aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/classification_only
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/classification_only')
-rw-r--r--test/results/flow-info/classification_only/bittorrent_tcp_miss.pcapng.out4
-rw-r--r--test/results/flow-info/classification_only/ookla.pcap.out1
-rw-r--r--test/results/flow-info/classification_only/sip.pcap.out2
-rw-r--r--test/results/flow-info/classification_only/teams.pcap.out18
-rw-r--r--test/results/flow-info/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out2
-rw-r--r--test/results/flow-info/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out2
-rw-r--r--test/results/flow-info/classification_only/tls_1.2_unidirectional_client.pcapng.out2
-rw-r--r--test/results/flow-info/classification_only/tls_1.2_unidirectional_server.pcapng.out3
-rw-r--r--test/results/flow-info/classification_only/tls_1.3_unidirectional_client.pcapng.out2
-rw-r--r--test/results/flow-info/classification_only/tls_1.3_unidirectional_server.pcapng.out2
10 files changed, 7 insertions, 31 deletions
diff --git a/test/results/flow-info/classification_only/bittorrent_tcp_miss.pcapng.out b/test/results/flow-info/classification_only/bittorrent_tcp_miss.pcapng.out
index 4eced6429..aa800e488 100644
--- a/test/results/flow-info/classification_only/bittorrent_tcp_miss.pcapng.out
+++ b/test/results/flow-info/classification_only/bittorrent_tcp_miss.pcapng.out
@@ -3,7 +3,7 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.192.168.122.34][48987] -> [...178.71.206.1][.6881]
detected: [.....1] [ip4][..tcp] [.192.168.122.34][48987] -> [...178.71.206.1][.6881] [BitTorrent][Unknown][Download][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Susp Entropy
analyse: [.....1] [ip4][..tcp] [.192.168.122.34][48987] -> [...178.71.206.1][.6881] [BitTorrent][Unknown][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.065| 0.014| 0.017| 294.673| 3.800]
@@ -15,5 +15,5 @@
[PKTLENS.....: 60,52,40,238,464,40,511,280,108,419,328,90,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,40,40,1480,1480,1480,1480,1480,40,40,40]
[ENTROPIES...: 4.7,5.1,4.8,7.1,7.5,4.9,7.5,7.2,6.2,5.6,5.1,4.1,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,4.9,4.8,7.9,7.9,7.9,7.9,7.9,4.9,4.9,4.9]
idle: [.....1] [ip4][..tcp] [.192.168.122.34][48987] -> [...178.71.206.1][.6881] [BitTorrent][Unknown][Download][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Susp Entropy
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/classification_only/ookla.pcap.out b/test/results/flow-info/classification_only/ookla.pcap.out
index eeeabc4c9..5573435ae 100644
--- a/test/results/flow-info/classification_only/ookla.pcap.out
+++ b/test/results/flow-info/classification_only/ookla.pcap.out
@@ -11,6 +11,7 @@
new: [.....4] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080]
detected: [.....4] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Unknown][Network][Safe]
guessed: [.....2] [ip4][..tcp] [..192.168.1.192][51156] -> [..89.96.108.170][.8080] [Ookla][Unknown][Network][Safe]
+ RISK: Susp Entropy
idle: [.....2] [ip4][..tcp] [..192.168.1.192][51156] -> [..89.96.108.170][.8080]
idle: [.....1] [ip4][..tcp] [..192.168.1.192][37790] -> [185.157.229.246][.8080] [Ookla][Unknown][Network][Safe]
DAEMON-EVENT: [Processed: 70 pkts][ZLib][compressions: 0|diff: 0 / 0]
diff --git a/test/results/flow-info/classification_only/sip.pcap.out b/test/results/flow-info/classification_only/sip.pcap.out
index 6b99bbd05..fdc3e8fc6 100644
--- a/test/results/flow-info/classification_only/sip.pcap.out
+++ b/test/results/flow-info/classification_only/sip.pcap.out
@@ -49,7 +49,7 @@
update: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393]
update: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable]
idle: [.....3] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable]
- not-detected: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] [Unknown][Unknown][Unrated]
+ not-detected: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393] [Unknown][Unknown][Unspecified][Unrated]
RISK: Susp Entropy, Unidirectional Traffic
idle: [.....4] [ip4][..udp] [....192.168.1.2][30001] -> [..212.242.33.36][40393]
idle: [.....1] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable]
diff --git a/test/results/flow-info/classification_only/teams.pcap.out b/test/results/flow-info/classification_only/teams.pcap.out
index 45e6ad626..73e35011c 100644
--- a/test/results/flow-info/classification_only/teams.pcap.out
+++ b/test/results/flow-info/classification_only/teams.pcap.out
@@ -77,8 +77,6 @@
ERROR-EVENT: Unknown packet type [11/16]
ERROR-EVENT: Unknown packet type [12/16]
detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
- RISK: Unidirectional Traffic
- detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Error Code
new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][]
@@ -397,12 +395,6 @@
new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
- detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -419,10 +411,6 @@
[IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
[PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
[ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
- detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net]
new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6]
@@ -480,7 +468,7 @@
RISK: Known Proto on Non Std Port
idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe]
RISK: Known Proto on Non Std Port
- not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
+ not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unspecified][Unrated]
idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750]
idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][config.teams.microsoft.com]
idle: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
@@ -520,9 +508,9 @@
idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][northeuropecns.trafficmanager.net]
end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe]
RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
diff --git a/test/results/flow-info/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out b/test/results/flow-info/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out
index 9b324cc4e..139e9d3ce 100644
--- a/test/results/flow-info/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out
+++ b/test/results/flow-info/classification_only/tls_1.2_unidir_client_no_cert.pcapng.out
@@ -3,7 +3,5 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.192.168.12.156][39958] -> [..172.67.21.133][..443]
detected: [.....1] [ip4][..tcp] [.192.168.12.156][39958] -> [..172.67.21.133][..443] [TLS][Cloudflare][Web][Safe][sb.adtidy.org]
- RISK: Unidirectional Traffic
end: [.....1] [ip4][..tcp] [.192.168.12.156][39958] -> [..172.67.21.133][..443] [TLS][Cloudflare][Web][Safe]
- RISK: Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out b/test/results/flow-info/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out
index c54c75d01..b66d1226f 100644
--- a/test/results/flow-info/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out
+++ b/test/results/flow-info/classification_only/tls_1.2_unidir_server_no_cert.pcapng.out
@@ -3,7 +3,5 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..172.67.21.133][..443] -> [.192.168.12.156][39958]
detected: [.....1] [ip4][..tcp] [..172.67.21.133][..443] -> [.192.168.12.156][39958] [TLS][Cloudflare][Web][Safe]
- RISK: Unidirectional Traffic
end: [.....1] [ip4][..tcp] [..172.67.21.133][..443] -> [.192.168.12.156][39958] [TLS][Cloudflare][Web][Safe]
- RISK: Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/classification_only/tls_1.2_unidirectional_client.pcapng.out b/test/results/flow-info/classification_only/tls_1.2_unidirectional_client.pcapng.out
index 6e5b7a799..91ff26a82 100644
--- a/test/results/flow-info/classification_only/tls_1.2_unidirectional_client.pcapng.out
+++ b/test/results/flow-info/classification_only/tls_1.2_unidirectional_client.pcapng.out
@@ -3,7 +3,5 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.192.168.12.156][43854] -> [..216.58.209.42][..443]
detected: [.....1] [ip4][..tcp] [.192.168.12.156][43854] -> [..216.58.209.42][..443] [TLS.GoogleServices][Google][Web][Acceptable][notifications-pa.googleapis.com]
- RISK: Unidirectional Traffic
end: [.....1] [ip4][..tcp] [.192.168.12.156][43854] -> [..216.58.209.42][..443] [TLS.GoogleServices][Google][Web][Acceptable]
- RISK: Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/classification_only/tls_1.2_unidirectional_server.pcapng.out b/test/results/flow-info/classification_only/tls_1.2_unidirectional_server.pcapng.out
index 1410a061a..42198a9a9 100644
--- a/test/results/flow-info/classification_only/tls_1.2_unidirectional_server.pcapng.out
+++ b/test/results/flow-info/classification_only/tls_1.2_unidirectional_server.pcapng.out
@@ -3,9 +3,6 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..216.58.209.42][..443] -> [.192.168.12.156][43854]
detected: [.....1] [ip4][..tcp] [..216.58.209.42][..443] -> [.192.168.12.156][43854] [TLS][Google][Web][Safe]
- RISK: Unidirectional Traffic
detection-update: [.....1] [ip4][..tcp] [..216.58.209.42][..443] -> [.192.168.12.156][43854] [TLS.YouTubeUpload][Google][Media][Fun]
- RISK: Unidirectional Traffic
idle: [.....1] [ip4][..tcp] [..216.58.209.42][..443] -> [.192.168.12.156][43854] [TLS.YouTubeUpload][Google][Media][Fun]
- RISK: Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/classification_only/tls_1.3_unidirectional_client.pcapng.out b/test/results/flow-info/classification_only/tls_1.3_unidirectional_client.pcapng.out
index be71565b2..a53dfdc23 100644
--- a/test/results/flow-info/classification_only/tls_1.3_unidirectional_client.pcapng.out
+++ b/test/results/flow-info/classification_only/tls_1.3_unidirectional_client.pcapng.out
@@ -3,7 +3,5 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.192.168.12.156][39750] -> [.142.250.184.68][..443]
detected: [.....1] [ip4][..tcp] [.192.168.12.156][39750] -> [.142.250.184.68][..443] [TLS.Google][Google][Web][Acceptable][www.google.com]
- RISK: Unidirectional Traffic
end: [.....1] [ip4][..tcp] [.192.168.12.156][39750] -> [.142.250.184.68][..443] [TLS.Google][Google][Web][Acceptable]
- RISK: Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/classification_only/tls_1.3_unidirectional_server.pcapng.out b/test/results/flow-info/classification_only/tls_1.3_unidirectional_server.pcapng.out
index 60174db8b..ba126c5e1 100644
--- a/test/results/flow-info/classification_only/tls_1.3_unidirectional_server.pcapng.out
+++ b/test/results/flow-info/classification_only/tls_1.3_unidirectional_server.pcapng.out
@@ -3,7 +3,5 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.142.250.184.68][..443] -> [.192.168.12.156][39750]
detected: [.....1] [ip4][..tcp] [.142.250.184.68][..443] -> [.192.168.12.156][39750] [TLS][Google][Web][Safe]
- RISK: Unidirectional Traffic
end: [.....1] [ip4][..tcp] [.142.250.184.68][..443] -> [.192.168.12.156][39750] [TLS][Google][Web][Safe]
- RISK: Unidirectional Traffic
DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.