aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/tunnelbear.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/tunnelbear.pcap.out')
-rw-r--r--test/results/flow-info/tunnelbear.pcap.out80
1 files changed, 40 insertions, 40 deletions
diff --git a/test/results/flow-info/tunnelbear.pcap.out b/test/results/flow-info/tunnelbear.pcap.out
index 0c13187ee..011359172 100644
--- a/test/results/flow-info/tunnelbear.pcap.out
+++ b/test/results/flow-info/tunnelbear.pcap.out
@@ -2,23 +2,23 @@
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443]
- detected: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable][api.tunnelbear.com]
new: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443]
new: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443]
new: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443]
- detected: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
new: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443]
- detected: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detected: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detected: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable][api.tunnelbear.com]
+ detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
new: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443]
- detected: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe]
- detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe]
+ detected: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe][mobile-collector.newrelic.com]
+ detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS][Web][Safe][mobile-collector.newrelic.com]
analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.266| 0.037| 0.060| 3626.297| 3.500]
@@ -31,10 +31,10 @@
[ENTROPIES...: 4.5,4.5,4.6,6.1,4.5,7.2,4.5,5.9,4.5,7.4,4.5,7.6,4.6,7.4,4.5,7.1,7.4,4.5,7.6,4.5,6.5,4.5,4.6,5.3,4.5,7.9,4.6,7.6,4.6,7.1,4.6,7.9]
new: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443]
new: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443]
- detected: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
analyse: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.234| 0.036| 0.055| 3015.001| 3.600]
@@ -46,22 +46,22 @@
[PKTLENS.....: 60,40,40,557,40,196,40,91,40,576,40,576,40,303,40,118,363,40,78,40,789,40,213,40,78,40,71,40,40,40,40,40]
[ENTROPIES...: 4.5,4.6,4.6,6.1,4.5,6.1,4.7,5.4,4.5,7.4,4.6,7.6,4.5,7.2,4.5,5.9,7.4,4.6,5.3,4.6,7.7,4.7,6.8,4.7,5.3,4.6,5.1,4.5,4.5,4.4,4.5,4.5]
new: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [MIDSTREAM]
- detected: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
new: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [MIDSTREAM]
new: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443]
- detected: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable]
+ detected: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable][mqtt-mini.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable]
+ detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Chat][Acceptable][mqtt-mini.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443]
- detected: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable]
+ detected: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable][capi.grammarly.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable]
+ detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable][capi.grammarly.com]
RISK: TLS (probably) Not Carrying HTTPS
- detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable]
+ detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS.AmazonAWS][Cloud][Acceptable][capi.grammarly.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228]
- detected: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable]
+ detected: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable][mtalk.google.com]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
end: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
end: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443]
@@ -69,29 +69,29 @@
end: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443]
end: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
end: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable]
+ detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Web][Acceptable][mtalk.google.com]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
new: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443]
- detected: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
new: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443]
new: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443]
- detected: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
new: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443]
new: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443]
- detected: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable][api.tunnelbear.com]
new: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443]
- detected: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detected: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detected: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detected: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detected: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
new: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443]
- detected: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe]
- detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable]
- detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe]
+ detected: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe][mobile-collector.newrelic.com]
+ detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
+ detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][VPN][Acceptable][api.tunnelbear.com]
+ detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS][Web][Safe][mobile-collector.newrelic.com]
analyse: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.340| 0.040| 0.084| 7024.527| 3.000]
@@ -103,13 +103,13 @@
[PKTLENS.....: 60,40,40,557,40,196,40,91,40,93,40,126,40,576,40,576,40,165,40,109,78,40,78,361,40,576,40,148,40,363,40,2940]
[ENTROPIES...: 4.5,4.5,4.5,6.1,4.6,6.0,4.6,5.4,4.6,5.5,4.6,5.9,4.5,7.6,4.5,7.6,4.6,6.8,4.5,5.9,5.3,4.6,5.3,7.2,4.6,7.6,4.6,6.5,4.6,7.3,4.5,7.9]
new: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443]
- detected: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable]
+ detected: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] [TLS.TunnelBear][VPN][Acceptable][api.polargrizzly.com]
idle: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228]
idle: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443]
idle: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443]
idle: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443]
idle: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443]
- guessed: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable]
+ guessed: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [DNS.Google][Web][Acceptable][]
end: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53]
idle: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443]
end: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443]
Powered by cgit, Themed by Ted Yin.