diff options
Diffstat (limited to 'test/results/flow-info/dns_sub_enable')
4 files changed, 61 insertions, 0 deletions
diff --git a/test/results/flow-info/dns_sub_enable/dns.pcap.out b/test/results/flow-info/dns_sub_enable/dns.pcap.out new file mode 100644 index 000000000..711e92324 --- /dev/null +++ b/test/results/flow-info/dns_sub_enable/dns.pcap.out @@ -0,0 +1,21 @@ + DAEMON-EVENT: init + new: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] + detected: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa] + new: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] + detected: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] [DNS][Unknown][Network][Acceptable][opentracker.io] + detection-update: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] [DNS][Unknown][Network][Acceptable][opentracker.io] + update: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa] + DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 1] + new: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] + detected: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable][www.l.google.com] + idle: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa] + end: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] [DNS][Unknown][Network][Acceptable][opentracker.io] + detection-update: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable][www.example.com] + detection-update: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable][www.example.com] + DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 1] + ERROR-EVENT: Unknown packet type [1/16] + ERROR-EVENT: Unknown packet type [2/16] + idle: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_sub_enable/dns2.pcap.out b/test/results/flow-info/dns_sub_enable/dns2.pcap.out new file mode 100644 index 000000000..ab5c61670 --- /dev/null +++ b/test/results/flow-info/dns_sub_enable/dns2.pcap.out @@ -0,0 +1,10 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53] + detected: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.github.com] + detection-update: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.github.com] + RISK: Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.github.com] + idle: [.....1] [ip4][..udp] [192.168.255.251][56550] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][www.github.com] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out b/test/results/flow-info/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out new file mode 100644 index 000000000..76df2a5c0 --- /dev/null +++ b/test/results/flow-info/dns_sub_enable/dns_multiple_transactions_same_flow.pcap.out @@ -0,0 +1,20 @@ + DAEMON-EVENT: init + new: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] + detected: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com] + detection-update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com] + analyse: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.004| 5.423| 0.834| 1.510| 2280131.133| 3.400] + [PKTLEN......: 54.000| 318.000| 101.400| 68.900| 4754.000| 4.700] + [BINS(c->s)..: 5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 3,1,5,4,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 3.9,1009.9,1008.1,608.7,634.7,275.3,279.5,111.7,83.3,23.2,41.4,53.0,77.7,48.6,23.6,23.4,123.6,123.4,17.9,591.8,607.9,56.0,55.8,637.8,673.7,5423.0,5359.2,3829.9,3848.8,99.8,99.4] + [PKTLENS.....: 60,76,54,54,78,318,65,100,54,54,63,294,68,144,67,104,65,100,63,149,61,123,65,135,59,268,54,54,54,150,74,118] + [ENTROPIES...: 4.2,4.4,4.1,4.3,4.7,5.0,4.4,4.9,4.0,4.2,4.4,4.9,4.5,4.8,4.4,4.6,4.3,4.6,4.3,5.0,4.3,4.7,4.5,4.8,4.2,5.2,4.0,4.3,3.9,4.1,4.6,4.7] + update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com] + update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com] + update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com] + update: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com] + idle: [.....1] [ip4][..udp] [..192.168.1.204][50234] -> [..192.168.1.253][...53] [DNS][Unknown][Network][Acceptable][www.google.com] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_sub_enable/dns_retransmissions.pcap.out b/test/results/flow-info/dns_sub_enable/dns_retransmissions.pcap.out new file mode 100644 index 000000000..00c4910b5 --- /dev/null +++ b/test/results/flow-info/dns_sub_enable/dns_retransmissions.pcap.out @@ -0,0 +1,10 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53] + detected: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53] [DNS][OpenDNS][Network][Acceptable][api.msn.com] + detection-update: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53] [DNS][OpenDNS][Network][Acceptable][api.msn.com] + RISK: Unidirectional Traffic + detection-update: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53] [DNS][OpenDNS][Network][Acceptable][api.msn.com] + idle: [.....1][.103] [ip4][..udp] [..37.41.101.140][11892] -> [.208.67.222.222][...53] [DNS][OpenDNS][Network][Acceptable][api.msn.com] + DAEMON-EVENT: shutdown |