diff options
Diffstat (limited to 'test/results/flow-info/wa_voice.pcap.out')
| -rw-r--r-- | test/results/flow-info/wa_voice.pcap.out | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/test/results/flow-info/wa_voice.pcap.out b/test/results/flow-info/wa_voice.pcap.out index 2d1869450..ee8252a7d 100644 --- a/test/results/flow-info/wa_voice.pcap.out +++ b/test/results/flow-info/wa_voice.pcap.out @@ -2,11 +2,11 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] - detected: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] - detection-update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] + detected: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][www.google.com] + detection-update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable][www.google.com] new: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] - detected: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] - detection-update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] + detected: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][g.whatsapp.net] + detection-update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][g.whatsapp.net] new: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Cloud][Acceptable] new: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] @@ -24,11 +24,11 @@ [PKTLENS.....: 64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52] [ENTROPIES...: 4.5,5.1,5.0,7.2,5.1,6.1,6.0,6.5,7.9,5.9,7.9,6.7,7.9,6.7,7.9,5.0,5.0,5.0,5.1,5.1,5.1,5.0,7.8,5.6,5.9,6.2,5.7,6.2,5.0,7.3,5.0,5.0] new: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] - detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable] - detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable] + detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] + detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] new: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] - detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] - detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] + detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] + detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] analyse: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.163| 0.021| 0.048| 2262.349| 2.500] @@ -44,31 +44,31 @@ new: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS.Apple][Web][Safe] new: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] - detected: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] - detected: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] - detected: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] + detected: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] new: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] - detected: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detected: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_raop._tcp.local] new: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] - detected: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] - detected: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] - detected: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] - detected: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] - detected: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable][] new: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] - detected: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] - detected: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] - detection-update: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] + detected: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][pps.whatsapp.net] + detection-update: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable][pps.whatsapp.net] new: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] - detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] - detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] + detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable][pps.whatsapp.net] + detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable][pps.whatsapp.net] analyse: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.129| 0.020| 0.031| 949.768| 3.500] @@ -80,9 +80,9 @@ [PKTLENS.....: 64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440] [ENTROPIES...: 4.4,5.1,4.9,4.8,5.0,7.8,7.9,7.3,4.9,4.9,6.1,5.9,5.9,5.8,7.0,7.0,6.4,4.9,4.9,5.6,5.1,5.8,5.0,5.9,4.9,5.0,7.6,4.9,7.9,7.9,7.8,7.8] new: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable] + detected: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable][lucas-imac] new: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] - detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -95,7 +95,7 @@ [PKTLENS.....: 154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72] [ENTROPIES...: 6.5,6.5,5.3,5.3,4.6,4.5,6.5,6.5,5.2,5.1,4.6,4.5,4.6,4.5,4.6,4.5,4.6,4.5,5.7,5.2,7.0,7.1,7.1,6.6,7.3,7.0,7.2,4.6,4.5,6.5,6.5,5.2] new: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] - detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][VoIP][Acceptable] + detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][VoIP][Acceptable][] RISK: Known Proto on Non Std Port analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -107,17 +107,17 @@ [IATS(ms)....: 578.2,623.6,1203.7,72.5,167.2,11.6,115.7,158.4,0.0,172.8,173.6,169.8,156.2,136.6,155.3,179.8,99.3,157.4,38.3,163.4,181.3,166.6,142.4,3.0,26.0,115.3,6.1,171.8,106.3,56.2,143.4] [PKTLENS.....: 72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179] [ENTROPIES...: 5.5,5.6,5.5,5.6,5.5,5.6,6.9,7.1,6.7,6.6,7.3,6.5,6.7,6.6,6.5,6.6,6.5,6.6,6.7,6.8,6.7,6.7,6.7,6.7,6.5,5.2,6.6,6.6,6.7,6.6,6.6,6.8] - detection-update: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] - detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] + detection-update: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable][_homekit._tcp.local] + detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable][_homekit._tcp.local] new: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [MIDSTREAM] update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable] update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable] update: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable] update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable] new: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] - detected: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] - detected: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] + detected: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][System][Acceptable][239.255.255.250:1900] new: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] detected: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Network][Acceptable] idle: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Cloud][Acceptable] |