aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/KakaoTalk_talk.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/KakaoTalk_talk.pcap.out')
-rw-r--r--test/results/flow-info/KakaoTalk_talk.pcap.out110
1 files changed, 110 insertions, 0 deletions
diff --git a/test/results/flow-info/KakaoTalk_talk.pcap.out b/test/results/flow-info/KakaoTalk_talk.pcap.out
new file mode 100644
index 000000000..49f336b08
--- /dev/null
+++ b/test/results/flow-info/KakaoTalk_talk.pcap.out
@@ -0,0 +1,110 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [MIDSTREAM]
+ new: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [MIDSTREAM]
+ new: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] [MIDSTREAM]
+ new: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80]
+ new: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] [MIDSTREAM]
+ detected: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Chat][Fun]
+ RISK: Known Proto on Non Std Port
+ detection-update: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Download][Fun]
+ RISK: Binary App Transfer, Known Proto on Non Std Port
+ new: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080]
+ detected: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS][Web][Safe]
+ RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older)
+ detection-update: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable]
+ RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher
+ new: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [MIDSTREAM]
+ new: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001]
+ detected: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS][Web][Safe]
+ RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older)
+ detection-update: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable]
+ RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher
+ new: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [MIDSTREAM]
+ detected: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [TLS.Google][Web][Acceptable]
+ RISK: Known Proto on Non Std Port
+ new: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045]
+ detected: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] [KakaoTalk_Voice][VoIP][Acceptable]
+ new: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047]
+ detected: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] [KakaoTalk_Voice][VoIP][Acceptable]
+ new: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044]
+ detected: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Media][Acceptable]
+ new: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046]
+ detected: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable]
+ analyse: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Media][Acceptable]
+ [min|max|avg|stddev]
+ [IAT(flow)...: 0.000| 0.389| 0.067| 0.073]
+ [IAT(c->s)...: 0.000| 0.104| 0.052| 0.049][IAT(s->c)...: 0.016| 0.389| 0.090| 0.095]
+ [PKTLEN(c->s): 99.000| 100.000| 99.100| 0.200][PKTLEN(s->c): 99.000| 192.000| 110.100| 25.800]
+ [BINS(c->s)..: 0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 0,9,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ analyse: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable]
+ [min|max|avg|stddev]
+ [IAT(flow)...: 0.004| 0.144| 0.063| 0.038]
+ [IAT(c->s)...: 0.032| 0.102| 0.057| 0.022][IAT(s->c)...: 0.004| 0.144| 0.071| 0.050]
+ [PKTLEN(c->s): 99.000| 192.000| 112.400| 26.300][PKTLEN(s->c): 99.000| 99.000| 99.000| 0.000]
+ [BINS(c->s)..: 0,13,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ new: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM]
+ detected: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable]
+ new: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [MIDSTREAM]
+ new: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [MIDSTREAM]
+ analyse: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable]
+ [min|max|avg|stddev]
+ [IAT(flow)...: 0.002| 20.337| 1.801| 4.155]
+ [IAT(c->s)...: 0.002| 20.337| 2.259| 5.063][IAT(s->c)...: 0.005| 8.676| 1.245| 2.556]
+ [PKTLEN(c->s): 68.000| 814.000| 204.700| 177.400][PKTLEN(s->c): 68.000| 920.000| 288.900| 276.500]
+ [BINS(c->s)..: 8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ analyse: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable]
+ [min|max|avg|stddev]
+ [IAT(flow)...: 0.000| 21.237| 2.444| 5.342]
+ [IAT(c->s)...: 0.000| 20.472| 2.198| 5.070][IAT(s->c)...: 0.000| 21.237| 2.744| 5.641]
+ [PKTLEN(c->s): 68.000| 862.000| 226.300| 229.600][PKTLEN(s->c): 68.000| 920.000| 319.400| 299.200]
+ [BINS(c->s)..: 9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ new: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [MIDSTREAM]
+ new: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [MIDSTREAM]
+ new: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443]
+ new: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53]
+ detected: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun]
+ detected: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun]
+ RISK: Obsolete TLS (v1.1 or older)
+ detection-update: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun]
+ detection-update: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun]
+ RISK: Obsolete TLS (v1.1 or older)
+ guessed: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [HTTP_Proxy][Web][Acceptable]
+ idle: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080]
+ guessed: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [TLS.Facebook][SocialNetwork][Fun]
+ end: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912]
+ idle: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun]
+ RISK: Obsolete TLS (v1.1 or older)
+ guessed: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] [AmazonAWS][Cloud][Acceptable]
+ idle: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222]
+ guessed: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [TLS.Facebook][SocialNetwork][Fun]
+ end: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123]
+ guessed: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] [TLS.Google][Web][Acceptable]
+ end: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697]
+ guessed: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [TLS.Google][Web][Acceptable]
+ end: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380]
+ idle: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable]
+ idle: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] [KakaoTalk_Voice][VoIP][Acceptable]
+ end: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Download][Fun]
+ RISK: Binary App Transfer, Known Proto on Non Std Port
+ guessed: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [HTTP][Web][Acceptable]
+ end: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533]
+ idle: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable]
+ RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher
+ idle: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable]
+ guessed: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Web][Acceptable]
+ idle: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080]
+ idle: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable]
+ RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher
+ idle: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228]
+ idle: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun]
+ idle: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Media][Acceptable]
+ idle: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] [KakaoTalk_Voice][VoIP][Acceptable]
+ guessed: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Web][Safe]
+ idle: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947]
+ DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.