aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/monitoring
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/monitoring')
-rw-r--r--test/results/flow-info/monitoring/signal_audiocall.pcapng.out7
-rw-r--r--test/results/flow-info/monitoring/signal_videocall.pcapng.out5
-rw-r--r--test/results/flow-info/monitoring/stun.pcap.out22
-rw-r--r--test/results/flow-info/monitoring/stun_signal.pcapng.out53
-rw-r--r--test/results/flow-info/monitoring/stun_wa_call.pcapng.out30
-rw-r--r--test/results/flow-info/monitoring/stun_zoom.pcapng.out8
-rw-r--r--test/results/flow-info/monitoring/teams.pcap.out18
-rw-r--r--test/results/flow-info/monitoring/telegram_videocall.pcapng.out8
-rw-r--r--test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out8
-rw-r--r--test/results/flow-info/monitoring/telegram_voice.pcapng.out4
10 files changed, 31 insertions, 132 deletions
diff --git a/test/results/flow-info/monitoring/signal_audiocall.pcapng.out b/test/results/flow-info/monitoring/signal_audiocall.pcapng.out
index 6008c8d4b..caa87375a 100644
--- a/test/results/flow-info/monitoring/signal_audiocall.pcapng.out
+++ b/test/results/flow-info/monitoring/signal_audiocall.pcapng.out
@@ -5,9 +5,6 @@
detected: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][]
new: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478]
detected: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
@@ -27,10 +24,6 @@
[IATS(ms)....: 1.7,3.7,1.2,10.3,10.2,26.7,26.6,250.2,250.3,501.2,501.1,1004.0,1009.3,956.1,950.7,3.8,9.0,1.1,5.3,38.9,115.9,0.0,84.9,11.6,28.8,13.0,35.9,1.2,42.5,17.7,63.5]
[PKTLENS.....: 48,56,80,112,144,112,56,108,56,108,56,108,56,108,148,80,168,148,128,80,160,168,136,128,168,168,128,168,148,80,136,136]
[ENTROPIES...: 5.1,4.9,5.5,5.7,5.8,5.7,4.9,5.7,4.9,5.7,4.9,5.6,4.9,5.7,5.8,5.9,6.1,5.8,5.9,5.7,6.0,6.2,6.0,5.8,5.9,6.1,5.8,5.9,5.9,5.9,6.0,5.9]
- detection-update: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
analyse: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.008| 2.229| 0.465| 0.655| 429159.809| 3.800]
diff --git a/test/results/flow-info/monitoring/signal_videocall.pcapng.out b/test/results/flow-info/monitoring/signal_videocall.pcapng.out
index 626c8440d..964b3c0e5 100644
--- a/test/results/flow-info/monitoring/signal_videocall.pcapng.out
+++ b/test/results/flow-info/monitoring/signal_videocall.pcapng.out
@@ -5,13 +5,8 @@
detected: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][]
new: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478]
detected: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
new: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377]
detected: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
diff --git a/test/results/flow-info/monitoring/stun.pcap.out b/test/results/flow-info/monitoring/stun.pcap.out
index 9db02bdbf..7a844e42c 100644
--- a/test/results/flow-info/monitoring/stun.pcap.out
+++ b/test/results/flow-info/monitoring/stun.pcap.out
@@ -3,20 +3,19 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000]
detected: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478]
detected: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN][Google][Network][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN][Google][Network][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN][Google][Network][Acceptable][]
detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable][turn.l.google.com]
new: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128]
detected: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable]
RISK: Susp Entropy
end: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.TeamsCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 24 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0]
+ DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0]
new: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478]
detected: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable][]
idle: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable]
@@ -36,7 +35,7 @@
[ENTROPIES...: 5.4,5.5,5.4,5.5,5.5,5.5,5.5,5.5,5.5,5.6,5.5,5.6,5.4,5.6,5.5,5.6,5.4,5.5,5.5,5.5,5.4,5.6,5.4,5.5,5.5,5.6,5.5,5.6,5.5,5.5,5.4,5.5]
update: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable]
DAEMON-EVENT: [Processed: 66 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 3]
new: [.....5] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003]
detected: [.....5] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN][Facebook][Network][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -54,14 +53,14 @@
[ENTROPIES...: 4.9,5.6,5.9,5.8,5.9,6.0,5.6,5.8,5.5,5.6,5.9,6.0,6.0,5.9,5.8,5.5,6.0,5.9,6.0,5.9,5.9,6.0,5.8,6.0,5.9,6.0,5.9,5.9,5.8,5.6,6.1,6.0]
idle: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable]
DAEMON-EVENT: [Processed: 141 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 3]
new: [.....6] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257]
detected: [.....6] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][]
detection-update: [.....6] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com]
idle: [.....5] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable][turner.facebook]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 161 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 3]
new: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478]
detected: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable][]
detection-update: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable]
@@ -78,22 +77,17 @@
[ENTROPIES...: 5.9,5.9,5.0,5.9,7.3,6.7,5.8,5.7,7.4,5.7,6.0,6.2,6.4,5.9,6.1,5.4,5.4,5.6,5.9,5.3,5.2,5.9,5.8,5.2,6.1,5.9,6.0,6.1,6.0,5.9,6.1,5.9]
idle: [.....6] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com]
DAEMON-EVENT: [Processed: 194 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 3]
new: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801]
detected: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
RISK: Known Proto on Non Std Port
detection-update: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
detection-update: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
idle: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable]
DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 10|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 3]
new: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094]
detected: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][]
- detection-update: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][]
- RISK: Unidirectional Traffic
idle: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
idle: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable]
- RISK: Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/monitoring/stun_signal.pcapng.out b/test/results/flow-info/monitoring/stun_signal.pcapng.out
index 32aa70be8..0d2186390 100644
--- a/test/results/flow-info/monitoring/stun_signal.pcapng.out
+++ b/test/results/flow-info/monitoring/stun_signal.pcapng.out
@@ -20,25 +20,21 @@
new: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169]
detected: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable]
RISK: Susp Entropy
- detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
+ detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
- detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
new: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478]
detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
new: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443]
@@ -55,23 +51,15 @@
RISK: Known Proto on Non Std Port
new: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478]
detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
detection-update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
- detection-update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
- detection-update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
new: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156]
detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.679| 0.149| 0.201| 40331.911| 3.900]
@@ -116,38 +104,25 @@
new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443]
detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478]
detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
new: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478]
detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169]
detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable]
RISK: Susp Entropy
detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
- detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
- detection-update: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
- detection-update: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
new: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054]
detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
new: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498]
detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.665| 0.153| 0.189| 35784.253| 4.000]
diff --git a/test/results/flow-info/monitoring/stun_wa_call.pcapng.out b/test/results/flow-info/monitoring/stun_wa_call.pcapng.out
index 52241ec46..4a064300e 100644
--- a/test/results/flow-info/monitoring/stun_wa_call.pcapng.out
+++ b/test/results/flow-info/monitoring/stun_wa_call.pcapng.out
@@ -3,29 +3,14 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478]
detected: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
- detection-update: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478]
detected: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478]
detected: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478]
detected: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478]
detected: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
analyse: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.505| 0.249| 0.601| 361608.839| 2.900]
@@ -38,29 +23,14 @@
[ENTROPIES...: 7.0,7.0,5.8,5.8,5.8,7.0,7.0,7.0,7.0,5.7,5.8,5.7,5.7,5.7,5.2,5.2,5.8,7.0,7.0,5.7,5.8,5.8,4.9,6.0,6.1,5.0,5.5,5.7,6.6,5.5,6.9,7.2]
new: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478]
detected: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478]
detected: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478]
detected: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478]
detected: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478]
detected: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
analyse: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.025| 0.011| 0.005| 24.788| 4.800]
diff --git a/test/results/flow-info/monitoring/stun_zoom.pcapng.out b/test/results/flow-info/monitoring/stun_zoom.pcapng.out
index 05276f928..aca5bdbb5 100644
--- a/test/results/flow-info/monitoring/stun_zoom.pcapng.out
+++ b/test/results/flow-info/monitoring/stun_zoom.pcapng.out
@@ -4,20 +4,12 @@
new: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801]
detected: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Known Proto on Non Std Port
detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
new: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801]
detected: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable]
- detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Known Proto on Non Std Port
detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
analyse: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
min| max| avg| stddev| variance| entropy
diff --git a/test/results/flow-info/monitoring/teams.pcap.out b/test/results/flow-info/monitoring/teams.pcap.out
index 45e6ad626..73e35011c 100644
--- a/test/results/flow-info/monitoring/teams.pcap.out
+++ b/test/results/flow-info/monitoring/teams.pcap.out
@@ -77,8 +77,6 @@
ERROR-EVENT: Unknown packet type [11/16]
ERROR-EVENT: Unknown packet type [12/16]
detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
- RISK: Unidirectional Traffic
- detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Error Code
new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][]
@@ -397,12 +395,6 @@
new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
- detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -419,10 +411,6 @@
[IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
[PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
[ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
- detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net]
new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6]
@@ -480,7 +468,7 @@
RISK: Known Proto on Non Std Port
idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe]
RISK: Known Proto on Non Std Port
- not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
+ not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unspecified][Unrated]
idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750]
idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][config.teams.microsoft.com]
idle: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
@@ -520,9 +508,9 @@
idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][northeuropecns.trafficmanager.net]
end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe]
RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
diff --git a/test/results/flow-info/monitoring/telegram_videocall.pcapng.out b/test/results/flow-info/monitoring/telegram_videocall.pcapng.out
index a5d33e1d4..9df6d1fa3 100644
--- a/test/results/flow-info/monitoring/telegram_videocall.pcapng.out
+++ b/test/results/flow-info/monitoring/telegram_videocall.pcapng.out
@@ -109,10 +109,6 @@
new: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393]
detected: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2]
detected: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
@@ -128,6 +124,10 @@
new: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353]
detected: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
new: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [MIDSTREAM]
+ detection-update: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
detection-update: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
diff --git a/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out b/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out
index 3d5f85e4e..837083afa 100644
--- a/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out
+++ b/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out
@@ -22,10 +22,6 @@
detected: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [Telegram][Telegram][Chat][Acceptable]
detection-update: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
RISK: Known Proto on Non Std Port
- detection-update: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
detection-update: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
detection-update: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
@@ -51,13 +47,13 @@
[ENTROPIES...: 4.6,4.7,4.6,4.7,5.7,5.8,6.0,5.7,6.1,5.7,5.8,6.1,6.1,5.8,6.0,5.7,6.0,5.8,5.8,6.0,5.2,6.1,6.2,6.8,7.5,6.1,5.8,6.4,6.1,5.7,6.2,5.7]
idle: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
RISK: Known Proto on Non Std Port
idle: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
idle: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
idle: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
idle: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/monitoring/telegram_voice.pcapng.out b/test/results/flow-info/monitoring/telegram_voice.pcapng.out
index 3a5d605f0..1a7c80850 100644
--- a/test/results/flow-info/monitoring/telegram_voice.pcapng.out
+++ b/test/results/flow-info/monitoring/telegram_voice.pcapng.out
@@ -26,10 +26,6 @@
detection-update: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
RISK: Known Proto on Non Std Port
detection-update: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
- detection-update: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN][Telegram][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN][Telegram][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
analyse: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
Powered by cgit, Themed by Ted Yin.