aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/subclassification_disable
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/subclassification_disable')
-rw-r--r--test/results/flow-info/subclassification_disable/anydesk.pcapng.out12
-rw-r--r--test/results/flow-info/subclassification_disable/dns.pcap.out24
2 files changed, 23 insertions, 13 deletions
diff --git a/test/results/flow-info/subclassification_disable/anydesk.pcapng.out b/test/results/flow-info/subclassification_disable/anydesk.pcapng.out
index 06d396b91..f9c95e6ac 100644
--- a/test/results/flow-info/subclassification_disable/anydesk.pcapng.out
+++ b/test/results/flow-info/subclassification_disable/anydesk.pcapng.out
@@ -24,11 +24,11 @@
DAEMON-EVENT: [Processed: 61 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0]
new: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53]
- detected: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
- detection-update: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
+ detected: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
+ detection-update: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
new: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53]
- detected: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
- detection-update: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
+ detected: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
+ detection-update: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
idle: [.....1] [ip4][..tcp] [192.168.149.129][36351] -> [..51.83.239.144][...80] [TLS][AnyDesk][Web][Safe]
RISK: Known Proto on Non Std Port
idle: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][AnyDesk][RemoteAccess][Acceptable]
@@ -72,10 +72,10 @@
[IATS(ms)....: 17.7,17.8,0.9,17.8,3.4,20.3,0.1,0.0,3.8,21.9,18.1,0.1,0.0,0.9,64.2,13.4,76.8,1.5,18.4,206.6,224.8,0.0,0.0,18.7,0.0,62.8,0.0,80.2,8427.9,8444.6,314.0]
[PKTLENS.....: 60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145]
[ENTROPIES...: 4.8,5.3,5.1,5.6,5.1,7.5,5.1,7.7,5.1,7.7,6.0,5.1,6.1,5.1,6.9,5.2,6.9,5.2,6.6,5.2,6.6,7.9,7.9,7.8,5.2,5.2,6.1,5.9,5.1,6.5,5.2,6.6]
- idle: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
+ idle: [.....4] [ip4][..udp] [..192.168.1.187][55376] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-9b6827f2.net.anydesk.com]
end: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port, Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing
- idle: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS.AnyDesk][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
+ idle: [.....3] [ip4][..udp] [..192.168.1.187][59511] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][relay-3185a847.net.anydesk.com]
idle: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing
idle: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
diff --git a/test/results/flow-info/subclassification_disable/dns.pcap.out b/test/results/flow-info/subclassification_disable/dns.pcap.out
index 3085f6e88..711e92324 100644
--- a/test/results/flow-info/subclassification_disable/dns.pcap.out
+++ b/test/results/flow-info/subclassification_disable/dns.pcap.out
@@ -1,11 +1,21 @@
DAEMON-EVENT: init
- DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
- new: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795]
- detected: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable][www.l.google.com]
- DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0]
- DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353]
+ detected: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa]
+ new: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53]
+ detected: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] [DNS][Unknown][Network][Acceptable][opentracker.io]
+ detection-update: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] [DNS][Unknown][Network][Acceptable][opentracker.io]
+ update: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa]
+ DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 1]
+ new: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795]
+ detected: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable][www.l.google.com]
+ idle: [.....1] [ip6][..udp] [...............fe80::a00:27ff:feb3:e62e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa]
+ end: [.....2] [ip6][..tcp] [..2001:b07:a3d:c112:b831:a73f:7974:e604][49774] -> [...................2001:b07:a3d:c112::1][...53] [DNS][Unknown][Network][Acceptable][opentracker.io]
+ detection-update: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable][www.example.com]
+ detection-update: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable][www.example.com]
+ DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 1]
ERROR-EVENT: Unknown packet type [1/16]
ERROR-EVENT: Unknown packet type [2/16]
- idle: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable][www.l.google.com]
+ idle: [.....3] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.