aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/default/starcraft_battle.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/default/starcraft_battle.pcap.out')
-rw-r--r--test/results/flow-info/default/starcraft_battle.pcap.out111
1 files changed, 49 insertions, 62 deletions
diff --git a/test/results/flow-info/default/starcraft_battle.pcap.out b/test/results/flow-info/default/starcraft_battle.pcap.out
index 806e8ab94..653b593a8 100644
--- a/test/results/flow-info/default/starcraft_battle.pcap.out
+++ b/test/results/flow-info/default/starcraft_battle.pcap.out
@@ -6,14 +6,12 @@
new: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53]
detected: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][91.252.30.192.in-addr.arpa]
detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][100.1.168.192.in-addr.arpa]
- RISK: Unidirectional Traffic
detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][100.1.168.192.in-addr.arpa]
RISK: Minor Issues
new: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] [MIDSTREAM]
new: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53]
detected: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][254.1.168.192.in-addr.arpa]
detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][26.186.239.80.in-addr.arpa]
- RISK: Unidirectional Traffic
detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][254.1.168.192.in-addr.arpa]
RISK: Error Code
detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][26.186.239.80.in-addr.arpa]
@@ -27,7 +25,6 @@
new: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53]
detected: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][22.40.194.173.in-addr.arpa]
detection-update: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][110.212.58.216.in-addr.arpa]
- RISK: Unidirectional Traffic
detection-update: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][110.212.58.216.in-addr.arpa]
new: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119] [MIDSTREAM]
new: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228] [MIDSTREAM]
@@ -38,17 +35,12 @@
detected: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com]
new: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53]
detected: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][llnw.blizzard.com]
- RISK: Susp DGA Domain name
- detection-update: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][llnw.blizzard.com]
- RISK: Susp DGA Domain name, Unidirectional Traffic
detection-update: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][llnw.blizzard.com]
- RISK: Susp DGA Domain name, Risky Domain Name
new: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80]
- detected: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Web][Acceptable][llnw.blizzard.com]
- RISK: Susp DGA Domain name
- detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com]
- RISK: Susp DGA Domain name, Binary File/Data Transfer (Attempt)
- analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com]
+ detected: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP.Blizzard][Unknown][Game][Fun][llnw.blizzard.com]
+ detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP.Blizzard][Unknown][Download][Fun][llnw.blizzard.com]
+ RISK: Binary File/Data Transfer (Attempt)
+ analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP.Blizzard][Unknown][Download][Fun][llnw.blizzard.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.072| 0.012| 0.024| 562.008| 2.800]
[PKTLEN......: 40.000| 1500.000| 685.500| 719.000| 516967.300| 4.100]
@@ -86,19 +78,16 @@
new: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53]
detected: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][nydus.battle.net]
detection-update: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][nydus.battle.net]
- RISK: Unidirectional Traffic
- detection-update: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][nydus.battle.net]
new: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80]
- detected: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
+ detected: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
new: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80]
- detected: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
+ detected: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.launcher.battle.net]
new: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119]
new: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80]
- detected: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
+ detected: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
new: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80]
- detected: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun]
- detected: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
- analyse: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun]
+ detected: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.launcher.battle.net]
+ analyse: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.166| 0.038| 0.053| 2837.592| 3.600]
[PKTLEN......: 40.000| 783.000| 102.400| 136.000| 18494.500| 4.300]
@@ -108,43 +97,42 @@
[IATS(ms)....: 52.5,52.6,94.6,145.7,24.3,95.1,95.9,166.3,70.9,49.6,160.3,31.2,128.6,15.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0]
[PKTLENS.....: 52,46,40,142,46,783,40,220,303,40,235,46,108,42,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63]
[ENTROPIES...: 4.5,4.6,4.7,5.4,4.5,7.8,5.0,7.1,7.2,4.9,6.2,4.7,5.0,4.8,5.6,5.5,5.6,5.6,5.6,5.7,5.5,5.5,5.5,5.7,5.7,5.7,5.5,5.6,5.6,5.7,5.6,5.6]
+ guessed: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Blizzard][Unknown][Game][Fun]
new: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119]
new: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119]
new: [....36] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.212][.1119]
new: [....37] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.166][.1119]
new: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80]
- detected: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
+ detected: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
new: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80]
- detected: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
+ detected: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.launcher.battle.net]
new: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80]
new: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80]
- detected: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
- detected: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
+ detected: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
+ detected: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
new: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80]
new: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80]
- detected: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable][eu.battle.net]
- detected: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable][eu.battle.net]
+ detected: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.battle.net]
+ detected: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.battle.net]
new: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53]
detected: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][bnetcmsus-a.akamaihd.net]
detection-update: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][bnetcmsus-a.akamaihd.net]
- RISK: Unidirectional Traffic
- detection-update: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][bnetcmsus-a.akamaihd.net]
new: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80]
new: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80]
new: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80]
new: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80]
new: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80]
- detected: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
+ detected: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
new: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80]
new: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80]
- detected: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- detected: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- detected: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- detected: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
+ detected: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ detected: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ detected: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ detected: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
new: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80]
- detected: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- detected: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- analyse: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
+ detected: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ detected: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ analyse: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.034| 0.007| 0.013| 169.003| 2.900]
[PKTLEN......: 40.000| 1500.000| 866.800| 718.400| 516058.300| 4.300]
@@ -154,13 +142,13 @@
[IATS(ms)....: 32.5,32.5,1.6,34.3,1.1,0.1,33.9,0.2,0.1,0.3,0.1,0.3,0.4,0.2,0.1,0.3,0.1,0.1,0.2,0.1,0.6,0.7,0.1,0.1,0.2,0.1,0.1,0.3,32.9,0.3,33.2]
[PKTLENS.....: 52,52,40,189,46,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40]
[ENTROPIES...: 4.5,4.8,4.7,5.8,4.5,5.9,7.7,4.7,7.8,7.8,4.7,7.8,7.7,4.7,7.7,7.8,4.7,7.8,7.8,4.7,7.8,7.8,4.7,7.7,7.8,4.7,7.8,7.7,4.7,7.8,7.8,4.7]
- idle: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- idle: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- idle: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- idle: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- idle: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
- idle: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable]
- idle: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable]
+ idle: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ idle: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ idle: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ idle: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ idle: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun][bnetcmsus-a.akamaihd.net]
+ idle: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun]
+ idle: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP.Blizzard][Unknown][Game][Fun]
guessed: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][]
RISK: Unidirectional Traffic
idle: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80]
@@ -173,17 +161,17 @@
end: [....20] [ip4][..tcp] [..192.168.1.100][.3491] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
end: [....17] [ip4][..tcp] [..192.168.1.100][.3492] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
idle: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][nydus.battle.net]
- end: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
- end: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
- end: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
- end: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
- end: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
- end: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
- end: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
- end: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
- end: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable][eu.battle.net]
- end: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable][eu.battle.net]
- guessed: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] [Starcraft][Unknown][Game][Fun]
+ end: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
+ end: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.launcher.battle.net]
+ end: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
+ end: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.launcher.battle.net]
+ end: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
+ end: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.launcher.battle.net]
+ end: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
+ end: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] [HTTP.Blizzard][Unknown][Game][Fun][nydus.battle.net]
+ end: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.battle.net]
+ end: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP.Blizzard][Unknown][Game][Fun][eu.battle.net]
+ guessed: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] [Blizzard][Unknown][Game][Fun]
idle: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119]
guessed: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] [TLS][Unknown][Web][Safe]
RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt
@@ -192,14 +180,14 @@
RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt
end: [.....5] [ip4][..tcp] [..80.239.186.40][..443] -> [..192.168.1.100][.3478]
idle: [....27] [ip4][....2] [..192.168.1.107] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
- guessed: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119] [Starcraft][Unknown][Game][Fun]
+ guessed: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119] [Blizzard][Unknown][Game][Fun]
end: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119]
idle: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][bnetcmsus-a.akamaihd.net]
- end: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com]
- RISK: Susp DGA Domain name, Binary File/Data Transfer (Attempt)
+ end: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP.Blizzard][Unknown][Download][Fun][llnw.blizzard.com]
+ RISK: Binary File/Data Transfer (Attempt)
guessed: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228] [Google][Google][Web][Acceptable]
idle: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228]
- idle: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun]
+ idle: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Blizzard][Unknown][Game][Fun]
idle: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][100.1.168.192.in-addr.arpa]
RISK: Minor Issues
idle: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][26.186.239.80.in-addr.arpa]
@@ -209,10 +197,9 @@
end: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun][us.scan.worldofwarcraft.com]
RISK: HTTP Susp User-Agent, HTTP Obsolete Server
idle: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][llnw.blizzard.com]
- RISK: Susp DGA Domain name, Risky Domain Name
- guessed: [....37] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.166][.1119] [Starcraft][Unknown][Game][Fun]
+ guessed: [....37] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.166][.1119] [Blizzard][Unknown][Game][Fun]
idle: [....37] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.166][.1119]
- guessed: [....36] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.212][.1119] [Starcraft][Unknown][Game][Fun]
+ guessed: [....36] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.212][.1119] [Blizzard][Unknown][Game][Fun]
idle: [....36] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.212][.1119]
guessed: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] [QUIC][Google][Web][Acceptable]
RISK: Susp Entropy
@@ -221,7 +208,7 @@
idle: [.....1] [ip4][..tcp] [..192.30.252.91][..443] -> [..192.168.1.100][.3213] [TLS][Github][Web][Safe]
guessed: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443] [TLS][Unknown][Web][Safe]
end: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443]
- guessed: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119] [Starcraft][Unknown][Game][Fun]
+ guessed: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119] [Blizzard][Unknown][Game][Fun]
idle: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119]
guessed: [.....8] [ip4][..tcp] [..192.168.1.100][.3052] -> [.216.58.212.110][..443] [TLS][Google][Web][Safe]
idle: [.....8] [ip4][..tcp] [..192.168.1.100][.3052] -> [.216.58.212.110][..443]
Powered by cgit, Themed by Ted Yin.