summaryrefslogtreecommitdiff
path: root/test/results/flow-info/stun_only_peer_address_enabled
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/stun_only_peer_address_enabled')
-rw-r--r--test/results/flow-info/stun_only_peer_address_enabled/stun_wa_call.pcapng.out108
-rw-r--r--test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out228
2 files changed, 336 insertions, 0 deletions
diff --git a/test/results/flow-info/stun_only_peer_address_enabled/stun_wa_call.pcapng.out b/test/results/flow-info/stun_only_peer_address_enabled/stun_wa_call.pcapng.out
new file mode 100644
index 000000000..31e08d37c
--- /dev/null
+++ b/test/results/flow-info/stun_only_peer_address_enabled/stun_wa_call.pcapng.out
@@ -0,0 +1,108 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478]
+ detected: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ new: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478]
+ detected: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ new: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478]
+ detected: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ new: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478]
+ detected: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ new: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478]
+ detected: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ detection-update: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ analyse: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.505| 0.249| 0.601| 361608.839| 2.900]
+ [PKTLEN......: 48.000| 300.000| 146.400| 92.200| 8492.200| 4.700]
+ [BINS(c->s)..: 2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1]
+ [IATS(ms)....: 0.2,8.4,0.0,2463.7,2505.3,0.2,3.6,0.3,39.5,0.1,6.1,4.8,0.0,25.9,31.6,82.0,37.7,1.7,120.9,0.0,78.6,59.9,292.8,130.0,59.7,381.6,376.4,412.4,0.0,227.9,362.0]
+ [PKTLENS.....: 240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273]
+ [ENTROPIES...: 7.0,7.0,5.8,5.8,5.8,7.0,7.0,7.0,7.0,5.7,5.8,5.7,5.7,5.7,5.2,5.2,5.8,7.0,7.0,5.7,5.8,5.8,4.9,6.0,6.1,5.0,5.5,5.7,6.6,5.5,6.9,7.2]
+ new: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478]
+ detected: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ new: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478]
+ detected: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ new: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478]
+ detected: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ new: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478]
+ detected: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ new: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478]
+ detected: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ detection-update: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ detection-update: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][]
+ analyse: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.025| 0.011| 0.005| 24.788| 4.800]
+ [PKTLEN......: 48.000| 540.000| 284.500| 217.500| 47305.800| 4.600]
+ [BINS(c->s)..: 1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1]
+ [IATS(ms)....: 0.1,8.3,0.0,10.1,8.1,24.5,25.3,11.6,10.1,12.8,14.4,10.6,10.6,10.6,10.5,16.3,6.1,16.2,5.9,10.0,9.7,10.6,11.3,10.7,10.5,10.8,10.6,10.2,10.7,11.3,11.5]
+ [PKTLENS.....: 300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540]
+ [ENTROPIES...: 7.0,7.0,5.8,5.7,5.7,1.5,5.8,1.5,5.6,1.5,5.6,1.5,5.7,1.5,5.6,1.5,5.2,5.7,5.1,1.5,5.7,1.5,5.7,1.5,5.6,1.5,5.7,1.5,5.8,1.5,5.7,1.5]
+ new: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436]
+ detected: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107]
+ detected: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ new: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156]
+ detected: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156] [ICMP][Unknown][Network][Acceptable]
+ RISK: Susp Entropy
+ update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ update: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ update: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ update: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ update: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ idle: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156] [ICMP][Unknown][Network][Acceptable]
+ RISK: Susp Entropy
+ idle: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ idle: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ idle: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ idle: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ idle: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ idle: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ idle: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ idle: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ idle: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ idle: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
+ idle: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out b/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out
new file mode 100644
index 000000000..feb8f5928
--- /dev/null
+++ b/test/results/flow-info/stun_only_peer_address_enabled/telegram_videocall.pcapng.out
@@ -0,0 +1,228 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2]
+ detected: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
+ new: [.....2] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500]
+ detected: [.....2] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+ new: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443]
+ new: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443]
+ new: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443]
+ new: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443]
+ detected: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ detected: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ detected: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ analyse: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.127| 0.025| 0.031| 963.939| 3.900]
+ [PKTLEN......: 52.000| 1280.000| 541.900| 516.100| 266324.800| 4.300]
+ [BINS(c->s)..: 6,0,0,1,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 4,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,1,1,1,0,0,1,1,1,1,1]
+ [IATS(ms)....: 30.7,31.9,0.3,33.0,35.6,10.2,44.5,8.2,4.4,4.1,48.7,1.4,3.1,6.4,36.5,17.8,50.9,88.4,126.9,78.7,32.9,0.1,0.0,0.0,65.5,0.3,2.2,0.0,0.0,0.0,0.0]
+ [PKTLENS.....: 60,60,52,333,157,52,936,825,672,141,141,52,767,189,301,52,349,317,52,157,52,1280,1280,1280,1280,52,52,1280,1280,1280,1280,1280]
+ [ENTROPIES...: 4.8,5.2,5.2,7.3,6.7,5.1,7.8,7.7,7.7,6.6,6.6,5.1,7.7,6.9,7.2,5.2,7.4,7.3,5.3,6.7,5.3,7.9,7.8,7.9,7.8,5.2,5.2,7.8,7.8,7.9,7.9,7.8]
+ new: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443]
+ new: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443]
+ detected: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ detected: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ new: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443]
+ detected: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ analyse: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.047| 0.009| 0.015| 220.392| 3.200]
+ [PKTLEN......: 52.000| 1280.000| 644.300| 571.900| 327061.800| 4.300]
+ [BINS(c->s)..: 9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 2,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1]
+ [IATS(ms)....: 30.1,31.4,0.3,0.6,31.5,0.0,0.0,35.0,0.2,6.9,41.7,13.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,46.8,0.1,0.0,0.1,0.9,6.5,31.9,0.0,0.0,0.0,0.0]
+ [PKTLENS.....: 60,60,52,630,221,52,157,262,52,52,333,221,1280,1280,1280,1280,1280,1280,1280,1280,1280,52,52,52,52,52,285,1280,1280,1280,1280,1280]
+ [ENTROPIES...: 4.8,5.2,5.2,7.7,7.0,5.2,6.8,7.1,5.2,5.2,7.4,7.1,7.9,7.9,7.8,7.9,7.8,7.8,7.8,7.8,7.8,5.1,5.2,5.1,5.1,5.2,7.1,7.9,7.8,7.9,7.8,7.8]
+ new: [....10] [ip4][..tcp] [.192.168.12.169][37966] -> [.149.154.167.91][..443]
+ detected: [....10] [ip4][..tcp] [.192.168.12.169][37966] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ new: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353]
+ detected: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
+ new: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400]
+ detected: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400]
+ detected: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400]
+ detected: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400]
+ detected: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400]
+ detected: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400]
+ detected: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400]
+ detected: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400]
+ detected: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400]
+ detected: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400]
+ detected: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400]
+ detected: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400]
+ detected: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
+ RISK: Known Proto on Non Std Port
+ new: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554]
+ detected: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554]
+ detected: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393]
+ detected: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393]
+ detected: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ new: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2]
+ detected: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
+ analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.475| 0.052| 0.095| 9109.989| 3.600]
+ [PKTLEN......: 49.000| 265.000| 106.200| 48.900| 2396.000| 4.900]
+ [BINS(c->s)..: 3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0]
+ [IATS(ms)....: 75.7,88.0,12.8,2.3,9.0,48.9,21.7,0.2,117.5,0.1,18.9,57.5,0.3,20.7,0.0,35.1,54.6,306.4,41.6,24.8,9.9,17.7,18.1,17.4,474.7,0.1,42.1,15.5,14.1,40.1,18.5]
+ [PKTLENS.....: 128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119]
+ [ENTROPIES...: 5.4,5.7,5.3,5.6,5.6,5.5,5.4,5.7,5.8,5.8,5.7,5.6,5.5,5.8,5.7,5.3,5.6,5.8,7.1,6.5,6.4,6.4,6.5,6.4,7.2,5.5,5.7,5.6,6.3,6.4,5.9,6.5]
+ new: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353]
+ detected: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
+ new: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [MIDSTREAM]
+ detection-update: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ update: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
+ analyse: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 25.078| 1.818| 6.147| 37780767.900| 1.500]
+ [PKTLEN......: 52.000| 1280.000| 482.700| 530.000| 280877.200| 4.100]
+ [BINS(c->s)..: 14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1]
+ [IATS(ms)....: 29.1,30.6,0.5,31.6,35.4,6.5,41.7,9.9,0.0,0.0,0.0,46.9,0.0,41.7,2909.6,2997.7,0.0,0.0,0.0,2.4,0.1,0.1,44.3,0.0,0.0,0.1,0.1,0.1,0.1,25044.9,25078.5]
+ [PKTLENS.....: 60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52]
+ [ENTROPIES...: 4.9,5.3,5.2,7.6,7.1,5.1,6.9,7.0,7.8,7.8,7.8,7.7,5.2,5.1,5.1,7.5,7.8,7.9,7.8,7.9,7.8,7.8,7.7,5.2,5.0,5.1,5.1,5.2,5.2,5.1,5.1,5.2]
+ new: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35]
+ detected: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] [ICMP][Telegram][Network][Acceptable]
+ RISK: Susp Entropy
+ new: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23]
+ detected: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] [ICMP][Telegram][Network][Acceptable]
+ RISK: Susp Entropy
+ new: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2]
+ detected: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable]
+ RISK: Susp Entropy
+ new: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [MIDSTREAM]
+ detected: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe]
+ guessed: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: TCP Connection Issues
+ end: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443]
+ idle: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ idle: [....10] [ip4][..tcp] [.192.168.12.169][37966] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ idle: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
+ RISK: Known Proto on Non Std Port
+ idle: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
+ idle: [.....2] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+ idle: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
+ idle: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
+ idle: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
+ end: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ end: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ end: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ end: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ idle: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Susp Entropy
+ idle: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
+ RISK: Known Proto on Non Std Port
+ idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ idle: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
+ RISK: Known Proto on Non Std Port
+ idle: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable]
+ RISK: Susp Entropy
+ idle: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] [ICMP][Telegram][Network][Acceptable]
+ RISK: Susp Entropy
+ idle: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] [ICMP][Telegram][Network][Acceptable]
+ RISK: Susp Entropy
+ idle: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ end: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe]
+ guessed: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [AmazonAWS][AmazonAWS][Cloud][Acceptable]
+ idle: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222]
+ idle: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.