aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/default/tor.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/default/tor.pcap.out')
-rw-r--r--test/results/flow-info/default/tor.pcap.out28
1 files changed, 14 insertions, 14 deletions
diff --git a/test/results/flow-info/default/tor.pcap.out b/test/results/flow-info/default/tor.pcap.out
index f79a9ebc0..7010fa9e5 100644
--- a/test/results/flow-info/default/tor.pcap.out
+++ b/test/results/flow-info/default/tor.pcap.out
@@ -37,7 +37,7 @@
new: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138]
detected: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][endian-pc]
RISK: Unsafe Protocol
- analyse: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+ analyse: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.q4cyamnc6mtokjurvdclt.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 31.166| 2.329| 7.550| 56997495.964| 1.900]
[PKTLEN......: 40.000| 1500.000| 355.800| 354.900| 125974.500| 4.300]
@@ -47,7 +47,7 @@
[IATS(ms)....: 143.8,144.2,0.4,152.7,0.2,159.6,171.7,164.7,190.9,0.1,190.7,0.6,185.1,185.5,145.1,5.7,151.7,184.2,104.7,290.0,146.6,2536.0,2930.5,30770.7,31166.0,0.9,147.0,185.7,696.5,885.2,147.1]
[PKTLENS.....: 52,52,46,264,40,969,238,99,114,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]
[ENTROPIES...: 4.5,4.8,4.4,5.4,4.8,7.6,6.9,5.9,6.1,7.9,6.5,4.3,7.7,4.8,7.7,4.8,7.6,7.7,4.7,7.7,7.6,4.8,7.7,4.3,7.6,4.6,7.6,7.7,4.8,7.6,7.6,4.7]
- analyse: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe]
+ analyse: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe][www.ct7ctrgb6cr7.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 37.996| 2.549| 9.274| 86002509.021| 1.400]
[PKTLEN......: 40.000| 1500.000| 448.800| 476.200| 226793.400| 4.200]
@@ -59,9 +59,9 @@
[ENTROPIES...: 4.5,4.9,4.5,5.4,4.9,7.4,6.6,6.0,6.1,7.9,6.5,4.5,7.7,4.9,7.6,4.9,7.6,7.6,7.7,7.7,4.8,7.7,4.4,7.7,4.9,7.7,4.9,7.7,7.9,4.5,7.9,7.9]
update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [.....6] [ip4][..tcp] [..192.168.1.252][51104] -> [...157.56.30.46][..443] [MIDSTREAM]
- update: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous]
+ update: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][endian-pc]
RISK: Unsafe Protocol
- analyse: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+ analyse: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 71.328| 4.658| 14.789| 218716025.389| 1.800]
[PKTLEN......: 40.000| 1500.000| 330.600| 347.100| 120444.200| 4.200]
@@ -90,7 +90,7 @@
RISK: Obsolete TLS (v1.1 or older)
detection-update: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe][www.jmts2id.com]
RISK: Obsolete TLS (v1.1 or older)
- analyse: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+ analyse: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.gfu7hbxpfp.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.991| 0.147| 0.220| 48576.569| 3.900]
[PKTLEN......: 40.000| 1500.000| 348.200| 347.100| 120448.800| 4.300]
@@ -101,14 +101,14 @@
[PKTLENS.....: 52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40]
[ENTROPIES...: 4.5,4.9,4.4,5.4,4.8,7.4,6.7,5.9,6.1,7.8,6.6,4.4,7.7,4.8,7.7,4.7,7.7,7.6,4.7,7.6,7.6,4.7,7.7,4.4,7.7,4.8,7.6,7.7,4.8,7.7,7.7,4.7]
ERROR-EVENT: Unknown packet type [5/16]
- end: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe]
+ end: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe][www.ct7ctrgb6cr7.com]
RISK: Obsolete TLS (v1.1 or older)
- idle: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous]
+ idle: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][endian-pc]
RISK: Unsafe Protocol
guessed: [.....6] [ip4][..tcp] [..192.168.1.252][51104] -> [...157.56.30.46][..443] [TLS][Azure][Web][Safe]
RISK: Unidirectional Traffic
end: [.....6] [ip4][..tcp] [..192.168.1.252][51104] -> [...157.56.30.46][..443]
- end: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+ end: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com]
RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
ERROR-EVENT: Unknown packet type [6/16]
@@ -133,7 +133,7 @@
update: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
DAEMON-EVENT: [Processed: 337 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 7 / 11|skipped: 0|!detected: 0|guessed: 1|detection-updates: 7|updates: 5]
- analyse: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe]
+ analyse: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe][www.t3i3ru.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 72.890| 8.727| 22.569| 509351076.823| 2.100]
[PKTLEN......: 40.000| 1500.000| 312.000| 345.900| 119666.800| 4.200]
@@ -144,16 +144,16 @@
[PKTLENS.....: 52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]
[ENTROPIES...: 4.5,4.9,4.4,5.3,4.8,7.4,6.7,6.0,6.2,7.9,6.5,4.4,7.7,4.8,7.6,4.9,7.7,7.7,7.6,7.7,7.6,4.5,7.7,4.9,7.6,4.5,7.7,4.5,4.5,4.7,4.7,4.5]
update: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
- end: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+ end: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.gfu7hbxpfp.com]
RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
idle: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable]
- end: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Unknown][Web][Safe]
+ end: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Unknown][Web][Safe][www.6gyip7tqim7sieb.com]
RISK: Obsolete TLS (v1.1 or older)
- end: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe]
+ end: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe][www.t3i3ru.com]
RISK: Obsolete TLS (v1.1 or older)
- idle: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous]
+ idle: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.q4cyamnc6mtokjurvdclt.com]
RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol
- idle: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe]
+ idle: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe][www.jmts2id.com]
RISK: Obsolete TLS (v1.1 or older)
DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.