summaryrefslogtreecommitdiff
path: root/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out')
-rw-r--r--test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out73
1 files changed, 73 insertions, 0 deletions
diff --git a/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out b/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out
new file mode 100644
index 000000000..771f5c167
--- /dev/null
+++ b/test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out
@@ -0,0 +1,73 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
+ analyse: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 28.648| 1.860| 7.030| 49424738.812| 1.100]
+ [PKTLEN......: 42.000| 2960.000| 308.700| 576.000| 331721.900| 3.600]
+ [BINS(c->s)..: 6,2,1,2,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 7,3,1,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,1,0,0,0,1,1,1]
+ [IATS(ms)....: 50.3,51.1,0.6,51.7,0.1,0.0,0.1,51.3,1.4,0.0,1.9,0.5,0.2,0.2,0.0,51.7,0.0,0.0,0.1,50.1,0.4,8.1,0.0,8.1,85.1,28647.7,0.0,0.1,28613.9,0.0,0.0]
+ [PKTLENS.....: 52,52,42,557,46,153,1500,2960,42,378,49,42,166,145,502,550,160,91,118,46,42,78,439,78,42,46,113,86,1125,46,46,86]
+ [ENTROPIES...: 4.7,4.8,4.7,5.8,4.4,5.8,7.2,7.3,4.7,7.4,4.8,4.7,6.2,6.3,7.6,7.6,6.6,5.4,6.1,4.4,4.7,5.4,7.5,5.4,4.7,4.5,6.0,5.6,7.8,4.4,4.5,5.5]
+ guessed: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443] [TLS][AmazonAWS][Web][Safe]
+ RISK: Susp Entropy
+ DAEMON-EVENT: [Processed: 63 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0]
+ new: [.....2] [ip4][..tcp] [194.226.199.226][34101] -> [..8.247.226.126][...80]
+ end: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443] [TLS][AmazonAWS][Web][Safe]
+ RISK: Susp Entropy
+ new: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
+ analyse: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 0.030| 0.007| 0.011| 122.098| 3.500]
+ [PKTLEN......: 42.000| 2864.000| 672.800| 1000.300| 1000640.100| 3.700]
+ [BINS(c->s)..: 11,1,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 3,1,1,0,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,6]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,1,1,1,1,0,1,1,0,0,1,0,1,0,1,0]
+ [IATS(ms)....: 24.1,24.4,0.4,25.0,2.4,0.0,0.0,27.4,0.3,4.7,29.9,0.0,24.6,1.2,0.0,0.1,26.5,0.0,0.3,0.0,25.6,0.9,0.5,1.6,0.3,1.0,1.0,1.3,1.2,1.0,1.3]
+ [PKTLENS.....: 52,52,42,258,46,2088,2088,462,42,42,133,318,109,42,217,361,78,46,78,364,1452,42,1452,2864,42,42,2864,42,2864,42,2864,42]
+ [ENTROPIES...: 4.6,5.0,4.7,5.7,4.5,7.4,7.6,7.4,4.7,4.7,5.8,7.0,5.8,4.7,6.9,7.4,5.3,4.5,5.2,7.3,7.9,4.6,7.9,7.9,4.7,4.8,7.9,4.8,7.9,4.8,7.9,4.6]
+ guessed: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443] [TLS][GoogleCloud][Web][Safe]
+ RISK: Susp Entropy
+ guessed: [.....2] [ip4][..tcp] [194.226.199.226][34101] -> [..8.247.226.126][...80] [HTTP][Unknown][Web][Acceptable][]
+ end: [.....2] [ip4][..tcp] [194.226.199.226][34101] -> [..8.247.226.126][...80]
+ DAEMON-EVENT: [Processed: 160 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 3|detection-updates: 0|updates: 0]
+ new: [.....4] [ip4][..tcp] [..194.226.199.9][49756] -> [..92.223.106.21][..443]
+ new: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443]
+ end: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443] [TLS][GoogleCloud][Web][Safe]
+ RISK: Susp Entropy
+ analyse: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: 0.000| 5.456| 0.293| 1.017| 1033283.961| 1.700]
+ [PKTLEN......: 42.000| 2883.000| 385.900| 734.400| 539373.900| 3.400]
+ [BINS(c->s)..: 14,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 6,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2]
+ [DIRECTIONS..: 0,0,1,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0]
+ [IATS(ms)....: 0.0,10.5,0.0,1548.8,0.0,1559.9,0.0,2.5,0.0,14.1,0.0,4.4,0.0,0.1,0.0,17.1,0.0,0.0,0.0,4.7,0.0,18.5,0.0,216.2,0.0,213.8,0.0,10.4,0.0,5455.6,0.0]
+ [PKTLENS.....: 52,52,46,46,46,46,42,42,609,609,46,46,1450,1450,2883,2883,42,42,42,42,166,166,298,298,42,42,298,298,42,42,71,71]
+ [ENTROPIES...: 4.5,4.5,4.8,4.8,4.8,4.8,4.8,4.8,7.1,7.1,4.6,4.6,7.2,7.2,7.5,7.5,4.7,4.7,4.7,4.7,6.3,6.3,7.1,7.1,4.8,4.8,7.1,7.1,4.7,4.7,5.2,5.2]
+ guessed: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443] [TLS][Unknown][Web][Safe]
+ new: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443]
+ analyse: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.635| 0.323| 0.688| 472790.598| 2.800]
+ [PKTLEN......: 42.000| 2960.000| 481.700| 697.200| 486142.700| 3.800]
+ [BINS(c->s)..: 8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+ [BINS(s->c)..: 9,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,1]
+ [DIRECTIONS..: 0,1,1,0,0,0,1,1,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0]
+ [IATS(ms)....: 9.8,15.3,2065.2,1.8,0.1,2048.2,2.0,1.8,0.8,0.0,2.2,39.4,217.2,216.0,433.2,854.7,2634.8,0.8,114.8,2.4,133.5,0.3,1201.5,0.2,0.0,0.0,0.2,0.1,15.7,0.4,0.9]
+ [PKTLENS.....: 52,52,52,52,42,561,52,52,46,2960,1216,1500,52,46,1500,1500,1500,52,52,42,42,120,138,46,311,327,46,101,71,1500,658,673]
+ [ENTROPIES...: 4.8,5.0,5.0,4.8,4.6,6.8,5.0,5.0,4.6,7.9,7.8,7.9,4.8,5.1,7.9,7.9,7.9,4.9,4.8,4.7,4.8,6.3,6.6,4.6,7.3,7.3,4.6,6.2,5.8,7.9,7.6,7.7]
+ guessed: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443] [TLS][Unknown][Web][Safe]
+ RISK: Susp Entropy
+ idle: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443] [TLS][Unknown][Web][Safe]
+ RISK: Susp Entropy
+ guessed: [.....4] [ip4][..tcp] [..194.226.199.9][49756] -> [..92.223.106.21][..443] [TLS][Unknown][Web][Safe]
+ RISK: Susp Entropy
+ end: [.....4] [ip4][..tcp] [..194.226.199.9][49756] -> [..92.223.106.21][..443]
+ end: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443] [TLS][Unknown][Web][Safe]
+ DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.