summaryrefslogtreecommitdiff
path: root/test/results/flow-info/default/alexa-app.pcapng.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/default/alexa-app.pcapng.out')
-rw-r--r--test/results/flow-info/default/alexa-app.pcapng.out138
1 files changed, 69 insertions, 69 deletions
diff --git a/test/results/flow-info/default/alexa-app.pcapng.out b/test/results/flow-info/default/alexa-app.pcapng.out
index 899fb370e..a9798896f 100644
--- a/test/results/flow-info/default/alexa-app.pcapng.out
+++ b/test/results/flow-info/default/alexa-app.pcapng.out
@@ -122,9 +122,9 @@
detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
analyse: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.091| 0.022| 0.031| 964.249| 3.600]
- [PKTLEN......: 52.000| 1500.000| 580.300| 637.000| 405792.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.091| 0.022| 0.031| 964.249| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 580.300| 637.000| 405792.100| 4.100]
[BINS(c->s)..: 11,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,1,1,1,1,1,0,0,0]
@@ -138,9 +138,9 @@
detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
ERROR-EVENT: Unknown packet type [1/16]
analyse: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.016| 0.161| 0.286| 81844.249| 3.400]
- [PKTLEN......: 40.000| 1500.000| 366.200| 485.100| 235358.500| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.016| 0.161| 0.286| 81844.249| 3.400]
+ [PKTLEN......: 40.000| 1500.000| 366.200| 485.100| 235358.500| 3.900]
[BINS(c->s)..: 12,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0]
@@ -185,9 +185,9 @@
detection-update: [....45] [ip4][..tcp] [..172.16.42.216][49589] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
RISK: Error Code
analyse: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.836| 0.167| 0.244| 59552.047| 3.700]
- [PKTLEN......: 40.000| 1500.000| 387.000| 534.600| 285800.000| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.836| 0.167| 0.244| 59552.047| 3.700]
+ [PKTLEN......: 40.000| 1500.000| 387.000| 534.600| 285800.000| 3.900]
[BINS(c->s)..: 10,0,0,1,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,0,0,1,1,0,0,1,0]
@@ -216,9 +216,9 @@
detection-update: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
detection-update: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
analyse: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.352| 0.044| 0.079| 6215.196| 3.500]
- [PKTLEN......: 40.000| 1500.000| 643.200| 676.900| 458225.800| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.352| 0.044| 0.079| 6215.196| 3.500]
+ [PKTLEN......: 40.000| 1500.000| 643.200| 676.900| 458225.800| 4.100]
[BINS(c->s)..: 4,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,11,0,0]
[BINS(s->c)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,0]
@@ -266,9 +266,9 @@
detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][api.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 2.897| 0.237| 0.560| 313730.662| 2.800]
- [PKTLEN......: 52.000| 1500.000| 603.100| 665.400| 442821.700| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.897| 0.237| 0.560| 313730.662| 2.800]
+ [PKTLEN......: 52.000| 1500.000| 603.100| 665.400| 442821.700| 4.100]
[BINS(c->s)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0]
[BINS(s->c)..: 7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1]
@@ -276,9 +276,9 @@
[PKTLENS.....: 60,60,52,569,52,208,52,103,1500,1500,125,1500,1500,1481,52,52,52,52,1500,1500,1209,1209,1500,1500,1500,52,64,64,64,64,52,52]
[ENTROPIES...: 4.7,5.3,5.0,6.1,5.0,6.6,5.1,5.6,7.9,7.9,6.4,7.9,7.9,7.9,5.0,5.0,5.0,4.9,7.9,7.9,7.8,7.8,7.9,7.9,7.9,4.9,5.0,5.1,5.1,5.1,5.1,5.0]
analyse: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.486| 0.102| 0.138| 19130.661| 3.700]
- [PKTLEN......: 40.000| 1500.000| 686.300| 682.000| 465082.800| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.486| 0.102| 0.138| 19130.661| 3.700]
+ [PKTLEN......: 40.000| 1500.000| 686.300| 682.000| 465082.800| 4.200]
[BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 6,1,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -384,9 +384,9 @@
detected: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
detected: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
analyse: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.570| 0.289| 0.417| 173871.694| 3.700]
- [PKTLEN......: 40.000| 1500.000| 371.100| 516.000| 266233.000| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.570| 0.289| 0.417| 173871.694| 3.700]
+ [PKTLEN......: 40.000| 1500.000| 371.100| 516.000| 266233.000| 3.900]
[BINS(c->s)..: 8,1,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0]
@@ -411,9 +411,9 @@
new: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443]
detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
analyse: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.192| 0.160| 0.282| 79548.359| 3.500]
- [PKTLEN......: 40.000| 1500.000| 343.000| 486.700| 236894.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.192| 0.160| 0.282| 79548.359| 3.500]
+ [PKTLEN......: 40.000| 1500.000| 343.000| 486.700| 236894.100| 3.900]
[BINS(c->s)..: 4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[BINS(s->c)..: 10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1]
@@ -423,9 +423,9 @@
detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
analyse: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.080| 0.209| 0.303| 92031.574| 3.700]
- [PKTLEN......: 40.000| 1500.000| 360.500| 516.500| 266795.300| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.080| 0.209| 0.303| 92031.574| 3.700]
+ [PKTLEN......: 40.000| 1500.000| 360.500| 516.500| 266795.300| 3.800]
[BINS(c->s)..: 7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1]
@@ -477,9 +477,9 @@
detection-update: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][skills-store.amazon.com]
RISK: Weak TLS Cipher
analyse: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.326| 0.037| 0.075| 5555.152| 3.000]
- [PKTLEN......: 40.000| 1500.000| 545.400| 489.800| 239933.900| 4.400]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.326| 0.037| 0.075| 5555.152| 3.000]
+ [PKTLEN......: 40.000| 1500.000| 545.400| 489.800| 239933.900| 4.400]
[BINS(c->s)..: 7,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,1]
@@ -487,9 +487,9 @@
[PKTLENS.....: 60,48,40,251,1500,1275,40,40,366,46,99,1500,270,46,1021,589,589,589,40,40,1500,1500,741,1101,589,589,589,589,589,589,40,589]
[ENTROPIES...: 4.6,5.2,4.8,5.6,7.3,7.3,4.9,4.9,7.3,4.6,6.1,7.9,7.2,4.6,7.8,7.7,7.6,7.6,4.9,4.8,7.9,7.9,7.7,7.8,7.6,7.6,7.7,7.6,7.6,7.6,4.9,7.7]
analyse: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.933| 0.089| 0.198| 39194.591| 3.000]
- [PKTLEN......: 40.000| 1500.000| 450.100| 541.500| 293230.800| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.933| 0.089| 0.198| 39194.591| 3.000]
+ [PKTLEN......: 40.000| 1500.000| 450.100| 541.500| 293230.800| 4.000]
[BINS(c->s)..: 11,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[BINS(s->c)..: 4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0]
@@ -497,9 +497,9 @@
[PKTLENS.....: 60,48,40,251,1500,1275,40,40,366,46,99,40,1500,254,46,1500,1500,46,1021,589,589,589,589,589,1469,77,40,40,40,40,40,40]
[ENTROPIES...: 4.7,5.2,4.8,5.6,7.2,7.3,4.8,4.8,7.3,4.7,6.1,4.9,7.9,7.2,4.5,7.9,7.9,4.7,7.8,7.6,7.7,7.7,7.6,7.6,7.9,5.7,4.8,4.8,4.9,4.8,4.9,4.9]
analyse: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 9.247| 1.357| 2.197| 4827473.510| 3.500]
- [PKTLEN......: 40.000| 1500.000| 425.800| 556.200| 309356.400| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 9.247| 1.357| 2.197| 4827473.510| 3.500]
+ [PKTLEN......: 40.000| 1500.000| 425.800| 556.200| 309356.400| 3.900]
[BINS(c->s)..: 9,1,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1]
@@ -507,9 +507,9 @@
[PKTLENS.....: 60,60,48,48,40,40,279,279,279,125,93,40,40,99,46,1500,1118,1500,1500,1500,46,1118,46,941,40,1500,222,46,845,40,40,46]
[ENTROPIES...: 4.7,4.7,5.2,5.1,4.9,4.9,5.8,5.8,5.8,6.0,5.9,4.7,4.8,6.0,4.6,7.9,7.8,7.9,7.9,7.9,4.6,7.8,4.6,7.8,4.7,7.9,6.9,4.7,7.7,4.9,4.9,4.5]
analyse: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 19.096| 0.770| 3.358| 11273140.961| 1.400]
- [PKTLEN......: 40.000| 1500.000| 267.500| 412.900| 170449.200| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 19.096| 0.770| 3.358| 11273140.961| 1.400]
+ [PKTLEN......: 40.000| 1500.000| 267.500| 412.900| 170449.200| 3.900]
[BINS(c->s)..: 7,0,1,1,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 8,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,0,0]
@@ -578,9 +578,9 @@
detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
analyse: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.295| 0.052| 0.098| 9533.209| 3.000]
- [PKTLEN......: 52.000| 1500.000| 597.000| 635.800| 404189.900| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.295| 0.052| 0.098| 9533.209| 3.000]
+ [PKTLEN......: 52.000| 1500.000| 597.000| 635.800| 404189.900| 4.100]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0]
@@ -592,9 +592,9 @@
detection-update: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][skills-store.amazon.com]
RISK: Weak TLS Cipher
analyse: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 1.107| 0.141| 0.257| 65864.266| 3.200]
- [PKTLEN......: 40.000| 1500.000| 430.000| 555.400| 308431.600| 4.000]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.107| 0.141| 0.257| 65864.266| 3.200]
+ [PKTLEN......: 40.000| 1500.000| 430.000| 555.400| 308431.600| 4.000]
[BINS(c->s)..: 7,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[BINS(s->c)..: 6,2,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1]
@@ -614,9 +614,9 @@
detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
analyse: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.179| 0.023| 0.044| 1924.322| 3.100]
- [PKTLEN......: 52.000| 1500.000| 743.400| 681.300| 464196.800| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.179| 0.023| 0.044| 1924.322| 3.100]
+ [PKTLEN......: 52.000| 1500.000| 743.400| 681.300| 464196.800| 4.300]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0]
@@ -640,9 +640,9 @@
update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable]
update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable]
analyse: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.511| 0.042| 0.110| 12114.281| 2.500]
- [PKTLEN......: 52.000| 1500.000| 679.600| 671.900| 451493.000| 4.200]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.511| 0.042| 0.110| 12114.281| 2.500]
+ [PKTLEN......: 52.000| 1500.000| 679.600| 671.900| 451493.000| 4.200]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1]
@@ -660,9 +660,9 @@
idle: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
idle: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2] [ICMPV6][Unknown][Network][Acceptable]
analyse: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 120.003| 3.968| 21.185| 448816230.695| 0.300]
- [PKTLEN......: 52.000| 1500.000| 436.500| 570.000| 324877.800| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 120.003| 3.968| 21.185| 448816230.695| 0.300]
+ [PKTLEN......: 52.000| 1500.000| 436.500| 570.000| 324877.800| 3.900]
[BINS(c->s)..: 9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0]
[BINS(s->c)..: 7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1]
@@ -783,9 +783,9 @@
detection-update: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
new: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443]
analyse: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 8.001| 0.664| 1.905| 3629965.115| 2.500]
- [PKTLEN......: 40.000| 1500.000| 424.700| 584.700| 341856.600| 3.800]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 8.001| 0.664| 1.905| 3629965.115| 2.500]
+ [PKTLEN......: 40.000| 1500.000| 424.700| 584.700| 341856.600| 3.800]
[BINS(c->s)..: 9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0]
@@ -816,9 +816,9 @@
detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.106| 0.022| 0.031| 964.869| 3.600]
- [PKTLEN......: 52.000| 1500.000| 525.800| 600.400| 360465.600| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.106| 0.022| 0.031| 964.869| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 525.800| 600.400| 360465.600| 4.100]
[BINS(c->s)..: 9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0]
@@ -880,9 +880,9 @@
detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.241| 0.031| 0.057| 3274.655| 3.400]
- [PKTLEN......: 52.000| 1500.000| 620.400| 578.400| 334504.200| 4.300]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.241| 0.031| 0.057| 3274.655| 3.400]
+ [PKTLEN......: 52.000| 1500.000| 620.400| 578.400| 334504.200| 4.300]
[BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -892,9 +892,9 @@
new: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53]
detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
analyse: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 0.264| 0.057| 0.086| 7393.244| 3.600]
- [PKTLEN......: 52.000| 1500.000| 532.200| 595.200| 354289.100| 4.100]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.264| 0.057| 0.086| 7393.244| 3.600]
+ [PKTLEN......: 52.000| 1500.000| 532.200| 595.200| 354289.100| 4.100]
[BINS(c->s)..: 12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0]
@@ -907,9 +907,9 @@
detected: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
new: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443]
analyse: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
- min| max| avg| stddev| variance| entropy
- [IAT.........: 0.000| 7.471| 0.614| 1.478| 2183643.136| 2.800]
- [PKTLEN......: 40.000| 1500.000| 526.200| 637.500| 406420.100| 3.900]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 7.471| 0.614| 1.478| 2183643.136| 2.800]
+ [PKTLEN......: 40.000| 1500.000| 526.200| 637.500| 406420.100| 3.900]
[BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1]
Powered by cgit, Themed by Ted Yin.