aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/monitoring
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/monitoring')
-rw-r--r--test/results/flow-info/monitoring/signal_audiocall.pcapng.out7
-rw-r--r--test/results/flow-info/monitoring/signal_videocall.pcapng.out5
-rw-r--r--test/results/flow-info/monitoring/stun.pcap.out22
-rw-r--r--test/results/flow-info/monitoring/stun_signal.pcapng.out53
-rw-r--r--test/results/flow-info/monitoring/stun_wa_call.pcapng.out30
-rw-r--r--test/results/flow-info/monitoring/stun_zoom.pcapng.out8
-rw-r--r--test/results/flow-info/monitoring/teams.pcap.out186
-rw-r--r--test/results/flow-info/monitoring/telegram_videocall.pcapng.out8
-rw-r--r--test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out8
-rw-r--r--test/results/flow-info/monitoring/telegram_voice.pcapng.out10
10 files changed, 118 insertions, 219 deletions
diff --git a/test/results/flow-info/monitoring/signal_audiocall.pcapng.out b/test/results/flow-info/monitoring/signal_audiocall.pcapng.out
index 6008c8d4b..caa87375a 100644
--- a/test/results/flow-info/monitoring/signal_audiocall.pcapng.out
+++ b/test/results/flow-info/monitoring/signal_audiocall.pcapng.out
@@ -5,9 +5,6 @@
detected: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][]
new: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478]
detected: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
detection-update: [.....2] [ip4][..udp] [..192.168.12.67][45419] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][45419] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
@@ -27,10 +24,6 @@
[IATS(ms)....: 1.7,3.7,1.2,10.3,10.2,26.7,26.6,250.2,250.3,501.2,501.1,1004.0,1009.3,956.1,950.7,3.8,9.0,1.1,5.3,38.9,115.9,0.0,84.9,11.6,28.8,13.0,35.9,1.2,42.5,17.7,63.5]
[PKTLENS.....: 48,56,80,112,144,112,56,108,56,108,56,108,56,108,148,80,168,148,128,80,160,168,136,128,168,168,128,168,148,80,136,136]
[ENTROPIES...: 5.1,4.9,5.5,5.7,5.8,5.7,4.9,5.7,4.9,5.7,4.9,5.6,4.9,5.7,5.8,5.9,6.1,5.8,5.9,5.7,6.0,6.2,6.0,5.8,5.9,6.1,5.8,5.9,5.9,5.9,6.0,5.9]
- detection-update: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
analyse: [.....4] [ip4][..udp] [..192.168.12.67][45419] -> [..35.219.226.11][54116] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.008| 2.229| 0.465| 0.655| 429159.809| 3.800]
diff --git a/test/results/flow-info/monitoring/signal_videocall.pcapng.out b/test/results/flow-info/monitoring/signal_videocall.pcapng.out
index 626c8440d..964b3c0e5 100644
--- a/test/results/flow-info/monitoring/signal_videocall.pcapng.out
+++ b/test/results/flow-info/monitoring/signal_videocall.pcapng.out
@@ -5,13 +5,8 @@
detected: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN][GoogleCloud][Network][Acceptable][]
new: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478]
detected: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN][GoogleCloud][Network][Acceptable][]
detection-update: [.....2] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
detection-update: [.....1] [ip4][..udp] [..192.168.12.67][47926] -> [.35.216.234.234][.3478] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][signal.org]
new: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377]
detected: [.....3] [ip4][..udp] [..192.168.12.67][47926] -> [.35.219.252.146][56377] [STUN.SignalVoip][GoogleCloud][VoIP][Acceptable][]
diff --git a/test/results/flow-info/monitoring/stun.pcap.out b/test/results/flow-info/monitoring/stun.pcap.out
index 9db02bdbf..7a844e42c 100644
--- a/test/results/flow-info/monitoring/stun.pcap.out
+++ b/test/results/flow-info/monitoring/stun.pcap.out
@@ -3,20 +3,19 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000]
detected: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478]
detected: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN][Google][Network][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN][Google][Network][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN][Google][Network][Acceptable][]
detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable][turn.l.google.com]
new: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128]
detected: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable]
RISK: Susp Entropy
end: [.....1][1611] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.TeamsCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 24 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0]
+ DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0]
new: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478]
detected: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable][]
idle: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable]
@@ -36,7 +35,7 @@
[ENTROPIES...: 5.4,5.5,5.4,5.5,5.5,5.5,5.5,5.5,5.5,5.6,5.5,5.6,5.4,5.6,5.5,5.6,5.4,5.5,5.5,5.5,5.4,5.6,5.4,5.5,5.5,5.6,5.5,5.6,5.5,5.5,5.4,5.5]
update: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable]
DAEMON-EVENT: [Processed: 66 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 3]
new: [.....5] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003]
detected: [.....5] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN][Facebook][Network][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -54,14 +53,14 @@
[ENTROPIES...: 4.9,5.6,5.9,5.8,5.9,6.0,5.6,5.8,5.5,5.6,5.9,6.0,6.0,5.9,5.8,5.5,6.0,5.9,6.0,5.9,5.9,6.0,5.8,6.0,5.9,6.0,5.9,5.9,5.8,5.6,6.1,6.0]
idle: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable]
DAEMON-EVENT: [Processed: 141 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 4|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 3]
new: [.....6] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257]
detected: [.....6] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][]
detection-update: [.....6] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com]
idle: [.....5] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable][turner.facebook]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 161 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 3]
new: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478]
detected: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable][]
detection-update: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable]
@@ -78,22 +77,17 @@
[ENTROPIES...: 5.9,5.9,5.0,5.9,7.3,6.7,5.8,5.7,7.4,5.7,6.0,6.2,6.4,5.9,6.1,5.4,5.4,5.6,5.9,5.3,5.2,5.9,5.8,5.2,6.1,5.9,6.0,6.1,6.0,5.9,6.1,5.9]
idle: [.....6] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com]
DAEMON-EVENT: [Processed: 194 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 3]
new: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801]
detected: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
RISK: Known Proto on Non Std Port
detection-update: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
detection-update: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
idle: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable]
DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 10|updates: 3]
+ DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 3]
new: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094]
detected: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][]
- detection-update: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable][]
- RISK: Unidirectional Traffic
idle: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
idle: [.....9] [ip6][..udp] [.............2600:1900:4160:5999:0:19::][.3478] -> [..2001:b07:a3d:c112:48a1:1094:1227:281e][48094] [STUN][GoogleCloud][Network][Acceptable]
- RISK: Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/monitoring/stun_signal.pcapng.out b/test/results/flow-info/monitoring/stun_signal.pcapng.out
index 32aa70be8..0d2186390 100644
--- a/test/results/flow-info/monitoring/stun_signal.pcapng.out
+++ b/test/results/flow-info/monitoring/stun_signal.pcapng.out
@@ -20,25 +20,21 @@
new: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169]
detected: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable]
RISK: Susp Entropy
- detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
+ detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
- detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
new: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478]
detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
new: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443]
@@ -55,23 +51,15 @@
RISK: Known Proto on Non Std Port
new: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478]
detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
detection-update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
- detection-update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
- detection-update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
new: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156]
detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.679| 0.149| 0.201| 40331.911| 3.900]
@@ -116,38 +104,25 @@
new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443]
detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478]
detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
new: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478]
detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169]
detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable]
RISK: Susp Entropy
detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
- detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
- detection-update: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
- detection-update: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port
new: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054]
detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
new: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498]
detected: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
analyse: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.665| 0.153| 0.189| 35784.253| 4.000]
diff --git a/test/results/flow-info/monitoring/stun_wa_call.pcapng.out b/test/results/flow-info/monitoring/stun_wa_call.pcapng.out
index 52241ec46..4a064300e 100644
--- a/test/results/flow-info/monitoring/stun_wa_call.pcapng.out
+++ b/test/results/flow-info/monitoring/stun_wa_call.pcapng.out
@@ -3,29 +3,14 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478]
detected: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
- detection-update: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478]
detected: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478]
detected: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478]
detected: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478]
detected: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
- detection-update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
analyse: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.505| 0.249| 0.601| 361608.839| 2.900]
@@ -38,29 +23,14 @@
[ENTROPIES...: 7.0,7.0,5.8,5.8,5.8,7.0,7.0,7.0,7.0,5.7,5.8,5.7,5.7,5.7,5.2,5.2,5.8,7.0,7.0,5.7,5.8,5.8,4.9,6.0,6.1,5.0,5.5,5.7,6.6,5.5,6.9,7.2]
new: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478]
detected: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478]
detected: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478]
detected: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478]
detected: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
new: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478]
detected: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
- detection-update: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
analyse: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.025| 0.011| 0.005| 24.788| 4.800]
diff --git a/test/results/flow-info/monitoring/stun_zoom.pcapng.out b/test/results/flow-info/monitoring/stun_zoom.pcapng.out
index 05276f928..aca5bdbb5 100644
--- a/test/results/flow-info/monitoring/stun_zoom.pcapng.out
+++ b/test/results/flow-info/monitoring/stun_zoom.pcapng.out
@@ -4,20 +4,12 @@
new: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801]
detected: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Known Proto on Non Std Port
detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
new: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801]
detected: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable]
- detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
- RISK: Known Proto on Non Std Port
detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
analyse: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
min| max| avg| stddev| variance| entropy
diff --git a/test/results/flow-info/monitoring/teams.pcap.out b/test/results/flow-info/monitoring/teams.pcap.out
index 8ae0bdbae..73e35011c 100644
--- a/test/results/flow-info/monitoring/teams.pcap.out
+++ b/test/results/flow-info/monitoring/teams.pcap.out
@@ -17,7 +17,7 @@
new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443]
detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
- detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
@@ -29,12 +29,12 @@
[IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5]
[PKTLENS.....: 64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]
[ENTROPIES...: 4.4,4.9,4.5,5.4,4.6,7.4,7.4,4.7,7.5,4.6,7.6,7.1,4.6,6.6,4.6,7.2,4.7,6.0,4.6,6.2,5.1,7.0,5.4,4.6,4.7,4.6,7.6,4.7,7.8,7.8,7.7,4.7]
- detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type [7/16]
new: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443]
detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
- analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.221| 0.032| 0.054| 2931.592| 3.400]
[PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400]
@@ -45,12 +45,12 @@
[PKTLENS.....: 64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]
[ENTROPIES...: 4.4,5.2,4.9,5.6,7.3,7.3,4.9,7.7,4.9,5.9,5.5,4.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9]
new: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443]
- detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443]
detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
- analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900]
[PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200]
@@ -63,22 +63,20 @@
ERROR-EVENT: Unknown packet type [8/16]
ERROR-EVENT: Unknown packet type [9/16]
new: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443]
- detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type [10/16]
new: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53]
- detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
new: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500]
detected: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500]
detected: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
ERROR-EVENT: Unknown packet type [11/16]
ERROR-EVENT: Unknown packet type [12/16]
- detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
- RISK: Unidirectional Traffic
- detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Error Code
new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][]
@@ -86,17 +84,17 @@
detected: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
ERROR-EVENT: Unknown packet type [13/16]
new: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53]
- detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
- detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
+ detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com.edgekey.net]
+ detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com.edgekey.net]
ERROR-EVENT: Unknown packet type [14/16]
ERROR-EVENT: Unknown packet type [15/16]
new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53]
- detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com]
+ detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-api.asm.skype.com]
new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53]
- detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
- detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-prod.asyncgw.teams.microsoft.com]
+ detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-prod.asyncgw.teams.microsoft.com]
new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443]
- detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com]
+ detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-api.asm.skype.com]
new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443]
detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com]
@@ -105,31 +103,31 @@
detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com]
new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53]
- detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+ detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][config.teams.microsoft.com]
detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com]
- detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+ detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][config.teams.microsoft.com]
new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443]
detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com]
detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com]
new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53]
- detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+ detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][northeuropecns.trafficmanager.net]
new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443]
- detection-update: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+ detection-update: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][northeuropecns.trafficmanager.net]
new: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443]
- detected: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
detected: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com]
- detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
ERROR-EVENT: Unknown packet type [16/16]
new: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53]
- detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
- detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
+ detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][presence.services.sfb.trafficmanager.net]
+ detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][presence.services.sfb.trafficmanager.net]
new: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443]
new: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [MIDSTREAM]
detected: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe]
detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
- analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.153| 0.028| 0.040| 1626.047| 3.600]
[PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300]
@@ -155,14 +153,14 @@
[PKTLENS.....: 64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]
[ENTROPIES...: 4.4,5.0,4.6,5.4,7.1,7.4,4.7,4.7,4.5,7.6,7.6,4.7,7.5,4.7,6.6,6.1,7.6,5.4,4.6,6.0,4.5,5.2,5.4,4.7,7.5,4.7,4.5,7.9,6.6,6.7,4.5,5.4]
new: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53]
- detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
- detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
+ detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][chatsvcagg.svcs.teams.office.com]
+ detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][chatsvcagg.svcs.teams.office.com]
new: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443]
detected: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe][chatsvcagg.teams.microsoft.com]
new: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443]
- detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
@@ -175,8 +173,8 @@
[PKTLENS.....: 64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]
[ENTROPIES...: 4.3,5.1,4.7,5.5,7.4,7.3,4.8,4.8,7.5,4.7,7.6,7.4,4.8,6.3,6.2,7.5,5.6,4.9,6.0,4.9,5.4,5.5,4.8,7.4,4.9,5.1,7.8,7.0,5.0,6.8,4.7,7.8]
new: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53]
- detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
- detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
+ detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][substrate.office.com]
+ detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][substrate.office.com]
new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443]
detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
@@ -201,22 +199,22 @@
[PKTLENS.....: 64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]
[ENTROPIES...: 4.4,4.9,4.5,5.4,4.5,6.7,7.5,4.6,7.6,5.7,4.7,6.5,6.2,7.6,6.5,4.5,7.2,5.8,4.6,4.6,5.3,4.5,5.4,4.6,4.5,7.7,4.7,7.3,4.7,7.8,7.7,7.0]
new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53]
- detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+ detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euaz.tr.teams.microsoft.com]
new: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53]
- detected: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ detected: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
new: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53]
- detected: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ detected: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
new: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53]
- detected: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
- detection-update: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
- detection-update: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ detected: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.flightproxy.teams.microsoft.com]
+ detection-update: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
+ detection-update: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
new: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443]
- detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
- detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+ detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.flightproxy.teams.microsoft.com]
+ detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euaz.tr.teams.microsoft.com]
RISK: Minor Issues
new: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53]
- detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
- detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
+ detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][outlook.office.com]
+ detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][outlook.office.com]
new: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443]
new: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443]
new: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53]
@@ -230,14 +228,14 @@
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][config.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
- detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
@@ -257,9 +255,9 @@
detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe][teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443]
- detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.053| 0.020| 0.022| 492.470| 3.900]
[PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100]
@@ -275,14 +273,14 @@
detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
new: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443]
- detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53]
detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443]
detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com]
- detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
@@ -298,7 +296,7 @@
detected: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443]
- analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.162| 0.032| 0.044| 1964.919| 3.600]
[PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200]
@@ -310,13 +308,13 @@
[ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2]
detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe][euno-1.api.microsoftstream.com]
new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53]
- detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
- detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
+ detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][dc.applicationinsights.microsoft.com]
+ detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][dc.applicationinsights.microsoft.com]
new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443]
detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net]
new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53]
- detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
- detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
+ detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][emea.ng.msg.teams-msgapi.trafficmanager.net]
+ detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][emea.ng.msg.teams-msgapi.trafficmanager.net]
new: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443]
detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
@@ -350,8 +348,8 @@
detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443]
new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53]
- detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
- detection-update: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+ detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+ detection-update: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478]
@@ -381,8 +379,8 @@
RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
new: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443]
new: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53]
- detected: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
- detection-update: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
+ detected: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][c-flightproxy-euno-01-teams.cloudapp.net]
+ detection-update: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][c-flightproxy-euno-01-teams.cloudapp.net]
detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005]
@@ -397,12 +395,6 @@
new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
- RISK: Unidirectional Traffic
- detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
- detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -419,10 +411,6 @@
[IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
[PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
[ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
- detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Teams][Azure][Collaborative][Safe][gate.hockeyapp.net]
new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6]
@@ -446,32 +434,32 @@
RISK: TLS (probably) Not Carrying HTTPS
idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Teams][Collaborative][Safe]
RISK: TLS (probably) Not Carrying HTTPS
- end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- end: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-api.asm.skype.com]
idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Teams][Azure][Collaborative][Safe]
- end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com]
idle: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
idle: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe][chatsvcagg.teams.microsoft.com]
- end: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe]
RISK: TLS (probably) Not Carrying HTTPS
- end: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ end: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
- idle: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ idle: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
- end: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
- end: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ end: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com]
@@ -480,49 +468,49 @@
RISK: Known Proto on Non Std Port
idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][DigitalOcean][Network][Safe]
RISK: Known Proto on Non Std Port
- not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
+ not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unspecified][Unrated]
idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750]
- idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+ idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][config.teams.microsoft.com]
idle: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
idle: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe]
end: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable]
- idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
- idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-api.asm.skype.com]
+ idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.flightproxy.teams.microsoft.com]
+ idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-api.asm.skype.com]
idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
- idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
idle: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e]
guessed: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
RISK: Unidirectional Traffic
end: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443]
- idle: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
- idle: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
+ idle: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+ idle: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][captive.apple.com.edgekey.net]
idle: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
- idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
- idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
- idle: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
- idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
+ idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][chatsvcagg.svcs.teams.office.com]
+ idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][presence.services.sfb.trafficmanager.net]
+ idle: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][outlook.office.com]
+ idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][substrate.office.com]
idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
- idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
+ idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][c-flightproxy-euno-01-teams.cloudapp.net]
idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Teams][Azure][Collaborative][Safe][api.microsoftstream.com]
idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Teams][Azure][Collaborative][Safe]
- idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+ idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euaz.tr.teams.microsoft.com]
RISK: Minor Issues
idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
- idle: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
- idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
- idle: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
- idle: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ idle: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][emea.ng.msg.teams-msgapi.trafficmanager.net]
+ idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][eu-prod.asyncgw.teams.microsoft.com]
+ idle: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][dc.applicationinsights.microsoft.com]
+ idle: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][b._dns-sd._udp.ntop.org]
RISK: Error Code
- idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
- idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+ idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][trouter2-asse-a.trouter.teams.microsoft.com]
+ idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][northeuropecns.trafficmanager.net]
end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe]
RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
diff --git a/test/results/flow-info/monitoring/telegram_videocall.pcapng.out b/test/results/flow-info/monitoring/telegram_videocall.pcapng.out
index a5d33e1d4..9df6d1fa3 100644
--- a/test/results/flow-info/monitoring/telegram_videocall.pcapng.out
+++ b/test/results/flow-info/monitoring/telegram_videocall.pcapng.out
@@ -109,10 +109,6 @@
new: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393]
detected: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2]
detected: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
@@ -128,6 +124,10 @@
new: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353]
detected: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
new: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [MIDSTREAM]
+ detection-update: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
detection-update: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
diff --git a/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out b/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out
index 3d5f85e4e..837083afa 100644
--- a/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out
+++ b/test/results/flow-info/monitoring/telegram_videocall_2.pcapng.out
@@ -22,10 +22,6 @@
detected: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [Telegram][Telegram][Chat][Acceptable]
detection-update: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
RISK: Known Proto on Non Std Port
- detection-update: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
detection-update: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
detection-update: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
@@ -51,13 +47,13 @@
[ENTROPIES...: 4.6,4.7,4.6,4.7,5.7,5.8,6.0,5.7,6.1,5.7,5.8,6.1,6.1,5.8,6.0,5.7,6.0,5.8,5.8,6.0,5.2,6.1,6.2,6.8,7.5,6.1,5.8,6.4,6.1,5.7,6.2,5.7]
idle: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [.....4] [ip4][..udp] [..192.168.12.67][39329] -> [....91.108.13.3][.1400] [STUN][Telegram][Network][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [.....3] [ip4][..udp] [..192.168.12.67][39968] -> [...91.108.9.106][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
RISK: Known Proto on Non Std Port
idle: [.....8] [ip4][..udp] [..192.168.12.67][42417] -> [...91.108.13.26][..598] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
idle: [.....6] [ip4][..udp] [..192.168.12.67][44275] -> [....91.108.9.10][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
idle: [.....5] [ip4][..udp] [..192.168.12.67][44679] -> [...91.108.17.49][.1400] [STUN][Telegram][Network][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [.....7] [ip4][..udp] [..192.168.12.67][46675] -> [....91.108.17.8][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
idle: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/monitoring/telegram_voice.pcapng.out b/test/results/flow-info/monitoring/telegram_voice.pcapng.out
index d5d9c9051..1a7c80850 100644
--- a/test/results/flow-info/monitoring/telegram_voice.pcapng.out
+++ b/test/results/flow-info/monitoring/telegram_voice.pcapng.out
@@ -6,8 +6,8 @@
new: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353]
detected: [.....2] [ip6][..udp] [..............fe80::76da:38ff:feed:5332][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
new: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53]
- detected: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
- detection-update: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
+ detected: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
+ detection-update: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
new: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400]
detected: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN][Telegram][Network][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -26,10 +26,6 @@
detection-update: [.....6] [ip4][..udp] [..192.168.12.67][42567] -> [....91.108.9.34][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
RISK: Known Proto on Non Std Port
detection-update: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
- detection-update: [.....4] [ip4][..udp] [..192.168.12.67][44405] -> [...91.108.17.41][.1400] [STUN][Telegram][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [.....5] [ip4][..udp] [..192.168.12.67][46013] -> [...91.108.13.52][.1400] [STUN][Telegram][Network][Acceptable][]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....7] [ip4][..udp] [..192.168.12.67][39027] -> [...91.108.13.51][..597] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
analyse: [.....9] [ip4][..udp] [..192.168.12.67][41011] -> [....91.108.9.68][..596] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
@@ -71,5 +67,5 @@
RISK: Known Proto on Non Std Port
idle: [.....8] [ip4][..udp] [..192.168.12.67][46868] -> [....91.108.17.7][..597] [Telegram][Telegram][Chat][Acceptable]
idle: [.....1] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
- idle: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
+ idle: [.....3] [ip4][..udp] [..192.168.12.67][44574] -> [...192.168.12.1][...53] [DNS][Unknown][Network][Acceptable][crashlyticsreports-pa.googleapis.com]
DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.