aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/default/tls_certificate_too_long.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/default/tls_certificate_too_long.pcap.out')
-rw-r--r--test/results/flow-info/default/tls_certificate_too_long.pcap.out69
1 files changed, 31 insertions, 38 deletions
diff --git a/test/results/flow-info/default/tls_certificate_too_long.pcap.out b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
index 36f2a6da9..451da1f30 100644
--- a/test/results/flow-info/default/tls_certificate_too_long.pcap.out
+++ b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
@@ -6,9 +6,7 @@
new: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53]
detected: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][121.1.168.192.in-addr.arpa]
detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][60.21.149.52.in-addr.arpa]
- RISK: Unidirectional Traffic
detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][139.1.168.192.in-addr.arpa]
- RISK: Unidirectional Traffic
detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][139.1.168.192.in-addr.arpa]
RISK: Error Code
detection-update: [.....3] [ip4][..udp] [..192.168.1.121][52251] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][60.21.149.52.in-addr.arpa]
@@ -34,9 +32,9 @@
detection-update: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wdcp.microsoft.com]
new: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443]
detection-update: [....11] [ip4][..udp] [..192.168.1.121][65492] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com]
- detected: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
- detected: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
- detection-update: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detected: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
+ detected: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
+ detection-update: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53]
detected: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
@@ -47,18 +45,18 @@
detected: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
new: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53]
detected: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
- detection-update: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detection-update: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
detection-update: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
new: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80]
detection-update: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
- detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Web][Acceptable][www.microsoft.com]
+ detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Web][Safe][www.microsoft.com]
detection-update: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
- detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Download][Acceptable][www.microsoft.com]
+ detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
new: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80]
- detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Web][Acceptable][www.microsoft.com]
- detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Download][Acceptable][www.microsoft.com]
+ detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Web][Safe][www.microsoft.com]
+ detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
new: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [MIDSTREAM]
new: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53]
@@ -70,16 +68,11 @@
new: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53]
detected: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][235.33.22.2.in-addr.arpa]
detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][26.113.82.140.in-addr.arpa]
- RISK: Unidirectional Traffic
new: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [MIDSTREAM]
detected: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
- RISK: Unidirectional Traffic
new: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [MIDSTREAM]
detected: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
- RISK: Unidirectional Traffic
detection-update: [....23] [ip4][..udp] [..192.168.1.121][51998] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][235.33.22.2.in-addr.arpa]
- detection-update: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
- detection-update: [....25] [ip4][..tcp] [..192.168.1.121][53428] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
analyse: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.067| 0.004| 0.014| 198.149| 1.700]
@@ -102,31 +95,31 @@
[ENTROPIES...: 7.9,7.8,7.9,4.9,7.9,7.8,6.6,7.1,7.5,5.7,5.6,4.7,5.4,4.7,4.9,7.9,7.8,7.6,4.9,7.6,7.8,7.5,4.6,6.6,7.0,7.2,6.2,5.6,5.8,5.5,4.7,5.0]
new: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443]
new: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443]
- detected: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
- detected: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
- detection-update: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detected: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
+ detected: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
+ detection-update: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
- detection-update: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detection-update: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123]
detected: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
new: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443]
new: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443]
- detected: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
- detected: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
- detection-update: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detected: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
+ detected: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
+ detection-update: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
- detection-update: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detection-update: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123]
detected: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
new: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443]
new: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443]
- detected: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
- detected: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
- detection-update: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detected: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
+ detected: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
+ detection-update: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
- detection-update: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable][wdcp.microsoft.com]
+ detection-update: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe][wdcp.microsoft.com]
RISK: TLS Cert Validity Too Long
new: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123]
detected: [....34] [ip4][..udp] [..192.168.1.121][56865] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
@@ -140,9 +133,9 @@
idle: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
guessed: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443] [TLS][Azure][Web][Safe]
idle: [.....1] [ip4][..tcp] [..192.168.1.121][52746] -> [...52.149.21.60][..443]
- end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Download][Acceptable][www.microsoft.com]
+ end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
- end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft365][Unknown][Download][Acceptable][www.microsoft.com]
+ end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
RISK: HTTP Susp Header, Binary File/Data Transfer (Attempt)
idle: [....15] [ip4][..udp] [..192.168.1.121][58161] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
idle: [....31] [ip4][..udp] [..192.168.1.121][65099] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
@@ -157,23 +150,23 @@
idle: [....24] [ip4][..tcp] [..192.168.1.121][53429] -> [...52.98.163.18][..443] [TLS][Outlook][Web][Safe]
idle: [....22] [ip4][..udp] [..192.168.1.121][49216] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
idle: [....28] [ip4][..udp] [..192.168.1.121][50288] -> [..17.253.54.251][..123] [NTP][Apple][System][Acceptable]
- end: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
+ end: [....12] [ip4][..tcp] [..192.168.1.121][53910] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe]
RISK: TLS Cert Validity Too Long
- end: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
+ end: [....13] [ip4][..tcp] [..192.168.1.121][53911] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe]
RISK: TLS Cert Validity Too Long
- end: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
+ end: [....26] [ip4][..tcp] [..192.168.1.121][53914] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe]
RISK: TLS Cert Validity Too Long
- end: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
+ end: [....27] [ip4][..tcp] [..192.168.1.121][53915] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe]
RISK: TLS Cert Validity Too Long
- end: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
+ end: [....29] [ip4][..tcp] [..192.168.1.121][53916] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe]
RISK: TLS Cert Validity Too Long
- end: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
+ end: [....30] [ip4][..tcp] [..192.168.1.121][53917] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe]
RISK: TLS Cert Validity Too Long
- end: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
+ end: [....32] [ip4][..tcp] [..192.168.1.121][53918] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe]
RISK: TLS Cert Validity Too Long
- end: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft365][Azure][Web][Acceptable]
+ end: [....33] [ip4][..tcp] [..192.168.1.121][53919] -> [...40.113.10.47][..443] [TLS.Microsoft][Azure][Web][Safe]
RISK: TLS Cert Validity Too Long
- not-detected: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367] [Unknown][Unknown][Unrated]
+ not-detected: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367] [Unknown][Unknown][Unspecified][Unrated]
RISK: Susp Entropy
idle: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367]
idle: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.microsoft.com]
Powered by cgit, Themed by Ted Yin.