aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/weibo.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/flow-info/weibo.pcap.out')
-rw-r--r--test/results/flow-info/weibo.pcap.out74
1 files changed, 37 insertions, 37 deletions
diff --git a/test/results/flow-info/weibo.pcap.out b/test/results/flow-info/weibo.pcap.out
index 4ab19300c..92a51195a 100644
--- a/test/results/flow-info/weibo.pcap.out
+++ b/test/results/flow-info/weibo.pcap.out
@@ -6,22 +6,22 @@
new: [.....3] [ip4][..tcp] [..192.168.1.105][58481] -> [..216.58.214.78][..443] [MIDSTREAM]
new: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443]
new: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53]
- detected: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
- detection-update: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
+ detected: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][weibo.com]
+ detection-update: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][weibo.com]
new: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80]
new: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80]
new: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80]
new: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [MIDSTREAM]
- detected: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable]
+ detected: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable][weibo.com]
new: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53]
- detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
- detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][www.weibo.com]
+ detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][www.weibo.com]
new: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80]
- detected: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][www.weibo.com]
new: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] [MIDSTREAM]
new: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [MIDSTREAM]
new: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [MIDSTREAM]
- detection-update: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
+ detection-update: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][www.weibo.com]
analyse: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.482| 0.042| 0.114| 12948.299| 2.500]
@@ -33,17 +33,17 @@
[PKTLENS.....: 60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488]
[ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,5.1,5.1,7.9,5.1,7.9,5.1,5.1,5.1,7.8,5.1,5.2,5.1,7.9,5.1,7.2,5.1,5.1,5.2,7.8,5.1,5.8,5.1,5.2,5.0,7.9,4.9,7.9]
new: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53]
- detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
- detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn]
+ detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn]
RISK: Suspicious DNS Traffic
new: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80]
new: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80]
new: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80]
- detected: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
- detected: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
- detected: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn]
+ detected: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn]
+ detected: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn]
new: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53]
- detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][js.t.sinajs.cn]
analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.314| 0.038| 0.072| 5116.345| 3.500]
@@ -65,50 +65,50 @@
[PKTLENS.....: 60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488]
[ENTROPIES...: 4.6,5.1,4.9,5.9,5.0,5.7,4.8,7.8,4.9,8.0,4.9,7.9,4.8,8.0,4.9,7.9,4.9,5.7,5.0,5.7,5.0,7.9,4.9,7.9,4.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8]
new: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53]
- detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][u1.img.mobile.sina.cn]
new: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53]
- detected: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
+ detected: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][acjstb.aliyun.com]
RISK: Suspicious DGA Domain name
new: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53]
- detected: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable]
+ detected: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable][g.alicdn.com]
new: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53]
- detected: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable]
+ detected: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable][log.mmstat.com]
new: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53]
- detected: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
+ detected: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][login.taobao.com]
new: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80]
new: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80]
new: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80]
new: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80]
- detected: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
- detected: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
- detected: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
- detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn]
+ detected: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn]
+ detected: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][img.t.sinajs.cn]
+ detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][u1.img.mobile.sina.cn]
new: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53]
- detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][account.weibo.com]
new: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80]
- detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
+ detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][js.t.sinajs.cn]
new: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53]
- detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][c.weibo.cn]
new: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80]
- detection-update: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable]
+ detection-update: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable][g.alicdn.com]
new: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53]
- detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun][data.weibo.com]
new: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443]
- detection-update: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable]
+ detection-update: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Web][Acceptable][log.mmstat.com]
new: [....35] [ip4][..tcp] [..192.168.1.105][48352] -> [..140.205.174.1][..443]
new: [....36] [ip4][..tcp] [..192.168.1.105][48353] -> [..140.205.174.1][..443]
new: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80]
new: [....38] [ip4][..tcp] [..192.168.1.105][50831] -> [...47.89.65.229][..443]
new: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443]
- detected: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
- detected: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] [TLS.Alibaba][Web][Acceptable]
- detection-update: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
+ detected: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][js.t.sinajs.cn]
+ detected: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] [TLS.Alibaba][Web][Acceptable][g.alicdn.com]
+ detection-update: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][acjstb.aliyun.com]
RISK: Suspicious DGA Domain name, Risky Domain Name
new: [....40] [ip4][..tcp] [..192.168.1.105][52271] -> [..42.156.184.19][..443]
new: [....41] [ip4][..tcp] [..192.168.1.105][52272] -> [..42.156.184.19][..443]
- detection-update: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
+ detection-update: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Network][Acceptable][login.taobao.com]
new: [....42] [ip4][..tcp] [..192.168.1.105][47721] -> [.140.205.170.63][..443]
- detected: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
+ detected: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun][u1.img.mobile.sina.cn]
new: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443]
new: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443]
analyse: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
@@ -142,7 +142,7 @@
[PKTLENS.....: 60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488]
[ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,5.8,5.0,7.3,5.0,7.9,5.1,7.9,5.0,7.9,5.0,7.8,5.0,7.9,5.0,7.9,5.1,7.9,4.9,7.9,4.9,7.9,5.0,5.8,5.1,7.9,5.1,7.9]
idle: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80]
- guessed: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] [HTTP][Web][Acceptable]
+ guessed: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] [HTTP][Web][Acceptable][]
idle: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80]
idle: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][SocialNetwork][Fun]
idle: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
@@ -153,7 +153,7 @@
idle: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
idle: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
idle: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
- guessed: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] [HTTP][Web][Acceptable]
+ guessed: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] [HTTP][Web][Acceptable][]
idle: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80]
idle: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][SocialNetwork][Fun]
idle: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80]
@@ -195,9 +195,9 @@
guessed: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] [Google][Web][Acceptable]
idle: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361]
end: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable]
- guessed: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable]
+ guessed: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable][]
idle: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80]
- guessed: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable]
+ guessed: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80] [HTTP][Web][Acceptable][]
idle: [.....8] [ip4][..tcp] [..192.168.1.105][59121] -> [.114.134.80.162][...80]
guessed: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [TLS.Google][Web][Acceptable]
idle: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443]
Powered by cgit, Themed by Ted Yin.