aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/default
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/default')
-rw-r--r--test/results/flow-info/default/1kxun.pcap.out132
-rw-r--r--test/results/flow-info/default/6in4tunnel.pcap.out2
-rw-r--r--test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out4
-rw-r--r--test/results/flow-info/default/KakaoTalk_chat.pcap.out102
-rw-r--r--test/results/flow-info/default/KakaoTalk_talk.pcap.out6
-rw-r--r--test/results/flow-info/default/alexa-app.pcapng.out298
-rw-r--r--test/results/flow-info/default/android.pcap.out136
-rw-r--r--test/results/flow-info/default/anyconnect-vpn.pcap.out50
-rw-r--r--test/results/flow-info/default/anydesk.pcapng.out12
-rw-r--r--test/results/flow-info/default/bt-dns.pcap.out6
-rw-r--r--test/results/flow-info/default/conncheck.pcap.out4
-rw-r--r--test/results/flow-info/default/dns-google-nsid.pcapng.out24
-rw-r--r--test/results/flow-info/default/dns.pcap.out24
-rw-r--r--test/results/flow-info/default/dns2.pcap.out10
-rw-r--r--test/results/flow-info/default/dns_ambiguous_names.pcap.out60
-rw-r--r--test/results/flow-info/default/dns_fragmented.pcap.out4
-rw-r--r--test/results/flow-info/default/dns_invert_query.pcapng.out3
-rw-r--r--test/results/flow-info/default/dns_lots_of_answers.pcapng.out14
-rw-r--r--test/results/flow-info/default/dns_multiple_transactions_same_flow.pcap.out20
-rw-r--r--test/results/flow-info/default/dns_response_only.pcap.out7
-rw-r--r--test/results/flow-info/default/dns_retransmissions.pcap.out10
-rw-r--r--test/results/flow-info/default/dropbox.pcap.out42
-rw-r--r--test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out131
-rw-r--r--test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out2
-rw-r--r--test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out8
-rw-r--r--test/results/flow-info/default/gnutella.pcap.out80
-rw-r--r--test/results/flow-info/default/instagram.pcap.out22
-rw-r--r--test/results/flow-info/default/iphone.pcap.out122
-rw-r--r--test/results/flow-info/default/lagofast.pcap.out96
-rw-r--r--test/results/flow-info/default/mullvad_dns.pcap.out6
-rw-r--r--test/results/flow-info/default/netease_games.pcapng.out8
-rw-r--r--test/results/flow-info/default/netflix.pcap.out84
-rw-r--r--test/results/flow-info/default/nintendo.pcap.out22
-rw-r--r--test/results/flow-info/default/nordvpn.pcap.out42
-rw-r--r--test/results/flow-info/default/ocs.pcap.out34
-rw-r--r--test/results/flow-info/default/punycode-idn.pcap.out6
-rw-r--r--test/results/flow-info/default/quic-27.pcap.out4
-rw-r--r--test/results/flow-info/default/quic_q46.pcap.out4
-rw-r--r--test/results/flow-info/default/signal.pcap.out6
-rw-r--r--test/results/flow-info/default/sites.pcapng.out32
-rw-r--r--test/results/flow-info/default/soap.pcap.out4
-rw-r--r--test/results/flow-info/default/ssdp-m-search-ua.pcap.out4
-rw-r--r--test/results/flow-info/default/ssdp.pcapng.out7
-rw-r--r--test/results/flow-info/default/starcraft_battle.pcap.out4
-rw-r--r--test/results/flow-info/default/syslog.pcap.out4
-rw-r--r--test/results/flow-info/default/teams.pcap.out170
-rw-r--r--test/results/flow-info/default/telegram.pcap.out54
-rw-r--r--test/results/flow-info/default/telegram_voice.pcapng.out6
-rw-r--r--test/results/flow-info/default/tls-rdn-extract.pcap.out4
-rw-r--r--test/results/flow-info/default/tls_certificate_too_long.pcap.out96
-rw-r--r--test/results/flow-info/default/tls_heur__shadowsocks-tcp.pcapng.out8
-rw-r--r--test/results/flow-info/default/tls_heur__trojan-tcp-tls.pcapng.out20
-rw-r--r--test/results/flow-info/default/tls_heur__vmess-tcp-tls.pcapng.out20
-rw-r--r--test/results/flow-info/default/tls_heur__vmess-tcp.pcapng.out8
-rw-r--r--test/results/flow-info/default/tls_heur__vmess-websocket.pcapng.out6
-rw-r--r--test/results/flow-info/default/tor-browser.pcap.out70
-rw-r--r--test/results/flow-info/default/ubntac2.pcap.out59
-rw-r--r--test/results/flow-info/default/viber.pcap.out49
-rw-r--r--test/results/flow-info/default/wa_video.pcap.out12
-rw-r--r--test/results/flow-info/default/wa_voice.pcap.out50
-rw-r--r--test/results/flow-info/default/wechat.pcap.out102
-rw-r--r--test/results/flow-info/default/weibo.pcap.out60
-rw-r--r--test/results/flow-info/default/whatsapp_login_call.pcap.out20
-rw-r--r--test/results/flow-info/default/whatsapp_login_chat.pcap.out6
-rw-r--r--test/results/flow-info/default/zoom.pcap.out34
65 files changed, 1429 insertions, 1127 deletions
diff --git a/test/results/flow-info/default/1kxun.pcap.out b/test/results/flow-info/default/1kxun.pcap.out
index 7b3376352..cc644d2aa 100644
--- a/test/results/flow-info/default/1kxun.pcap.out
+++ b/test/results/flow-info/default/1kxun.pcap.out
@@ -4,16 +4,16 @@
new: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355]
detected: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900]
- detected: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900]
- detected: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68]
detected: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Unknown][Network][Acceptable][]
new: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] [MIDSTREAM]
new: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900]
- detected: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900]
- detected: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][shen]
new: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547]
@@ -23,19 +23,19 @@
new: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355]
detected: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900]
- detected: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355]
detected: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53]
- detected: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi]
- detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi]
+ detected: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][jp.kankan.1kxun.mobi]
+ detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][jp.kankan.1kxun.mobi]
RISK: Unidirectional Traffic
- detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi]
+ detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][jp.kankan.1kxun.mobi]
new: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80]
detected: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi]
new: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53]
- detected: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com]
- detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com]
+ detected: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][kankan.1kxun.com]
+ detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][kankan.1kxun.com]
RISK: Unidirectional Traffic
new: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] [MIDSTREAM]
new: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137]
@@ -47,22 +47,22 @@
detected: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
RISK: Non-Printable/Invalid Chars Detected
new: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900]
- detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976]
new: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976]
new: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53]
- detected: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com]
- detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com]
+ detected: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS][Unknown][Network][Acceptable][kankan.1kxun.com]
+ detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS][Unknown][Network][Acceptable][kankan.1kxun.com]
RISK: Unidirectional Traffic
- detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com]
+ detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS][Unknown][Network][Acceptable][kankan.1kxun.com]
new: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80]
- detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com]
+ detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][kankan.1kxun.com]
detected: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] [HTTP.1kxun][Unknown][Streaming][Fun][kankan.1kxun.com]
new: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53]
- detected: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com]
- detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com]
+ detected: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][pic.1kxun.com]
+ detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][pic.1kxun.com]
RISK: Unidirectional Traffic
- detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com]
+ detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][pic.1kxun.com]
new: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80]
new: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80]
new: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80]
@@ -153,10 +153,10 @@
detected: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170]
RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
new: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53]
- detected: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com]
- detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com]
+ detected: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][vv.video.qq.com]
+ detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][vv.video.qq.com]
RISK: Unidirectional Traffic
- detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com]
+ detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][vv.video.qq.com]
new: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80]
detected: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] [HTTP.QQ][Unknown][Chat][Fun][vv.video.qq.com]
new: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080]
@@ -166,7 +166,7 @@
new: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355]
detected: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900]
- detected: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443]
detected: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS
@@ -195,15 +195,15 @@
detection-update: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Media][Acceptable][183.131.48.144]
RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
new: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900]
- detected: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900]
- detected: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355]
detected: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355]
detected: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900]
- detected: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67]
detected: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air]
new: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947]
@@ -240,7 +240,7 @@
new: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67]
detected: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][joanna-pc]
new: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900]
- detected: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353]
detected: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local]
new: [....77] [ip4][..udp] [..192.168.2.186][32768] -> [255.255.255.255][.1947]
@@ -255,9 +255,9 @@
new: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355]
detected: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900]
- detected: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900]
- detected: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900]
+ detected: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02]
new: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355]
detected: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [....86] [ip4][..udp] [.59.120.208.212][32768] -> [255.255.255.255][.1947]
@@ -314,8 +314,8 @@
detection-update: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75]
RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS
new: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53]
- detected: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS.Line][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp]
- detection-update: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS.Line][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp]
+ detected: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp]
+ detection-update: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp]
new: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80]
new: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80]
detected: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] [HTTP.Line][Unknown][Chat][Acceptable][dl-obs.official.line.naver.jp]
@@ -339,26 +339,26 @@
RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS
update: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][shen]
update: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wpad]
- update: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- update: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ update: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
update: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????]
RISK: Non-Printable/Invalid Chars Detected
update: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976]
update: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976]
- update: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- update: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ update: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????]
RISK: Non-Printable/Invalid Chars Detected
update: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][jason-pc]
update: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Unknown][Network][Acceptable]
- update: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c]
update: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad]
- update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com]
- update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi]
- update: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com]
+ update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS][Unknown][Network][Acceptable][kankan.1kxun.com]
+ update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][jp.kankan.1kxun.mobi]
+ update: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][kankan.1kxun.com]
update: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c]
analyse: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
min| max| avg| stddev| variance| entropy
@@ -394,15 +394,15 @@
detected: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355]
detected: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
- update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com]
- update: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- update: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][vv.video.qq.com]
+ update: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ update: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976]
- update: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????]
RISK: Non-Printable/Invalid Chars Detected
update: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][notebook]
- update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com]
+ update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][pic.1kxun.com]
update: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc]
update: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc]
update: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad]
@@ -410,7 +410,7 @@
update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad]
update: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air]
update: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-]
- update: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????]
RISK: Non-Printable/Invalid Chars Detected
DAEMON-EVENT: [Processed: 1032 pkts][ZLib][compressions: 0|diff: 0 / 0]
@@ -434,7 +434,7 @@
detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com]
new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM]
detected: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com]
- idle: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS.Line][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp]
+ idle: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp]
idle: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][shen]
idle: [...126] [ip4][..udp] [...192.168.5.50][49766] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc]
idle: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc]
@@ -442,18 +442,18 @@
RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
idle: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170]
RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
- idle: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com]
+ idle: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][vv.video.qq.com]
idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable]
idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????]
RISK: Non-Printable/Invalid Chars Detected
idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][wpad]
- idle: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....63] [ip4][..udp] [..192.168.3.236][51714] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][isatap]
- idle: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- idle: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ idle: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [...113] [ip4][..tcp] [.....31.13.87.1][..443] -> [...192.168.5.16][53578] [TLS][Facebook][Web][Safe]
idle: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS][Facebook][Web][Safe]
- idle: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
not-detected: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated]
idle: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976]
idle: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
@@ -462,7 +462,7 @@
idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable]
idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Mikrotik][Unknown][Network][Acceptable]
idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][wangs-ltw]
- idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc]
not-detected: [....66] [ip6][..udp] [.......2001:b020:6::c2a0:bbff:fe73:eb57][62976] -> [................................ff02::1][62976] [Unknown][Unknown][Unrated]
idle: [....66] [ip6][..udp] [.......2001:b020:6::c2a0:bbff:fe73:eb57][62976] -> [................................ff02::1][62976]
@@ -480,14 +480,14 @@
idle: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][????????????]
RISK: Non-Printable/Invalid Chars Detected
idle: [...121] [ip4][..udp] [...192.168.5.41][55593] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][kevin-pc]
- idle: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][isatap]
idle: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][sonusav]
idle: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][notebook]
- idle: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Mikrotik][Unknown][Network][Acceptable]
idle: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc]
- idle: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com]
+ idle: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][pic.1kxun.com]
idle: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc]
idle: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc]
idle: [....92] [ip4][..udp] [...192.168.5.44][58702] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][jason-pc]
@@ -523,7 +523,7 @@
idle: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][kevin-pc]
idle: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][joanna-pc]
idle: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Unknown][Network][Acceptable]
- idle: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][charming-pc]
guessed: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] [TLS][Unknown][Web][Safe]
idle: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443]
@@ -536,7 +536,7 @@
idle: [...112] [ip4][..udp] [....192.168.5.9][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc]
idle: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][joanna-pc]
idle: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] [HTTP.1kxun][Unknown][Streaming][Fun][kankan.1kxun.com]
- idle: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] [HTTP.QQ][Unknown][Chat][Fun][vv.video.qq.com]
idle: [...122] [ip4][..udp] [...192.168.5.57][64428] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][usher-pc]
idle: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][gfile]
@@ -551,7 +551,7 @@
idle: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947]
idle: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][kevin-pc]
idle: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad]
- idle: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900]
+ idle: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02]
idle: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air]
idle: [...103] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][64568] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][caesar-thinkpad]
idle: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][sc.arrancar.org]
@@ -563,7 +563,7 @@
idle: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][]
idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80]
- idle: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com]
+ idle: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS][Unknown][Network][Acceptable][kankan.1kxun.com]
idle: [...120] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][57148] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][kevin-pc]
idle: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c]
guessed: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][]
@@ -585,13 +585,13 @@
RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
idle: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????]
RISK: Non-Printable/Invalid Chars Detected
- idle: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
- idle: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi]
- idle: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- idle: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][jp.kankan.1kxun.mobi]
+ idle: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ idle: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][isatap]
- idle: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com]
+ idle: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][kankan.1kxun.com]
idle: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][????????????]
RISK: Non-Printable/Invalid Chars Detected
idle: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][ro_x1c]
@@ -783,7 +783,7 @@
new: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [MIDSTREAM]
detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io]
new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM]
- detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com]
+ detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com]
new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM]
detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io]
new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM]
@@ -836,7 +836,7 @@
idle: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable][tcad.wedolook.com]
idle: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com]
RISK: Error Code
- idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com]
+ idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.PlayStore][Google][SoftwareUpdate][Safe][play.google.com]
idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi]
RISK: Binary File/Data Transfer (Attempt)
idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com]
diff --git a/test/results/flow-info/default/6in4tunnel.pcap.out b/test/results/flow-info/default/6in4tunnel.pcap.out
index a9906e0c5..8d6b80d9c 100644
--- a/test/results/flow-info/default/6in4tunnel.pcap.out
+++ b/test/results/flow-info/default/6in4tunnel.pcap.out
@@ -13,5 +13,7 @@
[PKTLENS.....: 124,124,186,124,124,124,124,124,124,124,124,124,124,124,124,124,124,119,119,259,247,100,100,92,296,92,1490,1897,92,92,254,145]
[ENTROPIES...: 5.7,5.7,5.6,5.7,5.7,5.7,5.7,5.7,5.7,5.7,5.8,5.6,5.7,5.7,5.7,5.7,5.7,4.7,4.7,4.8,4.9,5.2,5.8,5.5,5.8,5.6,6.9,7.0,5.5,5.5,6.7,6.0]
not-detected: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] [Unknown][Unknown][Unrated]
+ RISK: Susp Entropy
idle: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26] [Unknown][Unknown][Unrated]
+ RISK: Susp Entropy
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index ed3249628..07aa8c41c 100644
--- a/test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -31,6 +31,8 @@
[IATS(ms)....: 20.8,19.1,39.5,1.4,20.0,20.0,19.3,20.5,19.6,19.9,21.0,20.3,18.5,20.4,19.7,19.9,20.4,20.2,19.7,20.4,19.3,20.5,20.1,20.0,19.6,20.0,19.9,20.3,20.2,19.8,20.0]
[PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200]
[ENTROPIES...: 1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,2.4,2.4,2.4,2.5,2.4,2.5,2.5,2.5,2.5,2.5,2.4,2.4,2.4,2.4,2.5,2.5,2.5,2.5,2.4,2.4,2.5]
+ detection-update: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Unknown][Media][Acceptable]
+ RISK: Unidirectional Traffic
update: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][Unknown][VoIP][Acceptable]
analyse: [.....3] [ip4][..udp] [....10.35.40.25][.5060] -> [...10.35.40.200][.5060] [SIP][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
@@ -43,11 +45,13 @@
[PKTLENS.....: 905,905,290,290,474,474,811,811,438,438,880,880,411,411,779,779,479,479,446,446,558,558,832,832,350,350,461,461,438,438,909,909]
[ENTROPIES...: 5.7,5.7,5.6,5.6,5.6,5.6,5.7,5.7,5.6,5.6,5.7,5.7,5.6,5.6,5.8,5.8,5.6,5.6,5.6,5.6,5.7,5.7,5.7,5.7,5.6,5.6,5.6,5.6,5.6,5.6,5.7,5.7]
update: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Unknown][Media][Acceptable]
+ RISK: Unidirectional Traffic
update: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] [SIP][Unknown][VoIP][Acceptable]
update: [.....2] [ip4][..udp] [....10.35.60.72][.5060] -> [...10.35.60.100][.5060] [SIP][Unknown][VoIP][Acceptable]
update: [.....3] [ip4][..udp] [....10.35.40.25][.5060] -> [...10.35.40.200][.5060] [SIP][Unknown][VoIP][Acceptable]
update: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][Unknown][VoIP][Acceptable]
idle: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Unknown][Media][Acceptable]
+ RISK: Unidirectional Traffic
idle: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][Unknown][VoIP][Acceptable]
idle: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] [SIP][Unknown][VoIP][Acceptable]
idle: [.....3] [ip4][..udp] [....10.35.40.25][.5060] -> [...10.35.40.200][.5060] [SIP][Unknown][VoIP][Acceptable]
diff --git a/test/results/flow-info/default/KakaoTalk_chat.pcap.out b/test/results/flow-info/default/KakaoTalk_chat.pcap.out
index 2f2ebc5d1..be56e3338 100644
--- a/test/results/flow-info/default/KakaoTalk_chat.pcap.out
+++ b/test/results/flow-info/default/KakaoTalk_chat.pcap.out
@@ -2,41 +2,41 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53]
- detected: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][auth.kakao.com]
+ detected: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][auth.kakao.com]
new: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53]
- detected: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][ac-talk.kakao.com]
+ detected: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][ac-talk.kakao.com]
new: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53]
- detected: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][katalk.kakao.com]
- detection-update: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][ac-talk.kakao.com]
- detection-update: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][auth.kakao.com]
- detection-update: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][katalk.kakao.com]
+ detected: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][katalk.kakao.com]
+ detection-update: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][ac-talk.kakao.com]
+ detection-update: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][auth.kakao.com]
+ detection-update: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][katalk.kakao.com]
new: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53]
- detected: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][booking.loco.kakao.com]
+ detected: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][booking.loco.kakao.com]
new: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53]
- detected: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-m.talk.kakao.com]
+ detected: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-m.talk.kakao.com]
new: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53]
- detected: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][item.kakao.com]
- detection-update: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][item.kakao.com]
- detection-update: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-m.talk.kakao.com]
- detection-update: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][booking.loco.kakao.com]
+ detected: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][item.kakao.com]
+ detection-update: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][item.kakao.com]
+ detection-update: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-m.talk.kakao.com]
+ detection-update: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][booking.loco.kakao.com]
new: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53]
- detected: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-p.talk.kakao.com]
+ detected: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-p.talk.kakao.com]
new: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53]
- detected: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-v.talk.kakao.com]
+ detected: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-v.talk.kakao.com]
new: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53]
- detected: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-c.talk.kakao.com]
- detection-update: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-p.talk.kakao.com]
- detection-update: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-v.talk.kakao.com]
- detection-update: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-c.talk.kakao.com]
+ detected: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-c.talk.kakao.com]
+ detection-update: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-p.talk.kakao.com]
+ detection-update: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-v.talk.kakao.com]
+ detection-update: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-c.talk.kakao.com]
new: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53]
- detected: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-a.talk.kakao.com]
+ detected: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-a.talk.kakao.com]
new: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53]
- detected: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-gp.talk.kakao.com]
+ detected: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-gp.talk.kakao.com]
new: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53]
- detected: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][dn-l.talk.kakao.com]
- detection-update: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-a.talk.kakao.com]
- detection-update: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][dn-l.talk.kakao.com]
- detection-update: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-gp.talk.kakao.com]
+ detected: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][dn-l.talk.kakao.com]
+ detection-update: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-a.talk.kakao.com]
+ detection-update: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][dn-l.talk.kakao.com]
+ detection-update: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-gp.talk.kakao.com]
new: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080]
new: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] [MIDSTREAM]
new: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443]
@@ -44,11 +44,11 @@
RISK: Obsolete TLS (v1.1 or older)
new: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] [MIDSTREAM]
new: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53]
- detected: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
+ detected: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][plus-talk.kakao.com]
new: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53]
- detected: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
- detection-update: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
- detection-update: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
+ detected: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS][Unknown][Network][Acceptable][plus-talk.kakao.com]
+ detection-update: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][plus-talk.kakao.com]
+ detection-update: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS][Unknown][Network][Acceptable][plus-talk.kakao.com]
new: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1]
detected: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Unknown][Network][Acceptable]
new: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443]
@@ -63,32 +63,32 @@
detected: [....22] [ip4][..tcp] [....31.13.68.73][..443] -> [...10.24.82.188][47007] [TLS][Facebook][Web][Safe]
detected: [....21] [ip4][..tcp] [...10.24.82.188][37553] -> [....31.13.68.84][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
new: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53]
- detected: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][api.facebook.com]
+ detected: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][api.facebook.com]
detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][]
RISK: Obsolete TLS (v1.1 or older)
- detection-update: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][api.facebook.com]
+ detection-update: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][api.facebook.com]
new: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443]
detected: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][api.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53]
- detected: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
+ detected: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][graph.facebook.com]
detection-update: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][api.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][api.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
+ detection-update: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][graph.facebook.com]
new: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443]
detected: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53]
- detected: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][developers.facebook.com]
+ detected: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][developers.facebook.com]
detection-update: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][developers.facebook.com]
+ detection-update: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][developers.facebook.com]
new: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53]
detected: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][2.97.252.173.in-addr.arpa]
new: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443]
@@ -161,7 +161,7 @@
new: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223]
detected: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe][]
RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older)
- idle: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-m.talk.kakao.com]
+ idle: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-m.talk.kakao.com]
idle: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][2.97.252.173.in-addr.arpa]
end: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
@@ -170,26 +170,26 @@
idle: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS][Google][Web][Safe]
end: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS.KakaoTalk][Unknown][Chat][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
- idle: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
+ idle: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][graph.facebook.com]
idle: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
idle: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
guessed: [....31] [ip4][..tcp] [...10.24.82.188][42332] -> [.210.103.240.15][..443] [TLS][Unknown][Web][Safe]
end: [....31] [ip4][..tcp] [...10.24.82.188][42332] -> [.210.103.240.15][..443]
- idle: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-c.talk.kakao.com]
- idle: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][api.facebook.com]
- idle: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][katalk.kakao.com]
- idle: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-gp.talk.kakao.com]
+ idle: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-c.talk.kakao.com]
+ idle: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][api.facebook.com]
+ idle: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][katalk.kakao.com]
+ idle: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-gp.talk.kakao.com]
end: [....21] [ip4][..tcp] [...10.24.82.188][37553] -> [....31.13.68.84][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
end: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
- idle: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][item.kakao.com]
+ idle: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][item.kakao.com]
guessed: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] [HTTP][Unknown][Web][Acceptable][]
RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt
end: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503]
- idle: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
- idle: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
- idle: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-a.talk.kakao.com]
+ idle: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS][Unknown][Network][Acceptable][plus-talk.kakao.com]
+ idle: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][plus-talk.kakao.com]
+ idle: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-a.talk.kakao.com]
idle: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Unknown][Network][Acceptable]
@@ -200,20 +200,20 @@
idle: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
end: [....22] [ip4][..tcp] [....31.13.68.73][..443] -> [...10.24.82.188][47007] [TLS][Facebook][Web][Safe]
- idle: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][ac-talk.kakao.com]
+ idle: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][ac-talk.kakao.com]
guessed: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] [HTTP][Google][Web][Acceptable][]
end: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922]
- idle: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][developers.facebook.com]
+ idle: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][developers.facebook.com]
guessed: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Unknown][Web][Safe]
idle: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947]
- idle: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][auth.kakao.com]
- idle: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-p.talk.kakao.com]
+ idle: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][auth.kakao.com]
+ idle: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-p.talk.kakao.com]
guessed: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][]
RISK: Fully Encrypted Flow
idle: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080]
idle: [....36] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [TLS][Google][Web][Safe]
RISK: Known Proto on Non Std Port
- idle: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-v.talk.kakao.com]
- idle: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][booking.loco.kakao.com]
- idle: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][dn-l.talk.kakao.com]
+ idle: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][up-v.talk.kakao.com]
+ idle: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][booking.loco.kakao.com]
+ idle: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][dn-l.talk.kakao.com]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/KakaoTalk_talk.pcap.out b/test/results/flow-info/default/KakaoTalk_talk.pcap.out
index 4c4862263..b0c15e100 100644
--- a/test/results/flow-info/default/KakaoTalk_talk.pcap.out
+++ b/test/results/flow-info/default/KakaoTalk_talk.pcap.out
@@ -80,10 +80,10 @@
new: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [MIDSTREAM]
new: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443]
new: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53]
- detected: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][mqtt.facebook.com]
+ detected: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][mqtt.facebook.com]
detected: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
- detection-update: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][mqtt.facebook.com]
+ detection-update: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][mqtt.facebook.com]
detection-update: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
guessed: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [TLS][Facebook][Web][Safe]
@@ -101,7 +101,7 @@
guessed: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] [TLS][Google][Web][Safe]
RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt
end: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697]
- idle: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][mqtt.facebook.com]
+ idle: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][mqtt.facebook.com]
guessed: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [HTTP][Unknown][Web][Acceptable][]
end: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533]
guessed: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][]
diff --git a/test/results/flow-info/default/alexa-app.pcapng.out b/test/results/flow-info/default/alexa-app.pcapng.out
index 63116a883..08d21f12c 100644
--- a/test/results/flow-info/default/alexa-app.pcapng.out
+++ b/test/results/flow-info/default/alexa-app.pcapng.out
@@ -14,35 +14,35 @@
new: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2]
detected: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
new: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53]
- detected: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
- detection-update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ detected: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ detection-update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
new: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53]
- detected: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
- detection-update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ detected: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ detection-update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
new: [.....8] [ip4][..tcp] [..172.16.42.216][60246] -> [..172.217.9.142][...80]
detected: [.....8] [ip4][..tcp] [..172.16.42.216][60246] -> [..172.217.9.142][...80] [HTTP.Google][Google][ConnCheck][Acceptable][connectivitycheck.android.com]
new: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53]
- detected: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][mtalk.google.com]
+ detected: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com]
new: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53]
- detected: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- detection-update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- detection-update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][mtalk.google.com]
+ detected: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ detection-update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ detection-update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com]
new: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228]
detected: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228] [TLS.GoogleServices][Google][Web][Acceptable][mtalk.google.com]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
detection-update: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228] [TLS.GoogleServices][Google][Web][Acceptable][mtalk.google.com]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
new: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53]
- detected: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- detection-update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
+ detected: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ detection-update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
new: [....13] [ip4][..tcp] [..172.16.42.216][35540] -> [..172.217.9.142][...80]
detected: [....13] [ip4][..tcp] [..172.16.42.216][35540] -> [..172.217.9.142][...80] [HTTP.Google][Google][ConnCheck][Acceptable][connectivitycheck.android.com]
new: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216]
detected: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
new: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53]
- detected: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- detection-update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
+ detected: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ detection-update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
new: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443]
detected: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -51,8 +51,8 @@
detection-update: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53]
- detected: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
- detection-update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
+ detected: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
+ detection-update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
new: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443]
detected: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][mads.amazon-adsystem.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -61,8 +61,8 @@
detection-update: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][mads.amazon-adsystem.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53]
- detected: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
- detection-update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
+ detected: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
+ detection-update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
new: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443]
detected: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][firs-ta-g7g.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -71,15 +71,15 @@
detection-update: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][firs-ta-g7g.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53]
- detected: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
- detection-update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
+ detected: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
+ detection-update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
new: [....22] [ip4][..tcp] [..172.16.42.216][49572] -> [..52.94.232.134][...80]
detected: [....22] [ip4][..tcp] [..172.16.42.216][49572] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
new: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16]
detected: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
new: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53]
- detected: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
- detection-update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
+ detected: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
+ detection-update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
new: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443]
detected: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com]
detection-update: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com]
@@ -88,8 +88,8 @@
detected: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com]
detection-update: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][cognito-identity.us-east-1.amazonaws.com]
new: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53]
- detected: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
- detection-update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
+ detected: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
+ detection-update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
new: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443]
detected: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
detection-update: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
@@ -106,12 +106,12 @@
RISK: Weak TLS Cipher
new: [....33] [ip4][..tcp] [..172.16.42.216][40202] -> [.10.201.126.241][.8080]
new: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53]
- detected: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ detected: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
new: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53]
- detected: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- detection-update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ detected: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ detection-update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
new: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443]
- detection-update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
+ detection-update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
new: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443]
new: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443]
detected: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
@@ -135,7 +135,7 @@
detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
detection-update: [....36] [ip4][..tcp] [..172.16.42.216][34019] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
new: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53]
- detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
+ detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com]
ERROR-EVENT: Unknown packet type [1/16]
analyse: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
@@ -147,7 +147,7 @@
[IATS(ms)....: 55.7,59.3,1.4,66.6,0.4,0.1,64.1,4.8,0.3,2.7,66.9,3.1,100.8,8.3,108.4,5.9,66.9,500.8,354.1,941.1,3.0,88.7,111.8,176.5,0.2,64.7,9.2,104.2,1015.9,966.5,45.6]
[PKTLENS.....: 60,48,40,247,1500,1500,385,40,40,40,366,46,99,40,1122,46,941,40,1106,1106,46,493,40,1154,46,877,40,40,46,40,46,40]
[ENTROPIES...: 4.6,5.1,4.8,5.5,6.8,7.3,7.4,4.8,4.8,4.7,7.3,4.7,6.0,4.9,7.8,4.5,7.8,4.8,7.8,7.8,4.6,7.6,4.8,7.8,4.6,7.7,4.9,4.9,4.5,4.8,4.5,4.8]
- detection-update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
+ detection-update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com]
new: [....41] [ip4][..tcp] [..172.16.42.216][42129] -> [..72.21.206.135][..443]
new: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443]
detected: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
@@ -248,16 +248,16 @@
update: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
new: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443]
new: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53]
- detected: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
+ detected: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
detected: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
- detection-update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
+ detection-update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
new: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443]
detection-update: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
detected: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
detection-update: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
new: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53]
- detected: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][api.amazon.com]
- detection-update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][api.amazon.com]
+ detected: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][api.amazon.com]
+ detection-update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][api.amazon.com]
new: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443]
detected: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][api.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -289,14 +289,14 @@
new: [....67] [ip4][..tcp] [..172.16.42.216][45693] -> [..52.94.232.134][..443]
new: [....68] [ip4][..tcp] [..172.16.42.216][45694] -> [..52.94.232.134][..443]
new: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53]
- detected: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
+ detected: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
detected: [....66] [ip4][..tcp] [..172.16.42.216][49606] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
new: [....70] [ip4][..tcp] [..172.16.42.216][45695] -> [..52.94.232.134][..443]
detected: [....68] [ip4][..tcp] [..172.16.42.216][45694] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
detected: [....67] [ip4][..tcp] [..172.16.42.216][45693] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
new: [....71] [ip4][..tcp] [..172.16.42.216][45696] -> [..52.94.232.134][..443]
new: [....72] [ip4][..tcp] [..172.16.42.216][45697] -> [..52.94.232.134][..443]
- detection-update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
+ detection-update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
new: [....73] [ip4][..tcp] [..172.16.42.216][59698] -> [..52.94.232.134][..443]
detection-update: [....68] [ip4][..tcp] [..172.16.42.216][45694] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
RISK: Weak TLS Cipher
@@ -321,11 +321,11 @@
RISK: Weak TLS Cipher
update: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][android-1c1335ec95a27318]
update: [.....4] [ip4][..udp] [....172.16.42.1][...67] -> [..172.16.42.216][...68] [DHCP][Unknown][Network][Acceptable]
- update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
- update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][mtalk.google.com]
- update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com]
+ update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
update: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
new: [....75] [ip4][..tcp] [..172.16.42.216][37113] -> [..52.94.232.134][..443]
detected: [....75] [ip4][..tcp] [..172.16.42.216][37113] -> [..52.94.232.134][..443] [TLS][AmazonAWS][Web][Safe][]
@@ -342,11 +342,11 @@
new: [....79] [ip4][..tcp] [..172.16.42.216][34054] -> [..54.239.24.186][..443]
detected: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
detection-update: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
- update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
- update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
- update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
- update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
+ update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
+ update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
+ update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
+ update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
new: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443]
new: [....81] [ip4][..tcp] [..172.16.42.216][45704] -> [..52.94.232.134][..443]
new: [....82] [ip4][..tcp] [..172.16.42.216][45705] -> [..52.94.232.134][..443]
@@ -402,9 +402,9 @@
new: [....94] [ip4][..tcp] [..172.16.42.216][34069] -> [..54.239.24.186][..443]
detected: [....94] [ip4][..tcp] [..172.16.42.216][34069] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
new: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53]
- detected: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
+ detected: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
detection-update: [....94] [ip4][..tcp] [..172.16.42.216][34069] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
- detection-update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
+ detection-update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
new: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443]
new: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443]
detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
@@ -431,8 +431,8 @@
[PKTLENS.....: 60,60,48,40,279,48,40,125,93,40,40,99,1500,254,46,46,46,541,1500,206,46,701,1500,238,46,557,40,1500,206,46,1500,46]
[ENTROPIES...: 4.7,4.6,5.1,4.8,5.9,5.1,4.9,6.0,6.1,4.8,4.9,5.8,7.9,7.2,4.7,4.6,4.6,7.6,7.9,7.0,4.7,7.7,7.9,7.1,4.6,7.6,4.9,7.9,6.9,4.5,7.9,4.5]
new: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53]
- detected: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
- detection-update: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
+ detected: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
+ detection-update: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
new: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443]
detected: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][dp-gw-na-js.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -443,10 +443,10 @@
update: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
update: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
- update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
- update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
- update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
+ update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com]
+ update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
update: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
detection-update: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
RISK: Weak TLS Cipher
@@ -460,8 +460,8 @@
detection-update: [...102] [ip4][..tcp] [..172.16.42.216][41825] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
update: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
new: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53]
- detected: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][skills-store.amazon.com]
- detection-update: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][skills-store.amazon.com]
+ detected: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][skills-store.amazon.com]
+ detection-update: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][skills-store.amazon.com]
new: [...104] [ip4][..tcp] [..172.16.42.216][40853] -> [..54.239.29.253][..443]
new: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443]
new: [...106] [ip4][..tcp] [..172.16.42.216][40855] -> [..54.239.29.253][..443]
@@ -516,8 +516,8 @@
[PKTLENS.....: 60,48,40,232,46,1500,1500,522,232,232,40,40,40,166,46,46,46,85,40,1500,276,46,198,104,278,233,232,46,46,258,40,342]
[ENTROPIES...: 4.7,5.1,4.8,5.5,4.6,7.2,7.3,7.6,5.5,5.5,4.8,4.9,4.7,6.3,4.5,4.5,4.8,5.6,4.8,7.9,7.2,4.5,6.8,6.0,7.1,7.0,6.9,4.5,4.6,7.0,4.8,7.3]
new: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53]
- detected: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
- detection-update: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
+ detected: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
+ detection-update: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
new: [...109] [ip4][..tcp] [..172.16.42.216][45728] -> [..52.94.232.134][..443]
new: [...110] [ip4][..tcp] [..172.16.42.216][45729] -> [..52.94.232.134][..443]
new: [...111] [ip4][..tcp] [..172.16.42.216][45730] -> [..52.94.232.134][..443]
@@ -539,29 +539,29 @@
detection-update: [...113] [ip4][..tcp] [..172.16.42.216][45732] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
RISK: Weak TLS Cipher
new: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53]
- detected: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
- detection-update: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ detected: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ detection-update: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
new: [...115] [ip4][..tcp] [..172.16.42.216][37551] -> [..54.239.24.180][..443]
new: [...116] [ip4][..tcp] [..172.16.42.216][37552] -> [..54.239.24.180][..443]
detected: [...115] [ip4][..tcp] [..172.16.42.216][37551] -> [..54.239.24.180][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
- update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
- update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][api.amazon.com]
- update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
+ update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
+ update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][api.amazon.com]
+ update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
detection-update: [...115] [ip4][..tcp] [..172.16.42.216][37551] -> [..54.239.24.180][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
update: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][android-1c1335ec95a27318]
update: [.....4] [ip4][..udp] [....172.16.42.1][...67] -> [..172.16.42.216][...68] [DHCP][Unknown][Network][Acceptable]
- update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
- update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][mtalk.google.com]
- update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com]
+ update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
new: [...117] [ip4][..tcp] [..172.16.42.216][40864] -> [..54.239.29.253][..443]
detected: [...117] [ip4][..tcp] [..172.16.42.216][40864] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][skills-store.amazon.com]
detection-update: [...117] [ip4][..tcp] [..172.16.42.216][40864] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][skills-store.amazon.com]
RISK: Weak TLS Cipher
new: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53]
- detected: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][ecx.images-amazon.com]
- detection-update: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][ecx.images-amazon.com]
+ detected: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][ecx.images-amazon.com]
+ detection-update: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][ecx.images-amazon.com]
new: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80]
new: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80]
new: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80]
@@ -624,19 +624,19 @@
update: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
update: [....14] [ip4][.icmp] [....172.16.42.1] -> [..172.16.42.216] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
- update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
- update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
- update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
- update: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
- update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
- update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
- update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
- update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
+ update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
+ update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
+ update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
+ update: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
+ update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com]
+ update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
+ update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
update: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
update: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
- update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
+ update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
analyse: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.511| 0.042| 0.110| 12114.281| 2.500]
@@ -677,11 +677,11 @@
end: [....25] [ip4][..tcp] [..172.16.42.216][38363] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
idle: [....23] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
idle: [.....5] [ip6][icmp6] [..............fe80::7af8:82ff:fed3:fbc2] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
- update: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][skills-store.amazon.com]
- update: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
+ update: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][skills-store.amazon.com]
+ update: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
new: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53]
- detected: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
- detection-update: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
+ detected: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
+ detection-update: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
new: [...136] [ip4][..tcp] [..172.16.42.216][39750] -> [..52.94.232.134][..443]
detected: [...136] [ip4][..tcp] [..172.16.42.216][39750] -> [..52.94.232.134][..443] [TLS][AmazonAWS][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
@@ -732,19 +732,19 @@
end: [....32] [ip4][..tcp] [..172.16.42.216][38391] -> [...192.168.11.1][.8080]
end: [....26] [ip4][..tcp] [..172.16.42.216][38364] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
update: [.....3] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][android-1c1335ec95a27318]
- update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
- update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][api.amazon.com]
- update: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ update: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
+ update: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][api.amazon.com]
+ update: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
update: [.....4] [ip4][..udp] [....172.16.42.1][...67] -> [..172.16.42.216][...68] [DHCP][Unknown][Network][Acceptable]
- update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
- update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][mtalk.google.com]
- update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ update: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ update: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ update: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com]
+ update: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
new: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53]
- detected: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
- detection-update: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
+ detected: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
+ detection-update: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
new: [...139] [ip4][..tcp] [..172.16.42.216][50796] -> [..54.239.28.178][..443]
new: [...140] [ip4][..tcp] [..172.16.42.216][50797] -> [..54.239.28.178][..443]
new: [...141] [ip4][..tcp] [..172.16.42.216][50798] -> [..54.239.28.178][..443]
@@ -763,21 +763,21 @@
RISK: Weak TLS Cipher
end: [....59] [ip4][..tcp] [..172.16.42.216][45688] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
RISK: Weak TLS Cipher
- update: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][ecx.images-amazon.com]
+ update: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][ecx.images-amazon.com]
new: [...143] [ip4][..tcp] [..172.16.42.216][50800] -> [..54.239.28.178][..443]
detected: [...143] [ip4][..tcp] [..172.16.42.216][50800] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
detection-update: [...143] [ip4][..tcp] [..172.16.42.216][50800] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
RISK: Weak TLS Cipher
new: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53]
- detected: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
- detection-update: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ detected: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ detection-update: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
new: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443]
detected: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
detection-update: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
new: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53]
- detected: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
- detection-update: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
+ detected: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
+ detection-update: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
new: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443]
analyse: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
@@ -794,15 +794,15 @@
detection-update: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
new: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53]
- detected: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- detection-update: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
+ detected: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ detection-update: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
new: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443]
new: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53]
- detected: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS.PlayStore][Unknown][Network][Safe][android.clients.google.com]
+ detected: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][android.clients.google.com]
detected: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
detection-update: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
- detection-update: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS.PlayStore][Unknown][Network][Safe][android.clients.google.com]
+ detection-update: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][android.clients.google.com]
new: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443]
detected: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -821,8 +821,8 @@
[PKTLENS.....: 60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52]
[ENTROPIES...: 4.7,5.2,5.0,5.6,5.0,6.9,7.2,7.5,7.6,5.1,4.9,5.0,4.9,6.3,7.9,7.7,5.2,6.3,7.9,5.1,7.1,5.0,5.0,7.9,7.9,7.9,7.7,7.6,6.3,5.0,6.5,4.8]
new: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53]
- detected: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][images-na.ssl-images-amazon.com]
- detection-update: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][images-na.ssl-images-amazon.com]
+ detected: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][images-na.ssl-images-amazon.com]
+ detection-update: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][images-na.ssl-images-amazon.com]
new: [...153] [ip4][..tcp] [..172.16.42.216][41912] -> [...52.84.62.115][..443]
new: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443]
new: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443]
@@ -855,17 +855,17 @@
end: [....66] [ip4][..tcp] [..172.16.42.216][49606] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
end: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
end: [....61] [ip4][..tcp] [..172.16.42.216][42148] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
- update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
- update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
- update: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
- update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
- update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
- update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
- update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
- update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
+ update: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
+ update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
+ update: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
+ update: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
+ update: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com]
+ update: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ update: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
+ update: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ update: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
+ update: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
new: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443]
detected: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS][AmazonAWS][Web][Safe][]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
@@ -884,7 +884,7 @@
[PKTLENS.....: 60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500]
[ENTROPIES...: 4.7,5.2,5.1,5.4,5.2,7.0,7.3,7.7,5.0,5.1,5.1,6.6,6.1,7.7,7.7,6.1,5.1,5.2,7.8,7.4,7.1,7.7,7.8,7.5,7.9,6.8,7.6,7.9,7.9,7.9,7.9,7.9]
new: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53]
- detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
+ detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com]
analyse: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.264| 0.057| 0.086| 7393.244| 3.600]
@@ -895,7 +895,7 @@
[IATS(ms)....: 22.8,24.0,0.9,22.8,6.6,0.6,0.6,0.3,39.7,0.1,0.1,0.2,6.8,37.6,46.2,226.7,213.1,3.9,222.3,264.1,0.1,55.3,103.4,0.1,10.4,183.9,242.5,1.0,0.1,38.6,0.1]
[PKTLENS.....: 60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52]
[ENTROPIES...: 4.7,5.3,5.1,5.7,5.1,7.1,7.3,7.5,7.6,5.1,5.0,5.1,5.0,6.4,7.2,7.9,7.2,5.0,7.9,7.9,7.8,5.8,5.8,5.1,5.1,5.1,7.8,7.9,7.9,7.5,5.1,5.1]
- detection-update: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
+ detection-update: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com]
new: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443]
detected: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
new: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443]
@@ -918,7 +918,7 @@
idle: [....58] [ip4][....2] [........0.0.0.0] -> [......224.0.0.1] [IGMP][Unknown][Network][Acceptable]
end: [....75] [ip4][..tcp] [..172.16.42.216][37113] -> [..52.94.232.134][..443] [TLS][AmazonAWS][Web][Safe]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
- idle: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
+ idle: [....69] [ip4][..udp] [..172.16.42.216][25081] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
end: [....78] [ip4][..tcp] [..172.16.42.216][34053] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
guessed: [....79] [ip4][..tcp] [..172.16.42.216][34054] -> [..54.239.24.186][..443] [TLS][AmazonAWS][Web][Safe]
end: [....79] [ip4][..tcp] [..172.16.42.216][34054] -> [..54.239.24.186][..443]
@@ -930,15 +930,15 @@
idle: [...154] [ip4][..tcp] [..172.16.42.216][41913] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
idle: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][images-na.ssl-images-amazon.com]
idle: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
- idle: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
+ idle: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
end: [...136] [ip4][..tcp] [..172.16.42.216][39750] -> [..52.94.232.134][..443] [TLS][AmazonAWS][Web][Safe]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
idle: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe]
RISK: TLS (probably) Not Carrying HTTPS
- idle: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][api.amazon.com]
+ idle: [....64] [ip4][..udp] [..172.16.42.216][60804] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][api.amazon.com]
idle: [....11] [ip4][..tcp] [..172.16.42.216][42878] -> [173.194.223.188][.5228] [TLS.GoogleServices][Google][Web][Acceptable]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
- idle: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ idle: [...114] [ip4][..udp] [..172.16.42.216][28614] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
end: [...115] [ip4][..tcp] [..172.16.42.216][37551] -> [..54.239.24.180][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
guessed: [...116] [ip4][..tcp] [..172.16.42.216][37552] -> [..54.239.24.180][..443] [TLS][AmazonAWS][Web][Safe]
end: [...116] [ip4][..tcp] [..172.16.42.216][37552] -> [..54.239.24.180][..443]
@@ -953,7 +953,7 @@
idle: [....83] [ip4][..tcp] [..172.16.42.216][40242] -> [.10.201.126.241][.8080]
idle: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
- idle: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
+ idle: [...135] [ip4][..udp] [..172.16.42.216][64073] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
end: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
guessed: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443] [TLS][AmazonAWS][Web][Safe]
end: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443]
@@ -1011,9 +1011,9 @@
RISK: Weak TLS Cipher
end: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][api.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
- idle: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
- idle: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
- idle: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ idle: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com]
+ idle: [....95] [ip4][..udp] [..172.16.42.216][35726] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][s3-external-2.amazonaws.com]
+ idle: [.....6] [ip4][..udp] [..172.16.42.216][.3440] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
end: [...119] [ip4][..tcp] [..172.16.42.216][51985] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
end: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
end: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
@@ -1032,16 +1032,16 @@
end: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
end: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
RISK: Error Code
- idle: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
- idle: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][images-na.ssl-images-amazon.com]
- idle: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][ecx.images-amazon.com]
- idle: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
+ idle: [...138] [ip4][..udp] [..172.16.42.216][.4312] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
+ idle: [...152] [ip4][..udp] [..172.16.42.216][.4612] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][images-na.ssl-images-amazon.com]
+ idle: [...118] [ip4][..udp] [..172.16.42.216][.4920] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][ecx.images-amazon.com]
+ idle: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][firs-ta-g7g.amazon.com]
end: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
- idle: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS.PlayStore][Unknown][Network][Safe][android.clients.google.com]
- idle: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
- idle: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
- idle: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
+ idle: [...150] [ip4][..udp] [..172.16.42.216][40425] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][android.clients.google.com]
+ idle: [....21] [ip4][..udp] [..172.16.42.216][41030] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][alexa.amazon.com]
+ idle: [...144] [ip4][..udp] [..172.16.42.216][.8669] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ idle: [....98] [ip4][..udp] [..172.16.42.216][41639] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][dp-gw-na-js.amazon.com]
idle: [...139] [ip4][..tcp] [..172.16.42.216][50796] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
RISK: Weak TLS Cipher
idle: [...140] [ip4][..tcp] [..172.16.42.216][50797] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
@@ -1052,39 +1052,39 @@
RISK: Weak TLS Cipher
idle: [...143] [ip4][..tcp] [..172.16.42.216][50800] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
RISK: Weak TLS Cipher
- idle: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- idle: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
- idle: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
+ idle: [....12] [ip4][..udp] [..172.16.42.216][10462] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ idle: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][fls-na.amazon.com]
+ idle: [....62] [ip4][..udp] [..172.16.42.216][44475] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
idle: [....20] [ip4][..tcp] [..172.16.42.216][53682] -> [..54.239.22.185][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
idle: [.....8] [ip4][..tcp] [..172.16.42.216][60246] -> [..172.217.9.142][...80] [HTTP.Google][Google][ConnCheck][Acceptable][connectivitycheck.android.com]
end: [....73] [ip4][..tcp] [..172.16.42.216][59698] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
- idle: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][skills-store.amazon.com]
- idle: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- idle: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
+ idle: [...103] [ip4][..udp] [..172.16.42.216][14476] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][skills-store.amazon.com]
+ idle: [...148] [ip4][..udp] [..172.16.42.216][14934] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ idle: [....15] [ip4][..udp] [..172.16.42.216][48155] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
end: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][dp-gw-na-js.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
idle: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
idle: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
end: [...156] [ip4][..tcp] [..172.16.42.216][58048] -> [..54.239.28.178][..443] [TLS][AmazonAWS][Web][Safe]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
- idle: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][www.amazon.com]
- idle: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
+ idle: [....35] [ip4][..udp] [..172.16.42.216][52077] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.amazon.com]
+ idle: [....10] [ip4][..udp] [..172.16.42.216][52603] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
guessed: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][]
RISK: TCP Connection Issues, Probing Attempt
end: [....85] [ip4][..tcp] [..172.16.42.216][38434] -> [...192.168.11.1][.8080]
end: [....77] [ip4][..tcp] [..172.16.42.216][38404] -> [..34.199.52.240][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
- idle: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
- idle: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][mtalk.google.com]
- idle: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
+ idle: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mads.amazon-adsystem.com]
+ idle: [.....9] [ip4][..udp] [..172.16.42.216][53188] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com]
+ idle: [...108] [ip4][..udp] [..172.16.42.216][20922] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
end: [....18] [ip4][..tcp] [..172.16.42.216][33556] -> [....52.94.232.0][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
- idle: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
+ idle: [....34] [ip4][..udp] [..172.16.42.216][21391] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][mobileanalytics.us-east-1.amazonaws.com]
idle: [....13] [ip4][..tcp] [..172.16.42.216][35540] -> [..172.217.9.142][...80] [HTTP.Google][Google][ConnCheck][Acceptable][connectivitycheck.android.com]
- idle: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][pitangui.amazon.com]
- idle: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.android.com]
- idle: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS.AmazonAWS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
+ idle: [....27] [ip4][..udp] [..172.16.42.216][54886] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][pitangui.amazon.com]
+ idle: [.....7] [ip4][..udp] [..172.16.42.216][55619] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.android.com]
+ idle: [....24] [ip4][..udp] [..172.16.42.216][23559] -> [....172.16.42.1][...53] [DNS][Unknown][Network][Acceptable][cognito-identity.us-east-1.amazonaws.com]
idle: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/android.pcap.out b/test/results/flow-info/default/android.pcap.out
index e665f2dd7..7188b9286 100644
--- a/test/results/flow-info/default/android.pcap.out
+++ b/test/results/flow-info/default/android.pcap.out
@@ -24,9 +24,9 @@
new: [.....9] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353]
detected: [.....9] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_spotify-connect._tcp.local]
new: [....10] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900]
- detected: [....10] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....10] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....11] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900]
- detected: [....11] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....11] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [.....4] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac]
update: [.....7] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
update: [.....6] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
@@ -43,8 +43,8 @@
new: [....17] [ip6][icmp6] [..............fe80::4e6a:f6ff:fe9f:f627] -> [................................ff02::2]
detected: [....17] [ip6][icmp6] [..............fe80::4e6a:f6ff:fe9f:f627] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
new: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53]
- detected: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com]
- detection-update: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com]
+ detected: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com]
+ detection-update: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com]
new: [....19] [ip4][..tcp] [...192.168.2.16][58338] -> [..17.253.53.201][...80]
detected: [....19] [ip4][..tcp] [...192.168.2.16][58338] -> [..17.253.53.201][...80] [HTTP.Apple][Apple][ConnCheck][Safe][captive.apple.com]
new: [....20] [ip4][..udp] [...192.168.2.16][35825] -> [....192.168.2.1][...53]
@@ -53,63 +53,63 @@
new: [....21] [ip4][..udp] [...192.168.2.16][45863] -> [...216.239.35.8][..123]
detected: [....21] [ip4][..udp] [...192.168.2.16][45863] -> [...216.239.35.8][..123] [NTP][Google][System][Acceptable]
new: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53]
- detected: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][clients1.google.com]
- detection-update: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][clients1.google.com]
+ detected: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][clients1.google.com]
+ detection-update: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][clients1.google.com]
new: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443]
new: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53]
- detected: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][play.googleapis.com]
+ detected: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][play.googleapis.com]
detected: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable][clients1.google.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][play.googleapis.com]
+ detection-update: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][play.googleapis.com]
detection-update: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable][clients1.google.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable][clients1.google.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443]
- detected: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Google][Web][Acceptable][play.googleapis.com]
+ detected: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][play.googleapis.com]
new: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53]
- detected: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.gstatic.com]
- detection-update: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Google][Web][Acceptable][play.googleapis.com]
- detection-update: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Google][Web][Acceptable][play.googleapis.com]
- detection-update: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.gstatic.com]
+ detected: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.gstatic.com]
+ detection-update: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][play.googleapis.com]
+ detection-update: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][play.googleapis.com]
+ detection-update: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.gstatic.com]
new: [....27] [ip4][..tcp] [...192.168.2.16][36888] -> [...172.217.18.3][..443]
new: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443]
detected: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com]
new: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53]
- detected: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][app-measurement.com]
- detection-update: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][app-measurement.com]
+ detected: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][app-measurement.com]
+ detection-update: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][app-measurement.com]
detection-update: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com]
detection-update: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com]
detected: [....27] [ip4][..tcp] [...192.168.2.16][36888] -> [...172.217.18.3][..443] [TLS.Google][Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com]
new: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53]
- detected: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][mtalk.google.com]
- detection-update: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][mtalk.google.com]
+ detected: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com]
+ detection-update: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com]
new: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443]
detected: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Google][Web][Acceptable][app-measurement.com]
new: [....32] [ip4][..tcp] [...192.168.2.16][49510] -> [.216.239.38.120][.5228]
detection-update: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Google][Web][Acceptable][app-measurement.com]
detection-update: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Google][Web][Acceptable][app-measurement.com]
new: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53]
- detected: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS.PlayStore][Unknown][Network][Safe][android.clients.google.com]
- detection-update: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS.PlayStore][Unknown][Network][Safe][android.clients.google.com]
+ detected: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][android.clients.google.com]
+ detection-update: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][android.clients.google.com]
new: [....34] [ip4][..tcp] [...192.168.2.16][32986] -> [.216.239.38.120][..443]
new: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53]
- detected: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][check.googlezip.net]
+ detected: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][check.googlezip.net]
new: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53]
- detected: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][datasaver.googleapis.com]
+ detected: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][datasaver.googleapis.com]
new: [....37] [ip4][..tcp] [...192.168.2.16][32988] -> [.216.239.38.120][..443]
new: [....38] [ip4][..tcp] [...192.168.2.16][32990] -> [.216.239.38.120][..443]
- detection-update: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][check.googlezip.net]
+ detection-update: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][check.googlezip.net]
new: [....39] [ip4][..tcp] [...192.168.2.16][36834] -> [.173.194.79.114][...80]
- detection-update: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][datasaver.googleapis.com]
+ detection-update: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][datasaver.googleapis.com]
new: [....40] [ip4][..tcp] [...192.168.2.16][51928] -> [.172.217.21.202][..443]
detected: [....38] [ip4][..tcp] [...192.168.2.16][32990] -> [.216.239.38.120][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com]
RISK: TLS (probably) Not Carrying HTTPS
detected: [....34] [ip4][..tcp] [...192.168.2.16][32986] -> [.216.239.38.120][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53]
- detected: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- detection-update: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
+ detected: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ detection-update: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
detected: [....39] [ip4][..tcp] [...192.168.2.16][36834] -> [.173.194.79.114][...80] [HTTP.DataSaver][Google][Web][Fun][check.googlezip.net]
detection-update: [....38] [ip4][..tcp] [...192.168.2.16][32990] -> [.216.239.38.120][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -126,49 +126,49 @@
detection-update: [....37] [ip4][..tcp] [...192.168.2.16][32988] -> [.216.239.38.120][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53]
- detected: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][accounts.google.com]
- detection-update: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][accounts.google.com]
+ detected: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][accounts.google.com]
+ detection-update: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][accounts.google.com]
new: [....44] [ip4][..tcp] [...192.168.2.16][32998] -> [.216.239.38.120][..443]
detected: [....44] [ip4][..tcp] [...192.168.2.16][32998] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com]
new: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53]
- detected: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][semanticlocation-pa.googleapis.com]
+ detected: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][semanticlocation-pa.googleapis.com]
detection-update: [....44] [ip4][..tcp] [...192.168.2.16][32998] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com]
- detection-update: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][semanticlocation-pa.googleapis.com]
+ detection-update: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][semanticlocation-pa.googleapis.com]
new: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53]
- detected: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net]
- detection-update: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net]
+ detected: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][proxy.googlezip.net]
+ detection-update: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][proxy.googlezip.net]
new: [....47] [ip4][..tcp] [...192.168.2.16][43634] -> [..172.217.20.76][..443]
new: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53]
- detected: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][accounts.google.com]
- detection-update: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][accounts.google.com]
+ detected: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][accounts.google.com]
+ detection-update: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][accounts.google.com]
detected: [....47] [ip4][..tcp] [...192.168.2.16][43634] -> [..172.217.20.76][..443] [TLS.DataSaver][Google][Web][Fun][proxy.googlezip.net]
new: [....49] [ip4][..tcp] [...192.168.2.16][33002] -> [.216.239.38.120][..443]
detection-update: [....47] [ip4][..tcp] [...192.168.2.16][43634] -> [..172.217.20.76][..443] [TLS.DataSaver][Google][Web][Fun][proxy.googlezip.net]
detected: [....49] [ip4][..tcp] [...192.168.2.16][33002] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com]
new: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53]
- detected: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][check.googlezip.net]
- detection-update: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][check.googlezip.net]
+ detected: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][check.googlezip.net]
+ detection-update: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][check.googlezip.net]
detection-update: [....49] [ip4][..tcp] [...192.168.2.16][33002] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com]
new: [....51] [ip4][..tcp] [...192.168.2.16][52514] -> [..172.217.20.74][..443]
new: [....52] [ip4][..tcp] [...192.168.2.16][36848] -> [.173.194.79.114][...80]
new: [....53] [ip4][..tcp] [...192.168.2.16][36850] -> [.173.194.79.114][...80]
new: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53]
- detected: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][datasaver.googleapis.com]
- detection-update: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][datasaver.googleapis.com]
+ detected: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][datasaver.googleapis.com]
+ detection-update: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][datasaver.googleapis.com]
new: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443]
detected: [....52] [ip4][..tcp] [...192.168.2.16][36848] -> [.173.194.79.114][...80] [HTTP.DataSaver][Google][Web][Fun][check.googlezip.net]
new: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53]
- detected: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net]
- detection-update: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net]
+ detected: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][proxy.googlezip.net]
+ detection-update: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][proxy.googlezip.net]
new: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53]
- detected: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- detection-update: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
+ detected: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ detection-update: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
new: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443]
new: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443]
detected: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] [TLS.DataSaver][Google][Web][Fun][datasaver.googleapis.com]
detected: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable][www.google.com]
new: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53]
- detected: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][android.googleapis.com]
+ detected: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][android.googleapis.com]
detected: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Google][Web][Fun][proxy.googlezip.net]
analyse: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable]
min| max| avg| stddev| variance| entropy
@@ -182,29 +182,29 @@
[ENTROPIES...: 4.7,5.3,5.1,5.5,5.1,7.2,7.4,5.1,5.1,6.1,7.1,5.0,7.5,4.9,5.4,5.0,7.6,5.0,7.9,7.8,7.9,7.8,5.1,7.8,7.4,5.6,5.1,5.1,5.1,5.1,5.0,5.0]
detection-update: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable][www.google.com]
detection-update: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] [TLS.DataSaver][Google][Web][Fun][datasaver.googleapis.com]
- detection-update: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][android.googleapis.com]
+ detection-update: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][android.googleapis.com]
detection-update: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Google][Web][Fun][proxy.googlezip.net]
new: [....61] [ip4][..tcp] [...192.168.2.16][44374] -> [..172.217.22.10][..443]
detected: [....61] [ip4][..tcp] [...192.168.2.16][44374] -> [..172.217.22.10][..443] [TLS.GoogleServices][Google][Web][Acceptable][android.googleapis.com]
RISK: TLS (probably) Not Carrying HTTPS
detected: [....51] [ip4][..tcp] [...192.168.2.16][52514] -> [..172.217.20.74][..443] [TLS.GoogleServices][Google][Web][Acceptable][semanticlocation-pa.googleapis.com]
new: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53]
- detected: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net]
- detection-update: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net]
+ detected: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][proxy.googlezip.net]
+ detection-update: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][proxy.googlezip.net]
new: [....63] [ip4][..tcp] [...192.168.2.16][43652] -> [..172.217.20.76][..443]
detection-update: [....61] [ip4][..tcp] [...192.168.2.16][44374] -> [..172.217.22.10][..443] [TLS.GoogleServices][Google][Web][Acceptable][android.googleapis.com]
RISK: TLS (probably) Not Carrying HTTPS
idle: [.....4] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac]
idle: [....13] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
idle: [....12] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff9f:f627] [ICMPV6][Unknown][Network][Acceptable]
- idle: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][accounts.google.com]
- idle: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][connectivitycheck.gstatic.com]
+ idle: [....43] [ip4][..udp] [...192.168.2.16][46359] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][accounts.google.com]
+ idle: [....26] [ip4][..udp] [...192.168.2.16][47081] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][connectivitycheck.gstatic.com]
end: [....19] [ip4][..tcp] [...192.168.2.16][58338] -> [..17.253.53.201][...80] [HTTP.Apple][Apple][ConnCheck][Safe][captive.apple.com]
idle: [.....7] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
idle: [....27] [ip4][..tcp] [...192.168.2.16][36888] -> [...172.217.18.3][..443] [TLS.Google][Google][ConnCheck][Acceptable][connectivitycheck.gstatic.com]
idle: [....28] [ip4][..tcp] [...192.168.2.16][36890] -> [...172.217.18.3][..443] [TLS.Google][Google][ConnCheck][Acceptable]
- idle: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][datasaver.googleapis.com]
- idle: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][app-measurement.com]
+ idle: [....54] [ip4][..udp] [...192.168.2.16][18379] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][datasaver.googleapis.com]
+ idle: [....29] [ip4][..udp] [...192.168.2.16][51430] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][app-measurement.com]
end: [....23] [ip4][..tcp] [...192.168.2.16][32974] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....34] [ip4][..tcp] [...192.168.2.16][32986] -> [.216.239.38.120][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe]
@@ -217,11 +217,11 @@
end: [....44] [ip4][..tcp] [...192.168.2.16][32998] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable]
idle: [....49] [ip4][..tcp] [...192.168.2.16][33002] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable]
idle: [....59] [ip4][..tcp] [...192.168.2.16][33014] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable]
- idle: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com]
- idle: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][play.googleapis.com]
+ idle: [....18] [ip4][..udp] [...192.168.2.16][52953] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com]
+ idle: [....24] [ip4][..udp] [...192.168.2.16][54837] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][play.googleapis.com]
idle: [.....8] [ip4][..udp] [169.254.225.216][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
- idle: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net]
- idle: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net]
+ idle: [....46] [ip4][..udp] [...192.168.2.16][22850] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][proxy.googlezip.net]
+ idle: [....62] [ip4][..udp] [...192.168.2.16][56312] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][proxy.googlezip.net]
end: [....47] [ip4][..tcp] [...192.168.2.16][43634] -> [..172.217.20.76][..443] [TLS.DataSaver][Google][Web][Fun]
end: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Google][Web][Fun]
guessed: [....63] [ip4][..tcp] [...192.168.2.16][43652] -> [..172.217.20.76][..443] [TLS][Google][Web][Safe]
@@ -229,42 +229,42 @@
idle: [....63] [ip4][..tcp] [...192.168.2.16][43652] -> [..172.217.20.76][..443]
idle: [....61] [ip4][..tcp] [...192.168.2.16][44374] -> [..172.217.22.10][..443] [TLS.GoogleServices][Google][Web][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
- idle: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][accounts.google.com]
+ idle: [....48] [ip4][..udp] [...192.168.2.16][58892] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][accounts.google.com]
idle: [....31] [ip4][..tcp] [...192.168.2.16][50384] -> [172.217.168.206][..443] [TLS.Google][Google][Web][Acceptable]
idle: [....21] [ip4][..udp] [...192.168.2.16][45863] -> [...216.239.35.8][..123] [NTP][Google][System][Acceptable]
idle: [....40] [ip4][..tcp] [...192.168.2.16][51928] -> [.172.217.21.202][..443] [TLS.DataSaver][Google][Web][Fun]
idle: [....55] [ip4][..tcp] [...192.168.2.16][51944] -> [.172.217.21.202][..443] [TLS.DataSaver][Google][Web][Fun]
- idle: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][check.googlezip.net]
- idle: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.GoogleServices][Google][Web][Acceptable]
+ idle: [....35] [ip4][..udp] [...192.168.2.16][32412] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][check.googlezip.net]
+ idle: [....25] [ip4][..tcp] [...192.168.2.16][52486] -> [..172.217.20.74][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe]
idle: [....51] [ip4][..tcp] [...192.168.2.16][52514] -> [..172.217.20.74][..443] [TLS.GoogleServices][Google][Web][Acceptable]
- idle: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
+ idle: [....57] [ip4][..udp] [...192.168.2.16][32832] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
idle: [....14] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.16][...68] [DHCP][Unknown][Network][Acceptable]
idle: [.....9] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
- idle: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][check.googlezip.net]
+ idle: [....50] [ip4][..udp] [...192.168.2.16][33240] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][check.googlezip.net]
idle: [.....1] [ip4][..tcp] [...95.101.24.53][..443] -> [...192.168.2.17][50677] [TLS][Unknown][Web][Safe]
- idle: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][clients1.google.com]
+ idle: [....22] [ip4][..udp] [...192.168.2.16][34540] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][clients1.google.com]
idle: [.....6] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
- idle: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][semanticlocation-pa.googleapis.com]
+ idle: [....45] [ip4][..udp] [...192.168.2.16][35689] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][semanticlocation-pa.googleapis.com]
idle: [....20] [ip4][..udp] [...192.168.2.16][35825] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][time.android.com]
- idle: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS.PlayStore][Unknown][Network][Safe][android.clients.google.com]
+ idle: [....33] [ip4][..udp] [...192.168.2.16][36613] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][android.clients.google.com]
end: [.....3] [ip4][..tcp] [..17.248.176.75][..443] -> [...192.168.2.17][50580] [TLS][Apple][Web][Safe]
RISK: Unidirectional Traffic
end: [.....2] [ip4][..tcp] [..17.248.176.75][..443] -> [...192.168.2.17][50584] [TLS][Apple][Web][Safe]
RISK: Unidirectional Traffic
end: [.....5] [ip4][..tcp] [..17.248.185.10][..443] -> [...192.168.2.17][50702] [TLS][Apple][Web][Safe]
- idle: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][mtalk.google.com]
- idle: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][android.googleapis.com]
+ idle: [....30] [ip4][..udp] [...192.168.2.16][39008] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mtalk.google.com]
+ idle: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][android.googleapis.com]
guessed: [....32] [ip4][..tcp] [...192.168.2.16][49510] -> [.216.239.38.120][.5228] [Google][Google][Web][Acceptable]
RISK: Unidirectional Traffic
idle: [....32] [ip4][..tcp] [...192.168.2.16][49510] -> [.216.239.38.120][.5228]
idle: [....17] [ip6][icmp6] [..............fe80::4e6a:f6ff:fe9f:f627] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
idle: [....16] [ip6][icmp6] [..............fe80::4e6a:f6ff:fe9f:f627] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
- idle: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][datasaver.googleapis.com]
- idle: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- idle: [....10] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....36] [ip4][..udp] [...192.168.2.16][.7660] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][datasaver.googleapis.com]
+ idle: [....41] [ip4][..udp] [...192.168.2.16][40580] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ idle: [....10] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....15] [ip6][..udp] [..............fe80::4e6a:f6ff:fe9f:f627][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
- idle: [....11] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- idle: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS.DataSaver][Unknown][Network][Fun][proxy.googlezip.net]
+ idle: [....11] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ idle: [....56] [ip4][..udp] [...192.168.2.16][10677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][proxy.googlezip.net]
end: [....39] [ip4][..tcp] [...192.168.2.16][36834] -> [.173.194.79.114][...80] [HTTP.DataSaver][Google][Web][Fun][check.googlezip.net]
idle: [....52] [ip4][..tcp] [...192.168.2.16][36848] -> [.173.194.79.114][...80] [HTTP.DataSaver][Google][Web][Fun][check.googlezip.net]
guessed: [....53] [ip4][..tcp] [...192.168.2.16][36850] -> [.173.194.79.114][...80] [HTTP][Google][Web][Acceptable][]
diff --git a/test/results/flow-info/default/anyconnect-vpn.pcap.out b/test/results/flow-info/default/anyconnect-vpn.pcap.out
index 1f6babff7..08a489e7d 100644
--- a/test/results/flow-info/default/anyconnect-vpn.pcap.out
+++ b/test/results/flow-info/default/anyconnect-vpn.pcap.out
@@ -78,8 +78,8 @@
detection-update: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][print.viasat.com]
RISK: Error Code
new: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53]
- detected: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Unknown][Network][Acceptable][slack.com]
- detection-update: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Unknown][Network][Acceptable][slack.com]
+ detected: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][slack.com]
+ detection-update: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][slack.com]
new: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443]
detected: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][AmazonAWS][Collaborative][Acceptable][slack.com]
detection-update: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][AmazonAWS][Collaborative][Acceptable][slack.com]
@@ -158,38 +158,38 @@
detected: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [TLS][AmazonAWS][Web][Safe]
new: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [MIDSTREAM]
new: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53]
- detected: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Unknown][Network][Safe][www.apple.com]
+ detected: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][www.apple.com]
new: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53]
- detected: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Unknown][Network][Acceptable][1-courier.push.apple.com]
+ detected: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][1-courier.push.apple.com]
new: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53]
- detected: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Unknown][Network][Acceptable][1-courier.sandbox.push.apple.com]
+ detected: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][1-courier.sandbox.push.apple.com]
new: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53]
- detected: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Unknown][Network][Acceptable][24-courier.push.apple.com]
+ detected: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][24-courier.push.apple.com]
new: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53]
detected: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][mail.viasat.com]
- detection-update: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Unknown][Network][Safe][www.apple.com]
- detection-update: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Unknown][Network][Acceptable][1-courier.sandbox.push.apple.com]
- detection-update: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Unknown][Network][Acceptable][1-courier.push.apple.com]
+ detection-update: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][www.apple.com]
+ detection-update: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][1-courier.sandbox.push.apple.com]
+ detection-update: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][1-courier.push.apple.com]
detected: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [TLS][Apple][Web][Safe]
RISK: Known Proto on Non Std Port
- detection-update: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Unknown][Network][Acceptable][24-courier.push.apple.com]
+ detection-update: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][24-courier.push.apple.com]
new: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53]
- detected: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS.Apple][Unknown][Network][Safe][apple.com]
+ detected: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][apple.com]
new: [....51] [ip4][..tcp] [.....10.0.0.227][56871] -> [...8.37.103.196][..443] [MIDSTREAM]
- detection-update: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS.Apple][Unknown][Network][Safe][apple.com]
+ detection-update: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][apple.com]
detection-update: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][mail.viasat.com]
new: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53]
- detected: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS.Outlook][Unknown][Network][Acceptable][www.outlook.com]
- detection-update: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS.Outlook][Unknown][Network][Acceptable][www.outlook.com]
+ detected: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][www.outlook.com]
+ detection-update: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][www.outlook.com]
new: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443] [MIDSTREAM]
new: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900]
- detected: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328]
detected: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328] [SSDP][Unknown][System][Acceptable][]
new: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328]
detected: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328] [SSDP][Unknown][System][Acceptable][]
new: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900]
- detected: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443]
detected: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Unknown][Web][Safe]
RISK: Obsolete TLS (v1.1 or older)
@@ -242,8 +242,8 @@
idle: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [TLS][AmazonAWS][Web][Safe]
idle: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328] [SSDP][Unknown][System][Acceptable]
idle: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
- idle: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS.Apple][Unknown][Network][Safe][apple.com]
- idle: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Unknown][Network][Acceptable][1-courier.push.apple.com]
+ idle: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][apple.com]
+ idle: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][1-courier.push.apple.com]
idle: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Unknown][Web][Safe]
RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
idle: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][mail.viasat.com]
@@ -267,14 +267,14 @@
RISK: Error Code
end: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [TLS][Apple][Web][Safe]
RISK: Known Proto on Non Std Port
- idle: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS.Outlook][Unknown][Network][Acceptable][www.outlook.com]
- idle: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Unknown][Network][Acceptable][slack.com]
+ idle: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][www.outlook.com]
+ idle: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][slack.com]
idle: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][lp-rkerur-osx.hsd1.ca.comcast.net]
RISK: Error Code
- idle: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Unknown][Network][Acceptable][1-courier.sandbox.push.apple.com]
+ idle: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][1-courier.sandbox.push.apple.com]
idle: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_raop._tcp.local]
end: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][AmazonAWS][Collaborative][Acceptable]
- idle: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Unknown][Network][Safe][www.apple.com]
+ idle: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][www.apple.com]
idle: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][vco.pandion.viasat.com]
idle: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable]
RISK: Error Code
@@ -284,7 +284,7 @@
idle: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][detectportal.firefox.com]
idle: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][local]
RISK: Error Code
- idle: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Unknown][Network][Acceptable][24-courier.push.apple.com]
+ idle: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][24-courier.push.apple.com]
idle: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable]
RISK: Error Code
idle: [....17] [ip4][.icmp] [.....10.0.0.227] -> [....75.75.76.76] [ICMP][Unknown][Network][Acceptable]
@@ -293,10 +293,10 @@
idle: [....60] [ip4][..udp] [.....10.0.0.227][52595] -> [.......10.0.0.1][..192]
guessed: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443] [TLS][Google][Web][Safe]
end: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443]
- idle: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] [SSDP][Unknown][System][Acceptable]
idle: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [TLS][AmazonAWS][Web][Safe]
- idle: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328] [SSDP][Unknown][System][Acceptable]
idle: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][Unknown][ConnCheck][Acceptable][detectportal.firefox.com]
guessed: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] [HTTP][Unknown][Web][Acceptable][]
diff --git a/test/results/flow-info/default/anydesk.pcapng.out b/test/results/flow-info/default/anydesk.pcapng.out
index 06d396b91..f9c95e6ac 100644
--- a/test/results/flow-info/default/anydesk.pcapng.out
+++ b/test/results/flow-info/default/anydesk.pcapng.out
@@ -24,11 +24,11 @@
DAEMON-EVENT: [Processed: 61 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0]
new: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53]
- detected: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
- detection-update: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
+ detected: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
+ detection-update: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
new: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53]
- detected: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
- detection-update: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
+ detected: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
+ detection-update: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
idle: [.....1] [ip4][..tcp] [192.168.149.129][36351] -> [..51.83.239.144][...80] [TLS][AnyDesk][Web][Safe]
RISK: Known Proto on Non Std Port
idle: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][AnyDesk][RemoteAccess][Acceptable]
@@ -72,10 +72,10 @@
[IATS(ms)....: 17.7,17.8,0.9,17.8,3.4,20.3,0.1,0.0,3.8,21.9,18.1,0.1,0.0,0.9,64.2,13.4,76.8,1.5,18.4,206.6,224.8,0.0,0.0,18.7,0.0,62.8,0.0,80.2,8427.9,8444.6,314.0]
[PKTLENS.....: 60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145]
[ENTROPIES...: 4.8,5.3,5.1,5.6,5.1,7.5,5.1,7.7,5.1,7.7,6.0,5.1,6.1,5.1,6.9,5.2,6.9,5.2,6.6,5.2,6.6,7.9,7.9,7.8,5.2,5.2,6.1,5.9,5.1,6.5,5.2,6.6]
- idle: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
+ idle: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
end: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port, Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing
- idle: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
+ idle: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
idle: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing
idle: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
diff --git a/test/results/flow-info/default/bt-dns.pcap.out b/test/results/flow-info/default/bt-dns.pcap.out
index c053aeea0..1c1106d1b 100644
--- a/test/results/flow-info/default/bt-dns.pcap.out
+++ b/test/results/flow-info/default/bt-dns.pcap.out
@@ -1,6 +1,6 @@
DAEMON-EVENT: init
new: [.....1] [ip4][..udp] [......10.0.2.15][59751] -> [.......10.0.2.3][...53]
- detected: [.....1] [ip4][..udp] [......10.0.2.15][59751] -> [.......10.0.2.3][...53] [DNS.BitTorrent][Unknown][Network][Acceptable][utorrent.com]
- detection-update: [.....1] [ip4][..udp] [......10.0.2.15][59751] -> [.......10.0.2.3][...53] [DNS.BitTorrent][Unknown][Network][Acceptable][utorrent.com]
- idle: [.....1] [ip4][..udp] [......10.0.2.15][59751] -> [.......10.0.2.3][...53] [DNS.BitTorrent][Unknown][Network][Acceptable][utorrent.com]
+ detected: [.....1] [ip4][..udp] [......10.0.2.15][59751] -> [.......10.0.2.3][...53] [DNS][Unknown][Network][Acceptable][utorrent.com]
+ detection-update: [.....1] [ip4][..udp] [......10.0.2.15][59751] -> [.......10.0.2.3][...53] [DNS][Unknown][Network][Acceptable][utorrent.com]
+ idle: [.....1] [ip4][..udp] [......10.0.2.15][59751] -> [.......10.0.2.3][...53] [DNS][Unknown][Network][Acceptable][utorrent.com]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/conncheck.pcap.out b/test/results/flow-info/default/conncheck.pcap.out
index a6658c4de..1e5291d14 100644
--- a/test/results/flow-info/default/conncheck.pcap.out
+++ b/test/results/flow-info/default/conncheck.pcap.out
@@ -21,7 +21,7 @@
new: [.....9] [ip4][..tcp] [......10.1.0.60][49674] -> [142.250.180.163][...80]
detected: [.....9] [ip4][..tcp] [......10.1.0.60][49674] -> [142.250.180.163][...80] [HTTP.Google][Google][ConnCheck][Acceptable][www.google.eu]
new: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80]
- detected: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80] [HTTP.GoogleServices][Google][ConnCheck][Acceptable][play.googleapis.com]
+ detected: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80] [HTTP.PlayStore][Google][ConnCheck][Safe][play.googleapis.com]
end: [.....5] [ip4][..tcp] [......10.1.0.60][38008] -> [.92.123.101.121][...80] [HTTP.ntop][Unknown][ConnCheck][Safe][conn-service-eu-04.allawnos.com]
idle: [.....8] [ip4][..tcp] [......10.1.0.60][38024] -> [.92.123.101.121][...80] [HTTP][Unknown][ConnCheck][Acceptable]
end: [.....7] [ip4][..tcp] [......10.1.0.60][46980] -> [.92.123.101.153][...80] [HTTP.ntop][Unknown][ConnCheck][Safe][conn-service-eu-04.allawnos.com]
@@ -31,5 +31,5 @@
end: [.....4] [ip4][..tcp] [......10.1.0.60][49658] -> [142.250.180.163][...80] [HTTP.ntop][Google][ConnCheck][Safe][www.google.eu]
end: [.....6] [ip4][..tcp] [......10.1.0.60][49672] -> [142.250.180.163][...80] [HTTP.ntop][Google][ConnCheck][Safe][www.google.eu]
idle: [.....9] [ip4][..tcp] [......10.1.0.60][49674] -> [142.250.180.163][...80] [HTTP.Google][Google][ConnCheck][Acceptable]
- idle: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80] [HTTP.GoogleServices][Google][ConnCheck][Acceptable]
+ idle: [....10] [ip4][..tcp] [......10.1.0.70][54612] -> [142.250.180.138][...80] [HTTP.PlayStore][Google][ConnCheck][Safe]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dns-google-nsid.pcapng.out b/test/results/flow-info/default/dns-google-nsid.pcapng.out
index d85cb8bf5..b253c435d 100644
--- a/test/results/flow-info/default/dns-google-nsid.pcapng.out
+++ b/test/results/flow-info/default/dns-google-nsid.pcapng.out
@@ -7,28 +7,28 @@
DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0]
new: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53]
- detected: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org]
- detection-update: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org]
+ detected: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.ntop.org]
+ detection-update: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.ntop.org]
new: [.....3] [ip4][..udp] [...192.168.1.29][62500] -> [........8.8.4.4][...53]
- detected: [.....3] [ip4][..udp] [...192.168.1.29][62500] -> [........8.8.4.4][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it]
- detection-update: [.....3] [ip4][..udp] [...192.168.1.29][62500] -> [........8.8.4.4][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it]
+ detected: [.....3] [ip4][..udp] [...192.168.1.29][62500] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wikipedia.it]
+ detection-update: [.....3] [ip4][..udp] [...192.168.1.29][62500] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wikipedia.it]
new: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53]
detected: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wireshark.org]
detection-update: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wireshark.org]
idle: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Google][Network][Acceptable]
new: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53]
- detected: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org]
- detection-update: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org]
+ detected: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.ntop.org]
+ detection-update: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.ntop.org]
new: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53]
- detected: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it]
- detection-update: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it]
+ detected: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wikipedia.it]
+ detection-update: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wikipedia.it]
new: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53]
detected: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wireshark.org]
detection-update: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wireshark.org]
- idle: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org]
- idle: [.....3] [ip4][..udp] [...192.168.1.29][62500] -> [........8.8.4.4][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it]
+ idle: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.ntop.org]
+ idle: [.....3] [ip4][..udp] [...192.168.1.29][62500] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wikipedia.it]
idle: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wireshark.org]
- idle: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it]
- idle: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org]
+ idle: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wikipedia.it]
+ idle: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.ntop.org]
idle: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wireshark.org]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dns.pcap.out b/test/results/flow-info/default/dns.pcap.out
index 3085f6e88..711e92324 100644
--- a/test/results/flow-info/default/dns.pcap.out
+++ b/test/results/flow-info/default/dns.pcap.out
@@ -1,11 +1,21 @@
DAEMON-EVENT: init
- DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795]
- detected: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable][www.l.google.com]
- DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353]
+ detected: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa]
+ new: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53]
+ detected: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] [DNS][Unknown][Network][Acceptable][opentracker.io]
+ detection-update: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] [DNS][Unknown][Network][Acceptable][opentracker.io]
+ update: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa]
+ DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 1]
+ new: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795]
+ detected: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable][www.l.google.com]
+ idle: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa]
+ end: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] [DNS][Unknown][Network][Acceptable][opentracker.io]
+ detection-update: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable][www.example.com]
+ detection-update: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable][www.example.com]
+ DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 1]
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
- idle: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable][www.l.google.com]
+ idle: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dns2.pcap.out b/test/results/flow-info/default/dns2.pcap.out
new file mode 100644
index 000000000..ab5c61670
--- /dev/null
+++ b/test/results/flow-info/default/dns2.pcap.out
@@ -0,0 +1,10 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53]
+ detected: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.github.com]
+ detection-update: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.github.com]
+ RISK: Unidirectional Traffic
+ detection-update: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.github.com]
+ idle: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.github.com]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dns_ambiguous_names.pcap.out b/test/results/flow-info/default/dns_ambiguous_names.pcap.out
index 0feeb5248..443a2711a 100644
--- a/test/results/flow-info/default/dns_ambiguous_names.pcap.out
+++ b/test/results/flow-info/default/dns_ambiguous_names.pcap.out
@@ -2,46 +2,46 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53]
- detected: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS.ApplePush][Google][Network][Acceptable][41-courier.push.apple.com]
- detection-update: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS.ApplePush][Google][Network][Acceptable][41-courier.push.apple.com]
+ detected: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][41-courier.push.apple.com]
+ detection-update: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][41-courier.push.apple.com]
new: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53]
- detected: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][teams.skype.com]
- detection-update: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][teams.skype.com]
+ detected: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][teams.skype.com]
+ detection-update: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][teams.skype.com]
new: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53]
- detected: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][api.teams.skype.com]
- detection-update: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][api.teams.skype.com]
+ detected: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][api.teams.skype.com]
+ detection-update: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][api.teams.skype.com]
new: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53]
- detected: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS.GoogleServices][Google][Network][Acceptable][alt2-mtalk.google.com]
- detection-update: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS.GoogleServices][Google][Network][Acceptable][alt2-mtalk.google.com]
+ detected: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][alt2-mtalk.google.com]
+ detection-update: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][alt2-mtalk.google.com]
new: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53]
- detected: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][Google][Network][Safe][android.clients.google.com]
- detection-update: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][Google][Network][Safe][android.clients.google.com]
+ detected: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][android.clients.google.com]
+ detection-update: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][android.clients.google.com]
new: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53]
- detected: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][_.teams.microsoft.com]
+ detected: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][_.teams.microsoft.com]
RISK: Non-Printable/Invalid Chars Detected
- detection-update: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][_.teams.microsoft.com]
+ detection-update: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][_.teams.microsoft.com]
RISK: Non-Printable/Invalid Chars Detected, Error Code
new: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53]
- detected: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS.Google][Google][Network][Acceptable][wide-youtube.l.google.com]
- detection-update: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS.Google][Google][Network][Acceptable][wide-youtube.l.google.com]
+ detected: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wide-youtube.l.google.com]
+ detection-update: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wide-youtube.l.google.com]
new: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53]
- detected: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS.AppleSiri][Google][Network][Acceptable][guzzoni.apple.com]
- detection-update: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS.AppleSiri][Google][Network][Acceptable][guzzoni.apple.com]
+ detected: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][guzzoni.apple.com]
+ detection-update: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][guzzoni.apple.com]
new: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53]
- detected: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][short.weixin.qq.com]
- detection-update: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][short.weixin.qq.com]
+ detected: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][short.weixin.qq.com]
+ detection-update: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][short.weixin.qq.com]
new: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53]
- detected: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][instagram.faae1-1.fna.fbcdn.net]
- detection-update: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][instagram.faae1-1.fna.fbcdn.net]
- idle: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS.GoogleServices][Google][Network][Acceptable][alt2-mtalk.google.com]
- idle: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS.ApplePush][Google][Network][Acceptable][41-courier.push.apple.com]
- idle: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS.AppleSiri][Google][Network][Acceptable][guzzoni.apple.com]
- idle: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][short.weixin.qq.com]
- idle: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][api.teams.skype.com]
- idle: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][teams.skype.com]
- idle: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][Google][Network][Safe][android.clients.google.com]
- idle: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][_.teams.microsoft.com]
+ detected: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][instagram.faae1-1.fna.fbcdn.net]
+ detection-update: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][instagram.faae1-1.fna.fbcdn.net]
+ idle: [.....4] [ip4][..udp] [....10.200.2.11][46134] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][alt2-mtalk.google.com]
+ idle: [.....1] [ip4][..udp] [....10.200.2.11][48375] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][41-courier.push.apple.com]
+ idle: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][guzzoni.apple.com]
+ idle: [.....9] [ip4][..udp] [....10.200.2.11][53951] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][short.weixin.qq.com]
+ idle: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][api.teams.skype.com]
+ idle: [.....2] [ip4][..udp] [....10.200.2.11][57290] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][teams.skype.com]
+ idle: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][android.clients.google.com]
+ idle: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][_.teams.microsoft.com]
RISK: Non-Printable/Invalid Chars Detected, Error Code
- idle: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS.Google][Google][Network][Acceptable][wide-youtube.l.google.com]
- idle: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][instagram.faae1-1.fna.fbcdn.net]
+ idle: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wide-youtube.l.google.com]
+ idle: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][instagram.faae1-1.fna.fbcdn.net]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dns_fragmented.pcap.out b/test/results/flow-info/default/dns_fragmented.pcap.out
index b71e55e06..683b88256 100644
--- a/test/results/flow-info/default/dns_fragmented.pcap.out
+++ b/test/results/flow-info/default/dns_fragmented.pcap.out
@@ -24,7 +24,6 @@
new: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53]
detected: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de]
detection-update: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de]
- RISK: Large DNS Packet (512+ bytes)
new: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53]
detected: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable][weberlab.de]
detection-update: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable][weberlab.de]
@@ -33,7 +32,6 @@
new: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53]
detected: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de]
detection-update: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de]
- RISK: Large DNS Packet (512+ bytes)
DAEMON-EVENT: [Processed: 14 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 7 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0]
new: [.....8] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][47634] -> [..................2001:470:765b::a25:53][...53]
@@ -49,7 +47,6 @@
detected: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2-mgmt.weberlab.de]
detection-update: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2-mgmt.weberlab.de]
idle: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de]
- RISK: Large DNS Packet (512+ bytes)
idle: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][pa.weberlab.de]
RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message
idle: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de]
@@ -57,7 +54,6 @@
idle: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable][weberlab.de]
RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message
idle: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de]
- RISK: Large DNS Packet (512+ bytes)
idle: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de]
RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message
idle: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable][weberlab.de]
diff --git a/test/results/flow-info/default/dns_invert_query.pcapng.out b/test/results/flow-info/default/dns_invert_query.pcapng.out
index b2e700220..344b65ebc 100644
--- a/test/results/flow-info/default/dns_invert_query.pcapng.out
+++ b/test/results/flow-info/default/dns_invert_query.pcapng.out
@@ -3,5 +3,8 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [173.147.108.174][18427] -> [...244.187.95.1][...53]
detected: [.....1] [ip4][..udp] [173.147.108.174][18427] -> [...244.187.95.1][...53] [DNS][Unknown][Network][Acceptable][216.58.202.4]
+ detection-update: [.....1] [ip4][..udp] [173.147.108.174][18427] -> [...244.187.95.1][...53] [DNS][Unknown][Network][Acceptable][216.58.202.4]
+ RISK: Error Code
idle: [.....1] [ip4][..udp] [173.147.108.174][18427] -> [...244.187.95.1][...53] [DNS][Unknown][Network][Acceptable]
+ RISK: Error Code
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dns_lots_of_answers.pcapng.out b/test/results/flow-info/default/dns_lots_of_answers.pcapng.out
new file mode 100644
index 000000000..a840db140
--- /dev/null
+++ b/test/results/flow-info/default/dns_lots_of_answers.pcapng.out
@@ -0,0 +1,14 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..tcp] [.192.168.12.169][.4026] -> [...192.168.12.1][...53]
+ detected: [.....1] [ip4][..tcp] [.192.168.12.169][.4026] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][bstream.hzmklvdieo.com]
+ detection-update: [.....1] [ip4][..tcp] [.192.168.12.169][.4026] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][bstream.hzmklvdieo.com]
+ DAEMON-EVENT: [Processed: 14 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0]
+ new: [.....2] [ip4][..udp] [.192.168.12.156][54660] -> [...192.168.12.1][...53]
+ detected: [.....2] [ip4][..udp] [.192.168.12.156][54660] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][dinamicx.alibabausercontent.com]
+ detection-update: [.....2] [ip4][..udp] [.192.168.12.156][54660] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][dinamicx.alibabausercontent.com]
+ idle: [.....2] [ip4][..udp] [.192.168.12.156][54660] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][dinamicx.alibabausercontent.com]
+ end: [.....1] [ip4][..tcp] [.192.168.12.169][.4026] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][bstream.hzmklvdieo.com]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dns_multiple_transactions_same_flow.pcap.out b/test/results/flow-info/default/dns_multiple_transactions_same_flow.pcap.out
new file mode 100644
index 000000000..76df2a5c0
--- /dev/null
+++ b/test/results/flow-info/default/dns_multiple_transactions_same_flow.pcap.out
@@ -0,0 +1,20 @@
+ DAEMON-EVENT: init
+ new: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53]
+ detected: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ detection-update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ analyse: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.004| 5.423| 0.834| 1.510| 2280131.133| 3.400]
+ [PKTLEN......: 54.000| 318.000| 101.400| 68.900| 4754.000| 4.700]
+ [BINS(c->s)..: 5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 3,1,5,4,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
+ [IATS(ms)....: 3.9,1009.9,1008.1,608.7,634.7,275.3,279.5,111.7,83.3,23.2,41.4,53.0,77.7,48.6,23.6,23.4,123.6,123.4,17.9,591.8,607.9,56.0,55.8,637.8,673.7,5423.0,5359.2,3829.9,3848.8,99.8,99.4]
+ [PKTLENS.....: 60,76,54,54,78,318,65,100,54,54,63,294,68,144,67,104,65,100,63,149,61,123,65,135,59,268,54,54,54,150,74,118]
+ [ENTROPIES...: 4.2,4.4,4.1,4.3,4.7,5.0,4.4,4.9,4.0,4.2,4.4,4.9,4.5,4.8,4.4,4.6,4.3,4.6,4.3,5.0,4.3,4.7,4.5,4.8,4.2,5.2,4.0,4.3,3.9,4.1,4.6,4.7]
+ update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ idle: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dns_response_only.pcap.out b/test/results/flow-info/default/dns_response_only.pcap.out
new file mode 100644
index 000000000..e85ec7ac5
--- /dev/null
+++ b/test/results/flow-info/default/dns_response_only.pcap.out
@@ -0,0 +1,7 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..udp] [........8.8.8.8][...53] -> [192.168.255.251][56550]
+ detected: [.....1] [ip4][..udp] [........8.8.8.8][...53] -> [192.168.255.251][56550] [DNS][Google][Network][Acceptable][www.github.com]
+ idle: [.....1] [ip4][..udp] [........8.8.8.8][...53] -> [192.168.255.251][56550] [DNS][Google][Network][Acceptable][www.github.com]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dns_retransmissions.pcap.out b/test/results/flow-info/default/dns_retransmissions.pcap.out
new file mode 100644
index 000000000..00c4910b5
--- /dev/null
+++ b/test/results/flow-info/default/dns_retransmissions.pcap.out
@@ -0,0 +1,10 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53]
+ detected: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53] [DNS][OpenDNS][Network][Acceptable][api.msn.com]
+ detection-update: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53] [DNS][OpenDNS][Network][Acceptable][api.msn.com]
+ RISK: Unidirectional Traffic
+ detection-update: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53] [DNS][OpenDNS][Network][Acceptable][api.msn.com]
+ idle: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53] [DNS][OpenDNS][Network][Acceptable][api.msn.com]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/dropbox.pcap.out b/test/results/flow-info/default/dropbox.pcap.out
index b3a57e132..c4711778a 100644
--- a/test/results/flow-info/default/dropbox.pcap.out
+++ b/test/results/flow-info/default/dropbox.pcap.out
@@ -52,53 +52,53 @@
DAEMON-EVENT: [Processed: 800 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53]
- detected: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client.dropbox.com]
- detection-update: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client.dropbox.com]
+ detected: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][client.dropbox.com]
+ detection-update: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][client.dropbox.com]
RISK: Unidirectional Traffic
- detection-update: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client.dropbox.com]
+ detection-update: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][client.dropbox.com]
new: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53]
- detected: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client-cf.dropbox.com]
- detection-update: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client-cf.dropbox.com]
+ detected: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][client-cf.dropbox.com]
+ detection-update: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][client-cf.dropbox.com]
RISK: Unidirectional Traffic
new: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53]
- detected: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][d.dropbox.com]
- detection-update: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][d.dropbox.com]
+ detected: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][d.dropbox.com]
+ detection-update: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][d.dropbox.com]
RISK: Unidirectional Traffic
- detection-update: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client-cf.dropbox.com]
- detection-update: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][d.dropbox.com]
+ detection-update: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][client-cf.dropbox.com]
+ detection-update: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][d.dropbox.com]
idle: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53]
- detected: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
- detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
+ detected: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][log.getdropbox.com]
+ detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][log.getdropbox.com]
RISK: Unidirectional Traffic
- detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
+ detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][log.getdropbox.com]
RISK: Unidirectional Traffic
- detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
+ detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][log.getdropbox.com]
new: [.....9] [ip4][..udp] [..192.168.1.105][17500] -> [255.255.255.255][17500]
detected: [.....9] [ip4][..udp] [..192.168.1.105][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....10] [ip4][..udp] [..192.168.1.105][17500] -> [..192.168.1.255][17500]
detected: [....10] [ip4][..udp] [..192.168.1.105][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53]
- detected: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][notify.dropbox.com]
- detection-update: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][notify.dropbox.com]
+ detected: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][notify.dropbox.com]
+ detection-update: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][notify.dropbox.com]
RISK: Unidirectional Traffic
- detection-update: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][notify.dropbox.com]
+ detection-update: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][notify.dropbox.com]
DAEMON-EVENT: [Processed: 836 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 7 / 11|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 0]
new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500]
detected: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....13] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500]
detected: [....13] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
- idle: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client-cf.dropbox.com]
- idle: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][d.dropbox.com]
- idle: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client.dropbox.com]
+ idle: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][client-cf.dropbox.com]
+ idle: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][d.dropbox.com]
+ idle: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][client.dropbox.com]
idle: [.....9] [ip4][..udp] [..192.168.1.105][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
- idle: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][notify.dropbox.com]
+ idle: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][notify.dropbox.com]
idle: [....10] [ip4][..udp] [..192.168.1.105][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
- idle: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
+ idle: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][log.getdropbox.com]
update: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
update: [....13] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....14] [ip4][..udp] [...192.168.1.64][17500] -> [255.255.255.255][17500]
diff --git a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out
index 76b0ab8b4..3cc19b520 100644
--- a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out
@@ -265,6 +265,8 @@
RISK: Unidirectional Traffic
detection-update: [....59] [ip4][..udp] [....192.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
RISK: Unidirectional Traffic
+ detection-update: [....59] [ip4][..udp] [....192.168.1.2][.2734] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
+ RISK: Unidirectional Traffic
new: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53]
detected: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-adds.arpa]
new: [....62] [ip4][..udp] [....253.168.1.1][...53] -> [....192.168.1.2][.2735]
@@ -350,8 +352,6 @@
new: [....78] [ip4][..udp] [....192.168.1.2][.2730] -> [....192.168.1.1][43690]
detection-update: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
RISK: Unidirectional Traffic
- detection-update: [....77] [ip4][..udp] [....192.168.1.2][.2742] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
- RISK: Unidirectional Traffic
update: [....68] [ip4][..udp] [....192.168.1.2][20932] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable]
update: [....55] [ip4][..udp] [....192.168.1.2][43690] -> [192.170.170.170][43690]
update: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable]
@@ -443,8 +443,6 @@
RISK: Unidirectional Traffic
detected: [....91] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable]
RISK: Unidirectional Traffic
- detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
- RISK: Unidirectional Traffic
detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
guessed: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169] [NetBIOS][Unknown][System][Acceptable][]
@@ -534,8 +532,6 @@
ERROR-EVENT: Unknown packet type [1/16]
new: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53]
new: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81]
- detected: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyberciwy.dk]
- RISK: Unidirectional Traffic
idle: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
idle: [....66] [ip4][..udp] [....192.168.1.2][.2736] -> [...192.168.1.17][...53] [DNS][Unknown][Network][Acceptable]
idle: [....64] [ip4][..udp] [....192.168.1.2][.2736] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -552,8 +548,6 @@
update: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
new: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53]
detected: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
- detection-update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
- RISK: Unidirectional Traffic
idle: [....68] [ip4][..udp] [....192.168.1.2][20932] -> [..212.242.33.35][.5060] [SIP][Unknown][VoIP][Acceptable]
idle: [....67] [ip4][..udp] [....192.168.1.2][.2737] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
idle: [....69] [ip4][..udp] [....192.168.1.2][.2738] -> [...192.168.84.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -576,7 +570,7 @@
update: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
DAEMON-EVENT: [Processed: 241 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 63 / 109|skipped: 0|!detected: 6|guessed: 4|detection-updates: 34|updates: 178]
+ DAEMON-EVENT: [Flows][active: 63 / 109|skipped: 0|!detected: 6|guessed: 4|detection-updates: 32|updates: 178]
new: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53]
detected: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_?ip._udp.sip.cybercit?.dk]
@@ -639,8 +633,7 @@
RISK: Malformed Packet
update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
- update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Unidirectional Traffic
+ update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53]
update: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
new: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53]
detected: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
@@ -714,15 +707,13 @@
update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
update: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.527.in-addr.arpa]
- update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Unidirectional Traffic
+ update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53]
update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
update: [...100] [ip4][..udp] [....192.168.1.2][.4901] -> [..200.68.120.81][29440] [SIP][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
update: [....95] [ip4][..udp] [....192.168.1.2][10942] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
new: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53]
- detected: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53]
detected: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
@@ -743,8 +734,6 @@
update: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
ERROR-EVENT: Unknown packet type [3/16]
new: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763]
- detected: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
- RISK: Malformed Packet
ERROR-EVENT: Unknown packet type [4/16]
new: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53]
detected: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
@@ -754,8 +743,8 @@
new: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690]
detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.s?p.cibercity.dk]
RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic
- detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic
+ detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.s?p.cibercity.dk]
+ RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
idle: [....89] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.4932] [SIP][Unknown][VoIP][Acceptable]
idle: [....87] [ip4][..udp] [....192.168.1.2][.2747] -> [.....67.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
idle: [....84] [ip4][..udp] [....192.168.1.2][.2746] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -808,8 +797,7 @@
update: [...101] [ip4][..udp] [....192.168.1.2][.2752] -> [....102.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet
update: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.527.in-addr.arpa]
- update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Unidirectional Traffic
+ update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53]
update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
update: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -842,7 +830,7 @@
update: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
update: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53]
- update: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
+ update: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53]
update: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Unidirectional Traffic
update: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -856,10 +844,9 @@
idle: [...105] [ip4][..udp] [.....192.86.1.2][.5060] -> [..200.68.120.99][.5060]
idle: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.527.in-addr.arpa]
update: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690]
- update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
- RISK: Malformed Packet
+ update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763]
update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic
+ RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
new: [...136] [ip4][..127] [....192.168.1.2] -> [....192.168.1.1]
@@ -875,8 +862,9 @@
idle: [....91] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable]
RISK: Unidirectional Traffic
idle: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- idle: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+ guessed: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
RISK: Unidirectional Traffic
+ idle: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53]
update: [...129] [ip4][..udp] [....192.168.1.2][14798] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
update: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable]
update: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53]
@@ -928,13 +916,12 @@
update: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
update: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53]
- update: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
+ update: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53]
update: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Unidirectional Traffic
- update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
- RISK: Malformed Packet
+ update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763]
update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic
+ RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
update: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
update: [...134] [ip4][..udp] [....192.168.1.2][.2769] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
update: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -975,7 +962,7 @@
detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
new: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53]
- detected: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
+ detected: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
guessed: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
@@ -1011,13 +998,12 @@
RISK: Unidirectional Traffic
update: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690]
update: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4]
- update: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
+ update: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53]
update: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Unidirectional Traffic
- update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
- RISK: Malformed Packet
+ update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763]
update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic
+ RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
update: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
update: [...134] [ip4][..udp] [....192.168.1.2][.2769] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
update: [...144] [ip4][..udp] [....192.168.1.2][.2773] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -1031,7 +1017,8 @@
detected: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...152] [ip4][..udp] [....192.168.1.6][.5060] -> [..212.242.33.35][.5060]
ERROR-EVENT: Unknown packet type [1/16]
- idle: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
+ guessed: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
+ idle: [...120] [ip4][..udp] [....192.168.1.2][.2761] -> [....192.168.1.1][...53]
idle: [...121] [ip4][..udp] [....192.168.1.2][.2762] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Unidirectional Traffic
update: [...129] [ip4][..udp] [....192.168.1.2][14798] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -1060,10 +1047,11 @@
not-detected: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690]
- idle: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
- RISK: Malformed Packet
+ guessed: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable][]
+ RISK: Unidirectional Traffic
+ idle: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763]
idle: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic
+ RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
update: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][d002465]
update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
update: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -1168,8 +1156,6 @@
detected: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
RISK: Malformed Packet, Unidirectional Traffic
- detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
- RISK: Malformed Packet, Unidirectional Traffic
detection-update: [...167] [ip4][..udp] [....192.168.1.2][.2789] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
RISK: Malformed Packet, Unidirectional Traffic
update: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][d002465]
@@ -1225,8 +1211,6 @@
new: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53]
detected: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792]
- detected: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-a?dr.arpa]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
update: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196]
update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2]
@@ -1317,8 +1301,7 @@
update: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
update: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
update: [...158] [ip4][..udp] [....200.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-a?dr.arpa]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
+ update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792]
update: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721]
update: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] [NetBIOS][Unknown][System][Acceptable][eci_domain]
update: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81]
@@ -1364,8 +1347,7 @@
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
update: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
update: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-a?dr.arpa]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
+ update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792]
update: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] [NetBIOS][Unknown][System][Acceptable][eci_domain]
new: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138]
detected: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][lab111]
@@ -1405,15 +1387,15 @@
update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][eci_domain]
update: [...178] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.112][..137] [NetBIOS][Unknown][System][Acceptable][eci_domain]
update: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-a?dr.arpa]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
+ update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792]
new: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67]
detected: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] [DHCP][Unknown][Network][Acceptable][d002465]
new: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394]
idle: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable]
idle: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- idle: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-a?dr.arpa]
- RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
+ guessed: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable][]
+ RISK: Unidirectional Traffic
+ idle: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792]
not-detected: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81]
@@ -1429,7 +1411,7 @@
update: [...178] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.112][..137] [NetBIOS][Unknown][System][Acceptable][eci_domain]
update: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][eci_domain]
DAEMON-EVENT: [Processed: 409 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 40 / 189|skipped: 0|!detected: 16|guessed: 10|detection-updates: 65|updates: 489]
+ DAEMON-EVENT: [Flows][active: 40 / 189|skipped: 0|!detected: 16|guessed: 14|detection-updates: 62|updates: 489]
new: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53]
detected: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][re-.sippstar.com]
detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][reg.sip?star.com]
@@ -1458,6 +1440,8 @@
RISK: Unidirectional Traffic
detection-update: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sip.cybercity.dk]
RISK: Unidirectional Traffic
+ detection-update: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sip.cybercity.dk]
+ RISK: Unidirectional Traffic
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
detection-update: [...192] [ip4][..udp] [....192.168.1.2][.2795] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sip.cybercity.dk]
detection-update: [...193] [ip4][..udp] [....192.168.1.2][.2794] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sip.cybercity.dk]
@@ -1618,6 +1602,7 @@
new: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53]
detected: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
detection-update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
+ RISK: Malformed Packet
new: [...219] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.242.33.35][17860]
new: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53]
detected: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
@@ -1668,6 +1653,8 @@
detected: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyaercity.dk]
detection-update: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
RISK: Unidirectional Traffic
+ detection-update: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
+ RISK: Unidirectional Traffic
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
idle: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][reg.sippstar.com]
RISK: Non-Printable/Invalid Chars Detected
@@ -1703,7 +1690,8 @@
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
update: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
- update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
+ update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+ RISK: Malformed Packet
update: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
update: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -1750,8 +1738,6 @@
RISK: Malformed Packet
update: [...224] [ip4][..udp] [..192.168.233.1][...53] -> [....192.168.1.2][.2811] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53]
- detected: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
- RISK: Malformed Packet, Error Code
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16]
new: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53]
detected: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][?sip._udp.shp.cybercity.dk]
@@ -1764,6 +1750,8 @@
new: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392]
new: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392]
detected: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable]
+ detection-update: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable]
+ RISK: Unidirectional Traffic
new: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392]
new: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392]
ERROR-EVENT: Unknown packet type [2/16]
@@ -1784,12 +1772,10 @@
new: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53]
detected: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
- RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic
+ RISK: Fragmented DNS Message, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16]
detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
- RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic
- detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk]
- RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic
+ RISK: Fragmented DNS Message, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
not-detected: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] [Unknown][Unknown][Unrated]
idle: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255]
not-detected: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] [Unknown][Unknown][Unrated]
@@ -1816,7 +1802,8 @@
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
update: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
- update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
+ update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+ RISK: Malformed Packet
update: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
update: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -1870,11 +1857,11 @@
update: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392]
update: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392]
update: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable]
+ RISK: Unidirectional Traffic
update: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392]
update: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392]
update: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] [SIP][Unknown][VoIP][Acceptable]
- update: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Malformed Packet, Error Code
+ update: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53]
update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic
new: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53]
@@ -1900,7 +1887,7 @@
update: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Non-Printable/Invalid Chars Detected
update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic
+ RISK: Fragmented DNS Message, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
new: [...248] [ip4][..udp] [....192.168.1.2][.2828] -> [....192.168.1.1][...53]
detected: [...248] [ip4][..udp] [....192.168.1.2][.2828] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...249] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2572]
@@ -1923,7 +1910,8 @@
update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable]
update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][eci_domain]
update: [...222] [ip4][..udp] [....128.168.1.2][.2810] -> [....192.168.1.1][...53]
- update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
+ update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+ RISK: Malformed Packet
update: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
update: [...226] [ip4][..udp] [....192.168.1.2][.2812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -1952,7 +1940,8 @@
not-detected: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2]
- idle: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
+ idle: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+ RISK: Malformed Packet
idle: [...221] [ip4][..udp] [....192.168.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
idle: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
@@ -1963,6 +1952,7 @@
update: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392]
update: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392]
update: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable]
+ RISK: Unidirectional Traffic
update: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392]
update: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392]
update: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] [SIP][Unknown][VoIP][Acceptable]
@@ -1977,8 +1967,7 @@
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
update: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Unidirectional Traffic
- update: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Malformed Packet, Error Code
+ update: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53]
update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic
update: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
@@ -2003,7 +1992,7 @@
RISK: Unidirectional Traffic
idle: [....40] [ip4][..tcp] [...37.115.0.253][58999] -> [....192.168.1.2][.2721]
not-detected: [...205] [ip4][....0] [....192.168.1.2] -> [..212.242.33.35] [Unknown][Unknown][Unrated]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [...205] [ip4][....0] [....192.168.1.2] -> [..212.242.33.35]
guessed: [....31] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2208] [FTP_CONTROL][Unknown][Download][Unsafe]
RISK: Unsafe Protocol, Unidirectional Traffic
@@ -2042,6 +2031,7 @@
RISK: Susp Entropy, Unidirectional Traffic
idle: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392]
idle: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable]
+ RISK: Unidirectional Traffic
not-detected: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] [Unknown][Unknown][Unrated]
RISK: Susp Entropy, Unidirectional Traffic
idle: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392]
@@ -2089,14 +2079,15 @@
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
idle: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Unidirectional Traffic
- idle: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Malformed Packet, Error Code
+ guessed: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
+ RISK: Unidirectional Traffic
+ idle: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53]
idle: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic
idle: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Non-Printable/Invalid Chars Detected
idle: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
- RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic
+ RISK: Fragmented DNS Message, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
idle: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
idle: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic
diff --git a/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out
index 9797d569f..c9b8fb1cb 100644
--- a/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/flow-info/default/fuzz-2006-09-29-28586.pcap.out
@@ -81,7 +81,7 @@
RISK: Unidirectional Traffic
idle: [....22] [ip4][..tcp] [....172.20.3.13][...80] -> [....172.20.76.5][65069]
not-detected: [....39] [ip4][..115] [....172.20.3.13] -> [.....172.20.3.5] [Unknown][Unknown][Unrated]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [....39] [ip4][..115] [....172.20.3.13] -> [.....172.20.3.5]
not-detected: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690] [Unknown][Unknown][Unrated]
idle: [....24] [ip4][..tcp] [170.170.170.170][43690] -> [170.170.170.170][43690]
diff --git a/test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out b/test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out
index 566f6d5bd..cf3a30060 100644
--- a/test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out
@@ -243,10 +243,10 @@
new: [....45] [ip4][..udp] [..198.234.25.53][.1812] -> [....10.12.64.30][29200]
detected: [....45] [ip4][..udp] [..198.234.25.53][.1812] -> [....10.12.64.30][29200] [Radius][Unknown][Network][Acceptable]
not-detected: [....17] [ip4][...88] [..198.226.25.53] -> [....10.12.64.30] [Unknown][Unknown][Unrated]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [....17] [ip4][...88] [..198.226.25.53] -> [....10.12.64.30]
not-detected: [....18] [ip4][..254] [....10.12.64.30] -> [..198.226.25.53] [Unknown][Unknown][Unrated]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [....18] [ip4][..254] [....10.12.64.30] -> [..198.226.25.53]
update: [....36] [ip4][..udp] [.....37.0.25.62][.1812] -> [....10.12.64.30][29200] [Radius][Unknown][Network][Acceptable]
update: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Unknown][Network][Acceptable]
@@ -305,7 +305,7 @@
idle: [....38] [ip4][..udp] [..198.226.25.62][.1812] -> [....10.12.64.30][29295] [Radius][Unknown][Network][Acceptable]
idle: [....39] [ip4][..udp] [....10.12.64.30][29304] -> [..198.226.25.53][.1812] [Radius][Unknown][Network][Acceptable]
not-detected: [....23] [ip4][...85] [..198.226.25.62] -> [....10.12.64.30] [Unknown][Unknown][Unrated]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [....23] [ip4][...85] [..198.226.25.62] -> [....10.12.64.30]
guessed: [....42] [ip4][..udp] [....10.12.64.30][29200] -> [..198.119.25.53][.1812] [Radius][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
@@ -474,6 +474,6 @@
RISK: Susp Entropy, Unidirectional Traffic
idle: [....74] [ip4][..udp] [..198.226.25.53][.1814] -> [....10.12.64.30][29200]
not-detected: [....79] [ip4][...37] [..198.226.25.53] -> [....10.12.64.30] [Unknown][Unknown][Unrated]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [....79] [ip4][...37] [..198.226.25.53] -> [....10.12.64.30]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out
index d77625277..1cddd4c90 100644
--- a/test/results/flow-info/default/gnutella.pcap.out
+++ b/test/results/flow-info/default/gnutella.pcap.out
@@ -33,9 +33,9 @@
new: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702]
detected: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable]
new: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900]
- detected: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900]
- detected: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900]
+ detected: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02]
new: [....18] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63965] -> [................................ff02::c][.3702]
detected: [....18] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63965] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable]
new: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702]
@@ -43,7 +43,7 @@
new: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138]
detected: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10]
new: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900]
- detected: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....22] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][62539] -> [..............................ff02::1:3][.5355]
detected: [....22] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][62539] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
new: [....23] [ip4][..udp] [......10.0.2.15][62539] -> [....224.0.0.252][.5355]
@@ -99,7 +99,7 @@
new: [....52] [ip4][..tcp] [......10.0.2.15][50212] -> [...95.17.124.40][.6776]
new: [....53] [ip4][..tcp] [......10.0.2.15][50213] -> [...85.117.153.7][50138]
new: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900]
- detected: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
detected: [....51] [ip4][..tcp] [......10.0.2.15][50211] -> [...14.199.10.60][23458] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
new: [....55] [ip4][..tcp] [......10.0.2.15][50214] -> [.80.193.171.146][53808]
@@ -156,11 +156,11 @@
update: [.....6] [ip4][..udp] [.......10.0.2.2][...67] -> [......10.0.2.15][...68] [DHCP][Unknown][Network][Acceptable]
update: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][Unknown][System][Acceptable][msedgewin10]
update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10]
- update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable]
update: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable]
update: [....12] [ip4][..udp] [......10.0.2.15][63717] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][msedgewin10]
- update: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900]
+ update: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02]
update: [.....7] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
update: [....14] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable]
update: [....18] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63965] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable]
@@ -731,7 +731,7 @@
update: [....23] [ip4][..udp] [......10.0.2.15][62539] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][puppet]
update: [....22] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][62539] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][puppet]
update: [....25] [ip4][..udp] [......10.0.2.15][50435] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][puppet]
- update: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....24] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][50435] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable][puppet]
new: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346]
detected: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -854,7 +854,7 @@
update: [.....2] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
update: [.....4] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [................................ff02::1] [ICMPV6][Unknown][Network][Acceptable]
update: [.....3] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
- update: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....26] [ip4][..udp] [......10.0.2.15][57619] -> [.......10.0.2.2][.5351] [NAT-PMP][Unknown][Network][Acceptable]
update: [....27] [ip4][..udp] [......10.0.2.15][57620] -> [.......10.0.2.2][.5351] [NAT-PMP][Unknown][Network][Acceptable]
update: [....34] [ip4][..udp] [......10.0.2.15][57621] -> [.......10.0.2.2][.5351] [NAT-PMP][Unknown][Network][Acceptable]
@@ -887,7 +887,7 @@
update: [.....6] [ip4][..udp] [.......10.0.2.2][...67] -> [......10.0.2.15][...68] [DHCP][Unknown][Network][Acceptable]
update: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][Unknown][System][Acceptable][msedgewin10]
update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10]
- update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -905,7 +905,7 @@
update: [....12] [ip4][..udp] [......10.0.2.15][63717] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][msedgewin10]
update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900]
+ update: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02]
update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [.....7] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
@@ -1263,7 +1263,7 @@
update: [....25] [ip4][..udp] [......10.0.2.15][50435] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][puppet]
update: [...301] [ip4][..udp] [......10.0.2.15][28681] -> [..188.61.52.183][11852]
update: [...243] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258]
- update: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...249] [ip4][..udp] [......10.0.2.15][28681] -> [..45.88.117.218][.6909] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...317] [ip4][..udp] [......10.0.2.15][28681] -> [...96.236.205.7][34794] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -1311,7 +1311,7 @@
update: [...331] [ip4][..udp] [......10.0.2.15][28681] -> [..45.31.152.112][26851] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
new: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900]
- detected: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....95] [ip4][.icmp] [.......10.0.2.2] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable]
update: [.....8] [ip4][....2] [......10.0.2.15] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
update: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -1319,7 +1319,7 @@
update: [...349] [ip4][.icmp] [...84.197.97.94] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
update: [...335] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][37058]
- update: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [....26] [ip4][..udp] [......10.0.2.15][57619] -> [.......10.0.2.2][.5351] [NAT-PMP][Unknown][Network][Acceptable]
update: [....27] [ip4][..udp] [......10.0.2.15][57620] -> [.......10.0.2.2][.5351] [NAT-PMP][Unknown][Network][Acceptable]
update: [....34] [ip4][..udp] [......10.0.2.15][57621] -> [.......10.0.2.2][.5351] [NAT-PMP][Unknown][Network][Acceptable]
@@ -1355,7 +1355,7 @@
update: [.....6] [ip4][..udp] [.......10.0.2.2][...67] -> [......10.0.2.15][...68] [DHCP][Unknown][Network][Acceptable]
update: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][Unknown][System][Acceptable][msedgewin10]
update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10]
- update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -1375,7 +1375,7 @@
update: [....12] [ip4][..udp] [......10.0.2.15][63717] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][msedgewin10]
update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900]
+ update: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02]
update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [.....7] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
@@ -1742,7 +1742,7 @@
RISK: Unsafe Protocol
update: [...301] [ip4][..udp] [......10.0.2.15][28681] -> [..188.61.52.183][11852]
update: [...243] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258]
- update: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...249] [ip4][..udp] [......10.0.2.15][28681] -> [..45.88.117.218][.6909] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...317] [ip4][..udp] [......10.0.2.15][28681] -> [...96.236.205.7][34794] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -1765,7 +1765,7 @@
update: [...302] [ip4][..udp] [......10.0.2.15][28681] -> [.185.187.74.173][53489]
end: [...148] [ip4][..tcp] [......10.0.2.15][50261] -> [....156.57.42.2][33476] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- idle: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable]
idle: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable]
end: [...280] [ip4][..tcp] [......10.0.2.15][50304] -> [..85.168.34.105][39908] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -1781,7 +1781,7 @@
end: [...237] [ip4][..tcp] [......10.0.2.15][50283] -> [..51.68.153.214][35004]
end: [...296] [ip4][..tcp] [......10.0.2.15][50320] -> [194.163.180.126][10825] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- idle: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900]
+ idle: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02]
end: [...271] [ip4][..tcp] [......10.0.2.15][50295] -> [.38.142.119.234][49732] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
idle: [....14] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable]
@@ -1865,12 +1865,12 @@
RISK: Unsafe Protocol
update: [...326] [ip4][..udp] [......10.0.2.15][28681] -> [..100.1.231.138][56558] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...322] [ip4][..udp] [......10.0.2.15][28681] -> [..45.88.117.219][.6909] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...360] [ip4][..udp] [......10.0.2.15][28681] -> [..198.58.218.12][47912] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...332] [ip4][..udp] [......10.0.2.15][28681] -> [213.229.111.224][.4876] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...321] [ip4][..udp] [......10.0.2.15][28681] -> [188.165.203.190][21995] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -2043,7 +2043,7 @@
end: [...267] [ip4][..tcp] [......10.0.2.15][50291] -> [..200.7.155.210][28365] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
idle: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][msedgewin10.local]
- idle: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -2517,7 +2517,7 @@
RISK: Unsafe Protocol
idle: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- idle: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
idle: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -2714,7 +2714,7 @@
RISK: Unsafe Protocol
update: [...365] [ip4][..udp] [......10.0.2.15][28681] -> [..188.23.24.213][18561] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...363] [ip4][..udp] [......10.0.2.15][28681] -> [...81.205.91.45][38297] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...342] [ip4][..udp] [......10.0.2.15][28681] -> [..98.208.26.154][.4994] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -2750,7 +2750,7 @@
update: [...331] [ip4][..udp] [......10.0.2.15][28681] -> [..45.31.152.112][26851] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
new: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900]
- detected: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346]
detected: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
@@ -3566,7 +3566,7 @@
RISK: Unsafe Protocol
update: [...365] [ip4][..udp] [......10.0.2.15][28681] -> [..188.23.24.213][18561] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...363] [ip4][..udp] [......10.0.2.15][28681] -> [...81.205.91.45][38297] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...342] [ip4][..udp] [......10.0.2.15][28681] -> [..98.208.26.154][.4994] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -3873,7 +3873,7 @@
RISK: Unsafe Protocol
update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...596] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58954]
update: [...620] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53516]
update: [...591] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53707]
@@ -3947,7 +3947,7 @@
RISK: Unsafe Protocol
idle: [...307] [ip4][..udp] [......10.0.2.15][28681] -> [..72.201.208.57][38617] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- idle: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...449] [ip4][..udp] [......10.0.2.15][28681] -> [.61.238.173.128][.8826]
update: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
@@ -4597,7 +4597,7 @@
RISK: Unsafe Protocol
update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...596] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58954]
update: [...620] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53516]
update: [...591] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53707]
@@ -4868,7 +4868,7 @@
detected: [...757] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
new: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900]
- detected: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548]
detected: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
@@ -5390,7 +5390,7 @@
RISK: Unsafe Protocol
update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...596] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58954]
update: [...620] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53516]
update: [...591] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53707]
@@ -5587,7 +5587,7 @@
update: [...754] [ip4][..udp] [......10.0.2.15][28681] -> [..84.125.218.84][17561]
update: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...757] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
idle: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -6224,7 +6224,7 @@
idle: [...377] [ip4][..udp] [......10.0.2.15][28681] -> [.180.200.236.13][12082]
idle: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- idle: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
not-detected: [...596] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58954] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [...596] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58954]
@@ -6707,11 +6707,11 @@
update: [...754] [ip4][..udp] [......10.0.2.15][28681] -> [..84.125.218.84][17561]
update: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...757] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
new: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900]
- detected: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10]
update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
@@ -6895,14 +6895,14 @@
RISK: Unsafe Protocol
update: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- update: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...757] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
idle: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
update: [...783] [ip4][.icmp] [.65.182.231.232] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
- update: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ update: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
idle: [...757] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -7008,11 +7008,11 @@
RISK: Unsafe Protocol
update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
- idle: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [...797] [ip4][.icmp] [...154.3.42.209] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
new: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900]
- detected: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [...799] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702]
detected: [...799] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable]
new: [...800] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702]
@@ -7023,7 +7023,7 @@
DAEMON-EVENT: [Flows][active: 169 / 801|skipped: 0|!detected: 311|guessed: 1|detection-updates: 5|updates: 2519]
idle: [.....8] [ip4][....2] [......10.0.2.15] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
idle: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10]
- idle: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
idle: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous]
@@ -7249,7 +7249,7 @@
not-detected: [....56] [ip4][..tcp] [......10.0.2.15][50215] -> [.124.244.64.237][.4704] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [....56] [ip4][..tcp] [......10.0.2.15][50215] -> [.124.244.64.237][.4704]
- idle: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
not-detected: [...241] [ip4][..tcp] [......10.0.2.15][50287] -> [.98.215.130.156][12405] [Unknown][Unknown][Unrated]
diff --git a/test/results/flow-info/default/instagram.pcap.out b/test/results/flow-info/default/instagram.pcap.out
index 6ec156538..df32241c7 100644
--- a/test/results/flow-info/default/instagram.pcap.out
+++ b/test/results/flow-info/default/instagram.pcap.out
@@ -86,18 +86,18 @@
guessed: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Unknown][Web][Acceptable][]
RISK: Susp Entropy
new: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53]
- detected: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][igcdn-photos-h-a.akamaihd.net]
+ detected: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-h-a.akamaihd.net]
new: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53]
- detected: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][igcdn-photos-a-a.akamaihd.net]
+ detected: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-a-a.akamaihd.net]
new: [....19] [ip4][..tcp] [..192.168.0.103][57966] -> [...82.85.26.185][...80] [MIDSTREAM]
new: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53]
- detected: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][igcdn-photos-g-a.akamaihd.net]
- detection-update: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][igcdn-photos-h-a.akamaihd.net]
+ detected: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-g-a.akamaihd.net]
+ detection-update: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-h-a.akamaihd.net]
new: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443]
- detection-update: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][igcdn-photos-a-a.akamaihd.net]
+ detection-update: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-a-a.akamaihd.net]
new: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443]
new: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443]
- detection-update: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][igcdn-photos-g-a.akamaihd.net]
+ detection-update: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-g-a.akamaihd.net]
new: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443]
detected: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][Unknown][SocialNetwork][Fun][igcdn-photos-h-a.akamaihd.net]
RISK: Obsolete TLS (v1.1 or older)
@@ -155,7 +155,7 @@
new: [....30] [ip4][..tcp] [..192.168.0.103][58690] -> [...46.33.70.159][..443] [MIDSTREAM]
detected: [....30] [ip4][..tcp] [..192.168.0.103][58690] -> [...46.33.70.159][..443] [TLS][Unknown][Web][Safe]
new: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53]
- detected: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][photos-b.ak.instagram.com]
+ detected: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][photos-b.ak.instagram.com]
analyse: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.004| 0.001| 0.001| 1.362| 4.300]
@@ -188,9 +188,9 @@
idle: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
idle: [.....8] [ip4][..tcp] [..192.168.0.103][37350] -> [...82.85.26.153][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
- idle: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][igcdn-photos-g-a.akamaihd.net]
+ idle: [....20] [ip4][..udp] [..192.168.0.103][26540] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-g-a.akamaihd.net]
idle: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP][Facebook][Web][Acceptable]
- idle: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun]
+ idle: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
idle: [....22] [ip4][..tcp] [..192.168.0.103][41181] -> [...82.85.26.154][..443] [TLS.Instagram][Unknown][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
idle: [....23] [ip4][..tcp] [..192.168.0.103][41182] -> [...82.85.26.154][..443] [TLS.Instagram][Unknown][SocialNetwork][Fun]
@@ -198,7 +198,7 @@
end: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun][photos-e.ak.instagram.com]
end: [....30] [ip4][..tcp] [..192.168.0.103][58690] -> [...46.33.70.159][..443] [TLS][Unknown][Web][Safe]
idle: [.....9] [ip4][..udp] [..192.168.0.106][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
- idle: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][igcdn-photos-a-a.akamaihd.net]
+ idle: [....18] [ip4][..udp] [..192.168.0.103][33603] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-a-a.akamaihd.net]
idle: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] [TLS.Instagram][Unknown][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
idle: [....15] [ip4][..tcp] [..192.168.0.103][33763] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe]
@@ -225,7 +225,7 @@
idle: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Unknown][Web][Acceptable]
end: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Unknown][Web][Acceptable]
RISK: Susp Entropy
- idle: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][igcdn-photos-h-a.akamaihd.net]
+ idle: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][igcdn-photos-h-a.akamaihd.net]
idle: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][Unknown][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
new: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443]
diff --git a/test/results/flow-info/default/iphone.pcap.out b/test/results/flow-info/default/iphone.pcap.out
index 3c2e27b3c..272b88162 100644
--- a/test/results/flow-info/default/iphone.pcap.out
+++ b/test/results/flow-info/default/iphone.pcap.out
@@ -15,9 +15,9 @@
detected: [.....6] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
new: [.....7] [ip4][..udp] [....192.168.2.1][.5351] -> [......224.0.0.1][.5350]
new: [.....8] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900]
- detected: [.....8] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....8] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [.....9] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900]
- detected: [.....9] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....9] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....10] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.17][...68]
detected: [....10] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.17][...68] [DHCP][Unknown][Network][Acceptable][]
new: [....11] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff98:a29c]
@@ -29,75 +29,75 @@
new: [....14] [ip6][icmp6] [...............fe80::823:3f17:8298:a29c] -> [...............................ff02::16]
detected: [....14] [ip6][icmp6] [...............fe80::823:3f17:8298:a29c] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
new: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53]
- detected: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][p26-keyvalueservice.icloud.com]
+ detected: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][p26-keyvalueservice.icloud.com]
new: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53]
- detected: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][p26-fmfmobile.icloud.com]
+ detected: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][p26-fmfmobile.icloud.com]
new: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53]
- detected: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gspe35-ssl.ls.apple.com]
+ detected: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gspe35-ssl.ls.apple.com]
new: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53]
- detected: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gsp85-ssl.ls.apple.com]
+ detected: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsp85-ssl.ls.apple.com]
new: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53]
- detected: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com]
- detection-update: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][p26-fmfmobile.icloud.com]
- detection-update: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][p26-keyvalueservice.icloud.com]
- detection-update: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gspe35-ssl.ls.apple.com]
- detection-update: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gsp85-ssl.ls.apple.com]
+ detected: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com]
+ detection-update: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][p26-fmfmobile.icloud.com]
+ detection-update: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][p26-keyvalueservice.icloud.com]
+ detection-update: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gspe35-ssl.ls.apple.com]
+ detection-update: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsp85-ssl.ls.apple.com]
new: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443]
- detection-update: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com]
+ detection-update: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com]
new: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53]
- detected: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][mesu.apple.com]
+ detected: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mesu.apple.com]
new: [....22] [ip4][..udp] [...192.168.2.17][.5353] -> [....224.0.0.251][.5353]
detected: [....22] [ip4][..udp] [...192.168.2.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_homekit._tcp.local]
new: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443]
new: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443]
new: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80]
detected: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-fmfmobile.icloud.com]
- detection-update: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][mesu.apple.com]
+ detection-update: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mesu.apple.com]
detected: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Unknown][Web][Safe][gspe35-ssl.ls.apple.com]
new: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443]
new: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443]
detection-update: [....23] [ip4][..tcp] [...192.168.2.17][50576] -> [...95.101.25.53][..443] [TLS.Apple][Unknown][Web][Safe][gspe35-ssl.ls.apple.com]
new: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53]
- detected: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][gateway.icloud.com]
+ detected: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gateway.icloud.com]
detected: [....25] [ip4][..tcp] [...192.168.2.17][49152] -> [.17.253.105.202][...80] [HTTP.Apple][Apple][ConnCheck][Safe][captive.apple.com]
detected: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Apple][Web][Safe][gsp85-ssl.ls.apple.com]
detected: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe][mesu.apple.com]
detected: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe][mesu.apple.com]
detection-update: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-fmfmobile.icloud.com]
detection-update: [....20] [ip4][..tcp] [...192.168.2.17][50575] -> [.17.248.185.140][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][p26-fmfmobile.icloud.com]
- detection-update: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][gateway.icloud.com]
+ detection-update: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gateway.icloud.com]
detection-update: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe][mesu.apple.com]
new: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443]
detection-update: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe][mesu.apple.com]
detection-update: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Apple][Web][Safe][gsp85-ssl.ls.apple.com]
detection-update: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Apple][Web][Safe][gsp85-ssl.ls.apple.com]
new: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53]
- detected: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][www.icloud.com]
+ detected: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.icloud.com]
new: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53]
- detected: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][basejumper.apple.com]
+ detected: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][basejumper.apple.com]
new: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53]
- detected: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][iphone-ld.apple.com]
+ detected: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][iphone-ld.apple.com]
new: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53]
- detected: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][cl4.apple.com]
+ detected: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][cl4.apple.com]
new: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53]
- detected: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][bag.itunes.apple.com]
+ detected: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][bag.itunes.apple.com]
new: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53]
- detected: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
+ detected: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][play.itunes.apple.com]
new: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53]
- detected: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][bag.itunes.apple.com]
+ detected: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][bag.itunes.apple.com]
new: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53]
- detected: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][init.itunes.apple.com]
+ detected: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][init.itunes.apple.com]
new: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443]
detected: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][gateway.icloud.com]
- detection-update: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][www.icloud.com]
- detection-update: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][iphone-ld.apple.com]
- detection-update: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][basejumper.apple.com]
- detection-update: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][bag.itunes.apple.com]
- detection-update: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][bag.itunes.apple.com]
+ detection-update: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.icloud.com]
+ detection-update: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][iphone-ld.apple.com]
+ detection-update: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][basejumper.apple.com]
+ detection-update: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][bag.itunes.apple.com]
+ detection-update: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][bag.itunes.apple.com]
detection-update: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][gateway.icloud.com]
- detection-update: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][init.itunes.apple.com]
- detection-update: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
- detection-update: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][cl4.apple.com]
+ detection-update: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][init.itunes.apple.com]
+ detection-update: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][play.itunes.apple.com]
+ detection-update: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][cl4.apple.com]
new: [....39] [ip4][..tcp] [...192.168.2.17][50582] -> [..92.122.252.82][..443]
detection-update: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][gateway.icloud.com]
new: [....40] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1]
@@ -113,11 +113,11 @@
new: [....42] [ip4][....2] [...192.168.2.17] -> [.....224.0.0.22]
detected: [....42] [ip4][....2] [...192.168.2.17] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
new: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53]
- detected: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gsa.apple.com]
+ detected: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsa.apple.com]
new: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53]
- detected: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gsa.apple.com]
- detection-update: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gsa.apple.com]
- detection-update: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gsa.apple.com]
+ detected: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsa.apple.com]
+ detection-update: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsa.apple.com]
+ detection-update: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsa.apple.com]
new: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443]
detected: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][gateway.icloud.com]
detection-update: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][gateway.icloud.com]
@@ -131,8 +131,8 @@
detection-update: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][gateway.icloud.com]
detection-update: [....47] [ip4][..tcp] [...192.168.2.17][50586] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable][gateway.icloud.com]
new: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53]
- detected: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
- detection-update: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
+ detected: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][play.itunes.apple.com]
+ detection-update: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][play.itunes.apple.com]
analyse: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.686| 0.087| 0.170| 29013.449| 3.100]
@@ -177,38 +177,38 @@
[PKTLENS.....: 64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492]
[ENTROPIES...: 4.4,5.0,4.9,4.7,5.0,6.2,4.6,7.1,7.5,7.5,4.9,4.9,4.9,4.8,6.0,5.6,5.0,7.8,7.2,5.1,7.8,4.9,7.8,7.9,7.9,7.9,5.0,5.0,7.9,7.9,7.9,7.8]
new: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53]
- detected: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][sync.itunes.apple.com]
- detection-update: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][sync.itunes.apple.com]
+ detected: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][sync.itunes.apple.com]
+ detection-update: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][sync.itunes.apple.com]
new: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443]
detected: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][sync.itunes.apple.com]
detection-update: [....51] [ip4][..tcp] [...192.168.2.17][50588] -> [...95.101.24.53][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][sync.itunes.apple.com]
idle: [.....2] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac]
idle: [....11] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff98:a29c] [ICMPV6][Unknown][Network][Acceptable]
idle: [.....6] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
- idle: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][init.itunes.apple.com]
- idle: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com]
- idle: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gsa.apple.com]
- idle: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][www.icloud.com]
- idle: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][gateway.icloud.com]
- idle: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
- idle: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][iphone-ld.apple.com]
- idle: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][bag.itunes.apple.com]
+ idle: [....37] [ip4][..udp] [...192.168.2.17][49880] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][init.itunes.apple.com]
+ idle: [....19] [ip4][..udp] [...192.168.2.17][51007] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com]
+ idle: [....44] [ip4][..udp] [...192.168.2.17][52031] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsa.apple.com]
+ idle: [....30] [ip4][..udp] [...192.168.2.17][52682] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.icloud.com]
+ idle: [....28] [ip4][..udp] [...192.168.2.17][52852] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gateway.icloud.com]
+ idle: [....35] [ip4][..udp] [...192.168.2.17][53272] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][play.itunes.apple.com]
+ idle: [....32] [ip4][..udp] [...192.168.2.17][53317] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][iphone-ld.apple.com]
+ idle: [....36] [ip4][..udp] [...192.168.2.17][53983] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][bag.itunes.apple.com]
idle: [....14] [ip6][icmp6] [...............fe80::823:3f17:8298:a29c] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
idle: [....12] [ip6][icmp6] [...............fe80::823:3f17:8298:a29c] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
idle: [.....5] [ip4][..udp] [169.254.225.216][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][lucas imac._odisk._tcp.local]
idle: [....42] [ip4][....2] [...192.168.2.17] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
- idle: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][mesu.apple.com]
- idle: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gsp85-ssl.ls.apple.com]
+ idle: [....21] [ip4][..udp] [...192.168.2.17][55457] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][mesu.apple.com]
+ idle: [....18] [ip4][..udp] [...192.168.2.17][55914] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsp85-ssl.ls.apple.com]
idle: [....41] [ip4][..tcp] [...192.168.2.17][50583] -> [...104.73.61.30][..443] [TLS.Apple][Unknown][Web][Safe]
- idle: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gspe35-ssl.ls.apple.com]
- idle: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][gsa.apple.com]
- idle: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][cl4.apple.com]
- idle: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][p26-fmfmobile.icloud.com]
- idle: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][bag.itunes.apple.com]
- idle: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS.AppleiCloud][Unknown][Network][Acceptable][p26-keyvalueservice.icloud.com]
- idle: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][sync.itunes.apple.com]
- idle: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][basejumper.apple.com]
- idle: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
+ idle: [....17] [ip4][..udp] [...192.168.2.17][61862] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gspe35-ssl.ls.apple.com]
+ idle: [....43] [ip4][..udp] [...192.168.2.17][62160] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][gsa.apple.com]
+ idle: [....33] [ip4][..udp] [...192.168.2.17][62526] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][cl4.apple.com]
+ idle: [....16] [ip4][..udp] [...192.168.2.17][63143] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][p26-fmfmobile.icloud.com]
+ idle: [....34] [ip4][..udp] [...192.168.2.17][63377] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][bag.itunes.apple.com]
+ idle: [....15] [ip4][..udp] [...192.168.2.17][63381] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][p26-keyvalueservice.icloud.com]
+ idle: [....50] [ip4][..udp] [...192.168.2.17][63677] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][sync.itunes.apple.com]
+ idle: [....31] [ip4][..udp] [...192.168.2.17][64203] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][basejumper.apple.com]
+ idle: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][play.itunes.apple.com]
idle: [....13] [ip6][..udp] [...............fe80::823:3f17:8298:a29c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [....40] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Unknown][Network][Acceptable]
idle: [....10] [ip4][..udp] [....192.168.2.1][...67] -> [...192.168.2.17][...68] [DHCP][Unknown][Network][Acceptable]
@@ -231,7 +231,7 @@
end: [....26] [ip4][..tcp] [...192.168.2.17][50578] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe]
end: [....27] [ip4][..tcp] [...192.168.2.17][50579] -> [.17.253.105.202][..443] [TLS.Apple][Apple][Web][Safe]
idle: [....24] [ip4][..tcp] [...192.168.2.17][50577] -> [....17.130.2.46][..443] [TLS.Apple][Apple][Web][Safe]
- idle: [.....8] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- idle: [.....9] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [.....8] [ip4][..udp] [169.254.225.216][60538] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ idle: [.....9] [ip4][..udp] [....192.168.2.1][51411] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....46] [ip4][..tcp] [...192.168.2.17][50585] -> [..17.137.166.35][..443] [TLS.Apple][Apple][Web][Safe]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/lagofast.pcap.out b/test/results/flow-info/default/lagofast.pcap.out
new file mode 100644
index 000000000..b28faf18a
--- /dev/null
+++ b/test/results/flow-info/default/lagofast.pcap.out
@@ -0,0 +1,96 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..udp] [..77.134.62.224][59607] -> [...43.83.218.54][.1189]
+ detected: [.....1] [ip4][..udp] [..77.134.62.224][59607] -> [...43.83.218.54][.1189] [LagoFast][Unknown][VPN][Acceptable]
+ new: [.....2] [ip4][..udp] [..46.18.153.127][59607] -> [...228.2.57.157][10510]
+ detected: [.....2] [ip4][..udp] [..46.18.153.127][59607] -> [...228.2.57.157][10510] [LagoFast][Unknown][VPN][Acceptable]
+ new: [.....3] [ip4][..udp] [..25.125.160.55][59607] -> [.55.148.149.242][.1855]
+ detected: [.....3] [ip4][..udp] [..25.125.160.55][59607] -> [.55.148.149.242][.1855] [LagoFast][Unknown][VPN][Acceptable]
+ new: [.....4] [ip4][..udp] [...0.40.128.100][59607] -> [.172.119.18.180][.2672]
+ detected: [.....4] [ip4][..udp] [...0.40.128.100][59607] -> [.172.119.18.180][.2672] [LagoFast][Unknown][VPN][Acceptable]
+ new: [.....5] [ip4][..udp] [..23.147.144.74][59607] -> [....63.29.27.84][.6198]
+ detected: [.....5] [ip4][..udp] [..23.147.144.74][59607] -> [....63.29.27.84][.6198] [LagoFast][Unknown][VPN][Acceptable]
+ new: [.....6] [ip4][..udp] [196.228.157.219][59607] -> [..206.16.55.103][.4750]
+ detected: [.....6] [ip4][..udp] [196.228.157.219][59607] -> [..206.16.55.103][.4750] [LagoFast][Unknown][VPN][Acceptable]
+ new: [.....7] [ip4][..udp] [..50.138.250.44][59607] -> [.87.176.151.245][.4477]
+ detected: [.....7] [ip4][..udp] [..50.138.250.44][59607] -> [.87.176.151.245][.4477] [LagoFast][Unknown][VPN][Acceptable]
+ new: [.....8] [ip4][..udp] [.57.213.147.123][59607] -> [...56.213.47.40][.4477]
+ detected: [.....8] [ip4][..udp] [.57.213.147.123][59607] -> [...56.213.47.40][.4477] [LagoFast][Unknown][VPN][Acceptable]
+ new: [.....9] [ip4][..udp] [.149.210.152.94][59607] -> [..10.63.255.254][.8190]
+ detected: [.....9] [ip4][..udp] [.149.210.152.94][59607] -> [..10.63.255.254][.8190] [LagoFast][Unknown][VPN][Acceptable]
+ new: [....10] [ip4][..udp] [.38.210.140.253][59607] -> [.248.126.41.103][.8190]
+ detected: [....10] [ip4][..udp] [.38.210.140.253][59607] -> [.248.126.41.103][.8190] [LagoFast][Unknown][VPN][Acceptable]
+ new: [....11] [ip4][..udp] [.212.123.54.116][59607] -> [..245.4.176.194][.6808]
+ detected: [....11] [ip4][..udp] [.212.123.54.116][59607] -> [..245.4.176.194][.6808] [LagoFast][Unknown][VPN][Acceptable]
+ new: [....12] [ip4][..udp] [...50.245.97.76][59607] -> [..104.30.90.163][.7864]
+ detected: [....12] [ip4][..udp] [...50.245.97.76][59607] -> [..104.30.90.163][.7864] [LagoFast][Unknown][VPN][Acceptable]
+ DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 12 / 12|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [....13] [ip4][..udp] [..216.47.212.93][49790] -> [..26.156.197.59][...53]
+ detected: [....13] [ip4][..udp] [..216.47.212.93][49790] -> [..26.156.197.59][...53] [DNS][Unknown][Network][Acceptable][gabooster.6fast.com]
+ new: [....14] [ip4][..udp] [.251.113.201.83][...53] -> [.202.196.158.89][49790]
+ detected: [....14] [ip4][..udp] [.251.113.201.83][...53] -> [.202.196.158.89][49790] [DNS][Unknown][Network][Acceptable][gabooster.6fast.com]
+ new: [....15] [ip4][..tcp] [...0.230.137.78][39354] -> [.142.141.18.132][..443] [MIDSTREAM]
+ detected: [....15] [ip4][..tcp] [...0.230.137.78][39354] -> [.142.141.18.132][..443] [TLS.LagoFast][Unknown][VPN][Acceptable][gabooster.6fast.com]
+ new: [....16] [ip4][..tcp] [..24.105.33.150][..443] -> [..5.163.124.163][47280] [MIDSTREAM]
+ detected: [....16] [ip4][..tcp] [..24.105.33.150][..443] -> [..5.163.124.163][47280] [TLS][Starcraft][Web][Safe]
+ new: [....17] [ip4][..udp] [..187.34.30.159][11381] -> [....44.6.46.200][...53]
+ detected: [....17] [ip4][..udp] [..187.34.30.159][11381] -> [....44.6.46.200][...53] [DNS][Unknown][Network][Acceptable][cbs.lagofast.com]
+ new: [....18] [ip4][..udp] [.40.105.164.193][43932] -> [..99.193.243.15][...53]
+ detected: [....18] [ip4][..udp] [.40.105.164.193][43932] -> [..99.193.243.15][...53] [DNS][Outlook][Network][Acceptable][report.lagofast.com]
+ new: [....19] [ip4][..tcp] [180.239.121.250][44636] -> [...23.200.86.51][..443] [MIDSTREAM]
+ detected: [....19] [ip4][..tcp] [180.239.121.250][44636] -> [...23.200.86.51][..443] [TLS.LagoFast][Unknown][VPN][Acceptable][cbs.lagofast.com]
+ new: [....20] [ip4][..tcp] [...99.189.94.53][45702] -> [...185.5.215.83][..443] [MIDSTREAM]
+ detected: [....20] [ip4][..tcp] [...99.189.94.53][45702] -> [...185.5.215.83][..443] [TLS.LagoFast][Unknown][VPN][Acceptable][report.lagofast.com]
+ new: [....21] [ip4][..tcp] [.49.118.157.237][..443] -> [.251.114.223.28][44636] [MIDSTREAM]
+ detected: [....21] [ip4][..tcp] [.49.118.157.237][..443] -> [.251.114.223.28][44636] [TLS][Unknown][Web][Safe]
+ new: [....22] [ip4][..udp] [157.117.212.161][.7725] -> [.124.69.119.132][...53]
+ detected: [....22] [ip4][..udp] [157.117.212.161][.7725] -> [.124.69.119.132][...53] [DNS][Unknown][Network][Acceptable][static.lagofast.com]
+ new: [....23] [ip4][..tcp] [206.184.203.226][44640] -> [.....8.106.2.77][..443] [MIDSTREAM]
+ detected: [....23] [ip4][..tcp] [206.184.203.226][44640] -> [.....8.106.2.77][..443] [TLS.LagoFast][Unknown][VPN][Acceptable][cbs.lagofast.com]
+ new: [....24] [ip4][..tcp] [.105.60.130.195][44642] -> [186.249.185.190][..443] [MIDSTREAM]
+ detected: [....24] [ip4][..tcp] [.105.60.130.195][44642] -> [186.249.185.190][..443] [TLS.LagoFast][Unknown][VPN][Acceptable][cbs.lagofast.com]
+ new: [....25] [ip4][..tcp] [172.142.219.219][44644] -> [....5.97.101.77][..443] [MIDSTREAM]
+ detected: [....25] [ip4][..tcp] [172.142.219.219][44644] -> [....5.97.101.77][..443] [TLS.LagoFast][Unknown][VPN][Acceptable][cbs.lagofast.com]
+ new: [....26] [ip4][..tcp] [...136.238.7.95][..443] -> [231.209.192.237][44640] [MIDSTREAM]
+ detected: [....26] [ip4][..tcp] [...136.238.7.95][..443] -> [231.209.192.237][44640] [TLS][Unknown][Web][Safe]
+ new: [....27] [ip4][..tcp] [224.201.159.146][37898] -> [...15.33.130.35][..443] [MIDSTREAM]
+ detected: [....27] [ip4][..tcp] [224.201.159.146][37898] -> [...15.33.130.35][..443] [TLS.LagoFast][Unknown][VPN][Acceptable][static.lagofast.com]
+ new: [....28] [ip4][..tcp] [.226.143.37.182][..443] -> [.70.254.111.101][37898] [MIDSTREAM]
+ detected: [....28] [ip4][..tcp] [.226.143.37.182][..443] -> [.70.254.111.101][37898] [TLS][Unknown][Web][Safe]
+ new: [....29] [ip4][..tcp] [..236.82.25.211][45722] -> [237.191.110.161][..443] [MIDSTREAM]
+ detected: [....29] [ip4][..tcp] [..236.82.25.211][45722] -> [237.191.110.161][..443] [TLS.LagoFast][Unknown][VPN][Acceptable][report.lagofast.com]
+ new: [....30] [ip4][..tcp] [.109.65.199.230][37898] -> [..9.207.246.240][..443] [MIDSTREAM]
+ detected: [....30] [ip4][..tcp] [.109.65.199.230][37898] -> [..9.207.246.240][..443] [TLS][Unknown][Web][Safe]
+ idle: [....27] [ip4][..tcp] [224.201.159.146][37898] -> [...15.33.130.35][..443] [TLS.LagoFast][Unknown][VPN][Acceptable]
+ idle: [.....3] [ip4][..udp] [..25.125.160.55][59607] -> [.55.148.149.242][.1855] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....11] [ip4][..udp] [.212.123.54.116][59607] -> [..245.4.176.194][.6808] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....13] [ip4][..udp] [..216.47.212.93][49790] -> [..26.156.197.59][...53] [DNS][Unknown][Network][Acceptable]
+ idle: [....15] [ip4][..tcp] [...0.230.137.78][39354] -> [.142.141.18.132][..443] [TLS.LagoFast][Unknown][VPN][Acceptable]
+ idle: [.....4] [ip4][..udp] [...0.40.128.100][59607] -> [.172.119.18.180][.2672] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....21] [ip4][..tcp] [.49.118.157.237][..443] -> [.251.114.223.28][44636] [TLS][Unknown][Web][Safe]
+ idle: [.....9] [ip4][..udp] [.149.210.152.94][59607] -> [..10.63.255.254][.8190] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....12] [ip4][..udp] [...50.245.97.76][59607] -> [..104.30.90.163][.7864] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....25] [ip4][..tcp] [172.142.219.219][44644] -> [....5.97.101.77][..443] [TLS.LagoFast][Unknown][VPN][Acceptable]
+ idle: [....28] [ip4][..tcp] [.226.143.37.182][..443] -> [.70.254.111.101][37898] [TLS][Unknown][Web][Safe]
+ idle: [.....8] [ip4][..udp] [.57.213.147.123][59607] -> [...56.213.47.40][.4477] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....30] [ip4][..tcp] [.109.65.199.230][37898] -> [..9.207.246.240][..443] [TLS][Unknown][Web][Safe]
+ idle: [.....2] [ip4][..udp] [..46.18.153.127][59607] -> [...228.2.57.157][10510] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [.....5] [ip4][..udp] [..23.147.144.74][59607] -> [....63.29.27.84][.6198] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [.....7] [ip4][..udp] [..50.138.250.44][59607] -> [.87.176.151.245][.4477] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....16] [ip4][..tcp] [..24.105.33.150][..443] -> [..5.163.124.163][47280] [TLS][Starcraft][Web][Safe]
+ idle: [.....1] [ip4][..udp] [..77.134.62.224][59607] -> [...43.83.218.54][.1189] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....29] [ip4][..tcp] [..236.82.25.211][45722] -> [237.191.110.161][..443] [TLS.LagoFast][Unknown][VPN][Acceptable]
+ idle: [....23] [ip4][..tcp] [206.184.203.226][44640] -> [.....8.106.2.77][..443] [TLS.LagoFast][Unknown][VPN][Acceptable]
+ idle: [....17] [ip4][..udp] [..187.34.30.159][11381] -> [....44.6.46.200][...53] [DNS][Unknown][Network][Acceptable]
+ idle: [....18] [ip4][..udp] [.40.105.164.193][43932] -> [..99.193.243.15][...53] [DNS][Outlook][Network][Acceptable]
+ idle: [....22] [ip4][..udp] [157.117.212.161][.7725] -> [.124.69.119.132][...53] [DNS][Unknown][Network][Acceptable]
+ idle: [....10] [ip4][..udp] [.38.210.140.253][59607] -> [.248.126.41.103][.8190] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....24] [ip4][..tcp] [.105.60.130.195][44642] -> [186.249.185.190][..443] [TLS.LagoFast][Unknown][VPN][Acceptable]
+ idle: [....19] [ip4][..tcp] [180.239.121.250][44636] -> [...23.200.86.51][..443] [TLS.LagoFast][Unknown][VPN][Acceptable]
+ idle: [....26] [ip4][..tcp] [...136.238.7.95][..443] -> [231.209.192.237][44640] [TLS][Unknown][Web][Safe]
+ idle: [.....6] [ip4][..udp] [196.228.157.219][59607] -> [..206.16.55.103][.4750] [LagoFast][Unknown][VPN][Acceptable]
+ idle: [....20] [ip4][..tcp] [...99.189.94.53][45702] -> [...185.5.215.83][..443] [TLS.LagoFast][Unknown][VPN][Acceptable]
+ idle: [....14] [ip4][..udp] [.251.113.201.83][...53] -> [.202.196.158.89][49790] [DNS][Unknown][Network][Acceptable][gabooster.6fast.com]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/mullvad_dns.pcap.out b/test/results/flow-info/default/mullvad_dns.pcap.out
index 363f0a21f..93b5f3beb 100644
--- a/test/results/flow-info/default/mullvad_dns.pcap.out
+++ b/test/results/flow-info/default/mullvad_dns.pcap.out
@@ -2,7 +2,7 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [.192.168.122.11][51696] -> [........9.9.9.9][...53]
- detected: [.....1] [ip4][..udp] [.192.168.122.11][51696] -> [........9.9.9.9][...53] [DNS.Mullvad][Unknown][Network][Acceptable][www.mullvad.net]
- detection-update: [.....1] [ip4][..udp] [.192.168.122.11][51696] -> [........9.9.9.9][...53] [DNS.Mullvad][Unknown][Network][Acceptable][www.mullvad.net]
- idle: [.....1] [ip4][..udp] [.192.168.122.11][51696] -> [........9.9.9.9][...53] [DNS.Mullvad][Unknown][Network][Acceptable][www.mullvad.net]
+ detected: [.....1] [ip4][..udp] [.192.168.122.11][51696] -> [........9.9.9.9][...53] [DNS][Unknown][Network][Acceptable][www.mullvad.net]
+ detection-update: [.....1] [ip4][..udp] [.192.168.122.11][51696] -> [........9.9.9.9][...53] [DNS][Unknown][Network][Acceptable][www.mullvad.net]
+ idle: [.....1] [ip4][..udp] [.192.168.122.11][51696] -> [........9.9.9.9][...53] [DNS][Unknown][Network][Acceptable][www.mullvad.net]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/netease_games.pcapng.out b/test/results/flow-info/default/netease_games.pcapng.out
index 126d5800e..788ddac8f 100644
--- a/test/results/flow-info/default/netease_games.pcapng.out
+++ b/test/results/flow-info/default/netease_games.pcapng.out
@@ -2,10 +2,10 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53]
- detected: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS.NetEaseGames][Unknown][Network][Fun][data-detect.nie.easebar.com]
- detection-update: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS.NetEaseGames][Unknown][Network][Fun][data-detect.nie.easebar.com]
+ detected: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS][Unknown][Network][Acceptable][data-detect.nie.easebar.com]
+ detection-update: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS][Unknown][Network][Acceptable][data-detect.nie.easebar.com]
RISK: Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS.NetEaseGames][Unknown][Network][Fun][data-detect.nie.easebar.com]
+ detection-update: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS][Unknown][Network][Acceptable][data-detect.nie.easebar.com]
new: [.....2] [ip4][..tcp] [.192.168.88.231][50402] -> [....35.73.71.94][..443]
detected: [.....2] [ip4][..tcp] [.192.168.88.231][50402] -> [....35.73.71.94][..443] [TLS.NetEaseGames][AmazonAWS][Game][Fun][data-detect.nie.easebar.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -15,7 +15,7 @@
DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0]
new: [.....3] [ip4][..udp] [.192.168.88.231][56588] -> [..35.246.207.19][.4513]
detected: [.....3] [ip4][..udp] [.192.168.88.231][56588] -> [..35.246.207.19][.4513] [NetEaseGames][GoogleCloud][Game][Fun]
- idle: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS.NetEaseGames][Unknown][Network][Fun][data-detect.nie.easebar.com]
+ idle: [.....1] [ip4][..udp] [.192.168.88.231][49377] -> [....172.17.8.75][...53] [DNS][Unknown][Network][Acceptable][data-detect.nie.easebar.com]
DAEMON-EVENT: [Processed: 13 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0]
new: [.....4] [ip4][..udp] [.192.168.88.231][41040] -> [..35.228.32.209][.4170]
diff --git a/test/results/flow-info/default/netflix.pcap.out b/test/results/flow-info/default/netflix.pcap.out
index 18c09d7a6..9ec528563 100644
--- a/test/results/flow-info/default/netflix.pcap.out
+++ b/test/results/flow-info/default/netflix.pcap.out
@@ -3,13 +3,13 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443] [MIDSTREAM]
new: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53]
- detected: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
- detection-update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
+ detected: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
+ detection-update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
+ detection-update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
new: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53]
- detected: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.us-west-2.prodaa.netflix.com]
- detection-update: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.us-west-2.prodaa.netflix.com]
+ detected: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.us-west-2.prodaa.netflix.com]
+ detection-update: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.us-west-2.prodaa.netflix.com]
new: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443]
new: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443]
detected: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
@@ -49,7 +49,7 @@
detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
detection-update: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
new: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900]
- detected: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443]
detected: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
detection-update: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
@@ -57,8 +57,8 @@
new: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250]
detected: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Unknown][Network][Acceptable]
new: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53]
- detected: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][api-global.latency.prodaa.netflix.com]
- detection-update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][api-global.latency.prodaa.netflix.com]
+ detected: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com]
+ detection-update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com]
new: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443]
new: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443]
detected: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
@@ -89,8 +89,8 @@
[PKTLENS.....: 64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52]
[ENTROPIES...: 4.6,5.2,5.1,6.0,5.2,7.3,7.3,5.1,7.0,5.1,6.3,5.0,6.0,5.2,5.9,5.1,7.9,7.7,5.2,7.9,7.9,5.1,7.9,7.9,5.1,7.9,5.0,7.1,5.1,7.9,7.8,5.1]
new: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53]
- detected: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][sha2.san.akam.nflximg.net]
- detection-update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][sha2.san.akam.nflximg.net]
+ detected: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net]
+ detection-update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net]
new: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443]
detected: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net]
detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net]
@@ -106,8 +106,8 @@
[PKTLENS.....: 64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474]
[ENTROPIES...: 4.6,5.3,5.1,6.0,5.2,7.3,7.3,5.1,7.1,5.1,6.4,5.1,6.0,5.2,6.0,5.2,7.9,7.7,5.2,5.2,6.8,6.1,5.9,5.2,5.2,5.2,7.9,7.7,5.2,5.2,7.9,7.5]
new: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53]
- detected: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][artwork.akam.nflximg.net]
- detection-update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][artwork.akam.nflximg.net]
+ detected: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][artwork.akam.nflximg.net]
+ detection-update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][artwork.akam.nflximg.net]
new: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80]
new: [....21] [ip4][..tcp] [....192.168.1.7][53149] -> [..184.25.204.25][...80]
detected: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net]
@@ -115,8 +115,8 @@
new: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80]
detected: [....22] [ip4][..tcp] [....192.168.1.7][53150] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net]
new: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53]
- detected: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][appboot.netflix.com]
- detection-update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][appboot.netflix.com]
+ detected: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com]
+ detection-update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com]
new: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80]
detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com]
analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com]
@@ -134,7 +134,7 @@
new: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53]
detected: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a803.dscg.akamai.net]
new: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53]
- detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
+ detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-2.nflximg.net]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 6.031| 0.428| 1.232| 1516791.529| 2.300]
@@ -147,7 +147,7 @@
[ENTROPIES...: 4.6,5.2,5.1,5.9,5.3,7.5,7.8,5.1,7.8,5.0,7.8,7.8,5.2,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.9,7.9,5.4,5.2,5.3,5.4,5.3,5.2,5.2,5.8,7.2,7.8]
detection-update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a803.dscg.akamai.net]
new: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80]
- detection-update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
+ detection-update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
new: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443]
detected: [....28] [ip4][..tcp] [....192.168.1.7][53153] -> [..184.25.204.24][...80] [HTTP.NetFlix][Unknown][Video][Fun][tp.akam.nflximg.com]
detected: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com]
@@ -379,10 +379,10 @@
new: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443]
new: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443]
new: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53]
- detected: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.geo.netflix.com]
+ detected: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.geo.netflix.com]
detection-update: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable][23.246.3.140]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary File/Data Transfer (Attempt)
- detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.geo.netflix.com]
+ detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.geo.netflix.com]
new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443]
analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
@@ -444,25 +444,25 @@
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.133]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary File/Data Transfer (Attempt)
- update: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
- update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][api-global.latency.prodaa.netflix.com]
- update: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.us-west-2.prodaa.netflix.com]
- update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][sha2.san.akam.nflximg.net]
+ update: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
+ update: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com]
+ update: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.us-west-2.prodaa.netflix.com]
+ update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net]
new: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80]
detected: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary File/Data Transfer (Attempt)
- update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][artwork.akam.nflximg.net]
+ update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][artwork.akam.nflximg.net]
update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a803.dscg.akamai.net]
- update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
- update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][appboot.netflix.com]
+ update: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
+ update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com]
new: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53]
- detected: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
- detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
+ detected: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
+ detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
RISK: Unidirectional Traffic
- detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
+ detection-update: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
new: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443]
detected: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -471,8 +471,8 @@
detection-update: [....53] [ip4][..tcp] [....192.168.1.7][53238] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53]
- detected: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][api-global.latency.prodaa.netflix.com]
- detection-update: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][api-global.latency.prodaa.netflix.com]
+ detected: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com]
+ detection-update: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com]
new: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443]
new: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443]
detected: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
@@ -541,7 +541,7 @@
[IATS(ms)....: 15.4,16.8,2.1,27.2,1.0,1.1,27.3,38.1,39.4,39.9,44.7,83.4,40.7,236.7,277.7,1389.8,1416.3,0.3,12.8,48.7,0.2,12.8,12.8,15.9,13.8,16.3,12.8,12.7,23.2,13.3,13.2]
[PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52]
[ENTROPIES...: 4.5,5.2,5.1,5.9,5.3,7.3,7.8,5.2,7.8,5.0,7.8,7.8,5.1,7.8,7.7,5.2,5.8,6.9,7.5,7.8,5.1,5.0,7.8,7.8,5.0,7.9,4.9,7.8,7.8,5.1,7.8,5.1]
- idle: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
guessed: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443] [TLS][AmazonAWS][Web][Safe]
RISK: Unidirectional Traffic
end: [.....1] [ip4][..tcp] [....192.168.1.7][52929] -> [.....52.24.87.6][..443]
@@ -560,13 +560,13 @@
RISK: TLS (probably) Not Carrying HTTPS
idle: [....56] [ip4][..tcp] [....192.168.1.7][53248] -> [...52.32.22.214][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
RISK: TLS (probably) Not Carrying HTTPS
- idle: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
- idle: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
+ idle: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
+ idle: [....52] [ip4][..udp] [....192.168.1.7][51622] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
idle: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a803.dscg.akamai.net]
- idle: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][api-global.latency.prodaa.netflix.com]
- idle: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][api-global.latency.prodaa.netflix.com]
- idle: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.us-west-2.prodaa.netflix.com]
- idle: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
+ idle: [....13] [ip4][..udp] [....192.168.1.7][51949] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com]
+ idle: [....54] [ip4][..udp] [....192.168.1.7][52095] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api-global.latency.prodaa.netflix.com]
+ idle: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.us-west-2.prodaa.netflix.com]
+ idle: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ios.nccp.netflix.com]
end: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
idle: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
idle: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
@@ -575,9 +575,9 @@
RISK: TLS (probably) Not Carrying HTTPS
idle: [....12] [ip4][....2] [....192.168.1.7] -> [239.255.255.250] [IGMP][Unknown][Network][Acceptable]
idle: [....59] [ip4][..udp] [....192.168.1.7][57093] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][a1907.dscg.akamai.net]
- idle: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][sha2.san.akam.nflximg.net]
- idle: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][appboot.netflix.com]
- idle: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][artwork.akam.nflximg.net]
+ idle: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sha2.san.akam.nflximg.net]
+ idle: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][appboot.netflix.com]
+ idle: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][artwork.akam.nflximg.net]
end: [.....5] [ip4][..tcp] [....192.168.1.7][53114] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
RISK: TLS (probably) Not Carrying HTTPS
end: [....29] [ip4][..tcp] [....192.168.1.7][53162] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
@@ -589,7 +589,7 @@
end: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
end: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
end: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
- idle: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.geo.netflix.com]
+ idle: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ichnaea.geo.netflix.com]
end: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com]
idle: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun]
end: [....25] [ip4][..tcp] [....192.168.1.7][53152] -> [...52.89.39.139][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
diff --git a/test/results/flow-info/default/nintendo.pcap.out b/test/results/flow-info/default/nintendo.pcap.out
index 1c94cbc64..36eb9803b 100644
--- a/test/results/flow-info/default/nintendo.pcap.out
+++ b/test/results/flow-info/default/nintendo.pcap.out
@@ -23,8 +23,8 @@
[ENTROPIES...: 6.1,6.1,6.8,6.9,6.2,6.1,6.7,6.2,6.1,6.3,6.6,6.4,6.2,6.2,6.2,6.3,6.3,5.9,5.8,5.9,6.2,5.9,6.1,6.2,6.0,6.0,6.1,6.1,6.0,6.2,6.2,6.2]
new: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343]
new: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53]
- detected: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
- detection-update: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
+ detected: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
+ detection-update: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
new: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443]
detected: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -37,14 +37,14 @@
new: [....11] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][10025]
new: [....12] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33335]
new: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53]
- detected: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][g2df33d01-lp1.p.srv.nintendo.net]
- detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][g2df33d01-lp1.p.srv.nintendo.net]
- detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][g2df33d01-lp1.p.srv.nintendo.net]
- detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][g2df33d01-lp1.p.srv.nintendo.net]
+ detected: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][g2df33d01-lp1.p.srv.nintendo.net]
+ detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][g2df33d01-lp1.p.srv.nintendo.net]
+ detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][g2df33d01-lp1.p.srv.nintendo.net]
+ detection-update: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][g2df33d01-lp1.p.srv.nintendo.net]
new: [....14] [ip4][..udp] [.192.168.12.114][55915] -> [..52.10.205.177][34343]
new: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53]
- detected: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
- detection-update: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
+ detected: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
+ detection-update: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
new: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443]
detected: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -112,8 +112,8 @@
RISK: Susp Entropy, Unidirectional Traffic
idle: [....14] [ip4][..udp] [.192.168.12.114][55915] -> [..52.10.205.177][34343]
idle: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][AmazonAWS][Game][Fun]
- idle: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
- idle: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
+ idle: [....15] [ip4][..udp] [.192.168.12.114][51035] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
+ idle: [.....7] [ip4][..udp] [.192.168.12.114][18874] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
idle: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS][AmazonAWS][Web][Safe]
guessed: [....10] [ip4][..udp] [.192.168.12.114][55915] -> [...35.158.74.61][33334] [AmazonAWS][AmazonAWS][Cloud][Acceptable]
RISK: Unidirectional Traffic
@@ -134,5 +134,5 @@
idle: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] [Nintendo][Unknown][Game][Fun]
guessed: [.....9] [ip4][..tcp] [.192.168.12.114][11534] -> [..54.146.242.74][..443] [TLS][AmazonAWS][Web][Safe]
idle: [.....9] [ip4][..tcp] [.192.168.12.114][11534] -> [..54.146.242.74][..443]
- idle: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS.Nintendo][Unknown][Network][Fun][g2df33d01-lp1.p.srv.nintendo.net]
+ idle: [....13] [ip4][..udp] [.192.168.12.114][10184] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][g2df33d01-lp1.p.srv.nintendo.net]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/nordvpn.pcap.out b/test/results/flow-info/default/nordvpn.pcap.out
new file mode 100644
index 000000000..ef44c34d3
--- /dev/null
+++ b/test/results/flow-info/default/nordvpn.pcap.out
@@ -0,0 +1,42 @@
+ DAEMON-EVENT: init
+ new: [.....1] [ip4][..udp] [..192.168.1.204][53465] -> [.138.199.54.231][51820]
+ detected: [.....1] [ip4][..udp] [..192.168.1.204][53465] -> [.138.199.54.231][51820] [WireGuard.NordVPN][NordVPN][VPN][Acceptable]
+ new: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198]
+ analyse: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.083| 0.099| 0.265| 70319.784| 2.400]
+ [PKTLEN......: 101.000| 1144.000| 328.800| 349.500| 122181.900| 4.400]
+ [BINS(c->s)..: 0,0,4,12,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 0,0,2,1,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,1,1,1,1,1,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0]
+ [IATS(ms)....: 36.5,37.2,34.8,0.1,0.0,0.0,0.0,34.7,0.1,0.0,0.0,30.5,31.1,31.8,0.1,31.1,0.3,1045.9,1082.7,0.1,218.3,0.1,0.0,0.0,34.8,1.2,13.9,0.1,0.0,0.0,398.1]
+ [PKTLENS.....: 114,126,409,122,1144,1144,1144,1144,126,130,134,138,834,707,284,362,146,150,173,122,392,150,159,129,129,129,128,117,117,101,189,128]
+ [ENTROPIES...: 6.3,6.6,6.9,6.4,7.9,7.8,7.8,7.8,6.3,6.5,6.5,6.5,7.8,7.7,7.2,7.5,6.5,6.4,6.8,6.4,7.4,6.6,6.6,6.5,6.4,6.5,6.5,6.3,6.3,6.2,6.9,6.4]
+ guessed: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198] [NordVPN][NordVPN][VPN][Acceptable]
+ RISK: Susp Entropy
+ new: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995]
+ analyse: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.562| 0.072| 0.121| 14556.123| 3.700]
+ [PKTLEN......: 40.000| 1500.000| 350.900| 470.200| 221099.300| 4.000]
+ [BINS(c->s)..: 4,0,1,6,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
+ [BINS(s->c)..: 7,0,1,2,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,0,1]
+ [IATS(ms)....: 37.9,38.1,1.8,34.4,0.1,32.8,37.6,0.0,0.0,0.0,37.4,1.0,32.1,31.1,32.4,32.4,76.0,75.9,32.6,0.1,34.6,35.0,33.6,34.1,82.8,428.0,562.3,84.9,33.6,185.1,183.7]
+ [PKTLENS.....: 52,52,40,128,46,140,423,136,1500,1500,1500,40,140,116,252,863,152,46,728,46,298,160,383,164,405,40,1457,46,142,46,143,46]
+ [ENTROPIES...: 4.6,4.9,4.8,6.5,4.5,6.6,7.0,6.6,7.9,7.9,7.9,4.9,6.5,6.3,7.0,7.7,6.6,4.9,7.7,4.9,7.2,6.5,7.4,6.5,7.5,4.9,7.8,5.0,6.6,4.8,6.6,4.9]
+ guessed: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995] [POPS][NordVPN][Email][Safe]
+ RISK: Fully Encrypted Flow
+ new: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443]
+ detected: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] [TLS.NordVPN][NordVPN][VPN][Acceptable][it315.nordvpn.com]
+ RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
+ detection-update: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] [TLS.NordVPN][NordVPN][VPN][Acceptable][it315.nordvpn.com]
+ RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
+ idle: [.....1] [ip4][..udp] [..192.168.1.204][53465] -> [.138.199.54.231][51820] [WireGuard.NordVPN][NordVPN][VPN][Acceptable]
+ idle: [.....2] [ip4][..udp] [..192.168.1.204][63670] -> [.192.145.125.35][.1198] [NordVPN][NordVPN][VPN][Acceptable]
+ RISK: Susp Entropy
+ idle: [.....4] [ip4][..tcp] [..192.168.1.204][49788] -> [...45.80.28.142][.8443] [TLS.NordVPN][NordVPN][VPN][Acceptable]
+ RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
+ idle: [.....3] [ip4][..tcp] [..192.168.1.204][49766] -> [.212.129.45.224][..995] [POPS][NordVPN][Email][Safe]
+ RISK: Fully Encrypted Flow
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/ocs.pcap.out b/test/results/flow-info/default/ocs.pcap.out
index da7a0730c..04ccfba59 100644
--- a/test/results/flow-info/default/ocs.pcap.out
+++ b/test/results/flow-info/default/ocs.pcap.out
@@ -3,9 +3,9 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..192.168.180.2][47699] -> [.64.233.184.188][.5228]
new: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53]
- detected: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] [DNS.OCS][Google][Network][Fun][ocu03.labgency.ws]
+ detected: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][ocu03.labgency.ws]
new: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53]
- detected: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] [DNS.Crashlytics][Google][Network][Acceptable][settings.crashlytics.com]
+ detected: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][settings.crashlytics.com]
new: [.....4] [ip4][..udp] [..192.168.180.2][.1291] -> [........8.8.8.8][...53]
detected: [.....4] [ip4][..udp] [..192.168.180.2][.1291] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][api.eu01.capptain.com]
new: [.....5] [ip4][..tcp] [..192.168.180.2][48250] -> [.178.248.208.54][...80]
@@ -19,7 +19,7 @@
detected: [.....8] [ip4][..tcp] [..192.168.180.2][44959] -> [137.135.129.206][...80] [HTTP][Azure][Web][Acceptable][api.eu01.capptain.com]
RISK: HTTP Susp User-Agent, Unidirectional Traffic
new: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53]
- detected: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] [DNS.PlayStore][Google][Network][Safe][android.clients.google.com]
+ detected: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][android.clients.google.com]
new: [....10] [ip4][..tcp] [..192.168.180.2][41223] -> [..216.58.208.46][..443]
detected: [....10] [ip4][..tcp] [..192.168.180.2][41223] -> [..216.58.208.46][..443] [TLS][Google][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older), Unidirectional Traffic
@@ -30,7 +30,7 @@
new: [....12] [ip4][..tcp] [..192.168.180.2][46166] -> [.137.135.131.52][.5122]
new: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80]
new: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53]
- detected: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] [DNS.OCS][Google][Network][Fun][ocs.labgency.ws]
+ detected: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][ocs.labgency.ws]
detected: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] [HTTP.OCS][OCS][Media][Fun][ocu03.labgency.ws]
RISK: Unidirectional Traffic
new: [....15] [ip4][..tcp] [..192.168.180.2][36680] -> [.178.248.208.54][..443]
@@ -50,18 +50,18 @@
detected: [....16] [ip4][..tcp] [..192.168.180.2][32946] -> [.64.233.184.188][..443] [TLS.GoogleServices][Google][Web][Acceptable][mtalk.google.com]
RISK: TLS (probably) Not Carrying HTTPS, Unidirectional Traffic
new: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53]
- detected: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] [DNS.GoogleServices][Google][Network][Acceptable][play.googleapis.com]
+ detected: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][play.googleapis.com]
new: [....18] [ip4][..tcp] [..192.168.180.2][47803] -> [..64.233.166.95][..443]
detected: [....18] [ip4][..tcp] [..192.168.180.2][47803] -> [..64.233.166.95][..443] [TLS][Google][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older), Unidirectional Traffic
update: [.....4] [ip4][..udp] [..192.168.180.2][.1291] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
- update: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] [DNS.OCS][Google][Network][Fun]
+ update: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
update: [....11] [ip4][..udp] [..192.168.180.2][.3621] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
- update: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] [DNS.OCS][Google][Network][Fun]
- update: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] [DNS.Crashlytics][Google][Network][Acceptable]
- update: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] [DNS.PlayStore][Google][Network][Safe]
+ update: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
+ update: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
+ update: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
new: [....19] [ip4][..udp] [..192.168.180.2][24245] -> [........8.8.8.8][...53]
- detected: [....19] [ip4][..udp] [..192.168.180.2][24245] -> [........8.8.8.8][...53] [DNS.OCS][Google][Network][Fun][www.ocs.fr]
+ detected: [....19] [ip4][..udp] [..192.168.180.2][24245] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.ocs.fr]
new: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80]
detected: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][OCS][Media][Fun][www.ocs.fr]
RISK: HTTP Susp User-Agent, Unidirectional Traffic
@@ -75,30 +75,30 @@
[IATS(ms)....: 71.4,1.5,54.8,1.1,3.6,59.9,0.6,0.1,5.3,64.8,1.7,1.5,79.5,5.5,58.4,1.8,64.6,2.0,67.5,26.5,42.9,26.0,65.4,1.0,48.6,1.3,2.0,1.3,75.5,1.4,4.8]
[PKTLENS.....: 60,52,204,52,52,52,52,52,64,64,64,64,72,64,64,72,72,72,64,64,64,52,52,52,52,52,52,52,52,52,64,72]
[ENTROPIES...: 4.6,5.0,5.9,5.2,5.1,5.2,5.2,5.2,5.2,5.2,5.2,5.2,5.3,5.2,5.3,5.3,5.4,5.3,5.3,5.3,5.3,5.2,5.2,5.2,5.1,5.2,5.2,5.1,5.2,5.2,5.3,5.3]
- update: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] [DNS.GoogleServices][Google][Network][Acceptable]
+ update: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
end: [.....7] [ip4][..tcp] [..192.168.180.2][53356] -> [137.135.129.206][...80] [HTTP][Azure][Web][Acceptable]
RISK: HTTP Susp User-Agent, Unidirectional Traffic
end: [....10] [ip4][..tcp] [..192.168.180.2][41223] -> [..216.58.208.46][..443] [TLS][Google][Web][Safe]
RISK: Obsolete TLS (v1.1 or older), Unidirectional Traffic
- idle: [....19] [ip4][..udp] [..192.168.180.2][24245] -> [........8.8.8.8][...53] [DNS.OCS][Google][Network][Fun]
+ idle: [....19] [ip4][..udp] [..192.168.180.2][24245] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
idle: [....16] [ip4][..tcp] [..192.168.180.2][32946] -> [.64.233.184.188][..443] [TLS.GoogleServices][Google][Web][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS, Unidirectional Traffic
idle: [....15] [ip4][..tcp] [..192.168.180.2][36680] -> [.178.248.208.54][..443] [TLS.OCS][OCS][Media][Fun]
RISK: Obsolete TLS (v1.1 or older), Unidirectional Traffic
idle: [.....4] [ip4][..udp] [..192.168.180.2][.1291] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
- idle: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] [DNS.OCS][Google][Network][Fun]
+ idle: [....14] [ip4][..udp] [..192.168.180.2][.2589] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
idle: [....11] [ip4][..udp] [..192.168.180.2][.3621] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
- idle: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] [DNS.OCS][Google][Network][Fun]
+ idle: [.....2] [ip4][..udp] [..192.168.180.2][38472] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
idle: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][OCS][Media][Fun][www.ocs.fr]
RISK: HTTP Susp User-Agent, Unidirectional Traffic
- idle: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] [DNS.Crashlytics][Google][Network][Acceptable]
+ idle: [.....3] [ip4][..udp] [..192.168.180.2][40097] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
idle: [....18] [ip4][..tcp] [..192.168.180.2][47803] -> [..64.233.166.95][..443] [TLS][Google][Web][Safe]
RISK: Obsolete TLS (v1.1 or older), Unidirectional Traffic
end: [.....6] [ip4][..tcp] [..192.168.180.2][39263] -> [..23.21.230.199][..443] [TLS.Crashlytics][AmazonAWS][DataTransfer][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Unidirectional Traffic
idle: [.....5] [ip4][..tcp] [..192.168.180.2][48250] -> [.178.248.208.54][...80] [HTTP.OCS][OCS][Media][Fun]
RISK: Unidirectional Traffic
- idle: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] [DNS.GoogleServices][Google][Network][Acceptable]
+ idle: [....17] [ip4][..udp] [..192.168.180.2][11793] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
end: [.....8] [ip4][..tcp] [..192.168.180.2][44959] -> [137.135.129.206][...80] [HTTP][Azure][Web][Acceptable]
RISK: HTTP Susp User-Agent, Unidirectional Traffic
guessed: [.....1] [ip4][..tcp] [..192.168.180.2][47699] -> [.64.233.184.188][.5228] [Google][Google][Web][Acceptable]
@@ -106,7 +106,7 @@
idle: [.....1] [ip4][..tcp] [..192.168.180.2][47699] -> [.64.233.184.188][.5228]
end: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] [HTTP.OCS][OCS][Media][Fun][ocu03.labgency.ws]
RISK: Unidirectional Traffic
- idle: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] [DNS.PlayStore][Google][Network][Safe]
+ idle: [.....9] [ip4][..udp] [..192.168.180.2][48770] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
guessed: [....12] [ip4][..tcp] [..192.168.180.2][46166] -> [.137.135.131.52][.5122] [Azure][Azure][Cloud][Acceptable]
RISK: Unidirectional Traffic
idle: [....12] [ip4][..tcp] [..192.168.180.2][46166] -> [.137.135.131.52][.5122]
diff --git a/test/results/flow-info/default/punycode-idn.pcap.out b/test/results/flow-info/default/punycode-idn.pcap.out
index f184f0428..68d674fd0 100644
--- a/test/results/flow-info/default/punycode-idn.pcap.out
+++ b/test/results/flow-info/default/punycode-idn.pcap.out
@@ -2,8 +2,8 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53]
- detected: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS.Spotify][Unknown][Network][Fun][i.scdn.co]
- detection-update: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS.Spotify][Unknown][Network][Fun][i.scdn.co]
+ detected: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][i.scdn.co]
+ detection-update: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][i.scdn.co]
new: [.....2] [ip4][..udp] [..192.168.2.140][60156] -> [....192.168.2.1][...53]
detected: [.....2] [ip4][..udp] [..192.168.2.140][60156] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.xn--mnich-kva.com]
RISK: IDN Domain Name
@@ -14,7 +14,7 @@
RISK: IDN Domain Name
detection-update: [.....3] [ip4][..tcp] [..192.168.2.140][56011] -> [...170.33.9.230][...80] [HTTP][Alibaba][Web][Acceptable][www.love.xn--55qx5d]
RISK: IDN Domain Name, Error Code
- idle: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS.Spotify][Unknown][Network][Fun][i.scdn.co]
+ idle: [.....1] [ip4][..udp] [..192.168.2.140][45520] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][i.scdn.co]
end: [.....3] [ip4][..tcp] [..192.168.2.140][56011] -> [...170.33.9.230][...80] [HTTP][Alibaba][Web][Acceptable][www.love.xn--55qx5d]
RISK: IDN Domain Name, Error Code
idle: [.....2] [ip4][..udp] [..192.168.2.140][60156] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable]
diff --git a/test/results/flow-info/default/quic-27.pcap.out b/test/results/flow-info/default/quic-27.pcap.out
index bdd077e14..8da505ca0 100644
--- a/test/results/flow-info/default/quic-27.pcap.out
+++ b/test/results/flow-info/default/quic-27.pcap.out
@@ -2,6 +2,6 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip6][..udp] [...3ef4:2194:f4a6:3503:40cd:714:57:c4e4][64229] -> [..............2f3d:64d1:9d59:549b::200e][..443]
- detected: [.....1] [ip6][..udp] [...3ef4:2194:f4a6:3503:40cd:714:57:c4e4][64229] -> [..............2f3d:64d1:9d59:549b::200e][..443] [QUIC.Google][Unknown][Web][Acceptable][play.google.com]
- idle: [.....1] [ip6][..udp] [...3ef4:2194:f4a6:3503:40cd:714:57:c4e4][64229] -> [..............2f3d:64d1:9d59:549b::200e][..443] [QUIC.Google][Unknown][Web][Acceptable][play.google.com]
+ detected: [.....1] [ip6][..udp] [...3ef4:2194:f4a6:3503:40cd:714:57:c4e4][64229] -> [..............2f3d:64d1:9d59:549b::200e][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][play.google.com]
+ idle: [.....1] [ip6][..udp] [...3ef4:2194:f4a6:3503:40cd:714:57:c4e4][64229] -> [..............2f3d:64d1:9d59:549b::200e][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][play.google.com]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/quic_q46.pcap.out b/test/results/flow-info/default/quic_q46.pcap.out
index feca8b304..21e382f64 100644
--- a/test/results/flow-info/default/quic_q46.pcap.out
+++ b/test/results/flow-info/default/quic_q46.pcap.out
@@ -2,6 +2,6 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [..172.29.42.236][38292] -> [.153.20.183.203][..443]
- detected: [.....1] [ip4][..udp] [..172.29.42.236][38292] -> [.153.20.183.203][..443] [QUIC.Google][Unknown][Web][Acceptable][play.google.com]
- idle: [.....1] [ip4][..udp] [..172.29.42.236][38292] -> [.153.20.183.203][..443] [QUIC.Google][Unknown][Web][Acceptable][play.google.com]
+ detected: [.....1] [ip4][..udp] [..172.29.42.236][38292] -> [.153.20.183.203][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][play.google.com]
+ idle: [.....1] [ip4][..udp] [..172.29.42.236][38292] -> [.153.20.183.203][..443] [QUIC.PlayStore][Unknown][SoftwareUpdate][Safe][play.google.com]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/signal.pcap.out b/test/results/flow-info/default/signal.pcap.out
index 0507bca2e..f727f088a 100644
--- a/test/results/flow-info/default/signal.pcap.out
+++ b/test/results/flow-info/default/signal.pcap.out
@@ -47,11 +47,11 @@
new: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443]
new: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443]
new: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53]
- detected: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Unknown][Network][Fun][textsecure-service.whispersystems.org]
+ detected: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][textsecure-service.whispersystems.org]
new: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443]
new: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443]
new: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443]
- detection-update: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Unknown][Network][Fun][textsecure-service.whispersystems.org]
+ detection-update: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][textsecure-service.whispersystems.org]
new: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1]
detected: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Unknown][Network][Acceptable]
detected: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][itunes.apple.com]
@@ -121,7 +121,7 @@
RISK: TLS (probably) Not Carrying HTTPS
end: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [TLS][Unknown][Web][Safe]
idle: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][AmazonAWS][Chat][Fun][cdn.signal.org]
- idle: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Unknown][Network][Fun][textsecure-service.whispersystems.org]
+ idle: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][textsecure-service.whispersystems.org]
idle: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Fun]
idle: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Fun]
idle: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][AmazonAWS][Chat][Fun]
diff --git a/test/results/flow-info/default/sites.pcapng.out b/test/results/flow-info/default/sites.pcapng.out
index 6e610a02b..6b02ae237 100644
--- a/test/results/flow-info/default/sites.pcapng.out
+++ b/test/results/flow-info/default/sites.pcapng.out
@@ -179,8 +179,8 @@
idle: [....16] [ip4][..tcp] [..192.168.1.128][48140] -> [.....23.1.66.79][..443] [TLS.CNN][Unknown][Web][Safe]
idle: [....32] [ip4][..tcp] [..192.168.1.128][48902] -> [....2.17.140.63][..443] [TLS.Xbox][Unknown][Game][Fun]
new: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443]
- detected: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.office.com]
- detection-update: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.office.com]
+ detected: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Microsoft365][Teams][Collaborative][Acceptable][teams.office.com]
+ detection-update: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Microsoft365][Teams][Collaborative][Acceptable][teams.office.com]
new: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443]
detected: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun][www.primevideo.com]
detection-update: [....36] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun][www.primevideo.com]
@@ -188,10 +188,10 @@
detected: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable][drive.google.com]
detection-update: [....37] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable][drive.google.com]
new: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443]
- detected: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Teams][Azure][Collaborative][Safe][onedrive.com]
- detection-update: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Microsoft][Azure][Cloud][Safe][onedrive.com]
+ detected: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS][Azure][Web][Safe][onedrive.com]
+ detection-update: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable][onedrive.com]
new: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443]
- detected: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable][onedrive.live.com]
+ detected: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS][Azure][Web][Safe][onedrive.live.com]
detection-update: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable][onedrive.live.com]
new: [....40] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443]
detected: [....40] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Tencent][Video][Fun][www.iflix.com]
@@ -218,8 +218,8 @@
idle: [....42] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS][Google][Web][Safe]
idle: [....39] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable]
idle: [....41] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Google][Web][Acceptable][hangouts.google.com]
- idle: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Microsoft][Azure][Cloud][Safe]
- idle: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe]
+ idle: [....38] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable]
+ idle: [....35] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Microsoft365][Teams][Collaborative][Acceptable]
idle: [....34] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AmazonAWS][VirtAssistant][Acceptable]
DAEMON-EVENT: [Processed: 496 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 44|skipped: 0|!detected: 0|guessed: 4|detection-updates: 43|updates: 1]
@@ -325,6 +325,22 @@
new: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443]
detected: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443] [TLS.SurfShark][Unknown][VPN][Acceptable][it-mil-v086.prod.surfshark.com]
detection-update: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443] [TLS.SurfShark][Unknown][VPN][Acceptable][it-mil-v086.prod.surfshark.com]
- idle: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443] [TLS.SurfShark][Unknown][VPN][Acceptable]
idle: [....63] [ip4][..tcp] [..192.168.1.245][58624] -> [.104.16.156.111][..443] [TLS.NordVPN][Cloudflare][VPN][Acceptable]
+ DAEMON-EVENT: [Processed: 699 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 1 / 64|skipped: 0|!detected: 0|guessed: 4|detection-updates: 62|updates: 1]
+ new: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443]
+ detected: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443] [TLS.RUTUBE][Unknown][Media][Fun][rutube.ru]
+ detection-update: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443] [TLS.RUTUBE][Unknown][Media][Fun][rutube.ru]
+ analyse: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443] [TLS.RUTUBE][Unknown][Media][Fun]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.039| 0.005| 0.010| 96.590| 2.800]
+ [PKTLEN......: 40.000| 2031.000| 980.300| 674.000| 454340.000| 4.500]
+ [BINS(c->s)..: 5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
+ [BINS(s->c)..: 3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,17,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1]
+ [IATS(ms)....: 5.3,5.3,0.2,9.2,0.0,0.0,0.0,0.0,9.0,1.8,0.2,11.1,0.0,0.0,9.0,39.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,39.1,12.9,0.0,0.0,0.0,0.0]
+ [PKTLENS.....: 52,48,40,557,46,1500,1500,1216,941,40,120,2031,46,327,327,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,40,1500,1500,1500,1500,1500]
+ [ENTROPIES...: 4.5,5.0,4.7,6.6,4.7,7.8,7.9,7.9,7.7,4.7,6.2,7.9,4.7,7.3,7.3,4.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,4.7,7.9,7.9,7.9,7.9,7.9]
+ idle: [....64] [ip4][..tcp] [..192.168.1.183][44102] -> [..146.70.182.51][..443] [TLS.SurfShark][Unknown][VPN][Acceptable]
+ end: [....65] [ip4][..tcp] [..192.168.88.98][65086] -> [.109.238.90.239][..443] [TLS.RUTUBE][Unknown][Media][Fun][rutube.ru]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/soap.pcap.out b/test/results/flow-info/default/soap.pcap.out
index ab8e23a23..bfef43f48 100644
--- a/test/results/flow-info/default/soap.pcap.out
+++ b/test/results/flow-info/default/soap.pcap.out
@@ -4,7 +4,7 @@
new: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80]
detected: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Unknown][RPC][Acceptable]
new: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [MIDSTREAM]
- detected: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Cloud][Acceptable][go.microsoft.com]
+ detected: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Collaborative][Acceptable][go.microsoft.com]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
@@ -12,6 +12,6 @@
detected: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable]
idle: [.....3][.808] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable]
end: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [SOAP][Unknown][RPC][Acceptable]
- idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Cloud][Acceptable]
+ idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Collaborative][Acceptable]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/ssdp-m-search-ua.pcap.out b/test/results/flow-info/default/ssdp-m-search-ua.pcap.out
index 0160ea517..fa77d6a1c 100644
--- a/test/results/flow-info/default/ssdp-m-search-ua.pcap.out
+++ b/test/results/flow-info/default/ssdp-m-search-ua.pcap.out
@@ -2,6 +2,6 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [.192.168.242.50][56446] -> [239.255.255.250][.1900]
- detected: [.....1] [ip4][..udp] [.192.168.242.50][56446] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- idle: [.....1] [ip4][..udp] [.192.168.242.50][56446] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....1] [ip4][..udp] [.192.168.242.50][56446] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ idle: [.....1] [ip4][..udp] [.192.168.242.50][56446] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/ssdp.pcapng.out b/test/results/flow-info/default/ssdp.pcapng.out
new file mode 100644
index 000000000..fd8c6ca9b
--- /dev/null
+++ b/test/results/flow-info/default/ssdp.pcapng.out
@@ -0,0 +1,7 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..udp] [..192.168.1.173][58006] -> [239.255.255.250][.1900]
+ detected: [.....1] [ip4][..udp] [..192.168.1.173][58006] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ idle: [.....1] [ip4][..udp] [..192.168.1.173][58006] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/starcraft_battle.pcap.out b/test/results/flow-info/default/starcraft_battle.pcap.out
index bfb41836b..806e8ab94 100644
--- a/test/results/flow-info/default/starcraft_battle.pcap.out
+++ b/test/results/flow-info/default/starcraft_battle.pcap.out
@@ -33,7 +33,7 @@
new: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228] [MIDSTREAM]
ERROR-EVENT: Unknown packet type [1/16]
new: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900]
- detected: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80]
detected: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com]
new: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53]
@@ -217,7 +217,7 @@
guessed: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] [QUIC][Google][Web][Acceptable]
RISK: Susp Entropy
idle: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568]
- idle: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [.....1] [ip4][..tcp] [..192.30.252.91][..443] -> [..192.168.1.100][.3213] [TLS][Github][Web][Safe]
guessed: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443] [TLS][Unknown][Web][Safe]
end: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443]
diff --git a/test/results/flow-info/default/syslog.pcap.out b/test/results/flow-info/default/syslog.pcap.out
index 607ae7edf..ab29c8309 100644
--- a/test/results/flow-info/default/syslog.pcap.out
+++ b/test/results/flow-info/default/syslog.pcap.out
@@ -31,10 +31,10 @@
new: [.....7] [ip4][..udp] [..172.21.251.36][62679] -> [..172.19.196.11][..514]
detected: [.....7] [ip4][..udp] [..172.21.251.36][62679] -> [..172.19.196.11][..514] [Syslog][Unknown][System][Acceptable]
not-detected: [.....6] [ip4][...41] [...216.66.80.30] -> [..193.24.227.12] [Unknown][Unknown][Unrated]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [.....6] [ip4][...41] [...216.66.80.30] -> [..193.24.227.12]
not-detected: [.....5] [ip4][...41] [..193.24.227.10] -> [..216.66.86.114] [Unknown][Unknown][Unrated]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [.....5] [ip4][...41] [..193.24.227.10] -> [..216.66.86.114]
new: [.....8] [ip4][..udp] [.192.168.72.140][62679] -> [192.168.178.148][..514]
detected: [.....8] [ip4][..udp] [.192.168.72.140][62679] -> [192.168.178.148][..514] [Syslog][Unknown][System][Acceptable]
diff --git a/test/results/flow-info/default/teams.pcap.out b/test/results/flow-info/default/teams.pcap.out
index 8ae0bdbae..45e6ad626 100644
--- a/test/results/flow-info/default/teams.pcap.out
+++ b/test/results/flow-info/default/teams.pcap.out
@@ -17,7 +17,7 @@
new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443]
detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
- detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
@@ -29,12 +29,12 @@
[IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5]
[PKTLENS.....: 64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]
[ENTROPIES...: 4.4,4.9,4.5,5.4,4.6,7.4,7.4,4.7,7.5,4.6,7.6,7.1,4.6,6.6,4.6,7.2,4.7,6.0,4.6,6.2,5.1,7.0,5.4,4.6,4.7,4.6,7.6,4.7,7.8,7.8,7.7,4.7]
- detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type [7/16]
new: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443]
detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
- analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.221| 0.032| 0.054| 2931.592| 3.400]
[PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400]
@@ -45,12 +45,12 @@
[PKTLENS.....: 64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]
[ENTROPIES...: 4.4,5.2,4.9,5.6,7.3,7.3,4.9,7.7,4.9,5.9,5.5,4.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9]
new: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443]
- detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443]
detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
- analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900]
[PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200]
@@ -63,22 +63,22 @@
ERROR-EVENT: Unknown packet type [8/16]
ERROR-EVENT: Unknown packet type [9/16]
new: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443]
- detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type [10/16]
new: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53]
- detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
new: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500]
detected: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500]
detected: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
ERROR-EVENT: Unknown packet type [11/16]
ERROR-EVENT: Unknown packet type [12/16]
- detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Unidirectional Traffic
- detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Error Code
new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][]
@@ -86,17 +86,17 @@
detected: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
ERROR-EVENT: Unknown packet type [13/16]
new: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53]
- detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
- detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
+ detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com.edgekey.net]
+ detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com.edgekey.net]
ERROR-EVENT: Unknown packet type [14/16]
ERROR-EVENT: Unknown packet type [15/16]
new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53]
- detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com]
+ detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-api.asm.skype.com]
new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53]
- detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
- detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-prod.asyncgw.teams.microsoft.com]
+ detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-prod.asyncgw.teams.microsoft.com]
new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443]
- detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com]
+ detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-api.asm.skype.com]
new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443]
detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com]
@@ -105,31 +105,31 @@
detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com]
new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53]
- detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+ detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][config.teams.microsoft.com]
detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com]
- detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+ detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][config.teams.microsoft.com]
new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443]
detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com]
detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com]
new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53]
- detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+ detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][northeuropecns.trafficmanager.net]
new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443]
- detection-update: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+ detection-update: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][northeuropecns.trafficmanager.net]
new: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443]
- detected: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
detected: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com]
- detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type [16/16]
new: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53]
- detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
- detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
+ detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][presence.services.sfb.trafficmanager.net]
+ detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][presence.services.sfb.trafficmanager.net]
new: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443]
new: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [MIDSTREAM]
detected: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe]
detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
- analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.153| 0.028| 0.040| 1626.047| 3.600]
[PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300]
@@ -155,14 +155,14 @@
[PKTLENS.....: 64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]
[ENTROPIES...: 4.4,5.0,4.6,5.4,7.1,7.4,4.7,4.7,4.5,7.6,7.6,4.7,7.5,4.7,6.6,6.1,7.6,5.4,4.6,6.0,4.5,5.2,5.4,4.7,7.5,4.7,4.5,7.9,6.6,6.7,4.5,5.4]
new: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53]
- detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
- detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
+ detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][chatsvcagg.svcs.teams.office.com]
+ detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][chatsvcagg.svcs.teams.office.com]
new: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443]
detected: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe][chatsvcagg.teams.microsoft.com]
new: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443]
- detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
@@ -175,8 +175,8 @@
[PKTLENS.....: 64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]
[ENTROPIES...: 4.3,5.1,4.7,5.5,7.4,7.3,4.8,4.8,7.5,4.7,7.6,7.4,4.8,6.3,6.2,7.5,5.6,4.9,6.0,4.9,5.4,5.5,4.8,7.4,4.9,5.1,7.8,7.0,5.0,6.8,4.7,7.8]
new: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53]
- detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
- detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
+ detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][substrate.office.com]
+ detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][substrate.office.com]
new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443]
detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
@@ -201,22 +201,22 @@
[PKTLENS.....: 64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]
[ENTROPIES...: 4.4,4.9,4.5,5.4,4.5,6.7,7.5,4.6,7.6,5.7,4.7,6.5,6.2,7.6,6.5,4.5,7.2,5.8,4.6,4.6,5.3,4.5,5.4,4.6,4.5,7.7,4.7,7.3,4.7,7.8,7.7,7.0]
new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53]
- detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+ detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euaz.tr.teams.microsoft.com]
new: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53]
- detected: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ detected: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
new: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53]
- detected: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ detected: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
new: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53]
- detected: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
- detection-update: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
- detection-update: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ detected: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.flightproxy.teams.microsoft.com]
+ detection-update: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
+ detection-update: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
new: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443]
- detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
- detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+ detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.flightproxy.teams.microsoft.com]
+ detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euaz.tr.teams.microsoft.com]
RISK: Minor Issues
new: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53]
- detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
- detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
+ detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][outlook.office.com]
+ detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][outlook.office.com]
new: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443]
new: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443]
new: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53]
@@ -230,14 +230,14 @@
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
- detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -257,9 +257,9 @@
detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443]
- detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.053| 0.020| 0.022| 492.470| 3.900]
[PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100]
@@ -275,14 +275,14 @@
detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
new: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443]
- detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53]
detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443]
detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com]
- detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
@@ -298,7 +298,7 @@
detected: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443]
- analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.162| 0.032| 0.044| 1964.919| 3.600]
[PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200]
@@ -310,13 +310,13 @@
[ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2]
detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe][euno-1.api.microsoftstream.com]
new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53]
- detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
- detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
+ detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][dc.applicationinsights.microsoft.com]
+ detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][dc.applicationinsights.microsoft.com]
new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443]
detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net]
new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53]
- detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
- detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
+ detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][emea.ng.msg.teams-msgapi.trafficmanager.net]
+ detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][emea.ng.msg.teams-msgapi.trafficmanager.net]
new: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443]
detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
@@ -350,8 +350,8 @@
detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443]
new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53]
- detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
- detection-update: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+ detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+ detection-update: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478]
@@ -381,8 +381,8 @@
RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
new: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443]
new: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53]
- detected: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
- detection-update: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
+ detected: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][c-flightproxy-euno-01-teams.cloudapp.net]
+ detection-update: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][c-flightproxy-euno-01-teams.cloudapp.net]
detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005]
@@ -446,32 +446,32 @@
RISK: TLS (probably) Not Carrying HTTPS
idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe]
RISK: TLS (probably) Not Carrying HTTPS
- end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- end: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com]
idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe]
- end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com]
idle: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
idle: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe][chatsvcagg.teams.microsoft.com]
- end: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe]
RISK: TLS (probably) Not Carrying HTTPS
- end: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
- idle: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ idle: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
- end: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- end: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com]
@@ -482,42 +482,42 @@
RISK: Known Proto on Non Std Port
not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750]
- idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+ idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][config.teams.microsoft.com]
idle: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
idle: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe]
end: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable]
- idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
- idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com]
+ idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.flightproxy.teams.microsoft.com]
+ idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-api.asm.skype.com]
idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
- idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
idle: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e]
guessed: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
RISK: Unidirectional Traffic
end: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443]
- idle: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
- idle: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
+ idle: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+ idle: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com.edgekey.net]
idle: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
- idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
- idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
- idle: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
- idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
+ idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][chatsvcagg.svcs.teams.office.com]
+ idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][presence.services.sfb.trafficmanager.net]
+ idle: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][outlook.office.com]
+ idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][substrate.office.com]
idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
- idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
+ idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][c-flightproxy-euno-01-teams.cloudapp.net]
idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com]
idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe]
- idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+ idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euaz.tr.teams.microsoft.com]
RISK: Minor Issues
idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
- idle: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
- idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
- idle: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
- idle: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ idle: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][emea.ng.msg.teams-msgapi.trafficmanager.net]
+ idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-prod.asyncgw.teams.microsoft.com]
+ idle: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][dc.applicationinsights.microsoft.com]
+ idle: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Error Code
- idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
- idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+ idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
+ idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][northeuropecns.trafficmanager.net]
end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
diff --git a/test/results/flow-info/default/telegram.pcap.out b/test/results/flow-info/default/telegram.pcap.out
index 58d39308c..cdc4c80e0 100644
--- a/test/results/flow-info/default/telegram.pcap.out
+++ b/test/results/flow-info/default/telegram.pcap.out
@@ -4,7 +4,7 @@
new: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67]
detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e]
new: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900]
- detected: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353]
detected: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_spotify-connect._tcp.local]
new: [.....4] [ip4][..udp] [...192.168.1.69][.5353] -> [....224.0.0.251][.5353]
@@ -50,12 +50,12 @@
detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_sleep-proxy._udp.local]
detection-update: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_sleep-proxy._udp.local]
new: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53]
- detected: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][in.appcenter.ms]
- detection-update: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][in.appcenter.ms]
+ detected: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][in.appcenter.ms]
+ detection-update: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][in.appcenter.ms]
new: [....14] [ip4][..udp] [...192.168.1.53][57621] -> [..192.168.1.255][57621]
detected: [....14] [ip4][..udp] [...192.168.1.53][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
new: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900]
- detected: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53]
detected: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][e4518.dscx.akamaiedge.net]
detection-update: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][e4518.dscx.akamaiedge.net]
@@ -88,8 +88,8 @@
[PKTLENS.....: 68,92,124,68,92,124,124,60,124,76,68,92,220,124,220,124,220,204,124,124,204,220,204,68,92,204,204,188,204,204,124,220]
[ENTROPIES...: 4.9,5.1,6.5,4.9,5.1,6.6,6.5,4.6,6.6,5.1,4.9,5.1,7.1,6.4,7.0,6.5,7.0,7.0,6.5,6.4,7.0,7.1,7.0,4.9,5.1,6.9,6.8,6.9,7.0,7.0,6.4,7.0]
new: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53]
- detected: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][www.googletagservices.com]
- detection-update: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][www.googletagservices.com]
+ detected: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www.googletagservices.com]
+ detection-update: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www.googletagservices.com]
RISK: Minor Issues
analyse: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480]
min| max| avg| stddev| variance| entropy
@@ -110,14 +110,14 @@
new: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137]
detected: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workgroup]
new: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53]
- detected: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][dati.ntop.org]
- detection-update: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][dati.ntop.org]
+ detected: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][dati.ntop.org]
+ detection-update: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][dati.ntop.org]
new: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53]
detected: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][pixel.wp.com]
detection-update: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][pixel.wp.com]
RISK: Minor Issues
new: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53]
- detected: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ detected: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local]
new: [....34] [ip4][..udp] [...192.168.1.77][61974] -> [..216.58.205.68][..443]
detected: [....34] [ip4][..udp] [...192.168.1.77][61974] -> [..216.58.205.68][..443] [QUIC.Google][Google][Web][Acceptable][www.google.com]
@@ -137,12 +137,12 @@
detected: [....41] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.5][..537] [Telegram][Telegram][Chat][Acceptable]
new: [....42] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.3][..537]
detected: [....42] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.3][..537] [Telegram][Telegram][Chat][Acceptable]
- detection-update: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ detection-update: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Unidirectional Traffic
- detection-update: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ detection-update: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Error Code
new: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900]
- detected: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
analyse: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] [Telegram][Telegram][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.008| 0.505| 0.099| 0.138| 18965.475| 4.000]
@@ -165,8 +165,8 @@
[PKTLENS.....: 68,92,68,124,92,124,60,68,124,92,124,76,124,204,204,188,204,204,204,68,124,204,92,124,204,124,204,204,188,204,188,204]
[ENTROPIES...: 5.0,5.1,4.9,6.5,5.0,6.5,4.6,4.9,6.5,5.1,6.3,5.1,6.5,6.9,7.0,6.9,7.0,6.9,7.0,4.9,6.5,7.0,5.0,6.3,6.9,6.4,6.9,6.9,6.9,7.0,6.9,7.0]
new: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900]
- detected: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- update: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ update: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
update: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e]
update: [.....9] [ip4][..udp] [...192.168.1.77][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
update: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][e7047.e12.akamaiedge.net]
@@ -177,42 +177,42 @@
update: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_dacp._tcp.local]
update: [.....7] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.75][.5353] [MDNS][Unknown][Network][Acceptable][_companion-link._tcp.local]
new: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900]
- detected: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53]
- detected: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Unknown][Network][Acceptable][telemetry.dropbox.com]
+ detected: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][telemetry.dropbox.com]
new: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53]
detected: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][e4518.dscx.akamaiedge.net]
detection-update: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][e4518.dscx.akamaiedge.net]
- detection-update: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Unknown][Network][Acceptable][telemetry.dropbox.com]
+ detection-update: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][telemetry.dropbox.com]
idle: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
- idle: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....38] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.1][..529] [Telegram][Telegram][Chat][Acceptable]
idle: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] [Telegram][Telegram][Chat][Acceptable]
idle: [....39] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.3][..530] [Telegram][Telegram][Chat][Acceptable]
idle: [....40] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.1][..533] [Telegram][Telegram][Chat][Acceptable]
idle: [....42] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.3][..537] [Telegram][Telegram][Chat][Acceptable]
idle: [....41] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.5][..537] [Telegram][Telegram][Chat][Acceptable]
- idle: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][www.googletagservices.com]
+ idle: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www.googletagservices.com]
RISK: Minor Issues
idle: [....18] [ip6][..udp] [...............fe80::4dc:edec:5b0c:a661][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
not-detected: [....44] [ip4][..udp] [...192.168.1.77][28150] -> [..87.11.205.195][59772] [Unknown][Unknown][Unrated]
RISK: Susp Entropy, Unidirectional Traffic
idle: [....44] [ip4][..udp] [...192.168.1.77][28150] -> [..87.11.205.195][59772]
- idle: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- idle: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ idle: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][e4518.dscx.akamaiedge.net]
idle: [....36] [ip4][..udp] [...192.168.1.77][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
idle: [....14] [ip4][..udp] [...192.168.1.53][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
- idle: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][dati.ntop.org]
- idle: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][in.appcenter.ms]
- idle: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ idle: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][dati.ntop.org]
+ idle: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][in.appcenter.ms]
+ idle: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Error Code
idle: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] [Unknown][Unknown][Unrated]
RISK: Susp Entropy
idle: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e]
idle: [....35] [ip4][..udp] [...192.168.1.77][50822] -> [..216.58.205.68][..443] [QUIC.Google][Google][Web][Acceptable][www.google.com]
idle: [.....9] [ip4][..udp] [...192.168.1.77][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
- idle: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Unknown][Network][Acceptable][telemetry.dropbox.com]
+ idle: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][telemetry.dropbox.com]
idle: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][e4518.dscx.akamaiedge.net]
idle: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][e7047.e12.akamaiedge.net]
idle: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
@@ -233,10 +233,10 @@
idle: [....22] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.12.1][..536] [Telegram][Telegram][Chat][Acceptable]
idle: [....24] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.16.4][..538] [Telegram][Telegram][Chat][Acceptable]
idle: [....23] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.8][..538] [Telegram][Telegram][Chat][Acceptable]
- idle: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] [MDNS][Unknown][Network][Acceptable][_companion-link._tcp.local]
idle: [.....7] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.75][.5353] [MDNS][Unknown][Network][Acceptable][_companion-link._tcp.local]
- idle: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
not-detected: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] [Unknown][Unknown][Unrated]
RISK: Susp Entropy, Unidirectional Traffic
idle: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723]
diff --git a/test/results/flow-info/default/telegram_voice.pcapng.out b/test/results/flow-info/default/telegram_voice.pcapng.out
index d5d9c9051..3a5d605f0 100644
--- a/test/results/flow-info/default/telegram_voice.pcapng.out
+++ b/test/results/flow-info/default/telegram_voice.pcapng.out
@@ -6,8 +6,8 @@
new: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353]
detected: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
new: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53]
- detected: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
- detection-update: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
+ detected: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
+ detection-update: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
new: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400]
detected: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN][Telegram][Network][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -71,5 +71,5 @@
RISK: Known Proto on Non Std Port
idle: [.....8] [ip4][..udp] [..192.168.12.67][46868] -> [....91.108.17.7][..597] [Telegram][Telegram][Chat][Acceptable]
idle: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
- idle: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
+ idle: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/tls-rdn-extract.pcap.out b/test/results/flow-info/default/tls-rdn-extract.pcap.out
index cd1bf5758..dd99dd352 100644
--- a/test/results/flow-info/default/tls-rdn-extract.pcap.out
+++ b/test/results/flow-info/default/tls-rdn-extract.pcap.out
@@ -6,8 +6,8 @@
RISK: Obsolete TLS (v1.1 or older)
detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS][Unknown][Web][Safe][ads1.msads.net]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
- detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS.Microsoft][Unknown][Web][Safe][ads1.msads.net]
+ detection-update: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS.Azure][Unknown][Cloud][Acceptable][ads1.msads.net]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher, TLS Cert Expired
- idle: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS.Microsoft][Unknown][Web][Safe]
+ idle: [.....1] [ip4][..tcp] [.......10.0.0.1][31337] -> [213.199.149.251][..443] [TLS.Azure][Unknown][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher, TLS Cert Expired
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/tls_certificate_too_long.pcap.out b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
index a99583fa9..36f2a6da9 100644
--- a/test/results/flow-info/default/tls_certificate_too_long.pcap.out
+++ b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
@@ -24,46 +24,46 @@
new: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251]
detected: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251] [IGMP][Unknown][Network][Acceptable]
new: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53]
- detected: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
+ detected: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wdcp.microsoft.com]
new: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53]
- detected: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
- detection-update: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
+ detected: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wdcp.microsoft.com]
+ detection-update: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wdcp.microsoft.com]
new: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53]
- detected: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
+ detected: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
new: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443]
- detection-update: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
+ detection-update: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wdcp.microsoft.com]
new: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443]
- detection-update: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
- detected: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
- detected: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
- detection-update: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
+ detection-update: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
+ detected: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detected: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detection-update: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53]
- detected: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
+ detected: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
new: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53]
- detected: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
- detection-update: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
+ detected: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
+ detection-update: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
new: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53]
detected: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
new: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53]
detected: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
- detection-update: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
+ detection-update: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
detection-update: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
new: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80]
- detection-update: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
- detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com]
+ detection-update: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
+ detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Web][Acceptable][www.microsoft.com]
detection-update: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
- detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
+ detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Download][Acceptable][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
new: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80]
- detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com]
- detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
+ detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Web][Acceptable][www.microsoft.com]
+ detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Download][Acceptable][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
new: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [MIDSTREAM]
new: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53]
- detected: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe][time-macos.apple.com]
- detection-update: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe][time-macos.apple.com]
+ detected: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][time-macos.apple.com]
+ detection-update: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][time-macos.apple.com]
new: [....22] [ip4][..udp] [..192.168.1.121][49216] -> [..17.253.54.251][..123]
detected: [....22] [ip4][..udp] [..192.168.1.121][49216] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
detected: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [TLS][Github][Web][Safe]
@@ -102,54 +102,54 @@
[ENTROPIES...: 7.9,7.8,7.9,4.9,7.9,7.8,6.6,7.1,7.5,5.7,5.6,4.7,5.4,4.7,4.9,7.9,7.8,7.6,4.9,7.6,7.8,7.5,4.6,6.6,7.0,7.2,6.2,5.6,5.8,5.5,4.7,5.0]
new: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443]
new: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443]
- detected: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
- detected: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
- detection-update: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
+ detected: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detected: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detection-update: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
- detection-update: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
+ detection-update: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123]
detected: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
new: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443]
new: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443]
- detected: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
- detected: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
- detection-update: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
+ detected: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detected: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detection-update: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
- detection-update: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
+ detection-update: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123]
detected: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
new: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443]
new: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443]
- detected: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
- detected: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
- detection-update: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
+ detected: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detected: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detection-update: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
- detection-update: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe][wdcp.microsoft.com]
+ detection-update: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123]
detected: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
new: [....35] [ip4][..tcp] [.130.211.33.145][..443] -> [..192.168.1.121][53432] [MIDSTREAM]
detected: [....35] [ip4][..tcp] [.130.211.33.145][..443] -> [..192.168.1.121][53432] [TLS][GoogleCloud][Web][Safe]
- idle: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
+ idle: [....10] [ip4][..udp] [..192.168.1.121][53884] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wdcp.microsoft.com]
idle: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
idle: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
idle: [.....5] [ip6][..udp] [..............fe80::1059:a858:f9e7:cf94][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
- idle: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][wdcp.microsoft.com]
+ idle: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wdcp.microsoft.com]
idle: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
guessed: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443] [TLS][Azure][Web][Safe]
idle: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443]
- end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
+ end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Download][Acceptable][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
- end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
+ end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Download][Acceptable][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
- idle: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
+ idle: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
idle: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
idle: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251] [IGMP][Unknown][Network][Acceptable]
idle: [.....7] [ip4][....2] [..192.168.1.139] -> [......224.0.0.2] [IGMP][Unknown][Network][Acceptable]
- idle: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe][time-macos.apple.com]
- idle: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS.Azure][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
+ idle: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][time-macos.apple.com]
+ idle: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
idle: [....35] [ip4][..tcp] [.130.211.33.145][..443] -> [..192.168.1.121][53432] [TLS][GoogleCloud][Web][Safe]
end: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [TLS][Github][Web][Safe]
idle: [.....4] [ip4][..udp] [..192.168.1.139][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
@@ -157,26 +157,26 @@
idle: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
idle: [....22] [ip4][..udp] [..192.168.1.121][49216] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
idle: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
- end: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
RISK: TLS Cert Validity Too Long
- end: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
RISK: TLS Cert Validity Too Long
- end: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
RISK: TLS Cert Validity Too Long
- end: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
RISK: TLS Cert Validity Too Long
- end: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
RISK: TLS Cert Validity Too Long
- end: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
RISK: TLS Cert Validity Too Long
- end: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
RISK: TLS Cert Validity Too Long
- end: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
RISK: TLS Cert Validity Too Long
not-detected: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367] [Unknown][Unknown][Unrated]
RISK: Susp Entropy
idle: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367]
- idle: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe][www.microsoft.com]
+ idle: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
idle: [.....6] [ip4][..udp] [..192.168.1.121][.5353] -> [..192.168.1.139][.5353] [MDNS][Unknown][Network][Acceptable][_companion-link._tcp.local]
idle: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][235.33.22.2.in-addr.arpa]
idle: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][60.21.149.52.in-addr.arpa]
diff --git a/test/results/flow-info/default/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/flow-info/default/tls_heur__shadowsocks-tcp.pcapng.out
index e70a46b38..aeef38a2b 100644
--- a/test/results/flow-info/default/tls_heur__shadowsocks-tcp.pcapng.out
+++ b/test/results/flow-info/default/tls_heur__shadowsocks-tcp.pcapng.out
@@ -4,10 +4,10 @@
new: [.....1] [ip4][..tcp] [......127.0.0.1][44424] -> [......127.0.0.1][.1080]
detected: [.....1] [ip4][..tcp] [......127.0.0.1][44424] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
new: [.....2] [ip4][..udp] [......127.0.0.1][41182] -> [.....127.0.0.53][...53]
- detected: [.....2] [ip4][..udp] [......127.0.0.1][41182] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....2] [ip4][..udp] [......127.0.0.1][41182] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detected: [.....2] [ip4][..udp] [......127.0.0.1][41182] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....2] [ip4][..udp] [......127.0.0.1][41182] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [......127.0.0.1][41182] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detection-update: [.....2] [ip4][..udp] [......127.0.0.1][41182] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
new: [.....3] [ip4][..tcp] [......127.0.0.1][40164] -> [......127.0.0.1][.1234]
new: [.....4] [ip6][..tcp] [..2001:b07:a3d:c112:8628:88aa:8b00:913c][45334] -> [...............2a00:1450:4002:416::200e][..443]
detected: [.....4] [ip6][..tcp] [..2001:b07:a3d:c112:8628:88aa:8b00:913c][45334] -> [...............2a00:1450:4002:416::200e][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com]
@@ -22,7 +22,7 @@
[IATS(ms)....: 3.4,3.5,0.3,3.9,24.5,28.1,0.2,0.0,0.2,0.0,3.0,7.5,5.3,6.5,46.4,49.6,0.0,0.0,9.0,0.1,0.0,0.4,0.0,0.0,0.0,0.3,0.0,26.1,26.1,0.4,0.0]
[PKTLENS.....: 80,80,72,589,72,1280,72,4904,631,72,72,345,720,103,103,72,1280,293,1280,72,72,72,1280,1280,1280,4948,72,72,1280,72,1280,1280]
[ENTROPIES...: 4.8,5.3,5.2,4.8,5.2,7.8,5.2,8.0,7.6,5.2,5.2,7.1,7.7,5.8,5.8,5.1,7.8,7.1,7.9,5.2,5.2,5.2,7.8,7.9,7.8,8.0,5.1,5.2,7.9,5.2,7.8,7.8]
- idle: [.....2] [ip4][..udp] [......127.0.0.1][41182] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ idle: [.....2] [ip4][..udp] [......127.0.0.1][41182] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
not-detected: [.....3] [ip4][..tcp] [......127.0.0.1][40164] -> [......127.0.0.1][.1234] [Unknown][Unknown][Unrated]
RISK: Fully Encrypted Flow
idle: [.....3] [ip4][..tcp] [......127.0.0.1][40164] -> [......127.0.0.1][.1234]
diff --git a/test/results/flow-info/default/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/flow-info/default/tls_heur__trojan-tcp-tls.pcapng.out
index 549368912..bd5580d15 100644
--- a/test/results/flow-info/default/tls_heur__trojan-tcp-tls.pcapng.out
+++ b/test/results/flow-info/default/tls_heur__trojan-tcp-tls.pcapng.out
@@ -4,16 +4,16 @@
new: [.....1] [ip4][..tcp] [......127.0.0.1][60654] -> [......127.0.0.1][.1080]
detected: [.....1] [ip4][..tcp] [......127.0.0.1][60654] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
new: [.....2] [ip4][..udp] [......127.0.0.1][52786] -> [.....127.0.0.53][...53]
- detected: [.....2] [ip4][..udp] [......127.0.0.1][52786] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....2] [ip4][..udp] [......127.0.0.1][52786] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detected: [.....2] [ip4][..udp] [......127.0.0.1][52786] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....2] [ip4][..udp] [......127.0.0.1][52786] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
RISK: Unidirectional Traffic
new: [.....3] [ip4][..udp] [..192.168.1.183][46451] -> [..192.168.1.253][...53]
- detected: [.....3] [ip4][..udp] [..192.168.1.183][46451] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detected: [.....3] [ip4][..udp] [..192.168.1.183][46451] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
new: [.....4] [ip4][..udp] [..192.168.1.183][54260] -> [..192.168.1.253][...53]
- detected: [.....4] [ip4][..udp] [..192.168.1.183][54260] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....3] [ip4][..udp] [..192.168.1.183][46451] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....4] [ip4][..udp] [..192.168.1.183][54260] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....2] [ip4][..udp] [......127.0.0.1][52786] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detected: [.....4] [ip4][..udp] [..192.168.1.183][54260] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....3] [ip4][..udp] [..192.168.1.183][46451] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....4] [ip4][..udp] [..192.168.1.183][54260] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....2] [ip4][..udp] [......127.0.0.1][52786] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
new: [.....5] [ip4][..udp] [......127.0.0.1][53154] -> [.....127.0.0.53][...53]
detected: [.....5] [ip4][..udp] [......127.0.0.1][53154] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][test.lan]
new: [.....6] [ip4][..udp] [......127.0.0.1][56496] -> [.....127.0.0.53][...53]
@@ -46,12 +46,12 @@
[IATS(ms)....: 2.7,2.7,0.3,2.7,17.2,19.6,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,8.4,0.5,11.2,3.0,2.3,5.7,46.1,70.4,31.7,0.1,0.0,0.0,0.0,0.0,0.1,0.1,0.0]
[PKTLENS.....: 60,60,52,569,52,1452,52,1452,52,1452,52,1452,52,1053,52,132,245,700,83,83,52,52,1452,52,80,52,1452,52,1452,52,1452,52]
[ENTROPIES...: 4.6,5.2,4.9,4.8,4.9,7.8,4.8,7.8,4.9,7.9,4.8,7.9,4.8,7.8,4.8,6.2,7.0,7.7,5.6,5.5,4.9,4.9,7.9,4.9,5.6,4.9,7.9,4.9,7.9,4.9,7.9,4.8]
- idle: [.....3] [ip4][..udp] [..192.168.1.183][46451] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ idle: [.....3] [ip4][..udp] [..192.168.1.183][46451] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
idle: [....10] [ip4][..tcp] [..192.168.1.183][58730] -> [142.250.180.142][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com]
- idle: [.....4] [ip4][..udp] [..192.168.1.183][54260] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ idle: [.....4] [ip4][..udp] [..192.168.1.183][54260] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
idle: [.....9] [ip4][..tcp] [......127.0.0.1][41796] -> [......127.0.0.1][.1234] [TLS][Unknown][Web][Safe]
RISK: Known Proto on Non Std Port
- idle: [.....2] [ip4][..udp] [......127.0.0.1][52786] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ idle: [.....2] [ip4][..udp] [......127.0.0.1][52786] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
idle: [.....5] [ip4][..udp] [......127.0.0.1][53154] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][test.lan]
RISK: Minor Issues
idle: [.....6] [ip4][..udp] [......127.0.0.1][56496] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][test.lan]
diff --git a/test/results/flow-info/default/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/flow-info/default/tls_heur__vmess-tcp-tls.pcapng.out
index 7cb8ee823..0a70f42ea 100644
--- a/test/results/flow-info/default/tls_heur__vmess-tcp-tls.pcapng.out
+++ b/test/results/flow-info/default/tls_heur__vmess-tcp-tls.pcapng.out
@@ -4,16 +4,16 @@
new: [.....1] [ip4][..tcp] [......127.0.0.1][40136] -> [......127.0.0.1][.1080]
detected: [.....1] [ip4][..tcp] [......127.0.0.1][40136] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
new: [.....2] [ip4][..udp] [......127.0.0.1][46548] -> [.....127.0.0.53][...53]
- detected: [.....2] [ip4][..udp] [......127.0.0.1][46548] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....2] [ip4][..udp] [......127.0.0.1][46548] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detected: [.....2] [ip4][..udp] [......127.0.0.1][46548] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....2] [ip4][..udp] [......127.0.0.1][46548] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
RISK: Unidirectional Traffic
new: [.....3] [ip4][..udp] [..192.168.1.183][49817] -> [..192.168.1.253][...53]
- detected: [.....3] [ip4][..udp] [..192.168.1.183][49817] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detected: [.....3] [ip4][..udp] [..192.168.1.183][49817] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
new: [.....4] [ip4][..udp] [..192.168.1.183][41933] -> [..192.168.1.253][...53]
- detected: [.....4] [ip4][..udp] [..192.168.1.183][41933] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....3] [ip4][..udp] [..192.168.1.183][49817] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....4] [ip4][..udp] [..192.168.1.183][41933] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....2] [ip4][..udp] [......127.0.0.1][46548] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detected: [.....4] [ip4][..udp] [..192.168.1.183][41933] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....3] [ip4][..udp] [..192.168.1.183][49817] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....4] [ip4][..udp] [..192.168.1.183][41933] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....2] [ip4][..udp] [......127.0.0.1][46548] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
new: [.....5] [ip4][..udp] [......127.0.0.1][50125] -> [.....127.0.0.53][...53]
detected: [.....5] [ip4][..udp] [......127.0.0.1][50125] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][test.lan]
new: [.....6] [ip4][..udp] [......127.0.0.1][45262] -> [.....127.0.0.53][...53]
@@ -36,17 +36,17 @@
new: [....10] [ip4][..tcp] [..192.168.1.183][58612] -> [.216.58.204.142][..443]
detected: [....10] [ip4][..tcp] [..192.168.1.183][58612] -> [.216.58.204.142][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com]
detection-update: [....10] [ip4][..tcp] [..192.168.1.183][58612] -> [.216.58.204.142][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com]
- idle: [.....3] [ip4][..udp] [..192.168.1.183][49817] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ idle: [.....3] [ip4][..udp] [..192.168.1.183][49817] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
idle: [.....1] [ip4][..tcp] [......127.0.0.1][40136] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
idle: [.....6] [ip4][..udp] [......127.0.0.1][45262] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][test.lan]
RISK: Minor Issues
idle: [.....7] [ip4][..udp] [..192.168.1.183][58009] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][test.lan]
- idle: [.....2] [ip4][..udp] [......127.0.0.1][46548] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ idle: [.....2] [ip4][..udp] [......127.0.0.1][46548] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
idle: [.....5] [ip4][..udp] [......127.0.0.1][50125] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][test.lan]
idle: [....10] [ip4][..tcp] [..192.168.1.183][58612] -> [.216.58.204.142][..443] [TLS.YouTube][Google][Media][Fun]
idle: [.....9] [ip4][..tcp] [......127.0.0.1][57874] -> [......127.0.0.1][.1234] [TLS][Unknown][Web][Safe]
RISK: Known Proto on Non Std Port
- idle: [.....4] [ip4][..udp] [..192.168.1.183][41933] -> [..192.168.1.253][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ idle: [.....4] [ip4][..udp] [..192.168.1.183][41933] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
idle: [.....8] [ip4][..udp] [..192.168.1.183][42485] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][test.lan]
RISK: Minor Issues
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/tls_heur__vmess-tcp.pcapng.out b/test/results/flow-info/default/tls_heur__vmess-tcp.pcapng.out
index 8f65716c0..a5f713be1 100644
--- a/test/results/flow-info/default/tls_heur__vmess-tcp.pcapng.out
+++ b/test/results/flow-info/default/tls_heur__vmess-tcp.pcapng.out
@@ -4,10 +4,10 @@
new: [.....1] [ip4][..tcp] [......127.0.0.1][37218] -> [......127.0.0.1][.1080]
detected: [.....1] [ip4][..tcp] [......127.0.0.1][37218] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
new: [.....2] [ip4][..udp] [......127.0.0.1][35957] -> [.....127.0.0.53][...53]
- detected: [.....2] [ip4][..udp] [......127.0.0.1][35957] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....2] [ip4][..udp] [......127.0.0.1][35957] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detected: [.....2] [ip4][..udp] [......127.0.0.1][35957] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....2] [ip4][..udp] [......127.0.0.1][35957] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [......127.0.0.1][35957] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detection-update: [.....2] [ip4][..udp] [......127.0.0.1][35957] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
new: [.....3] [ip4][..tcp] [......127.0.0.1][40818] -> [......127.0.0.1][.1234]
new: [.....4] [ip6][..tcp] [..2001:b07:a3d:c112:8628:88aa:8b00:913c][48302] -> [...............2a00:1450:4006:80d::200e][..443]
detected: [.....4] [ip6][..tcp] [..2001:b07:a3d:c112:8628:88aa:8b00:913c][48302] -> [...............2a00:1450:4006:80d::200e][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com]
@@ -22,7 +22,7 @@
[IATS(ms)....: 1019.8,1024.0,2053.5,9.7,0.4,10.5,14.8,0.0,24.8,0.0,0.2,0.0,0.1,0.0,3.4,0.5,13.4,0.0,9.6,1.8,11.4,77.7,0.0,0.0,87.4,0.4,0.3,0.3,0.3,0.2,0.2]
[PKTLENS.....: 80,80,80,80,72,589,72,2488,1280,72,72,1280,1840,72,72,152,202,720,103,135,103,72,1280,307,1280,72,2488,72,2488,72,2488,72]
[ENTROPIES...: 4.9,4.8,4.9,5.4,5.2,4.8,5.2,7.9,7.8,5.2,5.2,7.8,7.9,5.2,5.2,6.4,6.6,7.7,5.9,6.4,5.9,5.2,7.9,7.2,7.9,5.2,7.9,5.2,7.9,5.2,7.9,5.2]
- idle: [.....2] [ip4][..udp] [......127.0.0.1][35957] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ idle: [.....2] [ip4][..udp] [......127.0.0.1][35957] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
idle: [.....1] [ip4][..tcp] [......127.0.0.1][37218] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
not-detected: [.....3] [ip4][..tcp] [......127.0.0.1][40818] -> [......127.0.0.1][.1234] [Unknown][Unknown][Unrated]
RISK: Fully Encrypted Flow
diff --git a/test/results/flow-info/default/tls_heur__vmess-websocket.pcapng.out b/test/results/flow-info/default/tls_heur__vmess-websocket.pcapng.out
index a512ee6f2..c46b67237 100644
--- a/test/results/flow-info/default/tls_heur__vmess-websocket.pcapng.out
+++ b/test/results/flow-info/default/tls_heur__vmess-websocket.pcapng.out
@@ -4,8 +4,8 @@
new: [.....1] [ip4][..tcp] [......127.0.0.1][44532] -> [......127.0.0.1][.1080]
detected: [.....1] [ip4][..tcp] [......127.0.0.1][44532] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
new: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53]
- detected: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
- detection-update: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ detected: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
+ detection-update: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
new: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234]
detected: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP.WebSocket][Unknown][Web][Acceptable][127.0.0.1]
RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
@@ -34,7 +34,7 @@
[ENTROPIES...: 4.3,4.7,4.6,4.5,4.6,4.6,4.6,4.7,4.5,4.6,4.7,7.9,4.7,7.9,4.6,6.2,5.9,5.8,5.7,6.1,4.7,7.7,5.5,5.5,4.7,8.0,4.6,8.0,4.6,7.9,4.6,7.8]
idle: [.....3] [ip4][..tcp] [......127.0.0.1][33702] -> [......127.0.0.1][.1234] [HTTP.WebSocket][Unknown][Web][Acceptable][127.0.0.1]
RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
- idle: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS.YouTube][Unknown][Network][Fun][www.youtube.com]
+ idle: [.....2] [ip4][..udp] [......127.0.0.1][39646] -> [.....127.0.0.53][...53] [DNS][Unknown][Network][Acceptable][www.youtube.com]
idle: [.....1] [ip4][..tcp] [......127.0.0.1][44532] -> [......127.0.0.1][.1080] [SOCKS][Unknown][Web][Acceptable]
idle: [.....4] [ip4][..tcp] [..192.168.1.183][51390] -> [142.250.180.142][..443] [TLS.YouTube][Google][Media][Fun]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/tor-browser.pcap.out b/test/results/flow-info/default/tor-browser.pcap.out
new file mode 100644
index 000000000..01dd0afa2
--- /dev/null
+++ b/test/results/flow-info/default/tor-browser.pcap.out
@@ -0,0 +1,70 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..udp] [..192.168.0.123][55566] -> [...192.168.0.16][...53]
+ detected: [.....1] [ip4][..udp] [..192.168.0.123][55566] -> [...192.168.0.16][...53] [DNS][Unknown][Network][Acceptable][checkappexec.microsoft.com]
+ detection-update: [.....1] [ip4][..udp] [..192.168.0.123][55566] -> [...192.168.0.16][...53] [DNS][Unknown][Network][Acceptable][checkappexec.microsoft.com]
+ new: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443]
+ detected: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443] [TLS.Microsoft365][Azure][Web][Acceptable][checkappexec.microsoft.com]
+ detection-update: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443] [TLS.Microsoft365][Azure][Web][Acceptable][checkappexec.microsoft.com]
+ detection-update: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443] [TLS.Microsoft365][Azure][Web][Acceptable][checkappexec.microsoft.com]
+ new: [.....3] [ip4][..tcp] [..192.168.0.123][64621] -> [....86.3.18.251][..443]
+ new: [.....4] [ip4][..tcp] [..192.168.0.123][64622] -> [.178.17.170.254][..443]
+ detected: [.....4] [ip4][..tcp] [..192.168.0.123][64622] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.v2trefdg62xsck3upw2iad5y.com]
+ RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
+ new: [.....5] [ip4][.icmp] [...192.168.0.16] -> [..192.168.0.123]
+ detected: [.....5] [ip4][.icmp] [...192.168.0.16] -> [..192.168.0.123] [ICMP][Unknown][Network][Acceptable]
+ RISK: Susp Entropy
+ detected: [.....3] [ip4][..tcp] [..192.168.0.123][64621] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.w2f34byk6sroic.com]
+ RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
+ new: [.....6] [ip4][..tcp] [..192.168.0.123][64282] -> [.155.133.248.43][..443] [MIDSTREAM]
+ detected: [.....6] [ip4][..tcp] [..192.168.0.123][64282] -> [.155.133.248.43][..443] [TLS][Steam][Web][Safe]
+ new: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443]
+ detected: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.sodinn6.com]
+ RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
+ detection-update: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.sodinn6.com]
+ RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
+ analyse: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.184| 0.085| 0.047| 2172.756| 4.600]
+ [PKTLEN......: 40.000| 2118.000| 563.500| 530.800| 281728.400| 4.400]
+ [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]
+ [BINS(s->c)..: 4,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0]
+ [IATS(ms)....: 112.1,118.6,0.3,135.9,0.1,141.3,123.9,112.0,103.9,0.1,104.0,75.9,83.2,84.0,0.1,0.0,91.9,3.3,103.9,76.1,184.3,131.9,110.7,92.1,92.2,100.0,100.6,96.0,94.5,83.9,83.8]
+ [PKTLENS.....: 52,52,40,557,46,1213,120,119,73,119,1400,40,742,2118,46,1400,244,40,1604,46,576,576,1112,1090,576,576,576,576,576,576,576,576]
+ [ENTROPIES...: 4.4,4.7,4.6,4.6,4.4,7.8,6.2,6.4,5.5,6.4,7.9,4.6,7.7,7.9,4.5,7.8,7.1,4.6,7.9,4.5,7.7,7.6,7.8,7.8,7.6,7.6,7.6,7.6,7.6,7.6,7.6,7.6]
+ new: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443]
+ detected: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.2xik.com]
+ RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
+ detection-update: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.2xik.com]
+ RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
+ new: [.....9] [ip4][..tcp] [..192.168.0.123][64625] -> [.194.164.197.45][..443]
+ detected: [.....9] [ip4][..tcp] [..192.168.0.123][64625] -> [.194.164.197.45][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.raww4onzy3tam7cip372snd.com]
+ RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
+ analyse: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.102| 0.057| 0.029| 830.465| 4.700]
+ [PKTLEN......: 40.000| 2118.000| 595.800| 546.500| 298628.700| 4.400]
+ [BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]
+ [BINS(s->c)..: 4,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,2,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0]
+ [IATS(ms)....: 60.6,60.7,0.3,60.9,10.9,72.3,62.0,61.2,60.4,0.5,64.6,64.0,61.4,86.2,11.0,0.0,96.1,1.4,62.4,39.7,101.6,61.2,61.7,86.7,85.9,85.4,85.4,61.4,61.6,67.3,66.7]
+ [PKTLENS.....: 52,48,40,557,46,1210,120,119,73,119,1400,40,731,2118,46,1400,244,40,1604,46,576,576,1112,1090,576,576,576,576,1112,1090,576,576]
+ [ENTROPIES...: 4.5,4.9,4.6,4.5,4.4,7.8,6.3,6.4,5.6,6.4,7.9,4.5,7.7,7.9,4.4,7.9,7.0,4.7,7.9,4.5,7.6,7.6,7.8,7.8,7.6,7.6,7.6,7.7,7.8,7.8,7.6,7.7]
+ end: [.....3] [ip4][..tcp] [..192.168.0.123][64621] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
+ RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
+ idle: [.....7] [ip4][..tcp] [..192.168.0.123][64623] -> [....86.3.18.251][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.sodinn6.com]
+ RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
+ idle: [.....1] [ip4][..udp] [..192.168.0.123][55566] -> [...192.168.0.16][...53] [DNS][Unknown][Network][Acceptable][checkappexec.microsoft.com]
+ idle: [.....6] [ip4][..tcp] [..192.168.0.123][64282] -> [.155.133.248.43][..443] [TLS][Steam][Web][Safe]
+ end: [.....4] [ip4][..tcp] [..192.168.0.123][64622] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
+ RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
+ idle: [.....8] [ip4][..tcp] [..192.168.0.123][64624] -> [.178.17.170.254][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous][www.2xik.com]
+ RISK: TLS (probably) Not Carrying HTTPS, Unsafe Protocol
+ idle: [.....9] [ip4][..tcp] [..192.168.0.123][64625] -> [.194.164.197.45][..443] [TLS.Tor][Tor][VPN][Potentially Dangerous]
+ RISK: TLS (probably) Not Carrying HTTPS, Susp DGA Domain name, Unsafe Protocol
+ idle: [.....5] [ip4][.icmp] [...192.168.0.16] -> [..192.168.0.123] [ICMP][Unknown][Network][Acceptable]
+ RISK: Susp Entropy
+ idle: [.....2] [ip4][..tcp] [..192.168.0.123][64613] -> [172.211.159.152][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/ubntac2.pcap.out b/test/results/flow-info/default/ubntac2.pcap.out
index 2b5ace450..523da6235 100644
--- a/test/results/flow-info/default/ubntac2.pcap.out
+++ b/test/results/flow-info/default/ubntac2.pcap.out
@@ -1,30 +1,33 @@
DAEMON-EVENT: init
- DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [....192.168.1.1][34085] -> [255.255.255.255][10001]
- detected: [.....1] [ip4][..udp] [....192.168.1.1][34085] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- new: [.....2] [ip4][..udp] [....192.168.1.1][44641] -> [255.255.255.255][10001]
- detected: [.....2] [ip4][..udp] [....192.168.1.1][44641] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- new: [.....3] [ip4][..udp] [....192.168.1.1][55321] -> [255.255.255.255][10001]
- detected: [.....3] [ip4][..udp] [....192.168.1.1][55321] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- new: [.....4] [ip4][..udp] [....192.168.1.1][47871] -> [255.255.255.255][10001]
- detected: [.....4] [ip4][..udp] [....192.168.1.1][47871] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- new: [.....5] [ip4][..udp] [....192.168.1.1][59772] -> [255.255.255.255][10001]
- detected: [.....5] [ip4][..udp] [....192.168.1.1][59772] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- new: [.....6] [ip4][..udp] [....192.168.1.1][52220] -> [255.255.255.255][10001]
- detected: [.....6] [ip4][..udp] [....192.168.1.1][52220] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- update: [.....1] [ip4][..udp] [....192.168.1.1][34085] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- new: [.....7] [ip4][..udp] [....192.168.1.1][47746] -> [255.255.255.255][10001]
- detected: [.....7] [ip4][..udp] [....192.168.1.1][47746] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- update: [.....2] [ip4][..udp] [....192.168.1.1][44641] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- new: [.....8] [ip4][..udp] [....192.168.1.1][42838] -> [255.255.255.255][10001]
- detected: [.....8] [ip4][..udp] [....192.168.1.1][42838] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- idle: [.....7] [ip4][..udp] [....192.168.1.1][47746] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- idle: [.....4] [ip4][..udp] [....192.168.1.1][47871] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- idle: [.....6] [ip4][..udp] [....192.168.1.1][52220] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- idle: [.....3] [ip4][..udp] [....192.168.1.1][55321] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- idle: [.....5] [ip4][..udp] [....192.168.1.1][59772] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- idle: [.....1] [ip4][..udp] [....192.168.1.1][34085] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- idle: [.....8] [ip4][..udp] [....192.168.1.1][42838] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
- idle: [.....2] [ip4][..udp] [....192.168.1.1][44641] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ new: [.....1] [ip4][..udp] [..192.168.1.138][60790] -> [255.255.255.255][10001]
+ detected: [.....1] [ip4][..udp] [..192.168.1.138][60790] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ DAEMON-EVENT: [Processed: 1 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....2] [ip4][..udp] [....192.168.1.1][34085] -> [255.255.255.255][10001]
+ detected: [.....2] [ip4][..udp] [....192.168.1.1][34085] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ idle: [.....1] [ip4][..udp] [..192.168.1.138][60790] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ new: [.....3] [ip4][..udp] [....192.168.1.1][44641] -> [255.255.255.255][10001]
+ detected: [.....3] [ip4][..udp] [....192.168.1.1][44641] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ new: [.....4] [ip4][..udp] [....192.168.1.1][55321] -> [255.255.255.255][10001]
+ detected: [.....4] [ip4][..udp] [....192.168.1.1][55321] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ new: [.....5] [ip4][..udp] [....192.168.1.1][47871] -> [255.255.255.255][10001]
+ detected: [.....5] [ip4][..udp] [....192.168.1.1][47871] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ new: [.....6] [ip4][..udp] [....192.168.1.1][59772] -> [255.255.255.255][10001]
+ detected: [.....6] [ip4][..udp] [....192.168.1.1][59772] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ new: [.....7] [ip4][..udp] [....192.168.1.1][52220] -> [255.255.255.255][10001]
+ detected: [.....7] [ip4][..udp] [....192.168.1.1][52220] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ update: [.....2] [ip4][..udp] [....192.168.1.1][34085] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ new: [.....8] [ip4][..udp] [....192.168.1.1][47746] -> [255.255.255.255][10001]
+ detected: [.....8] [ip4][..udp] [....192.168.1.1][47746] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ update: [.....3] [ip4][..udp] [....192.168.1.1][44641] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ new: [.....9] [ip4][..udp] [....192.168.1.1][42838] -> [255.255.255.255][10001]
+ detected: [.....9] [ip4][..udp] [....192.168.1.1][42838] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ idle: [.....8] [ip4][..udp] [....192.168.1.1][47746] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ idle: [.....5] [ip4][..udp] [....192.168.1.1][47871] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ idle: [.....7] [ip4][..udp] [....192.168.1.1][52220] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ idle: [.....4] [ip4][..udp] [....192.168.1.1][55321] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ idle: [.....6] [ip4][..udp] [....192.168.1.1][59772] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ idle: [.....2] [ip4][..udp] [....192.168.1.1][34085] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ idle: [.....9] [ip4][..udp] [....192.168.1.1][42838] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
+ idle: [.....3] [ip4][..udp] [....192.168.1.1][44641] -> [255.255.255.255][10001] [UBNTAC2][Unknown][Network][Safe]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/viber.pcap.out b/test/results/flow-info/default/viber.pcap.out
index 18395d0e1..caa02c0aa 100644
--- a/test/results/flow-info/default/viber.pcap.out
+++ b/test/results/flow-info/default/viber.pcap.out
@@ -3,11 +3,11 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244] [MIDSTREAM]
new: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53]
- detected: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
- detection-update: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
+ detected: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][graph.facebook.com]
+ detection-update: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][graph.facebook.com]
new: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53]
- detected: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS.ADS_Analytic_Track][Unknown][Network][Tracker/Ads][app.adjust.com]
- detection-update: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS.ADS_Analytic_Track][Unknown][Network][Tracker/Ads][app.adjust.com]
+ detected: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][app.adjust.com]
+ detection-update: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][app.adjust.com]
new: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53]
detected: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][mapi.apptimize.com]
detection-update: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][mapi.apptimize.com]
@@ -18,15 +18,15 @@
new: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443]
detected: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe][mapi.apptimize.com]
new: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53]
- detected: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS.Viber][Unknown][Network][Fun][media.cdn.viber.com]
- detection-update: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS.Viber][Unknown][Network][Fun][media.cdn.viber.com]
+ detected: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][media.cdn.viber.com]
+ detection-update: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][media.cdn.viber.com]
new: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443]
detected: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AmazonAWS][Chat][Fun][media.cdn.viber.com]
detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AmazonAWS][Chat][Fun][media.cdn.viber.com]
detection-update: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AmazonAWS][Chat][Fun][media.cdn.viber.com]
new: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53]
- detected: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS.Viber][Unknown][Network][Fun][dl-media.viber.com]
- detection-update: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS.Viber][Unknown][Network][Fun][dl-media.viber.com]
+ detected: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][dl-media.viber.com]
+ detection-update: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][dl-media.viber.com]
new: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443]
detected: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com]
detection-update: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com]
@@ -43,8 +43,8 @@
[ENTROPIES...: 4.6,5.2,5.2,5.6,5.1,7.2,7.5,7.5,7.3,5.1,5.2,5.2,5.2,6.4,7.2,7.7,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.7,5.2,5.2,5.1,5.2,5.1]
new: [....11] [ip4][..udp] [...192.168.0.17][41993] -> [.172.217.23.106][..443]
new: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53]
- detected: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS.Google][Unknown][Network][Acceptable][app-measurement.com]
- detection-update: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS.Google][Unknown][Network][Acceptable][app-measurement.com]
+ detected: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][app-measurement.com]
+ detection-update: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][app-measurement.com]
new: [....13] [ip4][..tcp] [...192.168.0.17][43702] -> [..172.217.23.78][..443]
detected: [....13] [ip4][..tcp] [...192.168.0.17][43702] -> [..172.217.23.78][..443] [TLS.Google][Google][Web][Acceptable][app-measurement.com]
detection-update: [....13] [ip4][..tcp] [...192.168.0.17][43702] -> [..172.217.23.78][..443] [TLS.Google][Google][Web][Acceptable][app-measurement.com]
@@ -57,6 +57,7 @@
detection-update: [....16] [ip4][..udp] [...192.168.0.17][44376] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][venetia.iad.appboy.com]
new: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443]
detected: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Unknown][Web][Safe][venetia.iad.appboy.com]
+ detection-update: [....14] [ip4][..udp] [...192.168.0.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_805741c9._sub._googlecast._tcp.local]
analyse: [.....1] [ip4][..tcp] [...192.168.0.17][33208] -> [...52.0.253.101][.4244]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 10.702| 1.934| 2.902| 8424002.683| 3.500]
@@ -105,23 +106,23 @@
[PKTLENS.....: 285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285]
[ENTROPIES...: 6.3,4.5,5.0,3.5,4.0,6.4,3.5,5.1,4.4,6.4,4.0,3.5,6.3,3.5,5.0,4.4,6.3,3.9,3.4,6.4,3.5,5.0,4.4,6.3,3.9,3.5,6.4,3.5,5.0,4.4,4.0,6.4]
new: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53]
- detected: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- detection-update: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
+ detected: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ detection-update: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
new: [....26] [ip4][.icmp] [...192.168.0.17] -> [...192.168.0.15]
detected: [....26] [ip4][.icmp] [...192.168.0.17] -> [...192.168.0.15] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
- update: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
+ update: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][graph.facebook.com]
update: [.....4] [ip4][..udp] [...192.168.0.17][62872] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][mapi.apptimize.com]
- update: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS.ADS_Analytic_Track][Unknown][Network][Tracker/Ads][app.adjust.com]
+ update: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][app.adjust.com]
DAEMON-EVENT: [Processed: 420 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 26 / 26|skipped: 0|!detected: 0|guessed: 1|detection-updates: 17|updates: 4]
+ DAEMON-EVENT: [Flows][active: 26 / 26|skipped: 0|!detected: 0|guessed: 1|detection-updates: 18|updates: 4]
new: [....27] [ip4][..tcp] [..192.168.2.100][48690] -> [...52.0.252.145][.4244]
detected: [....27] [ip4][..tcp] [..192.168.2.100][48690] -> [...52.0.252.145][.4244] [Viber][Viber][VoIP][Fun]
end: [.....5] [ip4][..tcp] [...192.168.0.17][36986] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe]
end: [.....6] [ip4][..tcp] [...192.168.0.17][36988] -> [..54.69.166.226][..443] [TLS][AmazonAWS][Web][Safe][mapi.apptimize.com]
- idle: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
+ idle: [.....2] [ip4][..udp] [...192.168.0.17][45743] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][graph.facebook.com]
idle: [....15] [ip6][icmp6] [..............fe80::3207:4dff:fea3:5fa7] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
- idle: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
+ idle: [....25] [ip4][..udp] [...192.168.0.17][50097] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
guessed: [....18] [ip4][..tcp] [...192.168.0.17][45424] -> [....18.201.4.32][..443] [TLS][AmazonAWS][Web][Safe]
end: [....18] [ip4][..tcp] [...192.168.0.17][45424] -> [....18.201.4.32][..443]
end: [....21] [ip4][..tcp] [...192.168.0.17][49048] -> [..54.187.91.182][..443] [TLS][AmazonAWS][Web][Safe]
@@ -138,28 +139,28 @@
idle: [....26] [ip4][.icmp] [...192.168.0.17] -> [...192.168.0.15] [ICMP][Unknown][Network][Acceptable]
RISK: Susp Entropy
idle: [....14] [ip4][..udp] [...192.168.0.17][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
- idle: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS.ADS_Analytic_Track][Unknown][Network][Tracker/Ads][app.adjust.com]
- idle: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS.Google][Unknown][Network][Acceptable][app-measurement.com]
+ idle: [.....3] [ip4][..udp] [...192.168.0.17][35283] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][app.adjust.com]
+ idle: [....12] [ip4][..udp] [...192.168.0.17][35331] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][app-measurement.com]
idle: [....10] [ip4][..tcp] [...192.168.0.17][53934] -> [...54.230.93.53][..443] [TLS.Viber][AmazonAWS][Chat][Fun][dl-media.viber.com]
- idle: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS.Viber][Unknown][Network][Fun][media.cdn.viber.com]
+ idle: [.....7] [ip4][..udp] [...192.168.0.17][37418] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][media.cdn.viber.com]
idle: [....17] [ip4][..tcp] [...192.168.0.17][55746] -> [..151.101.1.130][..443] [TLS][Unknown][Web][Safe][venetia.iad.appboy.com]
- idle: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS.Viber][Unknown][Network][Fun][dl-media.viber.com]
+ idle: [.....9] [ip4][..udp] [...192.168.0.17][40445] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][dl-media.viber.com]
idle: [.....8] [ip4][..tcp] [...192.168.0.17][57520] -> [...54.230.93.96][..443] [TLS.Viber][AmazonAWS][Chat][Fun]
guessed: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443] [TLS][AmazonAWS][Web][Safe]
end: [....22] [ip4][..tcp] [...192.168.0.17][33744] -> [.....18.201.4.3][..443]
idle: [....16] [ip4][..udp] [...192.168.0.17][44376] -> [...192.168.0.15][...53] [DNS][Unknown][Network][Acceptable][venetia.iad.appboy.com]
DAEMON-EVENT: [Processed: 435 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 27|skipped: 0|!detected: 0|guessed: 4|detection-updates: 17|updates: 4]
+ DAEMON-EVENT: [Flows][active: 1 / 27|skipped: 0|!detected: 0|guessed: 4|detection-updates: 18|updates: 4]
new: [....28] [ip4][..tcp] [..192.168.2.100][41184] -> [.....52.0.252.2][.5242]
detected: [....28] [ip4][..tcp] [..192.168.2.100][41184] -> [.....52.0.252.2][.5242] [Viber][Viber][VoIP][Fun]
DAEMON-EVENT: [Processed: 446 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 2 / 28|skipped: 0|!detected: 0|guessed: 4|detection-updates: 17|updates: 4]
+ DAEMON-EVENT: [Flows][active: 2 / 28|skipped: 0|!detected: 0|guessed: 4|detection-updates: 18|updates: 4]
new: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [MIDSTREAM]
detected: [....29] [ip4][..tcp] [..192.168.2.100][42900] -> [..44.192.202.74][.4244] [Viber][AmazonAWS][VoIP][Fun]
end: [....28] [ip4][..tcp] [..192.168.2.100][41184] -> [.....52.0.252.2][.5242] [Viber][Viber][VoIP][Fun]
idle: [....27] [ip4][..tcp] [..192.168.2.100][48690] -> [...52.0.252.145][.4244] [Viber][Viber][VoIP][Fun]
DAEMON-EVENT: [Processed: 447 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 29|skipped: 0|!detected: 0|guessed: 4|detection-updates: 17|updates: 4]
+ DAEMON-EVENT: [Flows][active: 1 / 29|skipped: 0|!detected: 0|guessed: 4|detection-updates: 18|updates: 4]
new: [....30] [ip4][..udp] [.192.168.12.156][40482] -> [...18.195.4.121][..443]
detected: [....30] [ip4][..udp] [.192.168.12.156][40482] -> [...18.195.4.121][..443] [STUN][Viber][Network][Acceptable][]
RISK: Known Proto on Non Std Port
diff --git a/test/results/flow-info/default/wa_video.pcap.out b/test/results/flow-info/default/wa_video.pcap.out
index e345f2b4b..eb312e686 100644
--- a/test/results/flow-info/default/wa_video.pcap.out
+++ b/test/results/flow-info/default/wa_video.pcap.out
@@ -30,7 +30,7 @@
detection-update: [.....6] [ip4][..udp] [...192.168.2.12][53688] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
detection-update: [.....5] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
new: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900]
- detected: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
analyse: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.404| 0.176| 0.474| 224629.621| 2.400]
@@ -80,15 +80,15 @@
new: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500]
detected: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900]
- detected: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900]
- detected: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac]
idle: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
idle: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
- idle: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [.....6] [ip4][..udp] [...192.168.2.12][53688] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [.....4] [ip4][..udp] [...192.168.2.12][53688] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
@@ -96,8 +96,8 @@
RISK: Susp Entropy
idle: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
- idle: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [.....7] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [.....5] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
- idle: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/wa_voice.pcap.out b/test/results/flow-info/default/wa_voice.pcap.out
index 935e670de..741d31927 100644
--- a/test/results/flow-info/default/wa_voice.pcap.out
+++ b/test/results/flow-info/default/wa_voice.pcap.out
@@ -2,11 +2,11 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53]
- detected: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- detection-update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
+ detected: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ detection-update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
new: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53]
- detected: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][g.whatsapp.net]
- detection-update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][g.whatsapp.net]
+ detected: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][g.whatsapp.net]
+ detection-update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][g.whatsapp.net]
new: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [MIDSTREAM]
detected: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Apple][Cloud][Acceptable]
new: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621]
@@ -24,8 +24,8 @@
[PKTLENS.....: 64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52]
[ENTROPIES...: 4.5,5.1,5.0,7.2,5.1,6.1,6.0,6.5,7.9,5.9,7.9,6.7,7.9,6.7,7.9,5.0,5.0,5.0,5.1,5.1,5.1,5.0,7.8,5.6,5.9,6.2,5.7,6.2,5.0,7.3,5.0,5.0]
new: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53]
- detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net]
- detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net]
+ detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net]
+ detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net]
new: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443]
detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net]
detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net]
@@ -44,9 +44,9 @@
new: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [MIDSTREAM]
detected: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS][Apple][Web][Safe]
new: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900]
- detected: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900]
- detected: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353]
detected: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_raop._tcp.local]
new: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353]
@@ -77,10 +77,10 @@
detection-update: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
detection-update: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
new: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900]
- detected: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53]
- detected: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][pps.whatsapp.net]
- detection-update: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][pps.whatsapp.net]
+ detected: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][pps.whatsapp.net]
+ detection-update: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][pps.whatsapp.net]
new: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443]
detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net]
detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net]
@@ -134,13 +134,13 @@
detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_homekit._tcp.local]
new: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [MIDSTREAM]
update: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
- update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
- update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net]
- update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][g.whatsapp.net]
+ update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
+ update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net]
+ update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][g.whatsapp.net]
new: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900]
- detected: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900]
- detected: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51]
detected: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Unknown][Network][Acceptable]
idle: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac]
@@ -148,22 +148,22 @@
RISK: Known Proto on Non Std Port
idle: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
- idle: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
- idle: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com]
+ idle: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][www.google.com]
end: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS][Apple][Web][Safe]
idle: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Unknown][Network][Acceptable]
not-detected: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [Unknown][Unknown][Unrated]
idle: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159]
- idle: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net]
- idle: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net]
+ idle: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
- idle: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][pps.whatsapp.net]
- idle: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][g.whatsapp.net]
+ idle: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][pps.whatsapp.net]
+ idle: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][g.whatsapp.net]
idle: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
- idle: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
@@ -171,7 +171,7 @@
end: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net]
idle: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable]
idle: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Apple][Cloud][Acceptable]
- idle: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
- idle: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
+ idle: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/wechat.pcap.out b/test/results/flow-info/default/wechat.pcap.out
index 685b1ed36..ca9ed0a32 100644
--- a/test/results/flow-info/default/wechat.pcap.out
+++ b/test/results/flow-info/default/wechat.pcap.out
@@ -7,8 +7,8 @@
new: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353]
detected: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local]
new: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53]
- detected: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
- detection-update: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
+ detected: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
+ detection-update: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
new: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443]
detected: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Google][Web][Acceptable][safebrowsing.googleusercontent.com]
detection-update: [.....5] [ip4][..tcp] [..192.168.1.103][38657] -> [..172.217.22.14][..443] [TLS.Google][Google][Web][Acceptable][safebrowsing.googleusercontent.com]
@@ -16,13 +16,13 @@
new: [.....6] [ip4][..tcp] [..192.168.1.103][47627] -> [..216.58.205.78][..443] [MIDSTREAM]
new: [.....7] [ip4][..tcp] [..192.168.1.103][53220] -> [..172.217.23.78][..443] [MIDSTREAM]
new: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53]
- detected: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
- detection-update: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
+ detected: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
+ detection-update: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
new: [.....9] [ip4][..udp] [..192.168.1.103][51507] -> [..172.217.23.67][..443]
detected: [.....9] [ip4][..udp] [..192.168.1.103][51507] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable][ssl.gstatic.com]
new: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53]
- detected: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS.GoogleDocs][Unknown][Network][Acceptable][docs.google.com]
- detection-update: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS.GoogleDocs][Unknown][Network][Acceptable][docs.google.com]
+ detected: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][docs.google.com]
+ detection-update: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][docs.google.com]
new: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443]
detected: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443] [QUIC.GoogleDocs][Google][Collaborative][Acceptable][docs.google.com]
new: [....12] [ip4][..tcp] [..192.168.1.103][36017] -> [.64.233.167.188][.5228] [MIDSTREAM]
@@ -105,9 +105,9 @@
[ENTROPIES...: 7.2,5.1,7.8,5.2,7.1,5.0,7.8,5.1,7.1,5.1,7.8,5.1,7.2,5.2,7.8,5.1,7.1,5.0,7.8,5.1,7.0,5.1,7.8,5.1,7.1,5.1,7.8,5.1,7.0,5.1,7.9,5.1]
update: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local]
update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local]
- update: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
- update: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
- update: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS.GoogleDocs][Unknown][Network][Acceptable][docs.google.com]
+ update: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
+ update: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
+ update: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][docs.google.com]
update: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443] [QUIC.GoogleDocs][Google][Collaborative][Acceptable][docs.google.com]
update: [.....9] [ip4][..udp] [..192.168.1.103][51507] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable][ssl.gstatic.com]
new: [....26] [ip4][..tcp] [..192.168.1.103][54097] -> [203.205.151.162][..443]
@@ -157,9 +157,9 @@
update: [.....2] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local]
new: [....30] [ip4][....2] [..192.168.1.103] -> [.....224.0.0.22]
detected: [....30] [ip4][....2] [..192.168.1.103] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
- update: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
- update: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
- update: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS.GoogleDocs][Unknown][Network][Acceptable][docs.google.com]
+ update: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
+ update: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
+ update: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][docs.google.com]
update: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443] [QUIC.GoogleDocs][Google][Collaborative][Acceptable][docs.google.com]
update: [.....9] [ip4][..udp] [..192.168.1.103][51507] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable][ssl.gstatic.com]
new: [....31] [ip4][..tcp] [..192.168.1.103][54099] -> [203.205.151.162][..443]
@@ -229,11 +229,11 @@
detection-update: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
detection-update: [....39] [ip4][..tcp] [..192.168.1.103][54111] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
new: [....41] [ip4][..tcp] [..192.168.1.103][54106] -> [203.205.151.162][..443] [MIDSTREAM]
- idle: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
+ idle: [.....8] [ip4][..udp] [..192.168.1.103][46078] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
end: [....25] [ip4][..tcp] [..192.168.1.103][40740] -> [203.205.151.211][..443] [TLS][Unknown][Web][Safe]
end: [.....6] [ip4][..tcp] [..192.168.1.103][47627] -> [..216.58.205.78][..443] [TLS][Google][Web][Safe]
- idle: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
- idle: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS.GoogleDocs][Unknown][Network][Acceptable][docs.google.com]
+ idle: [.....4] [ip4][..udp] [..192.168.1.103][53734] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][safebrowsing.googleusercontent.com]
+ idle: [....10] [ip4][..udp] [..192.168.1.103][55862] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][docs.google.com]
idle: [....11] [ip4][..udp] [..192.168.1.103][57591] -> [..216.58.198.46][..443] [QUIC.GoogleDocs][Google][Collaborative][Acceptable][docs.google.com]
end: [....16] [ip4][..tcp] [..192.168.1.103][54089] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
end: [....17] [ip4][..tcp] [..192.168.1.103][54090] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
@@ -265,8 +265,8 @@
detection-update: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
detection-update: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
new: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53]
- detected: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Unknown][Network][Fun][res.wx.qq.com]
- detection-update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Unknown][Network][Fun][res.wx.qq.com]
+ detected: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][res.wx.qq.com]
+ detection-update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][res.wx.qq.com]
new: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443]
new: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443]
detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun][res.wx.qq.com]
@@ -285,8 +285,8 @@
detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun][res.wx.qq.com]
RISK: Weak TLS Cipher
new: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53]
- detected: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
- detection-update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
+ detected: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
+ detection-update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
new: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443]
detected: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable][ssl.gstatic.com]
new: [....49] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138]
@@ -302,8 +302,8 @@
detection-update: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
detection-update: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable][ssl.gstatic.com]
- update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Unknown][Network][Fun][res.wx.qq.com]
- update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
+ update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][res.wx.qq.com]
+ update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
analyse: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 7.807| 0.648| 1.839| 3381034.746| 2.500]
@@ -360,11 +360,11 @@
guessed: [....38] [ip4][..tcp] [..192.168.1.103][54110] -> [203.205.151.162][..443] [TLS][Unknown][Web][Safe]
end: [....38] [ip4][..tcp] [..192.168.1.103][54110] -> [203.205.151.162][..443]
update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable][ssl.gstatic.com]
- update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Unknown][Network][Fun][res.wx.qq.com]
- update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
+ update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][res.wx.qq.com]
+ update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
new: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53]
- detected: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][web.wechat.com]
- detection-update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][web.wechat.com]
+ detected: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][web.wechat.com]
+ detection-update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][web.wechat.com]
new: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443]
new: [....56] [ip4][..tcp] [..192.168.1.103][58037] -> [203.205.147.171][..443]
detected: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com]
@@ -417,18 +417,18 @@
detected: [....67] [ip4][..udp] [..192.168.1.100][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][lbjamwptxz]
end: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable][ssl.gstatic.com]
- update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Unknown][Network][Fun][res.wx.qq.com]
- update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
+ update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][res.wx.qq.com]
+ update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
guessed: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] [TLS][Unknown][Web][Safe]
end: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443]
guessed: [....43] [ip4][..tcp] [..192.168.1.103][54114] -> [203.205.151.162][..443] [TLS][Unknown][Web][Safe]
end: [....43] [ip4][..tcp] [..192.168.1.103][54114] -> [203.205.151.162][..443]
- update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][web.wechat.com]
+ update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][web.wechat.com]
idle: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable][ssl.gstatic.com]
- idle: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Unknown][Network][Fun][res.wx.qq.com]
+ idle: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][res.wx.qq.com]
end: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun]
RISK: Weak TLS Cipher
- idle: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
+ idle: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
end: [....50] [ip4][..tcp] [..192.168.1.103][54117] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
end: [....51] [ip4][..tcp] [..192.168.1.103][54118] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
update: [....62] [ip4][..udp] [..192.168.1.100][49832] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable][cansaqcq]
@@ -471,7 +471,7 @@
detection-update: [....73] [ip4][..tcp] [..192.168.1.103][58041] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun][web.wechat.com]
end: [....52] [ip4][..tcp] [..192.168.1.103][54119] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun][web.wechat.com]
end: [....53] [ip4][..tcp] [..192.168.1.103][54120] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun]
- update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][web.wechat.com]
+ update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][web.wechat.com]
update: [....70] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff86:6c5b] [ICMPV6][Unknown][Network][Acceptable]
update: [....68] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
end: [....55] [ip4][..tcp] [..192.168.1.103][58036] -> [203.205.147.171][..443] [TLS.WeChat][Tencent][Chat][Fun]
@@ -497,7 +497,7 @@
guessed: [....56] [ip4][..tcp] [..192.168.1.103][58037] -> [203.205.147.171][..443] [TLS][Tencent][Web][Safe]
end: [....56] [ip4][..tcp] [..192.168.1.103][58037] -> [203.205.147.171][..443]
update: [....70] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ff86:6c5b] [ICMPV6][Unknown][Network][Acceptable]
- update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][web.wechat.com]
+ update: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][web.wechat.com]
update: [....68] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
DAEMON-EVENT: [Processed: 1552 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 30 / 75|skipped: 0|!detected: 0|guessed: 11|detection-updates: 61|updates: 72]
@@ -513,7 +513,7 @@
idle: [....30] [ip4][....2] [..192.168.1.103] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
idle: [....29] [ip4][....2] [..192.168.1.100] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
idle: [....28] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] [IGMP][Unknown][Network][Acceptable]
- idle: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][web.wechat.com]
+ idle: [....54] [ip4][..udp] [..192.168.1.103][60356] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][web.wechat.com]
idle: [.....3] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local]
idle: [....71] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
idle: [....68] [ip6][icmp6] [...............fe80::842:a3f3:a286:6c5b] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
@@ -545,15 +545,15 @@
new: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] [MIDSTREAM]
new: [....88] [ip4][..tcp] [..192.168.1.103][58226] -> [203.205.147.171][..443] [MIDSTREAM]
new: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53]
- detected: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][webpush.web.wechat.com]
+ detected: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com]
new: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53]
- detected: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][webpush.web.wechat.com]
+ detected: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com]
new: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53]
- detected: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][webpush.web.wechat.com]
- detection-update: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][webpush.web.wechat.com]
+ detected: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com]
+ detection-update: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com]
RISK: Unidirectional Traffic
new: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53]
- detected: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][webpush.web.wechat.com]
+ detected: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com]
new: [....93] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1]
detected: [....93] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] [IGMP][Unknown][Network][Acceptable]
new: [....94] [ip4][....2] [..192.168.1.103] -> [.....224.0.0.22]
@@ -567,15 +567,15 @@
new: [....98] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353]
detected: [....98] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local]
update: [....84] [ip4][..udp] [..192.168.1.103][37578] -> [193.204.114.233][..123] [NTP][Unknown][System][Acceptable]
- update: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun]
+ update: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
- update: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun]
- update: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun]
- update: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun]
+ update: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
+ update: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
+ update: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
detected: [....85] [ip4][..tcp] [..192.168.1.103][58143] -> [.216.58.205.131][..443] [TLS][Google][Web][Safe]
RISK: Unidirectional Traffic
new: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53]
- detected: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][webpush.web.wechat.com]
+ detected: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com]
new: [...100] [ip4][..udp] [..192.168.1.103][59567] -> [..192.168.1.254][...53]
detected: [...100] [ip4][..udp] [..192.168.1.103][59567] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com.lan]
new: [...101] [ip4][..udp] [..192.168.1.103][42074] -> [..192.168.1.254][...53]
@@ -588,10 +588,10 @@
RISK: Unidirectional Traffic
new: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138]
detected: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc]
- detection-update: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun][webpush.web.wechat.com]
+ detection-update: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com]
RISK: Unidirectional Traffic
new: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53]
- detected: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com]
+ detected: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com]
detection-update: [...101] [ip4][..udp] [..192.168.1.103][42074] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][ssl.gstatic.com.lan]
RISK: Unidirectional Traffic
detection-update: [...102] [ip4][..udp] [..192.168.1.103][43705] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com.lan]
@@ -608,7 +608,7 @@
RISK: Unidirectional Traffic
new: [...109] [ip4][..udp] [..192.168.1.103][53515] -> [..192.168.1.254][...53]
detected: [...109] [ip4][..udp] [..192.168.1.103][53515] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][webpush.web.wechat.com.lan]
- idle: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun]
+ idle: [....99] [ip4][..udp] [..192.168.1.103][45366] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
idle: [....84] [ip4][..udp] [..192.168.1.103][37578] -> [193.204.114.233][..123] [NTP][Unknown][System][Acceptable]
guessed: [....83] [ip4][..tcp] [..192.168.1.103][34981] -> [...95.101.34.33][...80] [HTTP][Unknown][Web][Acceptable][]
@@ -640,11 +640,11 @@
idle: [....95] [ip4][....2] [..192.168.1.100] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
idle: [....94] [ip4][....2] [..192.168.1.103] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
idle: [....93] [ip4][....2] [..192.168.1.254] -> [......224.0.0.1] [IGMP][Unknown][Network][Acceptable]
- idle: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun]
+ idle: [....91] [ip4][..udp] [..192.168.1.103][56367] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
guessed: [....12] [ip4][..tcp] [..192.168.1.103][36017] -> [.64.233.167.188][.5228] [Google][Google][Web][Acceptable]
idle: [....12] [ip4][..tcp] [..192.168.1.103][36017] -> [.64.233.167.188][.5228]
- idle: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun]
+ idle: [....89] [ip4][..udp] [..192.168.1.103][58165] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
idle: [...100] [ip4][..udp] [..192.168.1.103][59567] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
idle: [....98] [ip6][..udp] [..............fe80::7a92:9cff:fe0f:a88e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
end: [....85] [ip4][..tcp] [..192.168.1.103][58143] -> [.216.58.205.131][..443] [TLS][Google][Web][Safe]
@@ -654,7 +654,7 @@
RISK: Unidirectional Traffic
idle: [...104] [ip4][..udp] [..192.168.1.100][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][giovanni-pc]
idle: [....97] [ip4][..udp] [..192.168.1.103][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
- idle: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun]
+ idle: [....92] [ip4][..udp] [..192.168.1.103][33915] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
guessed: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80] [HTTP][Unknown][Web][Acceptable][]
RISK: Unidirectional Traffic
end: [....87] [ip4][..tcp] [..192.168.1.103][52020] -> [.95.101.180.179][...80]
@@ -670,10 +670,10 @@
RISK: Unidirectional Traffic
idle: [...101] [ip4][..udp] [..192.168.1.103][42074] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
- idle: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable]
+ idle: [...105] [ip4][..udp] [..192.168.1.103][42589] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
idle: [...106] [ip4][..udp] [..192.168.1.103][42856] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
- idle: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] [DNS.WeChat][Unknown][Network][Fun]
+ idle: [....90] [ip4][..udp] [..192.168.1.103][43317] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
idle: [...102] [ip4][..udp] [..192.168.1.103][43705] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
RISK: Unidirectional Traffic
idle: [...103] [ip4][..udp] [..192.168.1.103][44063] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable]
diff --git a/test/results/flow-info/default/weibo.pcap.out b/test/results/flow-info/default/weibo.pcap.out
index 90252be0b..258930a6f 100644
--- a/test/results/flow-info/default/weibo.pcap.out
+++ b/test/results/flow-info/default/weibo.pcap.out
@@ -6,16 +6,16 @@
new: [.....3] [ip4][..tcp] [..192.168.1.105][58481] -> [..216.58.214.78][..443] [MIDSTREAM]
new: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443]
new: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53]
- detected: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][weibo.com]
- detection-update: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][weibo.com]
+ detected: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][weibo.com]
+ detection-update: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][weibo.com]
new: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80]
new: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80]
new: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80]
new: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [MIDSTREAM]
detected: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun][weibo.com]
new: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53]
- detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][www.weibo.com]
- detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][www.weibo.com]
+ detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www.weibo.com]
+ detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www.weibo.com]
new: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80]
detected: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun][www.weibo.com]
new: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] [MIDSTREAM]
@@ -32,8 +32,8 @@
[PKTLENS.....: 60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488]
[ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,5.1,5.1,7.9,5.1,7.9,5.1,5.1,5.1,7.8,5.1,5.2,5.1,7.9,5.1,7.2,5.1,5.1,5.2,7.8,5.1,5.8,5.1,5.2,5.0,7.9,4.9,7.9]
new: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53]
- detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][img.t.sinajs.cn]
- detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][img.t.sinajs.cn]
+ detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][img.t.sinajs.cn]
+ detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][img.t.sinajs.cn]
RISK: Minor Issues
new: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80]
new: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80]
@@ -42,7 +42,7 @@
detected: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn]
detected: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn]
new: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53]
- detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][js.t.sinajs.cn]
+ detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][js.t.sinajs.cn]
analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.314| 0.038| 0.072| 5116.345| 3.500]
@@ -64,16 +64,16 @@
[PKTLENS.....: 60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488]
[ENTROPIES...: 4.6,5.1,4.9,5.9,5.0,5.7,4.8,7.8,4.9,8.0,4.9,7.9,4.8,8.0,4.9,7.9,4.9,5.7,5.0,5.7,5.0,7.9,4.9,7.9,4.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8]
new: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53]
- detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][u1.img.mobile.sina.cn]
+ detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][u1.img.mobile.sina.cn]
new: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53]
detected: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][acjstb.aliyun.com]
RISK: Susp DGA Domain name
new: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53]
- detected: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][g.alicdn.com]
+ detected: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][g.alicdn.com]
new: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53]
- detected: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][log.mmstat.com]
+ detected: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][log.mmstat.com]
new: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53]
- detected: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS.Taobao][Unknown][Network][Acceptable][login.taobao.com]
+ detected: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][login.taobao.com]
new: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80]
new: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80]
new: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80]
@@ -81,19 +81,19 @@
detected: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn]
detected: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn]
detected: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn]
- detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][u1.img.mobile.sina.cn]
+ detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][u1.img.mobile.sina.cn]
new: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53]
- detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][account.weibo.com]
+ detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][account.weibo.com]
new: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80]
- detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][js.t.sinajs.cn]
+ detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][js.t.sinajs.cn]
new: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53]
- detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][c.weibo.cn]
+ detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][c.weibo.cn]
new: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80]
- detection-update: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][g.alicdn.com]
+ detection-update: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][g.alicdn.com]
new: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53]
- detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][data.weibo.com]
+ detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][data.weibo.com]
new: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443]
- detection-update: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][log.mmstat.com]
+ detection-update: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][log.mmstat.com]
new: [....35] [ip4][..tcp] [..192.168.1.105][48352] -> [..140.205.174.1][..443]
new: [....36] [ip4][..tcp] [..192.168.1.105][48353] -> [..140.205.174.1][..443]
new: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80]
@@ -105,7 +105,7 @@
RISK: Susp DGA Domain name, Risky Domain Name
new: [....40] [ip4][..tcp] [..192.168.1.105][52271] -> [..42.156.184.19][..443]
new: [....41] [ip4][..tcp] [..192.168.1.105][52272] -> [..42.156.184.19][..443]
- detection-update: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS.Taobao][Unknown][Network][Acceptable][login.taobao.com]
+ detection-update: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][login.taobao.com]
new: [....42] [ip4][..tcp] [..192.168.1.105][47721] -> [.140.205.170.63][..443]
detected: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][u1.img.mobile.sina.cn]
new: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443]
@@ -149,28 +149,28 @@
guessed: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] [TLS][Alibaba][Web][Safe]
RISK: Unidirectional Traffic
idle: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443]
- idle: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun]
+ idle: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
end: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun][weibo.com]
guessed: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] [HTTP][Unknown][Web][Acceptable][]
idle: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80]
guessed: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80] [HTTP][Unknown][Web][Acceptable][]
idle: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80]
- idle: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun]
+ idle: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
idle: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][acjstb.aliyun.com]
RISK: Susp DGA Domain name, Risky Domain Name
idle: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun]
guessed: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] [HTTP][Unknown][Web][Acceptable][]
RISK: Unidirectional Traffic
idle: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80]
- idle: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][u1.img.mobile.sina.cn]
- idle: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][g.alicdn.com]
- idle: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][log.mmstat.com]
- idle: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][img.t.sinajs.cn]
+ idle: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][u1.img.mobile.sina.cn]
+ idle: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][g.alicdn.com]
+ idle: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][log.mmstat.com]
+ idle: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][img.t.sinajs.cn]
RISK: Minor Issues
guessed: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] [QUIC][Google][Web][Acceptable]
RISK: Susp Entropy
idle: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361]
- idle: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][weibo.com]
+ idle: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][weibo.com]
guessed: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [TLS][AmazonAWS][Web][Safe]
idle: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443]
idle: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun][www.weibo.com]
@@ -198,10 +198,10 @@
idle: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] [TLS.Alibaba][Unknown][Web][Acceptable]
guessed: [....38] [ip4][..tcp] [..192.168.1.105][50831] -> [...47.89.65.229][..443] [TLS][Unknown][Web][Safe]
idle: [....38] [ip4][..tcp] [..192.168.1.105][50831] -> [...47.89.65.229][..443]
- idle: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS.Taobao][Unknown][Network][Acceptable][login.taobao.com]
+ idle: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][login.taobao.com]
guessed: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [TLS][Google][Web][Safe]
idle: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443]
- idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][www.weibo.com]
+ idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www.weibo.com]
guessed: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [TLS][Google][Web][Safe]
idle: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443]
idle: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn]
@@ -213,8 +213,8 @@
idle: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80]
idle: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn]
idle: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun]
- idle: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][js.t.sinajs.cn]
+ idle: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][js.t.sinajs.cn]
guessed: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] [TLS][Google][Web][Safe]
idle: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443]
- idle: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun]
+ idle: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/whatsapp_login_call.pcap.out b/test/results/flow-info/default/whatsapp_login_call.pcap.out
index bd6c9a413..9662e8554 100644
--- a/test/results/flow-info/default/whatsapp_login_call.pcap.out
+++ b/test/results/flow-info/default/whatsapp_login_call.pcap.out
@@ -16,12 +16,12 @@
new: [.....9] [ip4][..tcp] [....192.168.2.4][49165] -> [..17.172.100.55][..443] [MIDSTREAM]
new: [....10] [ip4][..tcp] [....192.168.2.4][49176] -> [..17.130.137.77][..443] [MIDSTREAM]
new: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53]
- detected: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][query.ess.apple.com]
- detection-update: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][query.ess.apple.com]
+ detected: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][query.ess.apple.com]
+ detection-update: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][query.ess.apple.com]
new: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53]
- detected: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][e13.whatsapp.net]
+ detected: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e13.whatsapp.net]
new: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443]
- detection-update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][e13.whatsapp.net]
+ detection-update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e13.whatsapp.net]
new: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222]
new: [....15] [ip4][..tcp] [....192.168.2.4][49203] -> [..17.178.104.14][..443]
detected: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Apple][Web][Safe][query.ess.apple.com]
@@ -144,8 +144,8 @@
detected: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Unknown][Network][Acceptable]
new: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac]
- update: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][query.ess.apple.com]
- update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][e13.whatsapp.net]
+ update: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][query.ess.apple.com]
+ update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e13.whatsapp.net]
new: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353]
detected: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][lucas-imac.local]
new: [....43] [ip6][..udp] [................fe80::da30:62ff:fe56:1c][.5353] -> [...............................ff02::fb][.5353]
@@ -243,8 +243,8 @@
update: [....27] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.91.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
update: [....28] [ip4][..udp] [....192.168.2.4][51518] -> [...31.13.79.192][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
update: [....29] [ip4][..udp] [....192.168.2.4][51518] -> [....31.13.93.48][.3478] [SRTP.WhatsAppCall][Facebook][VoIP][Acceptable]
- update: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][query.ess.apple.com]
- update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][e13.whatsapp.net]
+ update: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][query.ess.apple.com]
+ update: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e13.whatsapp.net]
update: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][lucas-imac.local]
update: [....44] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][lucas-imac.local]
update: [....45] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][lucas-imac.local]
@@ -351,10 +351,10 @@
idle: [.....1] [ip4][..tcp] [....192.168.2.4][49199] -> [..17.172.100.70][..993] [IMAPS][Apple][Email][Safe]
idle: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
- idle: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe][query.ess.apple.com]
+ idle: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][query.ess.apple.com]
end: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Apple][Web][Safe][query.ess.apple.com]
RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS
- idle: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][e13.whatsapp.net]
+ idle: [....12] [ip4][..udp] [....192.168.2.4][52190] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e13.whatsapp.net]
idle: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Unknown][Network][Acceptable]
diff --git a/test/results/flow-info/default/whatsapp_login_chat.pcap.out b/test/results/flow-info/default/whatsapp_login_chat.pcap.out
index 3875e4174..7e3fa439a 100644
--- a/test/results/flow-info/default/whatsapp_login_chat.pcap.out
+++ b/test/results/flow-info/default/whatsapp_login_chat.pcap.out
@@ -4,8 +4,8 @@
new: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621]
detected: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
new: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53]
- detected: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][e12.whatsapp.net]
- detection-update: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][e12.whatsapp.net]
+ detected: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e12.whatsapp.net]
+ detection-update: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e12.whatsapp.net]
new: [.....3] [ip4][..tcp] [....192.168.2.4][49206] -> [...158.85.58.15][.5222]
detected: [.....3] [ip4][..tcp] [....192.168.2.4][49206] -> [...158.85.58.15][.5222] [WhatsApp][Unknown][Chat][Acceptable]
new: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [MIDSTREAM]
@@ -38,7 +38,7 @@
idle: [.....6] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac]
idle: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
idle: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS][Apple][Web][Safe]
- idle: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][e12.whatsapp.net]
+ idle: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e12.whatsapp.net]
idle: [.....8] [ip6][..udp] [...............fe80::189c:c31b:1298:224][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
end: [.....3] [ip4][..tcp] [....192.168.2.4][49206] -> [...158.85.58.15][.5222] [WhatsApp][Unknown][Chat][Acceptable]
idle: [.....7] [ip4][..udp] [....192.168.2.4][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
diff --git a/test/results/flow-info/default/zoom.pcap.out b/test/results/flow-info/default/zoom.pcap.out
index e406925af..97c0573b2 100644
--- a/test/results/flow-info/default/zoom.pcap.out
+++ b/test/results/flow-info/default/zoom.pcap.out
@@ -17,12 +17,12 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.1.117][54854] -> [..172.217.21.72][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagmanager.com]
RISK: Obsolete TLS (v1.1 or older), Unidirectional Traffic
new: [.....5] [ip4][..udp] [..192.168.1.117][57025] -> [239.255.255.250][.1900]
- detected: [.....5] [ip4][..udp] [..192.168.1.117][57025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ detected: [.....5] [ip4][..udp] [..192.168.1.117][57025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [.....6] [ip4][..udp] [..192.168.1.117][..137] -> [..192.168.1.255][..137]
detected: [.....6] [ip4][..udp] [..192.168.1.117][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable][workgroup]
new: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53]
- detected: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][log.zoom.us]
- detection-update: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][log.zoom.us]
+ detected: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][log.zoom.us]
+ detection-update: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][log.zoom.us]
new: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443]
new: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53]
detected: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][local]
@@ -53,8 +53,8 @@
detected: [....18] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e]
new: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443]
new: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53]
- detected: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][www3.zoom.us]
- detection-update: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][www3.zoom.us]
+ detected: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www3.zoom.us]
+ detection-update: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www3.zoom.us]
new: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443]
detected: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Zoom][Video][Acceptable][zoom.us]
detected: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Zoom][Video][Acceptable][www3.zoom.us]
@@ -75,16 +75,16 @@
new: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621]
detected: [....22] [ip4][..udp] [..192.168.1.117][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
new: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53]
- detected: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][zoomfr85zc.zoom.us]
+ detected: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfr85zc.zoom.us]
new: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53]
- detected: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][zoomfr84zc.zoom.us]
+ detected: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfr84zc.zoom.us]
new: [....25] [ip4][..tcp] [..192.168.1.117][54867] -> [.213.19.144.105][..443]
new: [....26] [ip4][..tcp] [..192.168.1.117][54868] -> [.213.19.144.104][..443]
- detection-update: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][zoomfr85zc.zoom.us]
+ detection-update: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfr85zc.zoom.us]
new: [....27] [ip4][..tcp] [..192.168.1.117][54869] -> [.213.244.140.85][..443]
detected: [....25] [ip4][..tcp] [..192.168.1.117][54867] -> [.213.19.144.105][..443] [TLS.Zoom][Zoom][Video][Acceptable][zoomam105zc.zoom.us]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][zoomfr84zc.zoom.us]
+ detection-update: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfr84zc.zoom.us]
new: [....28] [ip4][..tcp] [..192.168.1.117][54870] -> [.213.244.140.84][..443]
detected: [....26] [ip4][..tcp] [..192.168.1.117][54868] -> [.213.19.144.104][..443] [TLS.Zoom][Zoom][Video][Acceptable][zoomam104zc.zoom.us]
RISK: TLS (probably) Not Carrying HTTPS
@@ -109,8 +109,8 @@
detection-update: [....28] [ip4][..tcp] [..192.168.1.117][54870] -> [.213.244.140.84][..443] [TLS.Zoom][Zoom][Video][Acceptable][zoomfr84zc.zoom.us]
RISK: TLS (probably) Not Carrying HTTPS
new: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53]
- detected: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][zoomfrn99mmr.zoom.us]
- detection-update: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][zoomfrn99mmr.zoom.us]
+ detected: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfrn99mmr.zoom.us]
+ detection-update: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfrn99mmr.zoom.us]
new: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443]
detected: [....30] [ip4][..tcp] [..192.168.1.117][54871] -> [..109.94.160.99][..443] [TLS.Zoom][Unknown][Video][Acceptable][zoomfrn99mmr.zoom.us]
RISK: TLS (probably) Not Carrying HTTPS
@@ -182,7 +182,7 @@
ERROR-EVENT: Unknown packet type [15/16]
ERROR-EVENT: Unknown packet type [16/16]
idle: [....31] [ip4][..udp] [..192.168.1.117][58327] -> [..109.94.160.99][.8801] [Zoom][Unknown][Video][Acceptable]
- idle: [.....5] [ip4][..udp] [..192.168.1.117][57025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
+ idle: [.....5] [ip4][..udp] [..192.168.1.117][57025] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [....13] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
idle: [....12] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.37.14][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
idle: [....14] [ip4][..udp] [..192.168.1.117][23903] -> [..162.255.38.14][.3479] [STUN.Zoom][Zoom][Video][Acceptable]
@@ -195,20 +195,20 @@
idle: [.....4] [ip4][..tcp] [..192.168.1.117][54341] -> [.62.149.152.153][..993] [IMAPS][Unknown][Email][Safe]
RISK: Unidirectional Traffic
idle: [....32] [ip4][..udp] [..192.168.1.117][60620] -> [..109.94.160.99][.8801] [Zoom][Unknown][Video][Acceptable]
- idle: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][zoomfrn99mmr.zoom.us]
+ idle: [....29] [ip4][..udp] [..192.168.1.117][51185] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfrn99mmr.zoom.us]
idle: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] [Zoom][Unknown][Video][Acceptable]
idle: [....17] [ip4][.icmp] [..192.168.1.117] -> [..162.255.38.14] [ICMP][Zoom][Network][Acceptable]
idle: [....18] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e]
- idle: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][zoomfr84zc.zoom.us]
+ idle: [....24] [ip4][..udp] [..192.168.1.117][58063] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfr84zc.zoom.us]
idle: [....16] [ip4][..tcp] [..192.168.1.117][53872] -> [..35.186.224.53][..443] [TLS][GoogleCloud][Web][Safe]
guessed: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] [HTTP][Google][Web][Acceptable][]
idle: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80]
- idle: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][zoomfr85zc.zoom.us]
- idle: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][www3.zoom.us]
+ idle: [....23] [ip4][..udp] [..192.168.1.117][62563] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][zoomfr85zc.zoom.us]
+ idle: [....20] [ip4][..udp] [..192.168.1.117][62988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][www3.zoom.us]
idle: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Zoom][Video][Acceptable]
idle: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Zoom][Video][Acceptable]
idle: [....21] [ip4][..tcp] [..192.168.1.117][54866] -> [..52.202.62.236][..443] [TLS.Zoom][Zoom][Video][Acceptable][www3.zoom.us]
- idle: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS.Zoom][Unknown][Network][Acceptable][log.zoom.us]
+ idle: [.....7] [ip4][..udp] [..192.168.1.117][64352] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][log.zoom.us]
idle: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][local]
RISK: Error Code
idle: [....10] [ip4][.icmp] [..192.168.1.117] -> [....192.168.1.1] [ICMP][Unknown][Network][Acceptable]
Powered by cgit, Themed by Ted Yin.