:683 +Flow 512 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:35500 +Flow 71 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:683 +Flow 559 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:35500 +Flow 1846 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:687 +Flow 1915 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:687 +Flow 1297 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:691 +Flow 1353 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:691 +Flow 262 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6839 +Flow 317 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6839 +Flow 41 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8888 +Flow 60 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8888 +Flow 274 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:700 +Flow 305 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:700 +Flow 950 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:705 +Flow 1005 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:705 +Flow 1214 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8899 +Flow 1284 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8899 +Flow 1224 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:711 +Flow 1301 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:711 +Flow 1170 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:714 +Flow 1237 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:714 +Flow 1382 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:720 +Flow 1467 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:720 +Flow 1342 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:722 +Flow 1403 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:722 +Flow 457 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:726 +Flow 491 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:726 +Flow 1439 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:27352 +Flow 1801 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:27353 +Flow 1507 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:27352 +Flow 1856 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:27353 +Flow 189 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:27355 +Flow 379 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:27356 +Flow 226 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:27355 +Flow 405 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:27356 +Flow 1337 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:58080 +Flow 1408 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:58080 +Flow 884 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6881 +Flow 971 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6881 +Flow 631 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:749 +Flow 706 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:749 +Flow 460 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2800 +Flow 92 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4848 +Flow 488 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2800 +Flow 117 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4848 +Flow 1685 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6901 +Flow 1772 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6901 +Flow 1370 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2809 +Flow 1449 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2809 +Flow 352 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2811 +Flow 391 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2811 +Flow 218 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:765 +Flow 238 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:765 +Flow 1649 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:777 +Flow 1722 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:777 +Flow 1500 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:783 +Flow 1549 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:783 +Flow 1654 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:787 +Flow 1730 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:787 +Flow 1502 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:54045 +Flow 1578 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:54045 +Flow 1036 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:800 +Flow 1119 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:800 +Flow 301 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:801 +Flow 1037 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:8994 +Flow 319 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:801 +Flow 1118 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:8994 +Flow 692 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4900 +Flow 755 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4900 +Flow 1635 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9000 +Flow 209 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:808 +Flow 1706 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9000 +Flow 1182 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9001 +Flow 247 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:808 +Flow 1273 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9001 +Flow 1063 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9002 +Flow 1134 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9002 +Flow 592 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9003 +Flow 663 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9003 +Flow 567 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9009 +Flow 653 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9009 +Flow 219 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9010 +Flow 1783 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9011 +Flow 237 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9010 +Flow 1874 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9011 +Flow 179 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2869 +Flow 195 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2869 +Flow 1687 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:6969 +Flow 1770 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:6969 +Flow 1526 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2875 +Flow 1597 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2875 +Flow 100 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:843 +Flow 150 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:843 +Flow 253 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:49999 +Flow 1734 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50000 +Flow 1477 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9040 +Flow 285 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:49999 +Flow 1820 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50000 +Flow 1572 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9040 +Flow 1068 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50001 +Flow 1690 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50002 +Flow 1129 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50001 +Flow 1767 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50002 +Flow 1632 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50003 +Flow 1340 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:19283 +Flow 1709 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50003 +Flow 1405 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:19283 +Flow 1794 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50006 +Flow 1863 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50006 +Flow 616 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7001 +Flow 947 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7002 +Flow 681 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7001 +Flow 623 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9050 +Flow 1008 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7002 +Flow 674 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9050 +Flow 1440 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7004 +Flow 1506 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7004 +Flow 416 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2909 +Flow 1680 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2910 +Flow 450 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2909 +Flow 1802 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7007 +Flow 1757 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2910 +Flow 1855 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7007 +Flow 876 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:11110 +Flow 929 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:11110 +Flow 498 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:11111 +Flow 1837 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2920 +Flow 533 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:11111 +Flow 1924 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2920 +Flow 1018 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7019 +Flow 1087 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7019 +Flow 220 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9071 +Flow 1625 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:880 +Flow 236 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9071 +Flow 1716 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:880 +Flow 1255 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7025 +Flow 1305 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7025 +Flow 686 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:19315 +Flow 761 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:19315 +Flow 1025 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9080 +Flow 589 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:888 +Flow 1080 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9080 +Flow 994 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9081 +Flow 666 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:888 +Flow 1053 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9081 +Flow 1097 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9090 +Flow 883 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:898 +Flow 1158 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9090 +Flow 972 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:898 +Flow 574 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9091 +Flow 1591 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:900 +Flow 646 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9091 +Flow 1659 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:900 +Flow 866 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:901 +Flow 1928 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:4998 +Flow 1092 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:902 +Flow 939 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:901 +Flow 1994 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:4998 +Flow 1163 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:902 +Flow 1169 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5000 +Flow 1238 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5000 +Flow 1929 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5002 +Flow 1993 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5002 +Flow 1798 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5003 +Flow 1644 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9099 +Flow 1727 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9099 +Flow 1859 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5003 +Flow 1523 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9100 +Flow 1437 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5004 +Flow 1600 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9100 +Flow 1509 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5004 +Flow 630 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9101 +Flow 707 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9101 +Flow 138 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9102 +Flow 1780 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:911 +Flow 1299 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9103 +Flow 154 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9102 +Flow 1877 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:911 +Flow 1351 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9103 +Flow 456 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:912 +Flow 1542 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5009 +Flow 492 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:912 +Flow 1611 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5009 +Flow 1389 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:19350 +Flow 437 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9110 +Flow 1460 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:19350 +Flow 1671 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9111 +Flow 840 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2967 +Flow 470 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9110 +Flow 1731 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9111 +Flow 907 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2967 +Flow 415 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2968 +Flow 451 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2968 +Flow 507 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7070 +Flow 524 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7070 +Flow 1047 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5030 +Flow 1108 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5030 +Flow 212 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5033 +Flow 244 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5033 +Flow 586 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:2998 +Flow 669 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:2998 +Flow 433 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3000 +Flow 474 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3000 +Flow 192 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3001 +Flow 1179 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5050 +Flow 223 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3001 +Flow 1228 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5050 +Flow 1688 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3003 +Flow 739 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5051 +Flow 1769 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3003 +Flow 816 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5051 +Flow 613 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7100 +Flow 1696 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3005 +Flow 684 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7100 +Flow 1761 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3005 +Flow 1584 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5054 +Flow 806 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3006 +Flow 1676 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7103 +Flow 1666 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5054 +Flow 869 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3007 +Flow 849 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3006 +Flow 1751 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7103 +Flow 936 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3007 +Flow 1042 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7106 +Flow 1689 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3011 +Flow 1113 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7106 +Flow 1768 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3011 +Flow 1849 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3013 +Flow 1912 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3013 +Flow 273 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3017 +Flow 306 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3017 +Flow 1796 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:23502 +Flow 1861 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:23502 +Flow 341 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:48080 +Flow 361 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:48080 +Flow 867 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:981 +Flow 938 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:981 +Flow 635 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3030 +Flow 1938 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3031 +Flow 702 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3030 +Flow 1984 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3031 +Flow 339 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5080 +Flow 363 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5080 +Flow 914 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:987 +Flow 983 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:987 +Flow 47 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:990 +Flow 1287 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5087 +Flow 81 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:990 +Flow 1363 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5087 +Flow 1099 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:992 +Flow 1156 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:992 +Flow 522 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:999 +Flow 1434 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1000 +Flow 549 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:999 +Flow 1512 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1000 +Flow 845 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1001 +Flow 902 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1001 +Flow 894 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1002 +Flow 58 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3050 +Flow 961 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1002 +Flow 70 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3050 +Flow 1136 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5100 +Flow 298 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3052 +Flow 1211 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5100 +Flow 322 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3052 +Flow 136 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5101 +Flow 1026 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5102 +Flow 156 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5101 +Flow 1827 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1007 +Flow 1079 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5102 +Flow 1904 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1007 +Flow 102 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9200 +Flow 576 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1009 +Flow 148 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9200 +Flow 1095 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1010 +Flow 644 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1009 +Flow 1160 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1010 +Flow 1070 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1011 +Flow 1127 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1011 +Flow 1338 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9207 +Flow 1407 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9207 +Flow 1926 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1021 +Flow 1968 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1021 +Flow 1529 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1022 +Flow 1604 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1022 +Flow 1586 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1023 +Flow 211 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3071 +Flow 887 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5120 +Flow 1664 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1023 +Flow 245 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3071 +Flow 130 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1024 +Flow 968 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5120 +Flow 162 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1024 +Flow 6 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1025 +Flow 1471 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1026 +Flow 24 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1025 +Flow 1530 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1026 +Flow 428 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1027 +Flow 548 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9220 +Flow 1590 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1028 +Flow 479 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1027 +Flow 599 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9220 +Flow 1660 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1028 +Flow 864 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1029 +Flow 126 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3077 +Flow 1186 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1030 +Flow 941 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1029 +Flow 166 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3077 +Flow 1270 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1030 +Flow 636 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1031 +Flow 1198 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1032 +Flow 701 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1031 +Flow 1493 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1033 +Flow 1274 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1032 +Flow 1556 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1033 +Flow 1546 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1034 +Flow 1607 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1034 +Flow 1329 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1035 +Flow 1416 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1035 +Flow 581 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1036 +Flow 1028 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1037 +Flow 639 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1036 +Flow 1821 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1038 +Flow 1077 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1037 +Flow 1885 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1038 +Flow 1538 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1039 +Flow 1615 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1039 +Flow 376 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1040 +Flow 734 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1041 +Flow 408 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1040 +Flow 821 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1041 +Flow 735 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1042 +Flow 820 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1042 +Flow 183 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1043 +Flow 1949 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1044 +Flow 232 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1043 +Flow 1973 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1044 +Flow 1247 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1045 +Flow 1313 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1045 +Flow 945 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1046 +Flow 1010 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1046 +Flow 347 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1047 +Flow 439 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1048 +Flow 396 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1047 +Flow 1932 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1049 +Flow 468 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1048 +Flow 1990 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1049 +Flow 1103 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1050 +Flow 1152 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1050 +Flow 891 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1051 +Flow 434 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:60443 +Flow 964 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1051 +Flow 690 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1052 +Flow 473 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:60443 +Flow 757 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1052 +Flow 584 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1053 +Flow 1520 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1054 +Flow 671 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1053 +Flow 1603 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1054 +Flow 1331 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1055 +Flow 1414 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1055 +Flow 128 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7200 +Flow 43 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1056 +Flow 583 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7201 +Flow 164 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7200 +Flow 1742 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1057 +Flow 85 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1056 +Flow 1812 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1057 +Flow 672 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7201 +Flow 569 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1058 +Flow 988 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1059 +Flow 651 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1058 +Flow 1059 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1059 +Flow 348 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1060 +Flow 1249 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1061 +Flow 395 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1060 +Flow 1311 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1061 +Flow 1066 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1062 +Flow 1797 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1063 +Flow 1131 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1062 +Flow 1860 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1063 +Flow 214 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1064 +Flow 508 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1065 +Flow 242 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1064 +Flow 836 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1066 +Flow 563 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1065 +Flow 911 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1066 +Flow 104 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1067 +Flow 1295 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1068 +Flow 146 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1067 +Flow 1355 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1068 +Flow 1349 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1069 +Flow 1396 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1069 +Flow 418 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1070 +Flow 448 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1070 +Flow 207 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1071 +Flow 744 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1072 +Flow 249 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1071 +Flow 811 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1072 +Flow 175 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1073 +Flow 1650 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1074 +Flow 199 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1073 +Flow 1721 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1074 +Flow 97 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1075 +Flow 1483 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1076 +Flow 153 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1075 +Flow 1566 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1076 +Flow 1333 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1077 +Flow 1412 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1077 +Flow 748 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1078 +Flow 807 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1078 +Flow 771 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1079 +Flow 826 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1079 +Flow 618 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:54328 +Flow 1490 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1081 +Flow 679 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:54328 +Flow 1559 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1081 +Flow 842 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1082 +Flow 905 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1082 +Flow 714 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1083 +Flow 791 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1083 +Flow 261 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1084 +Flow 768 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1085 +Flow 277 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1084 +Flow 829 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1085 +Flow 689 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1086 +Flow 758 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1086 +Flow 383 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1087 +Flow 521 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1088 +Flow 401 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1087 +Flow 1679 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1089 +Flow 550 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1088 +Flow 1748 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1089 +Flow 1629 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1090 +Flow 1712 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1090 +Flow 1521 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:21571 +Flow 1137 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1091 +Flow 946 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:27715 +Flow 1602 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:21571 +Flow 1930 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1092 +Flow 1210 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1091 +Flow 1009 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:27715 +Flow 1992 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1092 +Flow 896 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1093 +Flow 1646 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1094 +Flow 959 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1093 +Flow 260 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5190 +Flow 1725 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1094 +Flow 278 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5190 +Flow 213 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1095 +Flow 598 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1096 +Flow 243 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1095 +Flow 657 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1096 +Flow 422 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1097 +Flow 1934 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9290 +Flow 1257 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1098 +Flow 444 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1097 +Flow 1988 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9290 +Flow 1303 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1098 +Flow 1166 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1100 +Flow 1241 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1100 +Flow 1533 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1102 +Flow 1620 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1102 +Flow 1941 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1104 +Flow 438 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5200 +Flow 1981 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1104 +Flow 1178 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1105 +Flow 469 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5200 +Flow 1229 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1105 +Flow 1144 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1106 +Flow 1582 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1107 +Flow 1203 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1106 +Flow 1828 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1108 +Flow 1668 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1107 +Flow 1903 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1108 +Flow 1943 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1110 +Flow 1979 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1110 +Flow 215 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1111 +Flow 1033 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1112 +Flow 241 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1111 +Flow 1517 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1113 +Flow 1122 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1112 +Flow 1581 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1113 +Flow 1395 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1114 +Flow 1454 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1114 +Flow 1071 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1117 +Flow 1126 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1117 +Flow 288 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5214 +Flow 332 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5214 +Flow 805 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3168 +Flow 1215 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1121 +Flow 850 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3168 +Flow 1283 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1121 +Flow 1223 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1122 +Flow 1275 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1122 +Flow 265 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1123 +Flow 1252 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1124 +Flow 314 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1123 +Flow 1308 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1124 +Flow 338 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5221 +Flow 1339 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1126 +Flow 1165 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5222 +Flow 364 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5221 +Flow 1406 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1126 +Flow 1242 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5222 +Flow 1850 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5225 +Flow 1911 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5225 +Flow 1525 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1130 +Flow 1476 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5226 +Flow 1598 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1130 +Flow 1573 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5226 +Flow 271 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1131 +Flow 106 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:33899 +Flow 1188 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1132 +Flow 308 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1131 +Flow 144 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:33899 +Flow 1268 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1132 +Flow 1189 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:64623 +Flow 1267 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:64623 +Flow 993 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1137 +Flow 1141 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1138 +Flow 1054 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1137 +Flow 1206 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1138 +Flow 772 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1141 +Flow 825 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1141 +Flow 1326 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1145 +Flow 1419 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1145 +Flow 1501 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1147 +Flow 1548 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1147 +Flow 1173 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50300 +Flow 725 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1148 +Flow 1234 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50300 +Flow 1747 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1149 +Flow 780 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1148 +Flow 1807 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1149 +Flow 424 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1151 +Flow 1800 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1152 +Flow 442 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1151 +Flow 1857 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1152 +Flow 345 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1154 +Flow 398 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1154 +Flow 454 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:25734 +Flow 1686 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:25735 +Flow 494 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:25734 +Flow 1771 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:25735 +Flow 1673 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3211 +Flow 1246 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1163 +Flow 1754 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3211 +Flow 1314 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1163 +Flow 882 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1164 +Flow 973 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1164 +Flow 737 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1165 +Flow 818 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1165 +Flow 373 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1166 +Flow 411 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1166 +Flow 251 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:44176 +Flow 174 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:13456 +Flow 287 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:44176 +Flow 547 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1169 +Flow 200 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:13456 +Flow 600 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1169 +Flow 1946 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5269 +Flow 1366 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3221 +Flow 1976 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5269 +Flow 1428 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3221 +Flow 1020 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1174 +Flow 1180 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1175 +Flow 1085 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1174 +Flow 1227 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1175 +Flow 252 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1183 +Flow 835 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5280 +Flow 286 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1183 +Flow 912 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5280 +Flow 566 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1185 +Flow 949 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1186 +Flow 654 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1185 +Flow 1006 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1186 +Flow 127 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1187 +Flow 165 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1187 +Flow 952 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:64680 +Flow 874 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1192 +Flow 1003 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:64680 +Flow 931 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1192 +Flow 1782 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1198 +Flow 1875 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1198 +Flow 718 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1199 +Flow 787 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1199 +Flow 591 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1201 +Flow 1220 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5298 +Flow 664 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1201 +Flow 1278 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5298 +Flow 1181 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3260 +Flow 1952 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3261 +Flow 1637 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1213 +Flow 1226 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3260 +Flow 1970 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3261 +Flow 1704 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1213 +Flow 573 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1216 +Flow 1067 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1217 +Flow 647 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1216 +Flow 1130 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1217 +Flow 685 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1218 +Flow 762 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1218 +Flow 1948 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3268 +Flow 1974 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3268 +Flow 1433 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3269 +Flow 1513 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3269 +Flow 464 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9415 +Flow 484 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9415 +Flow 52 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1233 +Flow 1804 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1234 +Flow 76 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1233 +Flow 1853 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1234 +Flow 1325 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3283 +Flow 1823 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1236 +Flow 1420 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3283 +Flow 1883 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1236 +Flow 1806 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:50389 +Flow 1882 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:50389 +Flow 297 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1244 +Flow 323 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1244 +Flow 110 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1247 +Flow 568 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1248 +Flow 141 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1247 +Flow 652 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1248 +Flow 505 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3301 +Flow 526 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3301 +Flow 1698 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7402 +Flow 1759 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7402 +Flow 510 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1259 +Flow 561 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1259 +Flow 1681 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5357 +Flow 1756 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5357 +Flow 697 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1271 +Flow 1213 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1272 +Flow 750 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1271 +Flow 1285 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1272 +Flow 1375 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3322 +Flow 1444 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3322 +Flow 1386 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3323 +Flow 1630 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3324 +Flow 1463 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3323 +Flow 1711 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3324 +Flow 1069 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3325 +Flow 571 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1277 +Flow 1128 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3325 +Flow 649 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1277 +Flow 1473 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:40193 +Flow 1576 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:40193 +Flow 1377 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3333 +Flow 1452 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3333 +Flow 1321 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1287 +Flow 1424 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1287 +Flow 1498 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7435 +Flow 1551 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7435 +Flow 797 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9485 +Flow 858 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9485 +Flow 137 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1296 +Flow 155 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1296 +Flow 1438 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:7443 +Flow 1508 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:7443 +Flow 98 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1300 +Flow 632 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1301 +Flow 152 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1300 +Flow 705 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1301 +Flow 1736 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3351 +Flow 1818 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3351 +Flow 171 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9500 +Flow 738 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5405 +Flow 620 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1309 +Flow 203 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9500 +Flow 943 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9502 +Flow 817 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5405 +Flow 1393 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1310 +Flow 677 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1309 +Flow 1456 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1310 +Flow 1065 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:9503 +Flow 1012 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9502 +Flow 111 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1311 +Flow 1132 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:9503 +Flow 140 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1311 +Flow 48 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5414 +Flow 593 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3367 +Flow 80 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5414 +Flow 662 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3367 +Flow 294 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3369 +Flow 1345 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3370 +Flow 543 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1322 +Flow 326 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3369 +Flow 1535 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3371 +Flow 1400 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3370 +Flow 604 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1322 +Flow 1845 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:3372 +Flow 1618 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3371 +Flow 173 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:15660 +Flow 1916 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:3372 +Flow 201 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:15660 +Flow 693 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:30000 +Flow 372 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1328 +Flow 754 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:30000 +Flow 412 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1328 +Flow 1585 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:1334 +Flow 1665 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:1334 +Flow 257 not-detected: tcp 172.16.0.8:36050 -> 64.13.134.52:5431 +Flow 281 not-detected: tcp 172.16.0.8:36051 -> 64.13.134.52:5431 diff --git a/test/results/flow-captured/default/syslog.pcap.out b/test/results/flow-captured/default/syslog.pcap.out new file mode 100644 index 000000000..7e9329201 --- /dev/null +++ b/test/results/flow-captured/default/syslog.pcap.out @@ -0,0 +1,3 @@ +Flow 6 not-detected: 41 216.66.80.30 -> 193.24.227.12 +Flow 5 not-detected: 41 193.24.227.10 -> 216.66.86.114 +Flow 15 risky: tcp 10.186.117.194:49948 -> 169.46.82.162:52173 diff --git a/test/results/flow-captured/default/tailscale.pcap.out b/test/results/flow-captured/default/tailscale.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tailscale.pcap.out diff --git a/test/results/flow-captured/default/targusdataspeed_false_positives.pcap.out b/test/results/flow-captured/default/targusdataspeed_false_positives.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/targusdataspeed_false_positives.pcap.out diff --git a/test/results/flow-captured/default/tcp_scan.pcapng.out b/test/results/flow-captured/default/tcp_scan.pcapng.out new file mode 100644 index 000000000..7674c7091 --- /dev/null +++ b/test/results/flow-captured/default/tcp_scan.pcapng.out @@ -0,0 +1,6 @@ +Flow 6 not-detected: tcp 192.168.1.178:57916 -> 192.168.1.2:3391 +Flow 6 midstream: tcp 192.168.1.178:57916 -> 192.168.1.2:3391 +Flow 5 not-detected: tcp 192.168.1.178:62971 -> 192.168.1.2:3390 +Flow 5 midstream: tcp 192.168.1.178:62971 -> 192.168.1.2:3390 +Flow 7 not-detected: tcp 192.168.1.178:63243 -> 192.168.1.2:3392 +Flow 7 midstream: tcp 192.168.1.178:63243 -> 192.168.1.2:3392 diff --git a/test/results/flow-captured/default/teams.pcap.out b/test/results/flow-captured/default/teams.pcap.out new file mode 100644 index 000000000..f9a450ce5 --- /dev/null +++ b/test/results/flow-captured/default/teams.pcap.out @@ -0,0 +1,19 @@ +Flow 7 risky: tcp 192.168.1.6:60535 -> 52.114.77.33:443 +Flow 48 risky: tcp 192.168.1.6:60559 -> 52.114.77.33:443 +Flow 64 risky: tcp 192.168.1.6:50018 -> 52.114.250.123:443 +Flow 78 risky: udp 93.71.110.205:16332 -> 192.168.1.6:50016 +Flow 67 risky: tcp 192.168.1.6:50021 -> 52.114.250.123:443 +Flow 43 risky: tcp 192.168.1.6:60554 -> 52.113.194.132:443 +Flow 36 risky: udp 192.168.1.6:61245 -> 192.168.1.1:53 +Flow 4 risky: tcp 192.168.1.6:60532 -> 52.114.77.33:443 +Flow 25 risky: tcp 192.168.1.6:60543 -> 52.114.77.33:443 +Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443 +Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443 +Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434 +Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434 +Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750 +Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750 +Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036 +Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53 +Flow 68 risky: udp 192.168.1.6:50016 -> 52.114.250.141:3478 +Flow 70 risky: udp 192.168.1.6:50036 -> 52.114.250.137:3478 diff --git a/test/results/flow-captured/default/teamspeak3.pcap.out b/test/results/flow-captured/default/teamspeak3.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/teamspeak3.pcap.out diff --git a/test/results/flow-captured/default/teamviewer.pcap.out b/test/results/flow-captured/default/teamviewer.pcap.out new file mode 100644 index 000000000..a8e20a16e --- /dev/null +++ b/test/results/flow-captured/default/teamviewer.pcap.out @@ -0,0 +1 @@ +Flow 2 risky: udp 10.0.2.15:34417 -> 93.47.224.241:36037 diff --git a/test/results/flow-captured/default/telegram.pcap.out b/test/results/flow-captured/default/telegram.pcap.out new file mode 100644 index 000000000..4980a4853 --- /dev/null +++ b/test/results/flow-captured/default/telegram.pcap.out @@ -0,0 +1,7 @@ +Flow 25 not-detected: udp 192.168.1.77:23174 -> 192.168.1.52:31480 +Flow 32 risky: udp 192.168.1.77:5812 -> 192.168.1.1:53 +Flow 27 risky: udp 192.168.1.77:47127 -> 192.168.1.1:53 +Flow 29 risky: udp 192.168.1.43:138 -> 192.168.1.255:138 +Flow 44 not-detected: udp 192.168.1.77:28150 -> 87.11.205.195:59772 +Flow 26 not-detected: udp 192.168.1.77:23174 -> 87.11.205.195:60723 +Flow 33 risky: udp 192.168.1.77:54595 -> 192.168.1.1:53 diff --git a/test/results/flow-captured/default/telegram_videocall.pcapng.out b/test/results/flow-captured/default/telegram_videocall.pcapng.out new file mode 100644 index 000000000..f94ea0087 --- /dev/null +++ b/test/results/flow-captured/default/telegram_videocall.pcapng.out @@ -0,0 +1,17 @@ +Flow 4 risky: tcp 192.168.12.169:37950 -> 149.154.167.91:443 +Flow 7 risky: tcp 192.168.12.169:40830 -> 149.154.167.222:443 +Flow 26 risky: udp 192.168.12.169:42405 -> 93.36.13.115:35393 +Flow 8 risky: tcp 192.168.12.169:40832 -> 149.154.167.222:443 +Flow 10 risky: tcp 192.168.12.169:37966 -> 149.154.167.91:443 +Flow 18 risky: udp 192.168.12.169:40643 -> 91.108.9.35:1400 +Flow 24 risky: udp 192.168.12.169:42405 -> 10.46.103.200:42554 +Flow 5 risky: tcp 192.168.12.169:46862 -> 149.154.167.51:443 +Flow 6 risky: tcp 192.168.12.169:46866 -> 149.154.167.51:443 +Flow 9 risky: tcp 192.168.12.169:40834 -> 149.154.167.222:443 +Flow 19 risky: udp 192.168.12.169:49667 -> 91.108.13.23:1400 +Flow 25 risky: udp 192.168.12.169:40906 -> 10.46.103.200:42554 +Flow 20 risky: udp 192.168.12.169:49780 -> 91.108.17.2:1400 +Flow 33 risky: icmp 192.168.12.169 -> 91.108.17.2 +Flow 32 risky: icmp 192.168.12.169 -> 91.108.13.23 +Flow 31 risky: icmp 192.168.12.169 -> 91.108.9.35 +Flow 34 midstream: tcp 18.195.162.93:443 -> 192.168.12.169:38956 diff --git a/test/results/flow-captured/default/telnet.pcap.out b/test/results/flow-captured/default/telnet.pcap.out new file mode 100644 index 000000000..70d284ec3 --- /dev/null +++ b/test/results/flow-captured/default/telnet.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.0.2:1550 -> 192.168.0.1:23 diff --git a/test/results/flow-captured/default/tencent_games.pcap.out b/test/results/flow-captured/default/tencent_games.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tencent_games.pcap.out diff --git a/test/results/flow-captured/default/teredo.pcap.out b/test/results/flow-captured/default/teredo.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/teredo.pcap.out diff --git a/test/results/flow-captured/default/teso.pcapng.out b/test/results/flow-captured/default/teso.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/teso.pcapng.out diff --git a/test/results/flow-captured/default/tftp.pcap.out b/test/results/flow-captured/default/tftp.pcap.out new file mode 100644 index 000000000..86788b75a --- /dev/null +++ b/test/results/flow-captured/default/tftp.pcap.out @@ -0,0 +1,3 @@ +Flow 4 risky: udp 192.168.0.10:3445 -> 192.168.0.253:50618 +Flow 7 risky: udp 172.28.5.170:62058 -> 172.28.5.91:44618 +Flow 9 risky: udp 192.168.2.200:47649 -> 192.168.2.45:35840 diff --git a/test/results/flow-captured/default/threema.pcap.out b/test/results/flow-captured/default/threema.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/threema.pcap.out diff --git a/test/results/flow-captured/default/thrift.pcap.out b/test/results/flow-captured/default/thrift.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/thrift.pcap.out diff --git a/test/results/flow-captured/default/tinc.pcap.out b/test/results/flow-captured/default/tinc.pcap.out new file mode 100644 index 000000000..675bcae5f --- /dev/null +++ b/test/results/flow-captured/default/tinc.pcap.out @@ -0,0 +1,4 @@ +Flow 3 risky: udp 131.114.168.27:55655 -> 185.83.218.112:55655 +Flow 4 risky: udp 185.83.218.112:55656 -> 131.114.168.27:55656 +Flow 2 risky: tcp 131.114.168.27:49290 -> 185.83.218.112:55656 +Flow 1 risky: tcp 131.114.168.27:59244 -> 185.83.218.112:55655 diff --git a/test/results/flow-captured/default/tk.pcap.out b/test/results/flow-captured/default/tk.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tk.pcap.out diff --git a/test/results/flow-captured/default/tls-appdata.pcap.out b/test/results/flow-captured/default/tls-appdata.pcap.out new file mode 100644 index 000000000..3d2549923 --- /dev/null +++ b/test/results/flow-captured/default/tls-appdata.pcap.out @@ -0,0 +1,2 @@ +Flow 2 risky: tcp 192.168.2.100:58976 -> 52.223.198.7:443 +Flow 2 midstream: tcp 192.168.2.100:58976 -> 52.223.198.7:443 diff --git a/test/results/flow-captured/default/tls-esni-fuzzed.pcap.out b/test/results/flow-captured/default/tls-esni-fuzzed.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls-esni-fuzzed.pcap.out diff --git a/test/results/flow-captured/default/tls-rdn-extract.pcap.out b/test/results/flow-captured/default/tls-rdn-extract.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls-rdn-extract.pcap.out diff --git a/test/results/flow-captured/default/tls_2_reasms.pcapng.out b/test/results/flow-captured/default/tls_2_reasms.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_2_reasms.pcapng.out diff --git a/test/results/flow-captured/default/tls_2_reasms_b.pcapng.out b/test/results/flow-captured/default/tls_2_reasms_b.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_2_reasms_b.pcapng.out diff --git a/test/results/flow-captured/default/tls_alert.pcap.out b/test/results/flow-captured/default/tls_alert.pcap.out new file mode 100644 index 000000000..ec7db2bcf --- /dev/null +++ b/test/results/flow-captured/default/tls_alert.pcap.out @@ -0,0 +1 @@ +Flow 2 midstream: tcp 192.168.2.100:37780 -> 160.44.202.202:443 diff --git a/test/results/flow-captured/default/tls_certificate_too_long.pcap.out b/test/results/flow-captured/default/tls_certificate_too_long.pcap.out new file mode 100644 index 000000000..da31cb0fa --- /dev/null +++ b/test/results/flow-captured/default/tls_certificate_too_long.pcap.out @@ -0,0 +1,11 @@ +Flow 24 risky: tcp 192.168.1.121:53429 -> 52.98.163.18:443 +Flow 24 midstream: tcp 192.168.1.121:53429 -> 52.98.163.18:443 +Flow 25 risky: tcp 192.168.1.121:53428 -> 52.98.163.18:443 +Flow 25 midstream: tcp 192.168.1.121:53428 -> 52.98.163.18:443 +Flow 18 risky: tcp 192.168.1.121:53912 -> 2.22.33.235:80 +Flow 19 risky: tcp 192.168.1.121:53913 -> 2.22.33.235:80 +Flow 23 risky: udp 192.168.1.121:51998 -> 8.8.8.8:53 +Flow 3 risky: udp 192.168.1.121:52251 -> 8.8.8.8:53 +Flow 20 midstream: tcp 192.168.1.121:53905 -> 140.82.113.26:443 +Flow 2 not-detected: tcp 192.168.1.121:52721 -> 192.168.1.139:55367 +Flow 2 midstream: tcp 192.168.1.121:52721 -> 192.168.1.139:55367 diff --git a/test/results/flow-captured/default/tls_cipher_lens.pcap.out b/test/results/flow-captured/default/tls_cipher_lens.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_cipher_lens.pcap.out diff --git a/test/results/flow-captured/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/flow-captured/default/tls_client_certificate_with_missing_server_one.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_client_certificate_with_missing_server_one.pcapng.out diff --git a/test/results/flow-captured/default/tls_ech.pcapng.out b/test/results/flow-captured/default/tls_ech.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_ech.pcapng.out diff --git a/test/results/flow-captured/default/tls_esni_sni_both.pcap.out b/test/results/flow-captured/default/tls_esni_sni_both.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_esni_sni_both.pcap.out diff --git a/test/results/flow-captured/default/tls_false_positives.pcapng.out b/test/results/flow-captured/default/tls_false_positives.pcapng.out new file mode 100644 index 000000000..014d61e8e --- /dev/null +++ b/test/results/flow-captured/default/tls_false_positives.pcapng.out @@ -0,0 +1 @@ +Flow 1 not-detected: tcp 10.10.10.1:1445 -> 192.168.0.1:20979 diff --git a/test/results/flow-captured/default/tls_invalid_reads.pcap.out b/test/results/flow-captured/default/tls_invalid_reads.pcap.out new file mode 100644 index 000000000..8d943a2e2 --- /dev/null +++ b/test/results/flow-captured/default/tls_invalid_reads.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.10.101:3967 -> 206.33.61.113:443 diff --git a/test/results/flow-captured/default/tls_long_cert.pcap.out b/test/results/flow-captured/default/tls_long_cert.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_long_cert.pcap.out diff --git a/test/results/flow-captured/default/tls_malicious_sha1.pcapng.out b/test/results/flow-captured/default/tls_malicious_sha1.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_malicious_sha1.pcapng.out diff --git a/test/results/flow-captured/default/tls_missing_ch_frag.pcap.out b/test/results/flow-captured/default/tls_missing_ch_frag.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_missing_ch_frag.pcap.out diff --git a/test/results/flow-captured/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/flow-captured/default/tls_multiple_synack_different_seq.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_multiple_synack_different_seq.pcapng.out diff --git a/test/results/flow-captured/default/tls_port_80.pcapng.out b/test/results/flow-captured/default/tls_port_80.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_port_80.pcapng.out diff --git a/test/results/flow-captured/default/tls_torrent.pcapng.out b/test/results/flow-captured/default/tls_torrent.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_torrent.pcapng.out diff --git a/test/results/flow-captured/default/tls_unidirectional.pcap.out b/test/results/flow-captured/default/tls_unidirectional.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_unidirectional.pcap.out diff --git a/test/results/flow-captured/default/tls_verylong_certificate.pcap.out b/test/results/flow-captured/default/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tls_verylong_certificate.pcap.out diff --git a/test/results/flow-captured/default/toca-boca.pcap.out b/test/results/flow-captured/default/toca-boca.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/toca-boca.pcap.out diff --git a/test/results/flow-captured/default/tor.pcap.out b/test/results/flow-captured/default/tor.pcap.out new file mode 100644 index 000000000..e379ec029 --- /dev/null +++ b/test/results/flow-captured/default/tor.pcap.out @@ -0,0 +1,8 @@ +Flow 3 risky: tcp 192.168.1.252:51112 -> 38.229.70.53:443 +Flow 1 risky: tcp 192.168.1.252:51110 -> 91.143.93.242:443 +Flow 5 risky: udp 192.168.1.252:138 -> 192.168.1.255:138 +Flow 2 risky: tcp 192.168.1.252:51111 -> 46.59.52.31:443 +Flow 8 risky: tcp 192.168.1.252:51175 -> 91.143.93.242:443 +Flow 7 risky: tcp 192.168.1.252:51174 -> 212.83.155.250:443 +Flow 10 risky: tcp 192.168.1.252:51185 -> 62.210.137.230:443 +Flow 9 risky: tcp 192.168.1.252:51176 -> 38.229.70.53:443 diff --git a/test/results/flow-captured/default/tplink_shp.pcap.out b/test/results/flow-captured/default/tplink_shp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tplink_shp.pcap.out diff --git a/test/results/flow-captured/default/trdp.pcapng.out b/test/results/flow-captured/default/trdp.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/trdp.pcapng.out diff --git a/test/results/flow-captured/default/trickbot.pcap.out b/test/results/flow-captured/default/trickbot.pcap.out new file mode 100644 index 000000000..3a19f1e1b --- /dev/null +++ b/test/results/flow-captured/default/trickbot.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.12.29.101:61318 -> 82.118.225.196:7080 diff --git a/test/results/flow-captured/default/tumblr.pcap.out b/test/results/flow-captured/default/tumblr.pcap.out new file mode 100644 index 000000000..29291a1a6 --- /dev/null +++ b/test/results/flow-captured/default/tumblr.pcap.out @@ -0,0 +1,10 @@ +Flow 6 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:42908 -> 64:ff9b::98c7:1593:443 +Flow 6 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:42908 -> 64:ff9b::98c7:1593:443 +Flow 2 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:48240 -> 64:ff9b::9765:789d:443 +Flow 2 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:48240 -> 64:ff9b::9765:789d:443 +Flow 14 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:56794 -> 64:ff9b::c000:4d03:443 +Flow 14 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:56794 -> 64:ff9b::c000:4d03:443 +Flow 9 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43434 -> 64:ff9b::c000:4d28:443 +Flow 9 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:43434 -> 64:ff9b::c000:4d28:443 +Flow 15 risky: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:51874 -> 64:ff9b::c000:4c03:443 +Flow 15 midstream: tcp 2a01:cb01:2049:8b07:991d:ec85:28df:f629:51874 -> 64:ff9b::c000:4c03:443 diff --git a/test/results/flow-captured/default/tunnelbear.pcap.out b/test/results/flow-captured/default/tunnelbear.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tunnelbear.pcap.out diff --git a/test/results/flow-captured/default/tuya_lp.pcap.out b/test/results/flow-captured/default/tuya_lp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/tuya_lp.pcap.out diff --git a/test/results/flow-captured/default/ubntac2.pcap.out b/test/results/flow-captured/default/ubntac2.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/ubntac2.pcap.out diff --git a/test/results/flow-captured/default/uftp_v4_v5.pcap.out b/test/results/flow-captured/default/uftp_v4_v5.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/uftp_v4_v5.pcap.out diff --git a/test/results/flow-captured/default/ultrasurf.pcap.out b/test/results/flow-captured/default/ultrasurf.pcap.out new file mode 100644 index 000000000..4076ef85d --- /dev/null +++ b/test/results/flow-captured/default/ultrasurf.pcap.out @@ -0,0 +1,3 @@ +Flow 1 midstream: tcp 65.49.68.25:50053 -> 10.132.0.23:37898 +Flow 2 risky: tcp 10.132.0.23:38120 -> 65.49.68.25:50053 +Flow 3 risky: tcp 10.132.0.23:38152 -> 65.49.68.25:50053 diff --git a/test/results/flow-captured/default/umas.pcap.out b/test/results/flow-captured/default/umas.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/umas.pcap.out diff --git a/test/results/flow-captured/default/upnp.pcap.out b/test/results/flow-captured/default/upnp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/upnp.pcap.out diff --git a/test/results/flow-captured/default/viber.pcap.out b/test/results/flow-captured/default/viber.pcap.out new file mode 100644 index 000000000..4222474a3 --- /dev/null +++ b/test/results/flow-captured/default/viber.pcap.out @@ -0,0 +1,6 @@ +Flow 26 risky: icmp 192.168.0.17 -> 192.168.0.15 +Flow 1 guessed: tcp 192.168.0.17:33208 -> 52.0.253.101:4244 +Flow 1 not-detected: tcp 192.168.0.17:33208 -> 52.0.253.101:4244 +Flow 1 midstream: tcp 192.168.0.17:33208 -> 52.0.253.101:4244 +Flow 29 midstream: tcp 192.168.2.100:42900 -> 44.192.202.74:4244 +Flow 30 risky: udp 192.168.12.156:40482 -> 18.195.4.121:443 diff --git a/test/results/flow-captured/default/vk.pcapng.out b/test/results/flow-captured/default/vk.pcapng.out new file mode 100644 index 000000000..ce73be080 --- /dev/null +++ b/test/results/flow-captured/default/vk.pcapng.out @@ -0,0 +1,4 @@ +Flow 2 risky: tcp 192.168.1.249:40344 -> 87.240.129.140:443 +Flow 2 midstream: tcp 192.168.1.249:40344 -> 87.240.129.140:443 +Flow 3 risky: tcp 192.168.1.249:60436 -> 87.240.132.78:443 +Flow 3 midstream: tcp 192.168.1.249:60436 -> 87.240.132.78:443 diff --git a/test/results/flow-captured/default/vnc.pcap.out b/test/results/flow-captured/default/vnc.pcap.out new file mode 100644 index 000000000..74ea1cd16 --- /dev/null +++ b/test/results/flow-captured/default/vnc.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 95.237.48.208:59791 -> 192.168.2.110:6900 +Flow 2 risky: tcp 95.237.48.208:51559 -> 192.168.2.110:6900 diff --git a/test/results/flow-captured/default/vrrp3.pcapng.out b/test/results/flow-captured/default/vrrp3.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/vrrp3.pcapng.out diff --git a/test/results/flow-captured/default/vxlan.pcap.out b/test/results/flow-captured/default/vxlan.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/vxlan.pcap.out diff --git a/test/results/flow-captured/default/wa_video.pcap.out b/test/results/flow-captured/default/wa_video.pcap.out new file mode 100644 index 000000000..452806841 --- /dev/null +++ b/test/results/flow-captured/default/wa_video.pcap.out @@ -0,0 +1,6 @@ +Flow 3 risky: udp 192.168.2.12:53688 -> 31.13.86.48:3478 +Flow 11 risky: udp 192.168.2.12:53688 -> 91.252.56.51:32641 +Flow 2 guessed: tcp 192.168.2.12:49355 -> 157.240.20.53:5222 +Flow 2 not-detected: tcp 192.168.2.12:49355 -> 157.240.20.53:5222 +Flow 2 midstream: tcp 192.168.2.12:49355 -> 157.240.20.53:5222 +Flow 10 risky: udp 192.168.2.12:53688 -> 1.60.78.64:59491 diff --git a/test/results/flow-captured/default/wa_voice.pcap.out b/test/results/flow-captured/default/wa_voice.pcap.out new file mode 100644 index 000000000..b527a48df --- /dev/null +++ b/test/results/flow-captured/default/wa_voice.pcap.out @@ -0,0 +1,11 @@ +Flow 14 risky: udp 192.168.2.12:56328 -> 31.13.86.48:3478 +Flow 23 risky: udp 91.252.56.51:32704 -> 192.168.2.12:56328 +Flow 3 midstream: tcp 192.168.2.12:49354 -> 17.242.60.84:5223 +Flow 25 not-detected: tcp 192.168.2.12:49352 -> 169.254.162.244:49159 +Flow 25 midstream: tcp 192.168.2.12:49352 -> 169.254.162.244:49159 +Flow 9 midstream: tcp 17.171.47.85:443 -> 192.168.2.12:50502 +Flow 18 risky: udp 192.168.2.12:56328 -> 157.240.196.62:3478 +Flow 16 risky: udp 192.168.2.12:56328 -> 157.240.193.48:3478 +Flow 24 risky: udp 192.168.2.12:56328 -> 1.60.78.64:64282 +Flow 17 risky: udp 192.168.2.12:56328 -> 179.60.192.48:3478 +Flow 15 risky: udp 192.168.2.12:56328 -> 185.60.216.51:3478 diff --git a/test/results/flow-captured/default/waze.pcap.out b/test/results/flow-captured/default/waze.pcap.out new file mode 100644 index 000000000..5eadfae81 --- /dev/null +++ b/test/results/flow-captured/default/waze.pcap.out @@ -0,0 +1,15 @@ +Flow 3 risky: tcp 10.8.0.1:54915 -> 65.39.128.135:80 +Flow 18 risky: tcp 10.8.0.1:39021 -> 52.17.114.219:443 +Flow 6 risky: tcp 10.8.0.1:36102 -> 46.51.173.182:443 +Flow 4 risky: tcp 10.8.0.1:45529 -> 54.230.227.172:80 +Flow 8 risky: tcp 10.8.0.1:45536 -> 54.230.227.172:80 +Flow 9 risky: tcp 10.8.0.1:45538 -> 54.230.227.172:80 +Flow 10 risky: tcp 10.8.0.1:45540 -> 54.230.227.172:80 +Flow 15 risky: tcp 10.8.0.1:45546 -> 54.230.227.172:80 +Flow 16 risky: tcp 10.8.0.1:45552 -> 54.230.227.172:80 +Flow 17 risky: tcp 10.8.0.1:45554 -> 54.230.227.172:80 +Flow 5 risky: tcp 10.8.0.1:36100 -> 46.51.173.182:443 +Flow 19 risky: tcp 10.8.0.1:36312 -> 176.34.186.180:443 +Flow 7 risky: tcp 10.8.0.1:36585 -> 173.194.118.48:443 +Flow 1 not-detected: tcp 10.16.37.157:42256 -> 174.37.231.81:5222 +Flow 1 midstream: tcp 10.16.37.157:42256 -> 174.37.231.81:5222 diff --git a/test/results/flow-captured/default/webdav.pcap.out b/test/results/flow-captured/default/webdav.pcap.out new file mode 100644 index 000000000..65eb41d40 --- /dev/null +++ b/test/results/flow-captured/default/webdav.pcap.out @@ -0,0 +1,8 @@ +Flow 1 risky: tcp 10.24.8.189:50652 -> 104.156.149.6:80 +Flow 7 risky: tcp 192.168.16.173:47726 -> 198.244.151.63:80 +Flow 4 risky: tcp 192.168.16.173:55974 -> 198.244.151.63:80 +Flow 3 risky: tcp 192.168.16.173:41714 -> 198.244.151.63:80 +Flow 2 risky: tcp 192.168.16.173:35612 -> 198.244.151.63:80 +Flow 8 risky: tcp 192.168.16.173:57432 -> 198.244.151.63:80 +Flow 5 risky: tcp 192.168.16.173:47432 -> 198.244.151.63:80 +Flow 6 risky: tcp 192.168.16.173:47436 -> 198.244.151.63:80 diff --git a/test/results/flow-captured/default/webex.pcap.out b/test/results/flow-captured/default/webex.pcap.out new file mode 100644 index 000000000..1e895a83d --- /dev/null +++ b/test/results/flow-captured/default/webex.pcap.out @@ -0,0 +1,18 @@ +Flow 2 risky: tcp 10.8.0.1:41348 -> 64.68.105.103:443 +Flow 9 risky: tcp 10.8.0.1:41358 -> 64.68.105.103:443 +Flow 37 risky: tcp 10.8.0.1:51155 -> 62.109.224.120:443 +Flow 36 risky: tcp 10.8.0.1:51154 -> 62.109.224.120:443 +Flow 52 risky: tcp 10.8.0.1:51857 -> 62.109.229.158:443 +Flow 45 risky: tcp 10.8.0.1:59756 -> 78.46.237.91:80 +Flow 46 risky: tcp 10.8.0.1:59757 -> 78.46.237.91:80 +Flow 33 midstream: tcp 10.133.206.47:33459 -> 80.74.110.68:443 +Flow 56 risky: tcp 10.8.0.1:51194 -> 62.109.224.120:443 +Flow 35 risky: tcp 10.8.0.1:33512 -> 80.74.110.68:443 +Flow 47 risky: tcp 10.8.0.1:33551 -> 80.74.110.68:443 +Flow 48 risky: tcp 10.8.0.1:33553 -> 80.74.110.68:443 +Flow 49 risky: tcp 10.8.0.1:33554 -> 80.74.110.68:443 +Flow 51 risky: tcp 10.8.0.1:33559 -> 80.74.110.68:443 +Flow 1 risky: tcp 10.8.0.1:41346 -> 64.68.105.103:443 +Flow 3 risky: tcp 10.8.0.1:41350 -> 64.68.105.103:443 +Flow 4 risky: tcp 10.8.0.1:41351 -> 64.68.105.103:443 +Flow 7 risky: tcp 10.8.0.1:41354 -> 64.68.105.103:443 diff --git a/test/results/flow-captured/default/websocket.pcap.out b/test/results/flow-captured/default/websocket.pcap.out new file mode 100644 index 000000000..e4bad8c09 --- /dev/null +++ b/test/results/flow-captured/default/websocket.pcap.out @@ -0,0 +1 @@ +Flow 1 midstream: tcp 192.168.43.135:12345 -> 192.168.43.1:50999 diff --git a/test/results/flow-captured/default/wechat.pcap.out b/test/results/flow-captured/default/wechat.pcap.out new file mode 100644 index 000000000..5206eefbc --- /dev/null +++ b/test/results/flow-captured/default/wechat.pcap.out @@ -0,0 +1,4 @@ +Flow 13 midstream: tcp 203.205.151.162:443 -> 192.168.1.103:54058 +Flow 25 midstream: tcp 192.168.1.103:40740 -> 203.205.151.211:443 +Flow 49 risky: udp 192.168.1.100:138 -> 192.168.1.255:138 +Flow 104 risky: udp 192.168.1.100:138 -> 192.168.1.255:138 diff --git a/test/results/flow-captured/default/weibo.pcap.out b/test/results/flow-captured/default/weibo.pcap.out new file mode 100644 index 000000000..1c8e8c934 --- /dev/null +++ b/test/results/flow-captured/default/weibo.pcap.out @@ -0,0 +1,2 @@ +Flow 15 risky: udp 192.168.1.105:53543 -> 192.168.1.1:53 +Flow 21 risky: udp 192.168.1.105:50640 -> 192.168.1.1:53 diff --git a/test/results/flow-captured/default/whatsapp.pcap.out b/test/results/flow-captured/default/whatsapp.pcap.out new file mode 100644 index 000000000..104d17010 --- /dev/null +++ b/test/results/flow-captured/default/whatsapp.pcap.out @@ -0,0 +1,86 @@ +Flow 1 risky: tcp 192.168.2.100:44804 -> 179.60.195.49:5222 +Flow 6 risky: tcp 192.168.2.100:42646 -> 179.60.195.49:5222 +Flow 2 risky: tcp 192.168.2.100:40084 -> 179.60.195.49:5222 +Flow 5 risky: tcp 192.168.2.100:40178 -> 179.60.195.49:5222 +Flow 7 risky: tcp 192.168.2.100:40204 -> 179.60.195.49:5222 +Flow 3 risky: tcp 192.168.2.100:42272 -> 179.60.195.49:5222 +Flow 4 risky: tcp 192.168.2.100:42436 -> 179.60.195.49:5222 +Flow 8 risky: tcp 192.168.2.100:45932 -> 179.60.195.49:5222 +Flow 9 risky: tcp 192.168.2.100:40954 -> 179.60.195.49:5222 +Flow 11 risky: tcp 192.168.2.100:49026 -> 179.60.195.33:5222 +Flow 10 risky: tcp 192.168.2.100:41214 -> 179.60.195.49:5222 +Flow 12 risky: tcp 192.168.2.100:41288 -> 179.60.195.49:5222 +Flow 13 risky: tcp 192.168.2.100:41610 -> 179.60.195.49:5222 +Flow 14 risky: tcp 192.168.2.100:41808 -> 179.60.195.49:5222 +Flow 15 risky: tcp 192.168.2.100:37482 -> 179.60.195.33:5222 +Flow 16 risky: tcp 192.168.2.100:37582 -> 179.60.195.33:5222 +Flow 17 risky: tcp 192.168.2.100:45754 -> 179.60.195.49:5222 +Flow 18 risky: tcp 192.168.2.100:45824 -> 179.60.195.49:5222 +Flow 22 risky: tcp 192.168.2.100:43084 -> 179.60.195.49:5222 +Flow 21 risky: tcp 192.168.2.100:45470 -> 179.60.195.33:5222 +Flow 23 risky: tcp 192.168.2.100:45602 -> 179.60.195.33:5222 +Flow 19 risky: tcp 192.168.2.100:46406 -> 179.60.195.49:5222 +Flow 20 risky: tcp 192.168.2.100:40224 -> 31.13.83.49:5222 +Flow 24 risky: tcp 192.168.2.100:43152 -> 179.60.195.49:5222 +Flow 26 risky: tcp 192.168.2.100:43206 -> 179.60.195.49:5222 +Flow 25 risky: tcp 192.168.2.100:46042 -> 179.60.195.33:5222 +Flow 27 risky: tcp 192.168.2.100:43230 -> 179.60.195.49:5222 +Flow 28 risky: tcp 192.168.2.100:46468 -> 179.60.195.33:5222 +Flow 29 risky: tcp 192.168.2.100:47360 -> 179.60.195.33:5222 +Flow 30 risky: tcp 192.168.2.100:39828 -> 179.60.195.33:5222 +Flow 31 risky: tcp 192.168.2.100:40108 -> 179.60.195.33:5222 +Flow 33 risky: tcp 192.168.2.100:49096 -> 31.13.93.54:5222 +Flow 32 risky: tcp 192.168.2.100:43954 -> 179.60.195.49:5222 +Flow 35 risky: tcp 192.168.2.100:40990 -> 179.60.195.33:5222 +Flow 34 risky: tcp 192.168.2.100:43978 -> 179.60.195.49:5222 +Flow 36 risky: tcp 192.168.2.100:45290 -> 179.60.195.49:5222 +Flow 37 risky: tcp 192.168.2.100:51544 -> 179.60.195.49:5222 +Flow 39 risky: tcp 192.168.2.100:51724 -> 179.60.195.49:5222 +Flow 38 risky: tcp 192.168.2.100:47948 -> 179.60.195.49:5222 +Flow 40 risky: tcp 192.168.2.100:45334 -> 179.60.195.49:5222 +Flow 42 risky: tcp 192.168.2.100:41664 -> 179.60.195.33:5222 +Flow 41 risky: tcp 192.168.2.100:52152 -> 179.60.195.49:5222 +Flow 44 risky: tcp 192.168.2.100:41722 -> 179.60.195.33:5222 +Flow 43 risky: tcp 192.168.2.100:52294 -> 179.60.195.49:5222 +Flow 46 risky: tcp 192.168.2.100:55038 -> 179.60.195.49:5222 +Flow 47 risky: tcp 192.168.2.100:55476 -> 31.13.70.50:5222 +Flow 45 risky: tcp 192.168.2.100:48234 -> 179.60.195.49:5222 +Flow 50 risky: tcp 192.168.2.100:42622 -> 179.60.195.33:5222 +Flow 52 risky: tcp 192.168.2.100:42796 -> 179.60.195.33:5222 +Flow 53 risky: tcp 192.168.2.100:43152 -> 179.60.195.33:5222 +Flow 49 risky: tcp 192.168.2.100:45850 -> 179.60.195.49:5222 +Flow 51 risky: tcp 192.168.2.100:58198 -> 179.60.195.49:5222 +Flow 48 risky: tcp 192.168.2.100:48538 -> 179.60.195.49:5222 +Flow 54 risky: tcp 192.168.2.100:46732 -> 179.60.195.49:5222 +Flow 57 risky: tcp 192.168.2.100:46768 -> 179.60.195.49:5222 +Flow 58 risky: tcp 192.168.2.100:45130 -> 179.60.195.33:5222 +Flow 55 risky: tcp 192.168.2.100:58882 -> 179.60.195.49:5222 +Flow 56 risky: tcp 192.168.2.100:46598 -> 179.60.195.49:5222 +Flow 59 risky: tcp 192.168.2.100:60328 -> 179.60.195.49:5222 +Flow 61 risky: tcp 192.168.2.100:47086 -> 179.60.195.49:5222 +Flow 60 risky: tcp 192.168.2.100:32798 -> 179.60.195.49:5222 +Flow 62 risky: tcp 192.168.2.100:49182 -> 179.60.195.49:5222 +Flow 63 risky: tcp 192.168.2.100:49232 -> 179.60.195.49:5222 +Flow 64 risky: tcp 192.168.2.100:47350 -> 179.60.195.49:5222 +Flow 65 risky: tcp 192.168.2.100:49238 -> 179.60.195.49:5222 +Flow 66 risky: tcp 192.168.2.100:49250 -> 179.60.195.49:5222 +Flow 67 risky: tcp 192.168.2.100:47296 -> 179.60.195.49:5222 +Flow 68 risky: tcp 192.168.2.100:47900 -> 179.60.195.49:5222 +Flow 69 risky: tcp 192.168.2.100:47590 -> 179.60.195.49:5222 +Flow 70 risky: tcp 192.168.2.100:49428 -> 179.60.195.49:5222 +Flow 71 risky: tcp 192.168.2.100:47634 -> 179.60.195.49:5222 +Flow 72 risky: tcp 192.168.2.100:49610 -> 179.60.195.49:5222 +Flow 73 risky: tcp 192.168.2.100:37378 -> 179.60.195.49:5222 +Flow 74 risky: tcp 192.168.2.100:47738 -> 179.60.195.49:5222 +Flow 84 risky: tcp 192.168.2.100:47284 -> 179.60.195.33:5222 +Flow 85 risky: tcp 192.168.2.100:39334 -> 179.60.195.49:5222 +Flow 75 risky: tcp 192.168.2.100:37404 -> 179.60.195.49:5222 +Flow 76 risky: tcp 192.168.2.100:47776 -> 179.60.195.49:5222 +Flow 79 risky: tcp 192.168.2.100:47810 -> 179.60.195.49:5222 +Flow 78 risky: tcp 192.168.2.100:37674 -> 179.60.195.49:5222 +Flow 77 risky: tcp 192.168.2.100:37766 -> 179.60.195.49:5222 +Flow 81 risky: tcp 192.168.2.100:37822 -> 179.60.195.49:5222 +Flow 86 risky: tcp 192.168.2.100:40006 -> 179.60.195.49:5222 +Flow 80 risky: tcp 192.168.2.100:46394 -> 179.60.195.33:5222 +Flow 83 risky: tcp 192.168.2.100:38234 -> 179.60.195.49:5222 +Flow 82 risky: tcp 192.168.2.100:46576 -> 179.60.195.33:5222 diff --git a/test/results/flow-captured/default/whatsapp_login_call.pcap.out b/test/results/flow-captured/default/whatsapp_login_call.pcap.out new file mode 100644 index 000000000..681fca7d1 --- /dev/null +++ b/test/results/flow-captured/default/whatsapp_login_call.pcap.out @@ -0,0 +1,13 @@ +Flow 17 risky: tcp 192.168.2.4:49204 -> 17.173.66.102:443 +Flow 39 risky: udp 192.168.2.4:51518 -> 91.253.176.65:9344 +Flow 29 risky: udp 192.168.2.4:51518 -> 31.13.93.48:3478 +Flow 55 risky: udp 192.168.2.4:52794 -> 91.253.176.65:9665 +Flow 38 risky: udp 192.168.2.4:51518 -> 1.194.90.191:60312 +Flow 57 risky: tcp 192.168.2.4:49205 -> 17.173.66.102:443 +Flow 6 midstream: tcp 192.168.2.4:49172 -> 23.50.148.228:443 +Flow 53 risky: udp 192.168.2.4:52794 -> 31.13.84.48:3478 +Flow 54 risky: udp 192.168.2.4:52794 -> 1.194.90.191:51727 +Flow 1 risky: tcp 192.168.2.4:49199 -> 17.172.100.70:993 +Flow 1 midstream: tcp 192.168.2.4:49199 -> 17.172.100.70:993 +Flow 16 midstream: tcp 192.168.2.4:49193 -> 17.110.229.14:5223 +Flow 13 risky: tcp 192.168.2.4:49201 -> 17.178.104.12:443 diff --git a/test/results/flow-captured/default/whatsapp_login_chat.pcap.out b/test/results/flow-captured/default/whatsapp_login_chat.pcap.out new file mode 100644 index 000000000..185febc11 --- /dev/null +++ b/test/results/flow-captured/default/whatsapp_login_chat.pcap.out @@ -0,0 +1,4 @@ +Flow 4 risky: tcp 192.168.2.4:49205 -> 17.173.66.102:443 +Flow 4 midstream: tcp 192.168.2.4:49205 -> 17.173.66.102:443 +Flow 9 risky: tcp 17.110.229.14:5223 -> 192.168.2.4:49193 +Flow 9 midstream: tcp 17.110.229.14:5223 -> 192.168.2.4:49193 diff --git a/test/results/flow-captured/default/whatsapp_voice_and_message.pcap.out b/test/results/flow-captured/default/whatsapp_voice_and_message.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/whatsapp_voice_and_message.pcap.out diff --git a/test/results/flow-captured/default/whatsappfiles.pcap.out b/test/results/flow-captured/default/whatsappfiles.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/whatsappfiles.pcap.out diff --git a/test/results/flow-captured/default/whois.pcapng.out b/test/results/flow-captured/default/whois.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/whois.pcapng.out diff --git a/test/results/flow-captured/default/windowsupdate_over_http.pcap.out b/test/results/flow-captured/default/windowsupdate_over_http.pcap.out new file mode 100644 index 000000000..239e43df9 --- /dev/null +++ b/test/results/flow-captured/default/windowsupdate_over_http.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 10.0.2.15:49815 -> 151.99.72.125:80 diff --git a/test/results/flow-captured/default/windscribe.pcapng.out b/test/results/flow-captured/default/windscribe.pcapng.out new file mode 100644 index 000000000..c714774e3 --- /dev/null +++ b/test/results/flow-captured/default/windscribe.pcapng.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.12.156:42192 -> 107.161.86.132:443 diff --git a/test/results/flow-captured/default/wireguard.pcap.out b/test/results/flow-captured/default/wireguard.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/wireguard.pcap.out diff --git a/test/results/flow-captured/default/wow.pcap.out b/test/results/flow-captured/default/wow.pcap.out new file mode 100644 index 000000000..d54622fae --- /dev/null +++ b/test/results/flow-captured/default/wow.pcap.out @@ -0,0 +1,2 @@ +Flow 1 risky: tcp 192.168.178.20:39309 -> 12.129.222.53:80 +Flow 2 risky: tcp 192.168.178.20:39312 -> 24.105.29.21:80 diff --git a/test/results/flow-captured/default/xdmcp.pcap.out b/test/results/flow-captured/default/xdmcp.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/xdmcp.pcap.out diff --git a/test/results/flow-captured/default/xiaomi.pcap.out b/test/results/flow-captured/default/xiaomi.pcap.out new file mode 100644 index 000000000..0825357a0 --- /dev/null +++ b/test/results/flow-captured/default/xiaomi.pcap.out @@ -0,0 +1,6 @@ +Flow 1 midstream: tcp 47.241.7.88:5222 -> 10.52.151.160:39180 +Flow 2 risky: tcp 115.164.74.232:5222 -> 192.168.244.219:45904 +Flow 4 risky: tcp 97.39.119.172:5222 -> 192.168.93.59:51488 +Flow 3 risky: tcp 115.164.74.232:5222 -> 192.168.247.13:38018 +Flow 5 risky: tcp 192.168.2.100:37708 -> 3.127.176.74:5222 +Flow 6 risky: tcp 192.168.2.100:45106 -> 18.193.233.122:5222 diff --git a/test/results/flow-captured/default/xss.pcap.out b/test/results/flow-captured/default/xss.pcap.out new file mode 100644 index 000000000..2a93a6ecf --- /dev/null +++ b/test/results/flow-captured/default/xss.pcap.out @@ -0,0 +1 @@ +Flow 1 risky: tcp 192.168.3.109:53514 -> 192.168.3.107:80 diff --git a/test/results/flow-captured/default/yandex.pcapng.out b/test/results/flow-captured/default/yandex.pcapng.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/yandex.pcapng.out diff --git a/test/results/flow-captured/default/yojimbo.pcap.out b/test/results/flow-captured/default/yojimbo.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/yojimbo.pcap.out diff --git a/test/results/flow-captured/default/youtube_quic.pcap.out b/test/results/flow-captured/default/youtube_quic.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/youtube_quic.pcap.out diff --git a/test/results/flow-captured/default/youtubeupload.pcap.out b/test/results/flow-captured/default/youtubeupload.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/youtubeupload.pcap.out diff --git a/test/results/flow-captured/default/z3950.pcapng.out b/test/results/flow-captured/default/z3950.pcapng.out new file mode 100644 index 000000000..5ca2a64b8 --- /dev/null +++ b/test/results/flow-captured/default/z3950.pcapng.out @@ -0,0 +1 @@ +Flow 2 risky: tcp 192.168.0.20:46524 -> 129.187.139.43:9991 diff --git a/test/results/flow-captured/default/zabbix.pcap.out b/test/results/flow-captured/default/zabbix.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/zabbix.pcap.out diff --git a/test/results/flow-captured/default/zattoo.pcap.out b/test/results/flow-captured/default/zattoo.pcap.out new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/test/results/flow-captured/default/zattoo.pcap.out diff --git a/test/results/flow-captured/default/zoom.pcap.out b/test/results/flow-captured/default/zoom.pcap.out new file mode 100644 index 000000000..40e91288c --- /dev/null +++ b/test/results/flow-captured/default/zoom.pcap.out @@ -0,0 +1,6 @@ +Flow 30 risky: tcp 192.168.1.117:54871 -> 109.94.160.99:443 +Flow 9 risky: udp 192.168.1.117:65394 -> 192.168.1.1:53 +Flow 14 risky: udp 192.168.1.117:23903 -> 162.255.38.14:3479 +Flow 3 risky: tcp 192.168.1.117:54863 -> 167.99.215.164:4434 +Flow 16 risky: tcp 192.168.1.117:53872 -> 35.186.224.53:443 +Flow 16 midstream: tcp 192.168.1.117:53872 -> 35.186.224.53:443 diff --git a/test/results/flow-captured/default/zoom2.pcap.out b/test/results/flow-captured/default/zoom2.pcap.out new file mode 100644 index 000000000..f00467b39 --- /dev/null +++ b/test/results/flow-captured/default/zoom2.pcap.out @@ -0,0 +1,3 @@ +Flow 2 risky: udp 192.168.1.178:60653 -> 144.195.73.154:8801 +Flow 3 risky: udp 192.168.1.178:58117 -> 144.195.73.154:8801 +Flow 4 risky: udp 192.168.1.178:57953 -> 144.195.73.154:8801 diff --git a/test/results/flow-captured/default/zoom_p2p.pcapng.out b/test/results/flow-captured/default/zoom_p2p.pcapng.out new file mode 100644 index 000000000..6b18616d3 --- /dev/null +++ b/test/results/flow-captured/default/zoom_p2p.pcapng.out @@ -0,0 +1,5 @@ +Flow 5 risky: icmp 206.247.87.213 -> 192.168.12.156 +Flow 6 risky: udp 192.168.12.156:38453 -> 192.168.1.226:41036 +Flow 10 risky: icmp 206.247.10.253 -> 192.168.12.156 +Flow 12 risky: udp 192.168.12.156:42208 -> 10.78.14.178:47312 +Flow 13 risky: udp 192.168.12.156:49579 -> 10.78.14.178:49586 diff --git a/test/results/flow-captured/default/zug.pcap.out b/test/results/flow-captured/default/zug.pcap.out new file mode 100644 index 000000000..b3c5b511d --- /dev/null +++ b/test/results/flow-captured/default/zug.pcap.out @@ -0,0 +1 @@ +Flow 4 not-detected: udp 61.59.105.181:19000 -> 199.24.15.231:48793 |