diff options
Diffstat (limited to 'test/results/flow-info/caches_global')
4 files changed, 10 insertions, 35 deletions
diff --git a/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out index c480d8027..34b2f59dd 100644 --- a/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out +++ b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out @@ -16,11 +16,11 @@ detected: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port detected: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic + RISK: Known Proto on Non Std Port new: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] detected: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port - detection-update: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable] + detection-update: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] detected: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] @@ -28,39 +28,25 @@ RISK: Unidirectional Traffic new: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe] - RISK: Unidirectional Traffic detection-update: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable] - RISK: Unidirectional Traffic new: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] detected: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable] - RISK: Unidirectional Traffic detection-update: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable] - RISK: Unidirectional Traffic - detection-update: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] detected: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable] - RISK: Unidirectional Traffic detection-update: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable] - RISK: Unidirectional Traffic new: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] detected: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] - detection-update: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] - RISK: Unidirectional Traffic new: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] detected: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] detection-update: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] RISK: Unidirectional Traffic idle: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic idle: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic idle: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable] - RISK: Unidirectional Traffic idle: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable] - RISK: Unidirectional Traffic idle: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable] - RISK: Unidirectional Traffic idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [RTCP][Unknown][VoIP][Acceptable] idle: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic @@ -69,9 +55,9 @@ idle: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic + RISK: Known Proto on Non Std Port idle: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic + RISK: Known Proto on Non Std Port idle: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/caches_global/ookla.pcap.out b/test/results/flow-info/caches_global/ookla.pcap.out index eeeabc4c9..5573435ae 100644 --- a/test/results/flow-info/caches_global/ookla.pcap.out +++ b/test/results/flow-info/caches_global/ookla.pcap.out @@ -11,6 +11,7 @@ new: [.....4] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] detected: [.....4] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Unknown][Network][Safe] guessed: [.....2] [ip4][..tcp] [..192.168.1.192][51156] -> [..89.96.108.170][.8080] [Ookla][Unknown][Network][Safe] + RISK: Susp Entropy idle: [.....2] [ip4][..tcp] [..192.168.1.192][51156] -> [..89.96.108.170][.8080] idle: [.....1] [ip4][..tcp] [..192.168.1.192][37790] -> [185.157.229.246][.8080] [Ookla][Unknown][Network][Safe] DAEMON-EVENT: [Processed: 70 pkts][ZLib][compressions: 0|diff: 0 / 0] diff --git a/test/results/flow-info/caches_global/teams.pcap.out b/test/results/flow-info/caches_global/teams.pcap.out index 45e6ad626..73e35011c 100644 --- a/test/results/flow-info/caches_global/teams.pcap.out +++ b/test/results/flow-info/caches_global/teams.pcap.out @@ -77,8 +77,6 @@ ERROR-EVENT: Unknown packet type [11/16] ERROR-EVENT: Unknown packet type [12/16] detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org] - RISK: Unidirectional Traffic - detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org] RISK: Error Code new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][] @@ -397,12 +395,6 @@ new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] - RISK: Unidirectional Traffic - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] - RISK: Unidirectional Traffic - detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] - detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][] new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port @@ -419,10 +411,6 @@ [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9] [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46] [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6] - detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net] new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] @@ -480,7 +468,7 @@ RISK: Known Proto on Non Std Port idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe] RISK: Known Proto on Non Std Port - not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated] + not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unspecified][Unrated] idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][config.teams.microsoft.com] idle: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun] @@ -520,9 +508,9 @@ idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][northeuropecns.trafficmanager.net] end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic + RISK: Known Proto on Non Std Port idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic + RISK: Known Proto on Non Std Port idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe] RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS diff --git a/test/results/flow-info/caches_global/zoom_p2p.pcapng.out b/test/results/flow-info/caches_global/zoom_p2p.pcapng.out index a18e8a561..013324721 100644 --- a/test/results/flow-info/caches_global/zoom_p2p.pcapng.out +++ b/test/results/flow-info/caches_global/zoom_p2p.pcapng.out @@ -93,10 +93,10 @@ RISK: Unidirectional Traffic new: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] detected: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable] - detection-update: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable] - RISK: Unidirectional Traffic update: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] RISK: Susp Entropy + detection-update: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable] + RISK: Unidirectional Traffic analyse: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.052| 0.013| 0.016| 253.890| 4.000] |