diff options
Diffstat (limited to 'test/results/flow-info')
67 files changed, 2297 insertions, 899 deletions
diff --git a/test/results/flow-info/default/1kxun.pcap.out b/test/results/flow-info/default/1kxun.pcap.out index 7c228723e..452bca122 100644 --- a/test/results/flow-info/default/1kxun.pcap.out +++ b/test/results/flow-info/default/1kxun.pcap.out @@ -40,10 +40,10 @@ detected: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] new: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] detected: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] detected: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] new: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] @@ -67,10 +67,10 @@ new: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] new: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] detected: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] detected: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected detected: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] detected: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] detected: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] @@ -277,10 +277,10 @@ detected: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] detected: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] detected: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] detected: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] @@ -339,12 +339,12 @@ update: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] update: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] update: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun] update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] update: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -400,13 +400,13 @@ update: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] update: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] update: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun] update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] update: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected DAEMON-EVENT: [Processed: 1032 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 129 / 129|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 38] new: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [MIDSTREAM] @@ -465,7 +465,7 @@ idle: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected not-detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] idle: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -520,7 +520,7 @@ guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] idle: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] idle: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] RISK: HTTP Susp User-Agent @@ -545,7 +545,7 @@ not-detected: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] idle: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] idle: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] not-detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] @@ -570,7 +570,7 @@ idle: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable] @@ -591,11 +591,11 @@ idle: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] idle: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] diff --git a/test/results/flow-info/default/adult_content.pcap.out b/test/results/flow-info/default/adult_content.pcap.out index 6be4bf51d..6cd27ac93 100644 --- a/test/results/flow-info/default/adult_content.pcap.out +++ b/test/results/flow-info/default/adult_content.pcap.out @@ -2,7 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] - detected: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] [STUN.AdultContent][Unknown][AdultContent][Acceptable][b-eu14.stripcdn.com] + detected: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] [STUN.AdultContent][Unknown][AdultContent][Acceptable][b-eu14.stripcdn.com] RISK: Known Proto on Non Std Port idle: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] [STUN.AdultContent][Unknown][AdultContent][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/default/anyconnect-vpn.pcap.out b/test/results/flow-info/default/anyconnect-vpn.pcap.out index 048596c86..5c44ce98e 100644 --- a/test/results/flow-info/default/anyconnect-vpn.pcap.out +++ b/test/results/flow-info/default/anyconnect-vpn.pcap.out @@ -30,11 +30,11 @@ detection-update: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][vco.pandion.viasat.com] new: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] detected: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [MIDSTREAM] detected: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [TLS][AmazonAWS][Web][Safe] RISK: Unidirectional Traffic @@ -43,11 +43,11 @@ RISK: Unidirectional Traffic new: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] detected: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.072| 0.021| 0.022| 465.190| 4.000] @@ -59,7 +59,7 @@ [PKTLENS.....: 64,56,52,219,52,1500,52,1500,1500,52,52,1500,1167,52,52,1500,1500,1319,52,52,663,52,127,52,1161,52,345,697,105,52,52,52] [ENTROPIES...: 4.3,5.1,4.8,5.5,4.8,7.3,4.8,7.1,7.2,4.9,4.8,7.4,5.9,4.8,4.8,6.8,7.2,7.5,4.7,4.8,7.6,4.7,6.2,4.8,7.8,4.9,7.3,7.7,5.8,4.9,4.8,4.8] detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] detected: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][local] RISK: Unidirectional Traffic @@ -259,7 +259,9 @@ new: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] detected: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlezone._tcp.local] detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local] + RISK: Susp DNS Traffic detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlezone._tcp.local] + RISK: Susp DNS Traffic new: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] detected: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] [ICMP][Unknown][Network][Acceptable] idle: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] @@ -295,6 +297,7 @@ RISK: Error Code idle: [.....5] [ip6][icmp6] [..............fe80::2e7e:81ff:feb0:4aa1] -> [................................ff02::1] [ICMPV6][Unknown][Network][Acceptable] idle: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + RISK: Susp DNS Traffic idle: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] idle: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable] RISK: Error Code @@ -324,7 +327,7 @@ RISK: Unidirectional Traffic end: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] end: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn guessed: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443] [TLS][Google][Web][Safe] diff --git a/test/results/flow-info/default/bad-dns-traffic.pcap.out b/test/results/flow-info/default/bad-dns-traffic.pcap.out index 03459e53e..a33483876 100644 --- a/test/results/flow-info/default/bad-dns-traffic.pcap.out +++ b/test/results/flow-info/default/bad-dns-traffic.pcap.out @@ -3,24 +3,24 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] detected: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name new: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] detected: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name analyse: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.063| 4.102| 1.074| 0.689| 474850.951| 4.700] @@ -32,20 +32,20 @@ [PKTLENS.....: 119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309] [ENTROPIES...: 4.9,5.0,5.0,5.0,5.0,4.9,5.0,5.0,5.0,5.1,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,4.9,5.0,4.9,5.0,5.0,5.0,5.0,5.0,4.9,4.2,4.3] update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name new: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] detected: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name idle: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name idle: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name idle: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/bets.pcapng.out b/test/results/flow-info/default/bets.pcapng.out new file mode 100644 index 000000000..4a7c2817c --- /dev/null +++ b/test/results/flow-info/default/bets.pcapng.out @@ -0,0 +1,19 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] + detected: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] + analyse: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.047| 0.011| 0.018| 331.618| 3.200] + [PKTLEN......: 52.000| 1420.000| 286.800| 477.200| 227739.300| 3.600] + [BINS(c->s)..: 12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1] + [IATS(ms)....: 45.1,45.1,0.7,45.8,1.5,46.5,0.2,0.2,0.4,0.4,0.5,0.0,0.5,2.5,0.0,0.1,0.1,44.5,1.0,0.9,0.0,0.1,43.8,0.2,0.2,0.1,3.0,3.0,1.7,39.8,5.7] + [PKTLENS.....: 64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52] + [ENTROPIES...: 4.4,5.3,5.1,6.2,5.1,7.8,5.0,7.8,5.2,7.9,5.1,7.8,6.0,5.1,4.9,6.1,6.5,6.1,5.2,5.2,5.2,5.2,6.8,5.1,6.2,5.2,5.6,7.8,5.1,5.0,5.2,5.2] + detection-update: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] + end: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/can.pcap.out b/test/results/flow-info/default/can.pcap.out new file mode 100644 index 000000000..6d1c3ee6a --- /dev/null +++ b/test/results/flow-info/default/can.pcap.out @@ -0,0 +1,46 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..207.134.64.89][36251] -> [..48.220.224.78][11898] + detected: [.....1] [ip4][..udp] [..207.134.64.89][36251] -> [..48.220.224.78][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....2] [ip4][..udp] [....55.97.32.36][56551] -> [....61.40.63.42][25353] + detected: [.....2] [ip4][..udp] [....55.97.32.36][56551] -> [....61.40.63.42][25353] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + update: [.....1] [ip4][..udp] [..207.134.64.89][36251] -> [..48.220.224.78][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....3] [ip4][..udp] [..128.244.36.46][34952] -> [.196.77.109.252][11898] + detected: [.....3] [ip4][..udp] [..128.244.36.46][34952] -> [.196.77.109.252][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....4] [ip4][..udp] [103.183.191.240][46565] -> [..73.121.85.123][63575] + detected: [.....4] [ip4][..udp] [103.183.191.240][46565] -> [..73.121.85.123][63575] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....5] [ip4][..udp] [..247.111.83.65][53276] -> [..172.44.102.53][11898] + detected: [.....5] [ip4][..udp] [..247.111.83.65][53276] -> [..172.44.102.53][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....6] [ip4][..udp] [.248.12.123.236][39411] -> [..69.120.47.124][..540] + detected: [.....6] [ip4][..udp] [.248.12.123.236][39411] -> [..69.120.47.124][..540] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....7] [ip4][..udp] [156.187.243.113][52611] -> [.211.116.172.72][11898] + detected: [.....7] [ip4][..udp] [156.187.243.113][52611] -> [.211.116.172.72][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....8] [ip4][..udp] [..140.194.231.1][58665] -> [....89.92.174.8][32367] + detected: [.....8] [ip4][..udp] [..140.194.231.1][58665] -> [....89.92.174.8][32367] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..128.244.36.46][34952] -> [.196.77.109.252][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....6] [ip4][..udp] [.248.12.123.236][39411] -> [..69.120.47.124][..540] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [....55.97.32.36][56551] -> [....61.40.63.42][25353] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....8] [ip4][..udp] [..140.194.231.1][58665] -> [....89.92.174.8][32367] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [..247.111.83.65][53276] -> [..172.44.102.53][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....7] [ip4][..udp] [156.187.243.113][52611] -> [.211.116.172.72][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....4] [ip4][..udp] [103.183.191.240][46565] -> [..73.121.85.123][63575] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [..207.134.64.89][36251] -> [..48.220.224.78][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/crynet.pcap.out b/test/results/flow-info/default/crynet.pcap.out index 28e0863bc..fb93f9d11 100644 --- a/test/results/flow-info/default/crynet.pcap.out +++ b/test/results/flow-info/default/crynet.pcap.out @@ -23,8 +23,27 @@ new: [.....4] [ip4][..udp] [..192.168.2.100][55645] -> [...78.159.98.94][28375] detected: [.....4] [ip4][..udp] [..192.168.2.100][55645] -> [...78.159.98.94][28375] [CryNetwork][Unknown][Game][Fun] RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..192.168.2.100][56970] -> [..84.16.230.222][28665] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 60 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....5] [ip4][..udp] [..192.168.2.100][60751] -> [..84.16.248.143][30098] + detected: [.....5] [ip4][..udp] [..192.168.2.100][60751] -> [..84.16.248.143][30098] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic idle: [.....4] [ip4][..udp] [..192.168.2.100][55645] -> [...78.159.98.94][28375] [CryNetwork][Unknown][Game][Fun] RISK: Unidirectional Traffic - idle: [.....3] [ip4][..udp] [..192.168.2.100][56970] -> [..84.16.230.222][28665] [CryNetwork][Unknown][Game][Fun] + new: [.....6] [ip4][..udp] [..192.168.2.100][60224] -> [.78.159.106.139][28343] + detected: [.....6] [ip4][..udp] [..192.168.2.100][60224] -> [.78.159.106.139][28343] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [..192.168.2.100][60751] -> [..84.16.248.143][30098] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 90 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....7] [ip4][..udp] [..192.168.2.100][55460] -> [.78.159.118.143][21931] + detected: [.....7] [ip4][..udp] [..192.168.2.100][55460] -> [.78.159.118.143][21931] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [.....6] [ip4][..udp] [..192.168.2.100][60224] -> [.78.159.106.139][28343] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [.....7] [ip4][..udp] [..192.168.2.100][55460] -> [.78.159.118.143][21931] [CryNetwork][Unknown][Game][Fun] RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/custom_categories.pcapng.out b/test/results/flow-info/default/custom_categories.pcapng.out new file mode 100644 index 000000000..a10d5e7be --- /dev/null +++ b/test/results/flow-info/default/custom_categories.pcapng.out @@ -0,0 +1,41 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] + detected: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + analyse: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.057| 0.386| 0.141| 0.077| 5894.261| 4.800] + [PKTLEN......: 72.000| 640.000| 135.700| 113.000| 12766.000| 4.700] + [BINS(c->s)..: 12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 57.0,57.5,79.9,80.4,89.2,138.8,253.3,182.4,385.9,91.3,93.1,94.6,191.3,165.0,76.9,108.8,123.7,109.4,199.4,91.0,94.0,69.4,74.3,78.6,142.6,139.5,141.5,314.1,235.6,200.5,202.4] + [PKTLENS.....: 80,80,72,87,87,348,228,72,84,92,84,236,220,72,84,212,212,72,100,116,72,84,212,84,84,84,84,640,72,100,72,116] + [ENTROPIES...: 3.4,4.0,3.8,4.4,4.3,6.7,6.2,3.8,4.1,4.5,4.2,6.6,6.5,3.8,4.1,6.4,6.4,3.8,4.6,5.1,3.8,4.1,6.4,4.0,4.1,4.1,4.1,7.6,3.8,4.7,3.8,5.1] + DAEMON-EVENT: [Processed: 62 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] + new: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] + detected: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher + detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher + detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher + detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher + detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher + end: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Processed: 84 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0] + ERROR-EVENT: Unknown packet type [1/16] + idle: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/custom_risk_mask.pcapng.out b/test/results/flow-info/default/custom_risk_mask.pcapng.out new file mode 100644 index 000000000..3c72ec460 --- /dev/null +++ b/test/results/flow-info/default/custom_risk_mask.pcapng.out @@ -0,0 +1,14 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..udp] [...............fe80::7c0:e74e:87c3:5d93][.6741] -> [..............................ff02::1:3][.5355] + detected: [.....1] [ip6][..udp] [...............fe80::7c0:e74e:87c3:5d93][.6741] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [.....2] [ip6][..udp] [..............fe80::356b:e047:3695:f741][16765] -> [..............................ff02::1:3][.5355] + detected: [.....2] [ip6][..udp] [..............fe80::356b:e047:3695:f741][16765] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + idle: [.....1] [ip6][..udp] [...............fe80::7c0:e74e:87c3:5d93][.6741] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + idle: [.....2] [ip6][..udp] [..............fe80::356b:e047:3695:f741][16765] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/custom_rules_ipv6.pcapng.out b/test/results/flow-info/default/custom_rules_ipv6.pcapng.out new file mode 100644 index 000000000..2617333bf --- /dev/null +++ b/test/results/flow-info/default/custom_rules_ipv6.pcapng.out @@ -0,0 +1,27 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..udp] [.........3ffe:507::1:200:86ff:fe05:80da][21554] -> [......................3ffe:501:4819::42][.5333] + DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][..100] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][.1991] + detected: [.....2] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][..100] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][.1991] [DTLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + new: [.....3] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][36098] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][50621] + detected: [.....3] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][36098] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][50621] [DTLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + not-detected: [.....1] [ip6][..udp] [.........3ffe:507::1:200:86ff:fe05:80da][21554] -> [......................3ffe:501:4819::42][.5333] [Unknown][Unknown][Unrated] + idle: [.....1] [ip6][..udp] [.........3ffe:507::1:200:86ff:fe05:80da][21554] -> [......................3ffe:501:4819::42][.5333] + DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 1|guessed: 0|detection-updates: 0|updates: 0] + new: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] + new: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] + idle: [.....2] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][..100] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][.1991] [DTLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + idle: [.....3] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][36098] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][50621] [DTLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + not-detected: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] [Unknown][Unknown][Unrated] + idle: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] + not-detected: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] [Unknown][Unknown][Unrated] + idle: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns-exf.pcap.out b/test/results/flow-info/default/dns-exf.pcap.out new file mode 100644 index 000000000..2eb4561df --- /dev/null +++ b/test/results/flow-info/default/dns-exf.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.2.225][45290] -> [..192.168.2.134][...53] + detected: [.....1] [ip4][..udp] [..192.168.2.225][45290] -> [..192.168.2.134][...53] [DNS][Unknown][Network][Acceptable][4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt] + RISK: Susp DNS Traffic, Non-Printable/Invalid Chars Detected, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..192.168.2.225][45290] -> [..192.168.2.134][...53] [DNS][Unknown][Network][Acceptable][4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt] + RISK: Susp DNS Traffic, Non-Printable/Invalid Chars Detected, Minor Issues + idle: [.....1] [ip4][..udp] [..192.168.2.225][45290] -> [..192.168.2.134][...53] [DNS][Unknown][Network][Acceptable] + RISK: Susp DNS Traffic, Non-Printable/Invalid Chars Detected, Minor Issues + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns-google-nsid.pcapng.out b/test/results/flow-info/default/dns-google-nsid.pcapng.out index 36db0919e..2af3c6708 100644 --- a/test/results/flow-info/default/dns-google-nsid.pcapng.out +++ b/test/results/flow-info/default/dns-google-nsid.pcapng.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] - detected: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Unknown][Network][Acceptable][] + detected: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Google][Network][Acceptable][] RISK: Unidirectional Traffic - detection-update: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Unknown][Network][Acceptable][] + detection-update: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Google][Network][Acceptable][] DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] @@ -19,23 +19,23 @@ detected: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wireshark.org] RISK: Unidirectional Traffic detection-update: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wireshark.org] - idle: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Google][Network][Acceptable] new: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] - detected: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Unknown][Network][Safe][www.ntop.org] + detected: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org] RISK: Unidirectional Traffic - detection-update: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Unknown][Network][Safe][www.ntop.org] + detection-update: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org] new: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] - detected: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Unknown][Network][Safe][www.wikipedia.it] + detected: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it] RISK: Unidirectional Traffic - detection-update: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Unknown][Network][Safe][www.wikipedia.it] + detection-update: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it] new: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] - detected: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Unknown][Network][Acceptable][www.wireshark.org] + detected: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wireshark.org] RISK: Unidirectional Traffic - detection-update: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Unknown][Network][Acceptable][www.wireshark.org] + detection-update: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wireshark.org] idle: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable] - idle: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Unknown][Network][Safe] - idle: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Unknown][Network][Safe] + idle: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Google][Network][Safe] + idle: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Google][Network][Safe] idle: [.....3] [ip4][..udp] [...192.168.1.29][62500] -> [........8.8.4.4][...53] [DNS.Wikipedia][Google][Network][Safe] idle: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] [DNS.ntop][Google][Network][Safe] - idle: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns-invalid-chars.pcap.out b/test/results/flow-info/default/dns-invalid-chars.pcap.out index 9316b3e24..63860ff9f 100644 --- a/test/results/flow-info/default/dns-invalid-chars.pcap.out +++ b/test/results/flow-info/default/dns-invalid-chars.pcap.out @@ -3,9 +3,9 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] detected: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Unknown][Network][Acceptable][www.allyourba???arebelongto.cn] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Unknown][Network][Acceptable][www.allyourbasesare???ongto.cn] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns2tcp_tunnel.pcap.out b/test/results/flow-info/default/dns2tcp_tunnel.pcap.out new file mode 100644 index 000000000..a6d3ee657 --- /dev/null +++ b/test/results/flow-info/default/dns2tcp_tunnel.pcap.out @@ -0,0 +1,21 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] + detected: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch + detection-update: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch + analyse: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.088| 0.311| 0.823| 676677.157| 2.200] + [PKTLEN......: 40.000| 1628.000| 193.500| 364.600| 132965.600| 3.700] + [BINS(c->s)..: 9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0] + [IATS(ms)....: 15.2,15.2,0.4,15.3,1.8,16.7,0.1,0.1,90.4,0.1,0.1,105.3,0.0,0.1,14.9,0.0,0.1,6.0,0.0,6.0,0.4,8.9,6.4,1568.6,0.0,1583.6,0.7,15.6,3073.2,0.0,3088.2] + [PKTLENS.....: 60,52,40,301,46,1500,40,1628,40,104,126,164,46,46,111,40,46,71,311,71,40,144,46,46,259,71,40,202,46,344,71,40] + [ENTROPIES...: 4.7,4.7,4.5,6.0,4.2,7.8,4.5,7.9,4.5,6.0,6.3,6.7,4.2,4.1,6.1,4.5,4.2,5.5,7.2,5.5,4.4,6.4,4.2,4.2,7.2,5.4,4.5,6.8,4.2,7.3,5.5,4.5] + idle: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns_ambiguous_names.pcap.out b/test/results/flow-info/default/dns_ambiguous_names.pcap.out index f647da8c5..c29e44189 100644 --- a/test/results/flow-info/default/dns_ambiguous_names.pcap.out +++ b/test/results/flow-info/default/dns_ambiguous_names.pcap.out @@ -23,9 +23,9 @@ detection-update: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][Google][Network][Safe][android.clients.google.com] new: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] detected: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][_.teams.microsoft.com] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][_.teams.microsoft.com] - RISK: Error Code + RISK: Non-Printable/Invalid Chars Detected, Error Code new: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] detected: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS.Google][Google][Network][Acceptable][wide-youtube.l.google.com] RISK: Unidirectional Traffic @@ -51,6 +51,6 @@ idle: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS.AppleSiri][Google][Network][Acceptable] idle: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe] idle: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe] - RISK: Error Code + RISK: Non-Printable/Invalid Chars Detected, Error Code idle: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns_fragmented.pcap.out b/test/results/flow-info/default/dns_fragmented.pcap.out index 9fc59a981..14bae7c26 100644 --- a/test/results/flow-info/default/dns_fragmented.pcap.out +++ b/test/results/flow-info/default/dns_fragmented.pcap.out @@ -8,15 +8,15 @@ RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] new: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] - detected: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][pa.weberlab.de] + detected: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][pa.weberlab.de] RISK: Unidirectional Traffic - detection-update: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][pa.weberlab.de] + detection-update: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][pa.weberlab.de] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv6/L4 payload detection failed [2/16] new: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] - detected: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detected: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Unidirectional Traffic - detection-update: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detection-update: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv6/L4 payload detection failed [3/16] new: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] @@ -26,9 +26,9 @@ RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16] new: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] - detected: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detected: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Unidirectional Traffic - detection-update: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detection-update: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Large DNS Packet (512+ bytes) new: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] detected: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable][weberlab.de] @@ -37,9 +37,9 @@ RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16] new: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] - detected: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detected: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Unidirectional Traffic - detection-update: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detection-update: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Large DNS Packet (512+ bytes) DAEMON-EVENT: [Processed: 14 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 7 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0] @@ -61,28 +61,28 @@ detection-update: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2-mgmt.weberlab.de] idle: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message - idle: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message - idle: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes) idle: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message idle: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message - idle: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes) - idle: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message DAEMON-EVENT: [Processed: 22 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 11|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 0] new: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] - detected: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][sigok.verteiltesysteme.net] + detected: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][sigok.verteiltesysteme.net] RISK: Unidirectional Traffic - detection-update: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][sigok.verteiltesysteme.net] + detection-update: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][sigok.verteiltesysteme.net] new: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] - detected: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][sigfail.verteiltesysteme.net] + detected: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][sigfail.verteiltesysteme.net] RISK: Unidirectional Traffic - detection-update: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][sigfail.verteiltesysteme.net] + detection-update: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][sigfail.verteiltesysteme.net] RISK: Error Code new: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] detected: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] [DNS][Unknown][Network][Acceptable][formel1.de] @@ -109,26 +109,26 @@ RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] new: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] - detected: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][ns2.weberdns.de] + detected: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][ns2.weberdns.de] RISK: Unidirectional Traffic - detection-update: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][ns2.weberdns.de] + detection-update: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][ns2.weberdns.de] new: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] detected: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] [DNS][Unknown][Network][Acceptable][weberlab.de] detection-update: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] [DNS][Unknown][Network][Acceptable][weberlab.de] new: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] - detected: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][ns2.weberdns.de] + detected: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][ns2.weberdns.de] RISK: Unidirectional Traffic - detection-update: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][ns2.weberdns.de] + detection-update: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][ns2.weberdns.de] new: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] detected: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Unknown][Network][Acceptable][weberlab.de] detection-update: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Unknown][Network][Acceptable][weberlab.de] - idle: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable] + idle: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable] end: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Unknown][Network][Acceptable] idle: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message - idle: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable] + idle: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable] idle: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] - idle: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable] + idle: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable] idle: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] [DNS][Unknown][Network][Acceptable] idle: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53] [DNS][Unknown][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message diff --git a/test/results/flow-info/default/doh.pcapng.out b/test/results/flow-info/default/doh.pcapng.out index bbcd31915..09ea6804f 100644 --- a/test/results/flow-info/default/doh.pcapng.out +++ b/test/results/flow-info/default/doh.pcapng.out @@ -3,9 +3,9 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] detected: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400] @@ -17,5 +17,5 @@ [PKTLENS.....: 60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.4,4.4,4.2,5.9,4.1,7.8,4.1,7.9,4.1,7.1,4.1,5.9,6.2,6.4,6.0,4.1,4.1,6.2,4.1,5.5,4.1,4.1,7.4,5.5,4.1,4.1,4.2,4.1,4.1,4.1,4.2,4.1] idle: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ethereum.pcap.out b/test/results/flow-info/default/ethereum.pcap.out index 768434d96..d099bf8ad 100644 --- a/test/results/flow-info/default/ethereum.pcap.out +++ b/test/results/flow-info/default/ethereum.pcap.out @@ -2,29 +2,29 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] - detected: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] - detected: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] - detected: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] - detected: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] - detected: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] - detected: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] - detected: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] - detected: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] new: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] new: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] @@ -41,21 +41,16 @@ new: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] new: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] new: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] - detected: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] new: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] - detected: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] - detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [Mining][AmazonAWS][Mining][Unsafe] + detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.063| 0.008| 0.018| 335.828| 2.400] [PKTLEN......: 46.000| 547.000| 91.200| 114.100| 13011.400| 4.400] @@ -66,9 +61,8 @@ [PKTLENS.....: 64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.1,5.3,5.1,5.3,5.1,5.5,5.7,5.1,5.1,5.2,5.1,5.8,5.2,6.7,5.2,5.5,5.9,5.2,5.2,5.5,5.5,5.1,3.7,3.7] new: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] - detected: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.063| 0.009| 0.019| 355.411| 2.700] [PKTLEN......: 52.000| 598.000| 107.800| 122.800| 15078.800| 4.400] @@ -78,18 +72,15 @@ [IATS(ms)....: 42.9,43.0,1.9,62.9,2.0,0.0,0.0,0.0,0.0,63.0,0.0,0.0,0.0,0.1,0.1,0.0,1.3,0.0,0.1,0.0,0.1,0.4,0.0,0.0,0.0,0.1,32.2,0.0,0.0,30.2,0.8] [PKTLENS.....: 64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64] [ENTROPIES...: 4.4,5.4,5.1,7.7,5.2,7.5,6.0,5.2,6.9,5.3,5.1,5.0,5.0,5.0,5.5,5.0,5.0,5.9,5.0,6.8,5.2,5.4,5.9,5.0,6.0,5.4,5.4,5.2,5.2,5.2,7.3,5.2] - detected: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] new: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] - detected: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] - detected: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [Mining][AmazonAWS][Mining][Unsafe] + detected: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.070| 0.011| 0.024| 583.849| 2.400] [PKTLEN......: 46.000| 564.000| 90.300| 111.300| 12394.700| 4.400] @@ -100,16 +91,14 @@ [PKTLENS.....: 64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.9,5.3,5.3,5.5,5.6,5.1,5.0,5.0,5.0,5.1,5.1,5.3,5.1,6.0,5.2,6.7,5.2,5.5,5.8,5.1,5.2,5.5,5.6,5.1,3.6,3.6] new: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] - detected: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [Mining][Tencent][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [ETHEREUM][Tencent][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] - detected: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + analyse: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.073| 0.008| 0.018| 321.083| 2.400] [PKTLEN......: 46.000| 473.000| 85.000| 93.300| 8701.200| 4.500] @@ -119,25 +108,17 @@ [IATS(ms)....: 36.4,36.5,1.5,44.0,0.5,0.0,0.1,0.0,0.0,43.1,0.0,0.0,0.0,0.0,0.7,0.0,0.1,0.0,0.0,0.1,0.1,0.1,0.0,0.0,0.0,72.9,0.0,0.0,0.7,0.0,0.0] [PKTLENS.....: 64,60,52,473,52,392,84,53,54,81,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46] [ENTROPIES...: 4.4,5.4,5.1,7.5,5.3,7.4,6.0,5.2,5.3,5.9,5.1,5.1,5.1,5.0,5.1,5.9,5.1,6.7,5.2,5.6,5.9,5.2,5.2,5.5,5.6,5.1,5.3,4.0,3.9,4.0,4.0,4.0] - detected: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + detected: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] new: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] - detected: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] new: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] - detected: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + detected: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + analyse: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.079| 0.012| 0.027| 705.641| 2.400] [PKTLEN......: 46.000| 531.000| 90.400| 111.100| 12335.600| 4.400] @@ -147,7 +128,7 @@ [IATS(ms)....: 68.5,68.6,1.4,78.1,1.9,0.1,78.6,0.0,0.2,0.0,0.0,0.2,0.0,0.0,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,67.2,0.0] [PKTLENS.....: 64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,6.0,5.2,5.1,5.3,5.3,5.6,5.1,5.1,5.1,5.6,5.3,5.1,5.1,5.9,5.2,6.8,5.3,5.6,5.9,5.1,5.2,5.5,5.6,5.1,3.9,3.9] - analyse: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.077| 0.012| 0.026| 688.970| 2.400] [PKTLEN......: 46.000| 494.000| 87.100| 105.300| 11090.000| 4.400] @@ -160,12 +141,11 @@ new: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] new: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] new: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] - detected: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] - detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] + detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.164| 0.023| 0.053| 2778.035| 2.400] [PKTLEN......: 46.000| 522.000| 89.000| 105.000| 11031.500| 4.500] @@ -175,14 +155,12 @@ [IATS(ms)....: 134.4,134.5,2.0,164.5,0.7,163.1,0.2,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.2,0.2,0.4,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,112.9,0.0] [PKTLENS.....: 64,60,52,447,52,522,52,84,53,52,52,54,65,68,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] [ENTROPIES...: 4.4,5.3,5.0,7.5,5.1,7.6,4.9,6.0,5.2,5.0,5.0,5.3,5.6,5.6,5.0,5.0,4.9,5.1,5.0,5.9,5.1,6.8,5.2,5.5,5.9,5.1,5.1,5.5,5.5,5.0,5.1,3.7] - detected: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] new: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] new: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] - analyse: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.007| 0.014| 203.606| 2.800] [PKTLEN......: 52.000| 546.000| 106.000| 112.400| 12624.200| 4.500] @@ -193,9 +171,8 @@ [PKTLENS.....: 64,60,52,467,52,546,52,84,53,176,55,68,84,53,195,52,52,52,68,52,84,53,100,67,68,64,64,64,64,212,164,52] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.2,7.6,5.0,5.9,5.0,6.7,5.2,5.5,6.1,5.2,6.8,5.0,5.1,5.1,5.6,5.1,5.9,5.2,6.1,5.6,5.5,5.1,5.1,5.2,5.1,6.9,6.7,5.2] new: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] - detected: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [Mining][Azure][Mining][Unsafe] + detected: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.158| 0.021| 0.049| 2374.200| 2.400] [PKTLEN......: 46.000| 483.000| 87.300| 103.800| 10779.300| 4.400] @@ -206,17 +183,13 @@ [PKTLENS.....: 64,60,52,483,52,475,84,52,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.3,5.1,7.6,5.2,7.5,5.9,5.1,5.2,5.7,5.6,5.1,5.2,5.8,5.1,6.7,5.1,5.4,5.8,5.1,5.1,5.4,5.5,5.0,3.6,3.6,3.6,3.6,3.6,3.6,3.6,3.6] new: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] - detected: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] - detected: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] - analyse: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Azure][Mining][Unsafe] + analyse: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.202| 0.031| 0.071| 5088.628| 2.400] [PKTLEN......: 46.000| 542.000| 91.800| 115.500| 13350.200| 4.400] @@ -226,9 +199,8 @@ [IATS(ms)....: 195.0,195.1,1.2,202.3,0.3,0.0,201.3,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.1,0.1,0.6,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,175.4,0.4] [PKTLENS.....: 64,60,52,542,52,519,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.2,5.3,5.2,5.3,5.5,5.2,5.2,5.6,5.2,5.2,5.2,5.7,5.1,6.7,5.1,5.5,5.8,5.0,5.1,5.5,5.4,5.1,5.2,3.7] - detected: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.109| 0.018| 0.040| 1575.808| 2.400] [PKTLEN......: 46.000| 623.000| 95.600| 130.900| 17130.100| 4.300] @@ -240,7 +212,7 @@ [ENTROPIES...: 4.5,5.4,5.1,7.7,5.2,7.7,5.2,5.9,5.2,6.9,5.2,5.6,5.9,5.1,5.2,5.1,5.3,5.1,5.6,5.7,5.1,5.1,5.8,5.2,5.2,5.1,5.1,5.3,5.6,5.1,4.0,4.0] new: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] new: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] - analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.049| 0.009| 0.018| 316.609| 2.700] [PKTLEN......: 52.000| 521.000| 92.900| 97.800| 9570.500| 4.500] @@ -251,13 +223,12 @@ [PKTLENS.....: 64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.1,7.5,5.9,5.0,5.0,5.2,5.1,6.7,5.3,5.0,5.0,5.7,5.1,5.9,5.2,6.7,5.2,5.5,5.8,5.1,6.1,5.5,5.6,5.1,5.9,5.0,5.2,5.4] new: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] - detected: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] new: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] - detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - analyse: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + analyse: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.052| 0.010| 0.019| 354.234| 2.800] [PKTLEN......: 52.000| 462.000| 93.900| 97.700| 9536.300| 4.500] @@ -268,11 +239,9 @@ [PKTLENS.....: 64,60,52,462,52,434,52,84,53,84,176,52,55,68,53,52,208,52,55,52,68,52,84,53,100,67,68,52,52,84,52,53] [ENTROPIES...: 4.5,5.3,5.1,7.5,5.2,7.4,5.0,5.8,5.1,5.9,6.7,5.1,5.2,5.4,5.2,5.1,6.9,5.1,5.3,5.1,5.4,5.1,5.6,5.1,6.0,5.4,5.5,5.2,5.2,5.8,5.1,5.2] new: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] - detected: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] + detected: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + analyse: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.262| 0.038| 0.087| 7588.779| 2.300] [PKTLEN......: 46.000| 505.000| 90.200| 109.100| 11904.300| 4.400] @@ -282,7 +251,7 @@ [IATS(ms)....: 261.7,261.8,1.5,222.8,0.1,0.0,0.0,221.3,0.0,0.0,0.2,0.0,0.2,0.0,0.1,0.0,0.1,0.0,0.6,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,211.4,0.0] [PKTLENS.....: 64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.6,5.8,5.2,5.1,5.1,5.1,5.3,5.6,5.1,5.1,5.7,5.2,5.1,5.1,5.7,5.1,6.9,5.1,5.5,5.8,5.1,5.2,5.5,5.5,5.0,5.2,3.8] - analyse: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Azure][Mining][Unsafe] + analyse: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.263| 0.038| 0.087| 7624.721| 2.300] [PKTLEN......: 46.000| 564.000| 92.100| 117.400| 13788.700| 4.400] @@ -292,11 +261,10 @@ [IATS(ms)....: 263.1,263.2,1.3,221.8,0.2,0.0,0.0,220.8,0.0,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.7,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,212.6,0.2] [PKTLENS.....: 64,60,52,564,52,511,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.4,5.3,4.9,7.6,5.2,7.5,6.0,5.2,5.1,5.1,5.1,5.2,5.6,5.1,5.1,5.6,5.2,5.1,5.1,5.9,5.0,6.7,5.1,5.4,5.8,5.0,5.0,5.4,5.5,5.0,3.7,3.7] - detected: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] new: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] - analyse: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.037| 0.006| 0.012| 148.778| 2.600] [PKTLEN......: 46.000| 469.000| 84.100| 91.500| 8376.200| 4.500] @@ -306,7 +274,7 @@ [IATS(ms)....: 32.6,32.6,1.2,33.9,3.9,36.5,0.4,0.4,0.1,0.1,0.1,0.1,0.4,0.0,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,31.1,0.1,0.0,0.1,0.0,0.6,0.1,0.0] [PKTLENS.....: 64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.3,7.4,5.1,6.0,5.1,5.7,5.2,5.7,5.1,6.0,5.2,6.8,5.3,5.6,5.9,5.2,5.3,5.6,5.6,5.2,5.3,3.7,3.7,3.7,3.7,3.7,3.7,3.7] - analyse: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.116| 0.012| 0.026| 687.065| 2.900] [PKTLEN......: 52.000| 526.000| 102.300| 108.500| 11769.500| 4.500] @@ -316,7 +284,7 @@ [IATS(ms)....: 25.5,25.6,1.2,25.9,91.4,116.0,0.8,0.0,0.1,0.0,0.0,24.5,23.6,0.4,0.0,0.0,0.0,0.7,0.1,0.7,0.0,0.0,0.0,23.3,0.0,24.1,0.2,0.3,0.0,0.0,0.0] [PKTLENS.....: 64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.1,7.4,5.1,5.9,5.1,6.8,5.1,5.5,7.2,5.1,5.8,5.1,5.9,5.5,5.2,5.5,5.2,5.2,5.2,5.2,7.1,5.2,5.0,5.7,5.2,5.1,5.2,5.3] - analyse: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.035| 0.006| 0.012| 149.558| 2.500] [PKTLEN......: 46.000| 583.000| 90.600| 116.900| 13676.100| 4.400] @@ -330,7 +298,7 @@ new: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] new: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] new: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] - analyse: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.159| 0.026| 0.057| 3248.179| 2.500] [PKTLEN......: 46.000| 465.000| 87.500| 99.100| 9815.100| 4.500] @@ -340,7 +308,7 @@ [IATS(ms)....: 157.7,157.8,1.6,152.9,8.1,159.4,1.2,0.0,0.1,0.0,0.1,1.9,0.0,0.5,0.0,0.1,0.0,0.1,0.0,0.1,0.1,0.2,0.0,0.1,0.0,0.0,0.0,0.7,0.4,149.7,0.6] [PKTLENS.....: 64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46] [ENTROPIES...: 4.4,5.3,5.1,7.5,5.2,7.5,5.0,5.9,5.2,6.9,5.2,5.5,5.9,5.2,5.0,5.1,5.3,5.6,5.1,5.0,5.6,5.0,5.7,5.1,5.1,5.3,5.5,5.1,5.2,5.1,5.2,3.8] - analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] + analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.131| 0.020| 0.046| 2133.935| 2.400] [PKTLEN......: 46.000| 573.000| 93.000| 122.200| 14931.500| 4.300] @@ -350,7 +318,7 @@ [IATS(ms)....: 130.8,130.9,1.3,122.8,1.3,122.7,0.2,0.0,0.1,0.0,0.1,0.1,0.1,0.1,0.1,0.1,0.3,0.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,121.1,0.0,0.0,0.0] [PKTLENS.....: 64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46] [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.5,5.1,5.9,5.2,5.0,5.0,5.5,5.1,5.6,5.1,5.2,5.0,5.9,5.1,6.8,5.1,5.6,5.7,5.1,5.1,5.4,5.6,5.1,3.9,4.0,4.0,4.0] - analyse: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][GoogleCloud][Mining][Unsafe] + analyse: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.057| 0.011| 0.022| 493.706| 2.800] [PKTLEN......: 52.000| 514.000| 100.400| 109.700| 12030.800| 4.500] @@ -360,7 +328,7 @@ [IATS(ms)....: 56.8,56.9,1.6,56.4,2.3,57.1,0.5,0.5,0.1,0.0,0.1,0.0,0.2,0.0,0.1,0.0,0.0,1.1,0.9,0.4,0.0,0.0,0.0,0.1,56.5,0.0,0.0,55.9,0.0,1.8,0.0] [PKTLENS.....: 64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52] [ENTROPIES...: 4.5,5.2,5.1,7.5,5.2,7.5,5.2,5.8,5.1,6.8,5.2,5.0,5.0,5.9,5.1,6.7,5.2,5.5,5.7,5.1,5.9,5.2,6.0,5.5,5.5,5.2,5.9,6.6,5.1,5.1,5.8,5.3] - analyse: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] + analyse: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.300| 0.044| 0.100| 10075.352| 2.300] [PKTLEN......: 46.000| 583.000| 88.300| 106.200| 11275.500| 4.400] @@ -370,7 +338,7 @@ [IATS(ms)....: 300.4,300.4,1.7,253.4,0.7,0.0,252.4,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,252.8,0.0] [PKTLENS.....: 64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.4,5.3,5.0,7.7,5.1,7.4,5.9,5.0,5.0,5.2,5.0,5.3,5.5,5.0,5.0,5.6,5.2,5.0,5.0,5.8,5.0,6.7,5.2,5.4,5.8,5.0,5.2,5.3,5.4,5.0,3.7,3.7] - analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [Mining][AmazonAWS][Mining][Unsafe] + analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.308| 0.045| 0.103| 10532.101| 2.400] [PKTLEN......: 46.000| 523.000| 89.800| 108.100| 11684.800| 4.400] @@ -381,13 +349,11 @@ [PKTLENS.....: 64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.2,7.5,5.1,5.9,5.0,5.2,5.2,5.0,5.0,5.6,5.6,5.0,5.0,5.8,5.0,6.7,5.2,5.4,5.9,5.1,5.1,5.5,5.5,5.0,5.2,5.1,5.2,3.8] new: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] - detected: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.339| 0.050| 0.114| 12910.542| 2.400] [PKTLEN......: 46.000| 626.000| 92.100| 119.200| 14212.100| 4.400] @@ -397,16 +363,13 @@ [IATS(ms)....: 339.2,339.3,1.3,287.2,2.5,288.4,1.0,0.0,1.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.0,0.1,0.6,0.3,285.6,0.0] [PKTLENS.....: 64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46] [ENTROPIES...: 4.5,5.4,5.0,7.6,5.0,7.5,5.1,5.8,5.1,5.0,5.0,5.8,5.0,5.1,5.5,6.7,5.0,5.2,5.0,5.4,5.5,5.0,5.9,5.0,5.1,5.4,5.6,5.1,5.2,5.1,3.7,3.7] - detected: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] new: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] - detected: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Azure][Mining][Unsafe] + detected: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.355| 0.054| 0.122| 14890.530| 2.400] [PKTLEN......: 46.000| 577.000| 92.400| 118.100| 13953.700| 4.400] @@ -417,21 +380,16 @@ [PKTLENS.....: 64,60,52,577,52,503,52,84,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.2,7.6,5.1,5.9,5.1,5.3,5.1,5.3,5.1,5.5,5.7,5.0,5.1,5.1,5.0,5.7,5.0,6.9,5.1,5.4,5.8,5.0,5.0,5.4,5.4,5.0,5.1,3.7] new: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] - detected: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] new: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] - detected: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + detected: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.147| 0.028| 0.054| 2939.853| 2.800] [PKTLEN......: 52.000| 625.000| 100.200| 122.100| 14898.100| 4.400] @@ -443,7 +401,7 @@ [ENTROPIES...: 4.5,5.3,5.0,7.7,5.1,7.6,5.1,5.8,5.1,6.7,5.2,5.6,5.9,5.1,5.3,5.1,6.9,5.5,5.7,5.1,5.1,5.0,5.8,5.0,6.1,5.5,5.5,5.1,5.1,6.0,5.0,5.2] new: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] new: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] - analyse: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.039| 0.010| 0.016| 256.751| 3.100] [PKTLEN......: 52.000| 592.000| 107.000| 118.700| 14100.300| 4.400] @@ -454,14 +412,11 @@ [PKTLENS.....: 64,60,52,592,52,416,52,84,53,176,55,68,292,52,52,52,84,53,100,67,68,260,52,52,84,53,55,64,68,84,53,56] [ENTROPIES...: 4.5,5.3,5.1,7.7,5.2,7.5,5.1,5.8,5.1,6.7,5.2,5.6,7.3,5.0,5.1,5.2,5.8,5.1,6.1,5.5,5.6,7.1,5.0,5.2,5.7,5.2,5.2,5.4,5.6,5.9,5.2,5.3] new: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] - detected: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] - detected: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.184| 0.035| 0.071| 5044.452| 2.600] [PKTLEN......: 52.000| 635.000| 100.100| 121.000| 14650.900| 4.400] @@ -471,10 +426,9 @@ [IATS(ms)....: 179.3,179.4,1.8,184.4,0.2,182.8,0.1,0.1,0.1,0.1,0.4,0.0,0.4,0.0,0.1,0.1,0.2,0.0,0.1,0.0,0.0,0.3,0.0,0.0,0.0,0.2,176.5,0.9,1.0,0.0,177.6] [PKTLENS.....: 64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52] [ENTROPIES...: 4.5,5.3,5.0,7.7,5.2,7.4,5.1,5.9,5.1,5.3,5.1,7.0,5.6,5.1,5.1,5.6,5.0,5.8,5.1,6.8,5.1,5.4,5.8,5.1,6.2,5.1,5.4,5.1,5.2,5.9,5.3,5.0] - detected: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] - analyse: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.042| 0.007| 0.015| 228.263| 2.600] [PKTLEN......: 46.000| 438.000| 84.000| 90.700| 8221.200| 4.500] @@ -485,7 +439,7 @@ [PKTLENS.....: 64,60,52,438,52,408,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.4,5.1,7.5,5.1,7.5,5.0,5.9,5.0,5.7,5.0,5.6,5.0,5.7,5.1,6.8,5.2,5.4,5.8,5.1,5.1,5.4,5.5,5.1,5.2,3.7,3.7,3.7,3.7,3.7,3.7,3.7] new: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] - analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][AmazonAWS][Mining][Unsafe] + analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.194| 0.037| 0.074| 5538.541| 2.700] [PKTLEN......: 52.000| 524.000| 100.200| 109.000| 11872.900| 4.500] @@ -497,14 +451,12 @@ [ENTROPIES...: 4.5,5.3,5.0,7.6,4.9,7.5,5.8,4.9,4.9,6.8,4.9,5.8,5.1,6.7,5.1,5.3,5.8,4.9,5.8,5.1,6.2,5.3,5.4,5.0,5.0,5.9,5.0,6.5,5.0,5.9,5.2,5.0] new: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] new: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] - detected: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] new: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] - detected: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.075| 0.014| 0.028| 803.714| 2.700] [PKTLEN......: 52.000| 599.000| 105.000| 126.800| 16079.300| 4.400] @@ -515,7 +467,7 @@ [PKTLENS.....: 64,60,52,599,52,556,84,52,52,195,52,69,52,84,53,176,55,68,84,53,100,67,68,52,52,84,52,134,82,52,52,52] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.8,5.0,5.0,6.9,5.0,5.5,5.0,5.7,5.1,6.8,5.1,5.5,5.9,5.2,6.1,5.6,5.5,5.2,5.2,5.8,5.0,6.4,5.9,5.0,5.0,5.1] new: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] - analyse: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.263| 0.042| 0.096| 9182.918| 2.400] [PKTLEN......: 46.000| 591.000| 91.400| 121.500| 14755.200| 4.300] @@ -526,18 +478,13 @@ [PKTLENS.....: 64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.5,4.9,5.8,4.9,5.8,4.9,5.8,5.1,6.7,5.1,5.5,5.8,5.0,5.1,5.5,5.4,5.0,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7] new: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] - detected: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] - detected: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.286| 0.027| 0.065| 4262.303| 2.600] [PKTLEN......: 52.000| 619.000| 109.600| 120.400| 14503.600| 4.500] @@ -547,155 +494,102 @@ [IATS(ms)....: 40.4,40.4,1.5,40.9,246.5,285.9,40.6,40.6,0.7,0.0,0.1,0.0,0.0,0.4,0.0,0.0,0.0,0.1,39.4,0.2,0.9,0.7,39.7,0.2,0.0,0.0,0.0,0.1,1.1,0.8,0.2] [PKTLENS.....: 64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84] [ENTROPIES...: 4.5,5.3,5.1,7.7,5.2,7.2,5.2,7.4,5.1,5.9,5.2,6.8,5.2,5.6,5.9,5.2,6.2,5.5,5.6,5.3,5.3,5.3,6.4,5.1,5.9,5.2,5.3,5.5,5.6,7.1,5.1,5.9] - end: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - guessed: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + end: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + idle: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + end: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + idle: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + guessed: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic idle: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] - end: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [Mining][Tencent][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - guessed: [....21] [ip4][..tcp] [..192.168.1.184][56625] -> [.....5.1.83.226][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + end: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [ETHEREUM][Tencent][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + end: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + guessed: [....21] [ip4][..tcp] [..192.168.1.184][56625] -> [.....5.1.83.226][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic idle: [....21] [ip4][..tcp] [..192.168.1.184][56625] -> [.....5.1.83.226][30303] - end: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - guessed: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + end: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + end: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + guessed: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic idle: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] - end: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + end: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + end: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + idle: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + idle: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + end: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + end: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + idle: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + idle: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + end: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out index fee5b0fcf..47ac560f0 100644 --- a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out @@ -40,7 +40,7 @@ RISK: Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] detection-update: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyber?ity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] new: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] detected: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] @@ -74,7 +74,7 @@ update: [.....5] [ip4][..udp] [....192.168.1.2][.2712] -> [....192.168.1.1][49973] new: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53] detected: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ftp.ecite?e.com] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] detected: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ftp.ecitele.com] RISK: Unidirectional Traffic @@ -92,6 +92,8 @@ new: [....30] [ip4][..tcp] [..147.234.1.249][.2069] -> [....192.168.1.2][.2720] [MIDSTREAM] new: [....31] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2208] [MIDSTREAM] new: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [MIDSTREAM] + detected: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [Protobuf][Unknown][Network][Safe] + RISK: Unidirectional Traffic new: [....33] [ip4][..tcp] [..147.234.1.253][.1045] -> [....192.168.1.2][.2720] [MIDSTREAM] new: [....34] [ip4][..tcp] [..147.234.1.253][...21] -> [...192.168.65.2][.2720] [MIDSTREAM] ERROR-EVENT: Unknown L3 protocol [3/16] @@ -144,9 +146,9 @@ new: [....47] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][.9587] new: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] detected: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp._s?.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [....49] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][25481] new: [....50] [ip4][..udp] [....192.168.1.2][.2724] -> [...192.168.17.1][...53] detected: [....50] [ip4][..udp] [....192.168.1.2][.2724] -> [...192.168.17.1][...53] [DNS][Unknown][Network][Acceptable][_zip._udp.sip.cybercity.dk] @@ -354,12 +356,12 @@ detection-update: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] detected: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyberci_s] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] new: [....75] [ip4][..udp] [....192.168.1.2][.2741] -> [....192.168.1.1][...53] detected: [....75] [ip4][..udp] [....192.168.1.2][.2741] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] @@ -435,7 +437,7 @@ new: [....85] [ip4][..240] [....192.168.1.2] -> [....192.168.1.1] new: [....86] [ip4][..udp] [...192.168.1.34][.2746] -> [....192.168.1.1][...53] detected: [....86] [ip4][..udp] [...192.168.1.34][.2746] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp._s?p.brvjula.net] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [....60] [ip4][..udp] [....172.168.1.2][.2734] -> [....192.168.1.1][...53] idle: [....57] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Unknown][Network][Acceptable] RISK: Unidirectional Traffic @@ -476,7 +478,7 @@ detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic guessed: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169] [NetBIOS][Unknown][System][Acceptable][] idle: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169] idle: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53] @@ -501,7 +503,7 @@ detection-update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.voip.brujula.net] RISK: Malformed Packet, Unidirectional Traffic detection-update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.vo_s] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [....81] [ip4][..udp] [....192.168.1.2][...88] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] update: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53] @@ -516,7 +518,7 @@ RISK: Malformed Packet, Unidirectional Traffic new: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] detected: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] detected: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic @@ -603,7 +605,7 @@ idle: [....70] [ip4][..udp] [....192.168.1.2][.2738] -> [....192.168.1.1][...53] update: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] update: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] DAEMON-EVENT: [Processed: 241 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 63 / 109|skipped: 0|!detected: 6|guessed: 4|detection-updates: 26|updates: 178] @@ -611,9 +613,9 @@ detected: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_?ip._udp.sip.cybercit?.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic guessed: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] [NetBIOS][Unknown][System][Acceptable][] idle: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] idle: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] @@ -651,7 +653,7 @@ detected: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.v.0.127.in-addr.arpa] RISK: Unidirectional Traffic detection-update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected analyse: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.742| 47.495| 20.018| 22.628| 512023754.441| 3.900] @@ -675,7 +677,7 @@ update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] new: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] detected: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] detected: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._tdp.sip.cybercity.dk] RISK: Unidirectional Traffic @@ -694,7 +696,7 @@ update: [....80] [ip4][..udp] [....192.168.1.2][.2744] -> [....192.168.1.1][...53] update: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] update: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] update: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] new: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] @@ -742,7 +744,7 @@ update: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [....89] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.4932] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic update: [....91] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] @@ -781,9 +783,9 @@ ERROR-EVENT: Unknown packet type [5/16] new: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690] detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.s?p.cibercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic idle: [....87] [ip4][..udp] [....192.168.1.2][.2747] -> [.....67.168.1.1][...53] idle: [....84] [ip4][..udp] [....192.168.1.2][.2746] -> [....192.168.1.1][...53] idle: [....88] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2747] [DNS][Unknown][Network][Acceptable] @@ -794,7 +796,7 @@ update: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53] update: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] update: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] update: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] @@ -836,7 +838,7 @@ update: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] update: [....91] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic @@ -863,7 +865,7 @@ RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [...101] [ip4][..udp] [....192.168.1.2][.2752] -> [....102.168.1.1][...53] idle: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] idle: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] idle: [...102] [ip4][..udp] [.....192.98.1.2][.2752] -> [.....25.168.1.1][...53] @@ -887,7 +889,7 @@ update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] ERROR-EVENT: Unknown packet type [2/16] new: [...136] [ip4][..127] [....192.168.1.2] -> [....192.168.1.1] @@ -912,7 +914,7 @@ update: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] update: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] update: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] @@ -938,16 +940,16 @@ update: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] new: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] detected: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...143] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.184.1.1][...53] detected: [...143] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.184.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] update: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690] update: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4] @@ -958,7 +960,7 @@ update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic update: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] update: [...134] [ip4][..udp] [....192.168.1.2][.2769] -> [....192.168.1.1][...53] update: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] @@ -969,7 +971,7 @@ ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] idle: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] idle: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected idle: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] update: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] @@ -994,12 +996,12 @@ detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet, Unidirectional Traffic detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] detected: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic guessed: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] RISK: Malformed Packet, Unidirectional Traffic idle: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53] @@ -1013,19 +1015,19 @@ RISK: Unidirectional Traffic new: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] detected: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-aqd?.arpa] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] new: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] detected: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic guessed: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] RISK: Malformed Packet, Unidirectional Traffic idle: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53] @@ -1037,7 +1039,7 @@ update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic update: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] update: [...134] [ip4][..udp] [....192.168.1.2][.2769] -> [....192.168.1.1][...53] update: [...143] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.184.1.1][...53] @@ -1083,7 +1085,7 @@ idle: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic idle: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic update: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] @@ -1094,7 +1096,7 @@ update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] update: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] detected: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] RISK: Malformed Packet, Unidirectional Traffic @@ -1140,7 +1142,7 @@ RISK: Unidirectional Traffic new: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53] detected: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-ad?r.arpa] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] new: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196] new: [...163] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.3.1][...53] @@ -1148,11 +1150,11 @@ RISK: Unidirectional Traffic new: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] detected: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.?ip.kybermity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic not-detected: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4] @@ -1199,7 +1201,7 @@ update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] update: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] update: [...156] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.5.2][.2784] [DNS][Unknown][Network][Acceptable] RISK: Unidirectional Traffic @@ -1245,13 +1247,13 @@ update: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] new: [...175] [ip4][..udp] [....192.168.1.2][.2791] -> [...192.168.67.1][...53] detected: [...175] [ip4][..udp] [....192.168.1.2][.2791] -> [...192.168.67.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] detected: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] RISK: Unidirectional Traffic new: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] detected: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-a?dr.arpa] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] update: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196] @@ -1272,7 +1274,7 @@ update: [...154] [ip4][..udp] [......0.168.1.2][.2783] -> [....192.168.1.1][...53] update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] update: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [...150] [ip4][..udp] [...192.168.33.2][.2782] -> [....192.168.1.1][...53] @@ -1301,7 +1303,7 @@ idle: [...152] [ip4][..udp] [....192.168.1.6][.5060] -> [..212.242.33.35][.5060] idle: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] idle: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] idle: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782] [DNS][Unknown][Network][Acceptable] RISK: Unidirectional Traffic @@ -1333,7 +1335,7 @@ update: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] update: [...158] [ip4][..udp] [....200.168.1.2][.2785] -> [....192.168.1.1][...53] update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] update: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] @@ -1376,7 +1378,7 @@ update: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53] update: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170] new: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] detected: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][lab111] @@ -1418,7 +1420,7 @@ RISK: Unidirectional Traffic update: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected new: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] detected: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] [DHCP][Unknown][Network][Acceptable][d002465] RISK: Unidirectional Traffic @@ -1427,7 +1429,7 @@ RISK: Unidirectional Traffic idle: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] idle: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected not-detected: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] @@ -1451,10 +1453,10 @@ detected: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][re-.sippstar.com] RISK: Unidirectional Traffic detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][reg.sip?star.com] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][reg.sippstar.com] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] detected: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] [DNS][Unknown][Network][Acceptable][sip.cybercity.dk] RISK: Unidirectional Traffic @@ -1486,10 +1488,10 @@ detected: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.ak] RISK: Unidirectional Traffic detection-update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] detection-update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] @@ -1499,8 +1501,9 @@ RISK: Malformed Packet, Unidirectional Traffic new: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] detected: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arp_] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] + RISK: Non-Printable/Invalid Chars Detected new: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] detected: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic @@ -1521,9 +1524,9 @@ RISK: Unidirectional Traffic new: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] detected: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_s?p._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] ERROR-EVENT: Unknown packet type [1/16] update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] @@ -1539,13 +1542,13 @@ RISK: Unsafe Protocol update: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] new: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] detected: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] RISK: Unidirectional Traffic detection-update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected new: [...205] [ip4][....0] [....192.168.1.2] -> [..212.242.33.35] new: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] detected: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] @@ -1573,7 +1576,7 @@ RISK: Unidirectional Traffic ERROR-EVENT: Unknown L3 protocol [1/16] detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyberc?ty.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] idle: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] idle: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] @@ -1582,9 +1585,10 @@ update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected update: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown packet type [2/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16] idle: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] [NetBIOS][Unknown][System][Acceptable] @@ -1595,15 +1599,15 @@ RISK: Unidirectional Traffic new: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] detected: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sim._udp.sip.c_ber_itm.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.c4bercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cxbercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.qk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] idle: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] not-detected: [...186] [ip4][..udp] [....192.168.1.2][43690] -> [192.168.170.170][43690] [Unknown][Unknown][Unrated] @@ -1614,7 +1618,7 @@ update: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] update: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] update: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53] update: [...201] [ip4][..udp] [....192.168.1.1][...53] -> [..192.168.119.2][.2799] [DNS][Unknown][Network][Acceptable] @@ -1623,7 +1627,7 @@ ERROR-EVENT: Unknown packet type [1/16] new: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] detected: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...215] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][38709] new: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] detected: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] @@ -1639,7 +1643,7 @@ update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] update: [...196] [ip4][..udp] [....192.168.1.2][.2796] -> [..192.168.1.129][...53] update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] ERROR-EVENT: Unknown packet type [2/16] new: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] @@ -1671,6 +1675,7 @@ update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected update: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] @@ -1686,7 +1691,7 @@ update: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] update: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] update: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53] update: [...201] [ip4][..udp] [....192.168.1.1][...53] -> [..192.168.119.2][.2799] [DNS][Unknown][Network][Acceptable] @@ -1703,7 +1708,7 @@ RISK: Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] idle: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] update: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53] update: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] @@ -1720,14 +1725,15 @@ update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] update: [...196] [ip4][..udp] [....192.168.1.2][.2796] -> [..192.168.1.129][...53] update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected update: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] update: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] update: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] @@ -1737,7 +1743,7 @@ update: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] new: [...227] [ip4][..udp] [....192.168.1.2][.2813] -> [....192.168.1.1][...53] detected: [...227] [ip4][..udp] [....192.168.1.2][.2813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127?in-ad_r?arpa???] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] new: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] @@ -1779,12 +1785,12 @@ ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] new: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] detected: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][?sip._udp.shp.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] detected: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udq.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] new: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] new: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] @@ -1793,14 +1799,15 @@ new: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] ERROR-EVENT: Unknown packet type [2/16] detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16] idle: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected idle: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] update: [...205] [ip4][....0] [....192.168.1.2] -> [..212.242.33.35] new: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] detected: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.1?7.in-addr.arpa] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...239] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.234.33.35][.5060] detected: [...239] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.234.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic @@ -1810,9 +1817,9 @@ RISK: Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic not-detected: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] [Unknown][Unknown][Unrated] idle: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] not-detected: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] [Unknown][Unknown][Unrated] @@ -1830,12 +1837,12 @@ update: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] update: [...222] [ip4][..udp] [....128.168.1.2][.2810] -> [....192.168.1.1][...53] update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] update: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] update: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] @@ -1854,11 +1861,11 @@ detection-update: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] RISK: Malformed Packet, Unidirectional Traffic detection-update: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53] idle: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] idle: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected idle: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] update: [...211] [ip4][..udp] [....192.168.1.2][.2805] -> [....192.168.1.1][...51] update: [...212] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2805] [DNS][Unknown][Network][Acceptable] @@ -1877,9 +1884,9 @@ RISK: Unsafe Protocol new: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] detected: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.?.0.127.in-addr.arpa] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] idle: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] update: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] [SIP][Unknown][VoIP][Acceptable] @@ -1897,11 +1904,11 @@ RISK: Unidirectional Traffic new: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] detected: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercimy.v?] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] new: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53] detected: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyberc?ty.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown L3 protocol [2/16] not-detected: [...157] [ip4][...19] [....192.168.1.2] -> [....192.168.1.1] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic @@ -1932,7 +1939,7 @@ idle: [...215] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][38709] idle: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] idle: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable] @@ -1984,7 +1991,7 @@ RISK: Malformed Packet, Error Code, Unidirectional Traffic update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] update: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137] [NetBIOS][Unknown][System][Acceptable] RISK: Unidirectional Traffic update: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905] @@ -2062,7 +2069,7 @@ idle: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] idle: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] idle: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] idle: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53] idle: [...248] [ip4][..udp] [....192.168.1.2][.2828] -> [....192.168.1.1][...53] @@ -2105,9 +2112,8 @@ guessed: [....34] [ip4][..tcp] [..147.234.1.253][...21] -> [...192.168.65.2][.2720] [FTP_CONTROL][Unknown][Download][Unsafe] RISK: Unsafe Protocol, Unidirectional Traffic idle: [....34] [ip4][..tcp] [..147.234.1.253][...21] -> [...192.168.65.2][.2720] - guessed: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [FTP_CONTROL][Unknown][Download][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] + idle: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [Protobuf][Unknown][Network][Safe] + RISK: Unidirectional Traffic not-detected: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] diff --git a/test/results/flow-info/default/geforcenow.pcapng.out b/test/results/flow-info/default/geforcenow.pcapng.out index 2a0bc4a92..25006c459 100644 --- a/test/results/flow-info/default/geforcenow.pcapng.out +++ b/test/results/flow-info/default/geforcenow.pcapng.out @@ -23,7 +23,11 @@ new: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] detected: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - analyse: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable] + detection-update: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS][Nvidia][Safe] + RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + detection-update: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun] + RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long + analyse: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.690| 0.065| 0.136| 18500.616| 3.200] [PKTLEN......: 53.000| 689.000| 156.400| 133.900| 17933.500| 4.700] @@ -33,8 +37,8 @@ [IATS(ms)....: 66.1,63.3,171.7,44.0,99.9,183.8,360.1,689.5,48.5,47.1,0.0,0.0,0.0,0.0,4.5,1.5,52.7,0.0,46.0,42.3,0.4,0.3,0.2,0.0,0.1,42.1,0.3,0.1,0.2,42.5,0.3] [PKTLENS.....: 124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105] [ENTROPIES...: 5.8,5.8,5.8,5.7,5.0,5.0,5.0,5.0,6.5,6.7,4.8,6.6,6.2,4.4,3.8,5.3,6.0,5.8,6.4,6.3,5.9,6.0,5.4,6.0,6.2,6.1,5.4,5.6,5.8,6.1,5.7,6.1] - idle: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable] - RISK: Known Proto on Non Std Port + idle: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun] + RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long idle: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out index 63e7eebba..0bea7fdb8 100644 --- a/test/results/flow-info/default/gnutella.pcap.out +++ b/test/results/flow-info/default/gnutella.pcap.out @@ -5633,8 +5633,8 @@ not-detected: [...441] [ip4][..udp] [......10.0.2.15][28681] -> [.36.237.199.108][56040] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...441] [ip4][..udp] [......10.0.2.15][28681] -> [.36.237.199.108][56040] - guessed: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] [Tor][Tor][VPN][Potentially Dangerous] - RISK: Unsafe Protocol, Unidirectional Traffic + not-detected: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] [Unknown][Unknown][Unrated] + RISK: Unidirectional Traffic idle: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] idle: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic @@ -7035,7 +7035,7 @@ new: [...801] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [...............................ff02::16] detected: [...801] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 3882 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 169 / 801|skipped: 0|!detected: 310|guessed: 2|detection-updates: 5|updates: 2519] + DAEMON-EVENT: [Flows][active: 169 / 801|skipped: 0|!detected: 311|guessed: 1|detection-updates: 5|updates: 2519] not-detected: [....52] [ip4][..tcp] [......10.0.2.15][50212] -> [...95.17.124.40][.6776] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....52] [ip4][..tcp] [......10.0.2.15][50212] -> [...95.17.124.40][.6776] diff --git a/test/results/flow-info/default/haproxy.pcap.out b/test/results/flow-info/default/haproxy.pcap.out new file mode 100644 index 000000000..595488b23 --- /dev/null +++ b/test/results/flow-info/default/haproxy.pcap.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [........1.1.1.1][48502] -> [........2.2.2.2][..443] [MIDSTREAM] + detected: [.....1] [ip4][..tcp] [........1.1.1.1][48502] -> [........2.2.2.2][..443] [HAProxy][Unknown][Web][Safe] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..tcp] [........1.1.1.1][48502] -> [........2.2.2.2][..443] [HAProxy][Unknown][Web][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http2.pcapng.out b/test/results/flow-info/default/http2.pcapng.out new file mode 100644 index 000000000..8acabfdaa --- /dev/null +++ b/test/results/flow-info/default/http2.pcapng.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......127.0.0.1][37824] -> [......127.0.0.1][29518] [MIDSTREAM] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][37824] -> [......127.0.0.1][29518] [HTTP2][Unknown][Web][Safe] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..tcp] [......127.0.0.1][37824] -> [......127.0.0.1][29518] [HTTP2][Unknown][Web][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http_ipv6.pcap.out b/test/results/flow-info/default/http_ipv6.pcap.out index bcf466945..1b3d38d13 100644 --- a/test/results/flow-info/default/http_ipv6.pcap.out +++ b/test/results/flow-info/default/http_ipv6.pcap.out @@ -3,14 +3,14 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] [MIDSTREAM] new: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] [MIDSTREAM] - detected: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] [TLS][Unknown][Web][Safe] + detected: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] [TLS][Google][Web][Safe] RISK: Unidirectional Traffic new: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] - detected: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.it] + detected: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Google][Web][Acceptable][www.google.it] RISK: Unidirectional Traffic new: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [MIDSTREAM] new: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] - analyse: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Unknown][Web][Acceptable] + analyse: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 6.009| 0.604| 1.486| 2208638.173| 2.800] [PKTLEN......: 77.000| 1398.000| 326.600| 376.200| 141514.900| 4.300] @@ -54,25 +54,25 @@ idle: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] idle: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] idle: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] - idle: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Unknown][Web][Acceptable] + idle: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Google][Web][Acceptable] RISK: Unidirectional Traffic guessed: [.....9] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][60124] -> [..................2a02:26f0:ad:1a1::eed][..443] [TLS][Unknown][Web][Safe] idle: [.....9] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][60124] -> [..................2a02:26f0:ad:1a1::eed][..443] - guessed: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [TLS][Unknown][Web][Safe] + guessed: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [TLS][Google][Web][Safe] idle: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] end: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] end: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] end: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] idle: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe] RISK: TLS Cert Mismatch - guessed: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] [TLS][Google][Web][Safe] idle: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] - guessed: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [TLS][Unknown][Web][Safe] + guessed: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [TLS][Facebook][Web][Safe] idle: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] - guessed: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] [QUIC][Unknown][Web][Acceptable] + guessed: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] [QUIC][Google][Web][Acceptable] idle: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] - guessed: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [TLS][Unknown][Web][Safe] + guessed: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [TLS][Google][Web][Safe] idle: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] - guessed: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] [TLS][Unknown][Web][Safe] + guessed: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] [TLS][Google][Web][Safe] idle: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/malware.pcap.out b/test/results/flow-info/default/malware.pcap.out index ef6c8aded..9b1b715f7 100644 --- a/test/results/flow-info/default/malware.pcap.out +++ b/test/results/flow-info/default/malware.pcap.out @@ -22,9 +22,25 @@ guessed: [.....3] [ip4][..tcp] [....192.168.7.7][33706] -> [144.139.247.220][...80] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [.....3] [ip4][..tcp] [....192.168.7.7][33706] -> [144.139.247.220][...80] - end: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] idle: [.....2] [ip4][.icmp] [....192.168.7.7] -> [144.139.247.220] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - idle: [.....4] [ip4][..tcp] [....192.168.7.7][48394] -> [..67.215.92.210][...80] idle: [.....1] [ip4][..udp] [....192.168.7.7][42370] -> [........1.1.1.1][...53] [DNS][Unknown][Network][Acceptable] + DAEMON-EVENT: [Processed: 26 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 5|skipped: 0|!detected: 0|guessed: 1|detection-updates: 3|updates: 0] + new: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] + detected: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe][hobbeach.com] + detection-update: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe][hobbeach.com] + analyse: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.111| 0.021| 0.035| 1237.078| 3.200] + [PKTLEN......: 40.000| 1492.000| 579.600| 653.500| 427088.100| 4.000] + [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,9,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,0,1,1] + [IATS(ms)....: 66.3,66.4,7.8,74.7,3.2,70.1,0.1,0.0,0.1,0.1,0.1,2.9,69.3,66.9,105.6,5.1,0.2,110.5,0.1,0.1,0.1,0.3,0.2,0.1,0.1,0.4,0.3,0.2,0.5,0.1,0.1] + [PKTLENS.....: 52,52,40,692,46,1492,40,46,121,52,1492,40,133,314,511,46,1492,1492,40,46,1367,1492,40,1492,46,1269,40,1492,1492,40,46,1492] + [ENTROPIES...: 4.7,4.9,4.8,7.2,4.4,7.4,4.9,4.4,6.3,5.0,7.6,4.9,6.0,7.2,7.6,4.4,7.9,7.9,4.8,4.4,7.9,7.9,4.9,7.9,4.4,7.8,4.9,7.9,7.9,4.8,4.5,7.9] + idle: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe] + end: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] + idle: [.....4] [ip4][..tcp] [....192.168.7.7][48394] -> [..67.215.92.210][...80] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mgcp.pcap.out b/test/results/flow-info/default/mgcp.pcap.out new file mode 100644 index 000000000..3ff9607b9 --- /dev/null +++ b/test/results/flow-info/default/mgcp.pcap.out @@ -0,0 +1,39 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] + detected: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + update: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 8 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] + new: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] + detected: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] + new: [.....3] [ip4][..udp] [..187.43.37.188][40798] -> [.196.167.59.124][.2427] + detected: [.....3] [ip4][..udp] [..187.43.37.188][40798] -> [.196.167.59.124][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 21 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] + new: [.....4] [ip4][..udp] [.67.232.180.250][38238] -> [186.112.128.179][.2427] + detected: [.....4] [ip4][..udp] [.67.232.180.250][38238] -> [186.112.128.179][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..187.43.37.188][40798] -> [.196.167.59.124][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 22 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] + new: [.....5] [ip4][..udp] [.92.173.166.213][51954] -> [..83.250.239.33][.2427] + detected: [.....5] [ip4][..udp] [.92.173.166.213][51954] -> [..83.250.239.33][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [.92.173.166.213][51954] -> [..83.250.239.33][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....4] [ip4][..udp] [.67.232.180.250][38238] -> [186.112.128.179][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mgcp.pcapng.out b/test/results/flow-info/default/mgcp.pcapng.out deleted file mode 100644 index 014319700..000000000 --- a/test/results/flow-info/default/mgcp.pcapng.out +++ /dev/null @@ -1,18 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] - detected: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - update: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - DAEMON-EVENT: [Processed: 8 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] - new: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] - detected: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - idle: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - idle: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/monero.pcap.out b/test/results/flow-info/default/monero.pcap.out index 35971e74e..eae5e213b 100644 --- a/test/results/flow-info/default/monero.pcap.out +++ b/test/results/flow-info/default/monero.pcap.out @@ -3,10 +3,10 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] detected: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol new: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] detected: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 71.693| 7.500| 18.614| 346464978.993| 2.400] @@ -30,7 +30,7 @@ DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] idle: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol idle: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/opera-vpn.pcapng.out b/test/results/flow-info/default/opera-vpn.pcapng.out new file mode 100644 index 000000000..c5724d434 --- /dev/null +++ b/test/results/flow-info/default/opera-vpn.pcapng.out @@ -0,0 +1,855 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] + new: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] + new: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] + new: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] + new: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] + new: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] + new: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] + new: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] + new: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] + new: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] + new: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] + new: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] + new: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] + new: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] + new: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] + new: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] + new: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] + new: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] + new: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] + new: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] + new: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] + new: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] + new: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] + new: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] + new: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] + new: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] + detected: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] + detected: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] + detection-update: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] + detection-update: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] + detection-update: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] + detection-update: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.035| 0.008| 0.013| 162.243| 3.300] + [PKTLEN......: 52.000| 1492.000| 436.200| 558.200| 311541.900| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0] + [IATS(ms)....: 28.2,28.3,0.3,30.3,1.4,31.4,0.1,0.1,0.9,0.1,28.2,0.0,7.5,34.6,0.1,0.0,0.1,0.0,26.4,2.5,28.9,0.2,0.2,0.2,0.0,0.2,1.1,1.1,0.1,0.0,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1487,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,88,52] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,4.8,5.9,5.6,4.7,7.6,5.1,7.8,4.8,7.8,4.8,7.8,7.7,4.8,7.9,4.8,7.9,6.0,4.8] + detected: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.008| 0.013| 161.460| 3.300] + [PKTLEN......: 52.000| 1492.000| 405.900| 517.200| 267501.900| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,0] + [IATS(ms)....: 34.0,34.0,0.1,26.8,0.3,27.1,0.2,0.2,0.2,0.0,26.0,1.0,6.6,33.2,0.1,0.1,1.0,1.0,0.1,26.4,0.4,26.6,0.2,0.0,0.2,0.8,0.8,0.5,0.0,0.5,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,1308,52,1098,764,52,52] + [ENTROPIES...: 4.2,5.1,4.6,4.4,5.0,7.8,4.7,7.8,4.7,5.8,7.9,4.9,5.0,5.9,4.7,6.0,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.8,7.7,4.7,4.7] + analyse: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.008| 0.013| 178.814| 3.300] + [PKTLEN......: 52.000| 1492.000| 395.100| 500.800| 250764.700| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1] + [IATS(ms)....: 37.1,37.2,0.1,28.8,0.5,29.2,1.0,1.0,0.1,0.0,26.7,1.7,3.3,31.5,0.1,0.1,0.1,0.1,27.0,0.9,27.7,0.2,0.2,0.0,0.1,0.1,0.0,0.1,0.6,0.5,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,1098,52,262,52,1098,52,401] + [ENTROPIES...: 4.1,5.3,4.7,4.4,4.9,7.8,4.7,7.8,4.6,5.8,7.9,4.9,5.0,5.9,4.8,5.9,5.6,4.8,7.6,5.0,7.8,4.7,7.9,4.8,7.7,7.8,4.7,7.1,4.8,7.8,4.7,7.4] + analyse: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.008| 0.014| 182.825| 3.300] + [PKTLEN......: 52.000| 1492.000| 368.800| 501.900| 251883.600| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0] + [IATS(ms)....: 37.4,37.4,0.1,28.1,1.7,29.7,0.1,0.1,0.1,0.1,27.8,0.4,4.6,32.6,0.1,0.1,0.0,0.1,0.0,26.1,3.4,29.4,0.0,0.1,0.6,0.5,0.2,0.2,0.5,0.0,0.5] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,258,52,1098,52,1098,52,1492,213,52] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,4.8,6.0,4.8,5.6,4.8,7.6,5.1,7.8,4.8,7.2,4.8,7.8,4.8,7.8,4.8,7.9,7.0,4.8] + detected: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.046| 0.009| 0.013| 176.947| 3.400] + [PKTLEN......: 52.000| 1492.000| 420.800| 536.500| 287782.900| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0] + [IATS(ms)....: 28.1,28.2,0.4,27.3,1.6,28.5,1.1,1.1,0.4,0.0,25.8,1.4,19.1,0.0,45.9,0.8,0.8,0.1,26.6,2.3,28.8,0.2,0.2,0.0,0.1,0.2,0.1,0.1,0.0,0.2,0.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,93,52,76,52,591,52,1098,52,1492,52,704,52,1492,52,1318,751,52,138] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.9,6.1,4.7,5.6,4.7,7.6,5.1,7.8,4.7,7.8,4.8,7.7,4.8,7.9,4.8,7.8,7.8,4.7,6.3] + analyse: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.048| 0.009| 0.014| 188.006| 3.300] + [PKTLEN......: 52.000| 1492.000| 409.500| 521.500| 271995.400| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,0] + [IATS(ms)....: 29.2,29.3,0.5,27.5,1.4,28.3,0.2,0.2,0.2,0.0,26.6,1.2,20.2,47.9,0.1,0.1,0.2,0.1,0.1,27.6,0.2,27.7,1.4,1.4,0.2,0.0,0.2,0.2,0.0,0.0,0.2] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,1492,272,469,52] + [ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.9,4.7,5.9,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.8,7.1,7.5,4.7] + analyse: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.039| 0.009| 0.014| 196.546| 3.300] + [PKTLEN......: 52.000| 1492.000| 365.500| 491.400| 241507.300| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0] + [IATS(ms)....: 38.7,38.7,0.1,30.4,0.5,30.6,0.1,0.1,0.2,0.0,27.6,0.3,6.1,33.7,0.1,0.1,0.4,0.5,0.0,27.5,2.4,29.9,0.2,0.0,0.2,0.3,0.3,0.5,0.6,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1485,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,626,52,1098,52,134,52] + [ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.9,4.8,7.9,4.7,5.8,7.9,5.0,4.9,5.8,4.7,5.8,4.7,5.4,4.7,7.6,5.0,7.8,4.8,7.9,7.7,4.8,7.6,4.7,7.8,4.8,6.4,4.8] + analyse: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.046| 0.009| 0.014| 204.413| 3.300] + [PKTLEN......: 52.000| 1492.000| 390.400| 502.900| 252956.000| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1] + [IATS(ms)....: 37.2,37.3,0.0,27.0,1.3,28.2,0.1,0.1,0.2,0.0,24.5,0.1,1.3,20.1,0.1,45.8,0.0,0.3,0.3,0.1,27.3,0.4,27.6,0.1,0.1,1.2,1.2,0.3,0.2,0.2,0.0] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,52,91,93,52,52,76,52,591,52,1098,52,478,52,1098,52,1098,52,1492,704] + [ENTROPIES...: 4.1,5.1,4.6,4.4,5.0,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.1,5.0,5.9,5.9,4.7,4.7,5.5,4.8,7.6,5.1,7.8,4.8,7.5,4.8,7.8,4.8,7.8,4.8,7.9,7.7] + detection-update: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.058| 0.009| 0.015| 228.299| 3.300] + [PKTLEN......: 52.000| 1492.000| 397.300| 525.300| 275956.200| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0] + [IATS(ms)....: 30.1,30.1,0.1,26.5,1.6,27.9,0.3,0.2,0.2,0.1,26.5,1.2,30.4,57.8,0.1,0.1,0.1,0.1,0.0,27.7,0.9,28.5,0.1,0.1,0.5,0.5,0.4,0.4,0.3,0.0,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,294,52] + [ENTROPIES...: 4.2,5.3,4.8,4.5,5.1,7.9,4.8,7.8,4.8,5.8,7.9,5.1,5.1,5.8,4.7,5.9,4.7,5.7,4.7,7.7,5.1,7.8,4.7,7.8,4.7,7.9,4.8,7.7,4.7,7.9,7.2,4.7] + analyse: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.033| 0.010| 0.013| 175.212| 3.500] + [PKTLEN......: 52.000| 1492.000| 303.800| 468.300| 219308.000| 3.800] + [BINS(c->s)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 9,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,0,1,1,0,1] + [IATS(ms)....: 32.8,32.9,0.1,27.7,0.4,27.9,0.3,0.2,0.2,0.0,26.3,0.1,0.2,4.7,0.0,31.1,0.0,0.1,0.1,0.3,26.0,1.9,27.5,0.2,0.0,0.2,0.5,26.6,1.7,27.7,0.6] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,52,91,93,52,52,76,52,591,52,1098,52,1492,58,52,138,52,253,52,148] + [ENTROPIES...: 4.1,5.1,4.7,4.4,4.8,7.9,4.6,7.8,4.6,5.9,7.9,4.8,4.8,4.9,5.9,5.9,4.7,4.7,5.6,4.7,7.7,5.0,7.8,4.7,7.9,5.1,4.7,6.3,4.9,7.2,4.7,6.5] + analyse: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.048| 0.010| 0.015| 220.945| 3.400] + [PKTLEN......: 52.000| 1492.000| 397.100| 521.500| 271947.300| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,3,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1] + [IATS(ms)....: 37.4,37.5,0.0,31.0,0.2,31.3,0.8,0.7,0.2,0.1,26.8,1.3,20.0,47.9,0.0,0.1,1.4,1.4,0.1,27.0,1.9,28.8,0.2,0.0,0.2,0.9,0.0,0.9,0.4,0.4,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,52,76,52,591,52,1098,52,1492,84,52,1492,488,52,1098,52,478] + [ENTROPIES...: 4.2,5.3,4.7,4.5,5.0,7.9,4.8,7.8,4.8,6.0,7.9,5.0,5.0,6.0,4.7,5.8,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.9,5.7,4.7,7.9,7.5,4.7,7.8,4.7,7.5] + analyse: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.043| 0.010| 0.015| 219.628| 3.400] + [PKTLEN......: 52.000| 1492.000| 378.900| 495.600| 245645.300| 3.900] + [BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,1,0,0] + [IATS(ms)....: 42.5,42.5,0.1,29.5,0.6,30.0,1.4,1.4,0.2,0.1,27.9,1.1,12.4,41.0,0.0,0.1,0.1,0.1,28.1,1.3,29.2,0.0,0.1,0.1,0.1,0.2,0.0,0.1,3.2,3.2,0.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,52,498,52,1098,52,1492,280,52,1031,52,154] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.9,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.7,7.6,4.8,7.8,4.6,7.9,7.2,4.8,7.8,4.8,6.4] + analyse: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.035| 0.010| 0.013| 178.858| 3.600] + [PKTLEN......: 52.000| 1492.000| 304.800| 439.800| 193461.100| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0] + [IATS(ms)....: 31.9,31.9,0.1,27.3,0.4,27.6,0.2,0.1,0.3,0.1,27.1,0.1,8.7,35.4,0.1,0.1,0.5,0.4,0.1,26.2,2.4,0.1,28.5,0.1,0.1,0.4,26.5,1.7,27.7,0.5,0.5] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,1098,52,475,52,138,52,256,52,160,52] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.0,5.1,5.9,4.8,5.9,4.7,5.5,4.7,7.7,4.9,7.8,7.8,4.8,7.6,4.8,6.3,5.1,7.1,4.8,6.6,4.7] + analyse: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.049| 0.010| 0.016| 255.568| 3.300] + [PKTLEN......: 52.000| 1492.000| 418.400| 525.000| 275583.300| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1] + [IATS(ms)....: 44.1,44.1,0.2,30.0,0.3,30.0,0.2,0.2,0.1,0.1,30.4,0.1,18.7,0.1,49.0,0.1,0.1,0.1,28.0,1.8,29.6,0.1,0.1,0.4,0.4,0.5,0.5,0.3,0.0,0.3,0.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1473,52,52,91,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,272,52,751] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.7,7.9,4.7,5.8,7.8,5.0,5.0,5.8,5.9,4.7,5.5,4.7,7.7,5.0,7.8,4.8,7.8,4.7,7.9,4.7,7.7,4.8,7.9,7.2,4.8,7.7] + analyse: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.051| 0.010| 0.016| 247.288| 3.300] + [PKTLEN......: 52.000| 1492.000| 397.700| 512.500| 262691.900| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0] + [IATS(ms)....: 41.0,41.1,0.1,31.0,0.5,31.4,0.1,0.1,0.1,0.1,29.3,0.1,21.7,50.8,0.1,0.1,0.1,0.1,27.5,1.0,28.3,1.3,0.0,1.3,0.2,0.1,1.7,1.6,0.0,0.1,0.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1481,52,52,91,52,93,76,52,591,52,1098,52,1492,704,52,1308,52,1098,52,401,52,138] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.0,5.9,4.8,6.0,5.6,4.8,7.7,5.1,7.8,4.8,7.9,7.7,4.8,7.8,4.8,7.8,4.8,7.5,4.8,6.4] + analyse: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.054| 0.010| 0.016| 241.175| 3.400] + [PKTLEN......: 52.000| 1492.000| 346.900| 471.500| 222289.800| 3.900] + [BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0] + [IATS(ms)....: 30.7,30.8,0.1,27.2,1.0,28.1,0.3,0.3,0.2,0.1,26.4,1.1,0.0,27.0,54.2,0.0,0.1,0.1,0.1,27.4,16.7,44.0,0.6,0.6,0.1,0.2,0.2,0.1,0.3,0.3,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,52,91,52,93,76,52,591,52,1098,52,1098,52,922,52,1098,52,149,52,200] + [ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,4.8,7.8,4.8,5.9,7.9,5.0,5.0,5.0,5.7,4.7,5.9,5.5,4.8,7.6,5.0,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.8,6.6,4.8,6.8] + analyse: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.036| 0.009| 0.014| 184.863| 3.500] + [PKTLEN......: 52.000| 1492.000| 402.200| 504.900| 254904.000| 4.000] + [BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1] + [IATS(ms)....: 35.5,35.5,0.1,26.1,1.6,27.5,0.1,0.1,0.1,0.1,25.7,1.3,9.3,36.0,0.1,0.1,0.1,0.1,0.0,26.7,3.0,29.6,0.3,0.3,0.3,0.0,0.3,0.1,0.1,0.6,28.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,790,52,148,1050] + [ENTROPIES...: 4.2,5.3,4.7,4.4,5.0,7.8,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.8,4.8,6.0,4.8,5.6,4.7,7.6,5.0,7.8,4.8,7.8,4.8,7.9,7.7,4.8,7.7,4.7,6.3,7.8] + detection-update: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.040| 0.011| 0.014| 199.830| 3.700] + [PKTLEN......: 52.000| 1492.000| 405.900| 519.400| 269778.800| 4.000] + [BINS(c->s)..: 8,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,1,1,1,1,0,0,1,1,1,0,1,1,0,1,1,0,0,1,1,0] + [IATS(ms)....: 40.2,40.2,0.1,29.5,1.5,0.0,31.0,0.1,0.1,29.8,29.5,0.1,5.1,0.0,0.0,5.3,0.2,21.3,7.6,1.2,29.8,1.3,0.0,1.3,0.3,0.0,0.3,0.5,26.6,1.6,27.7] + [PKTLENS.....: 64,60,52,569,52,1492,1128,52,116,1477,64,116,52,91,93,76,52,591,64,52,1098,52,1492,704,52,1492,437,52,148,52,1044,52] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,7.8,4.7,5.8,7.9,5.1,5.9,5.1,5.8,5.9,5.6,4.8,7.6,5.0,5.0,7.8,4.7,7.9,7.7,4.7,7.9,7.5,4.7,6.4,4.9,7.8,4.7] + analyse: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.042| 0.011| 0.015| 224.118| 3.600] + [PKTLEN......: 52.000| 1492.000| 344.000| 469.500| 220464.400| 3.900] + [BINS(c->s)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0] + [IATS(ms)....: 40.2,40.3,0.0,29.3,0.2,29.4,1.0,0.9,0.2,0.0,27.6,0.3,14.6,42.2,0.0,0.1,0.1,0.1,28.0,1.0,28.9,0.2,0.0,0.1,1.5,0.1,1.6,0.3,25.8,1.2,26.7] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,52,93,76,52,591,52,1098,52,1304,258,52,1098,408,52,138,52,220,52] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,6.0,4.8,6.0,5.7,4.8,7.7,5.0,7.8,4.7,7.8,7.1,4.7,7.8,7.5,4.8,6.3,5.1,6.9,4.8] + analyse: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.011| 0.015| 234.608| 3.600] + [PKTLEN......: 52.000| 1492.000| 339.700| 452.700| 204941.100| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0] + [IATS(ms)....: 35.1,35.1,0.1,31.2,2.6,33.7,0.1,0.1,0.1,0.1,30.8,1.5,5.3,37.3,0.1,0.0,0.1,0.0,31.8,2.2,33.9,0.1,0.1,0.5,0.4,0.4,0.3,0.4,31.9,1.3,32.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,831,52,138,52,696,52] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,6.0,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.7,7.5,4.8,7.8,4.8,7.8,4.8,6.3,5.1,7.7,4.8] + analyse: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.043| 0.012| 0.016| 240.534| 3.600] + [PKTLEN......: 52.000| 1492.000| 355.800| 507.100| 257111.100| 3.800] + [BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0] + [IATS(ms)....: 37.6,37.7,0.1,30.9,30.8,0.4,0.4,0.2,0.0,1.1,28.2,0.1,13.5,0.1,42.8,0.1,0.1,0.1,30.6,8.7,39.1,0.2,0.0,0.2,0.2,0.0,0.2,0.4,27.5,1.4,28.5] + [PKTLENS.....: 64,60,52,569,1492,52,1129,52,116,1469,52,52,52,91,93,52,76,52,591,52,1098,52,1492,104,52,1492,191,52,167,52,364,52] + [ENTROPIES...: 4.2,5.2,4.7,4.4,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.1,5.8,5.9,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.8,6.0,4.7,7.9,6.9,4.7,6.5,5.1,7.4,4.7] + analyse: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.042| 0.012| 0.017| 274.646| 3.500] + [PKTLEN......: 52.000| 1492.000| 304.800| 467.200| 218265.100| 3.800] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,0] + [IATS(ms)....: 41.6,41.7,0.0,34.7,0.4,35.0,0.2,0.2,0.2,0.1,34.8,0.0,3.3,37.8,0.1,0.1,0.1,0.1,0.0,32.2,2.3,34.4,0.2,0.0,0.2,0.5,31.2,2.5,33.2,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,52,591,52,1098,52,1492,81,52,138,52,256,52,160,52] + [ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.8,4.6,7.8,4.7,5.9,7.9,4.9,4.9,5.7,4.7,5.8,5.6,4.7,4.7,7.7,4.8,7.8,4.7,7.9,5.7,4.7,6.2,5.0,7.1,4.7,6.6,4.7] + analyse: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.050| 0.009| 0.014| 196.097| 3.300] + [PKTLEN......: 52.000| 1492.000| 424.800| 534.600| 285801.500| 4.000] + [BINS(c->s)..: 10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,1,0,1,0,1,1,0,0,0] + [IATS(ms)....: 27.2,27.2,0.1,29.0,0.4,29.3,0.2,0.2,0.2,0.0,27.4,0.2,22.9,0.0,0.1,50.3,0.1,0.1,27.2,1.1,28.1,0.2,0.0,0.2,1.1,1.1,0.1,0.1,0.1,0.7,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1471,52,52,91,93,76,52,52,591,52,1098,52,1492,704,52,1492,52,1318,751,52,138,172] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.7,6.0,7.9,5.0,5.0,5.9,5.9,5.6,4.6,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.8,7.7,4.8,6.2,6.5] + new: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] + analyse: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.044| 0.012| 0.015| 228.764| 3.700] + [PKTLEN......: 52.000| 1492.000| 340.500| 468.200| 219238.800| 3.900] + [BINS(c->s)..: 9,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,0,1,1,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,1,1] + [IATS(ms)....: 40.3,40.3,0.1,30.2,0.4,30.5,0.1,0.1,0.1,0.0,28.4,28.3,0.0,24.6,0.0,24.7,0.1,0.1,0.1,1.1,25.8,17.4,44.2,0.2,0.0,0.2,0.1,0.1,0.5,25.4,16.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1487,64,116,52,91,93,52,76,52,591,64,52,1098,52,1492,528,52,627,52,200,52,314] + [ENTROPIES...: 4.2,5.2,4.8,4.5,5.1,7.8,4.8,7.8,4.7,6.0,7.9,5.0,5.9,5.1,5.8,5.9,4.7,5.5,4.7,7.6,5.1,5.1,7.8,4.8,7.9,7.6,4.8,7.7,4.8,6.9,5.1,7.3] + analyse: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.039| 0.010| 0.013| 167.910| 3.600] + [PKTLEN......: 52.000| 1492.000| 287.100| 439.400| 193071.900| 3.800] + [BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] + [BINS(s->c)..: 8,2,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0,0] + [IATS(ms)....: 27.3,27.4,0.2,27.1,0.9,27.6,0.3,0.3,0.2,0.0,25.7,2.8,10.9,39.1,0.1,0.0,0.1,0.1,26.6,0.1,26.6,1.5,0.1,0.0,26.8,0.2,0.1,25.5,1.0,1.0,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1457,52,52,91,52,93,76,52,638,52,322,52,138,172,1444,52,52,329,52,166,52,105] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.0,5.0,5.9,4.7,5.9,5.6,4.8,7.6,5.0,7.3,4.6,6.3,6.7,7.8,5.0,4.9,7.3,4.7,6.6,4.7,5.9] + analyse: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.033| 0.009| 0.012| 153.174| 3.500] + [PKTLEN......: 52.000| 1492.000| 342.200| 472.200| 222950.100| 3.900] + [BINS(c->s)..: 8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 9,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,1,1,1] + [IATS(ms)....: 27.4,27.5,0.1,27.3,2.2,29.4,0.1,0.1,0.2,0.1,26.9,0.1,0.5,5.6,0.1,32.7,0.0,0.1,0.0,26.1,0.3,26.3,1.3,0.0,0.0,1.3,1.6,0.1,27.1,0.0,3.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1459,52,52,52,91,93,52,76,52,591,52,1098,52,1492,84,759,52,154,623,52,52,274] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.6,7.8,4.8,5.8,7.9,5.0,5.0,5.1,5.9,5.9,4.7,5.6,4.7,7.7,5.0,7.8,4.7,7.9,5.8,7.7,4.6,6.6,7.6,5.0,5.0,7.1] + analyse: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.046| 0.009| 0.014| 185.505| 3.300] + [PKTLEN......: 52.000| 1492.000| 406.800| 492.900| 242924.900| 4.000] + [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,1,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,0,1,1,0,1,1,1] + [IATS(ms)....: 29.2,29.3,0.0,28.4,0.5,28.8,0.0,0.1,0.3,0.0,26.4,0.0,20.1,46.2,0.1,0.0,0.1,0.1,26.0,2.9,28.7,0.2,0.1,0.3,0.1,0.2,0.0,0.1,1.1,0.0,0.0] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,91,52,93,76,52,591,52,1098,52,478,1098,52,52,1492,488,52,1098,478,366] + [ENTROPIES...: 4.1,5.1,4.7,4.4,4.9,7.8,4.7,7.8,4.6,5.9,7.9,5.0,4.9,5.8,4.7,5.8,5.5,4.7,7.6,4.9,7.8,4.8,7.5,7.8,4.8,4.8,7.9,7.5,4.8,7.8,7.5,7.4] + detected: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] + detected: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.108| 0.020| 0.028| 811.176| 3.500] + [PKTLEN......: 52.000| 1492.000| 324.200| 448.200| 200860.400| 3.900] + [BINS(c->s)..: 10,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1] + [IATS(ms)....: 40.4,40.5,0.0,31.0,0.5,31.5,0.1,0.1,0.1,0.1,29.0,0.0,28.8,26.3,55.8,82.2,0.1,0.1,0.2,0.1,0.1,26.3,81.7,107.9,0.1,0.1,0.1,0.1,0.1,0.6,26.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,64,52,116,64,91,52,93,52,76,52,591,52,1098,52,498,1098,52,810,52,200,52] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.7,7.8,4.8,5.8,7.9,5.1,5.0,5.8,5.1,5.9,4.8,5.9,4.8,5.5,4.8,7.6,5.0,7.8,4.8,7.5,7.8,4.7,7.7,4.8,6.9,5.0] + detection-update: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.009| 0.014| 195.258| 3.400] + [PKTLEN......: 52.000| 1492.000| 433.800| 539.400| 290977.100| 4.000] + [BINS(c->s)..: 10,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0,0] + [IATS(ms)....: 31.1,31.3,0.3,31.0,1.4,32.0,0.1,0.1,2.8,0.1,33.2,1.2,5.1,0.0,0.0,36.6,0.1,31.1,2.9,33.9,0.3,0.0,0.2,0.2,0.2,0.2,0.2,0.5,0.5,0.6,0.2] + [PKTLENS.....: 64,60,52,569,52,1492,52,1113,52,116,1324,52,52,91,93,76,52,591,52,1098,52,1492,704,52,1492,52,1492,52,950,52,138,252] + [ENTROPIES...: 4.1,5.2,4.7,4.2,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.0,5.9,6.0,5.5,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.6,7.9,4.5,7.9,4.6,7.8,4.6,6.3,7.0] + analyse: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.031| 0.008| 0.012| 151.638| 3.300] + [PKTLEN......: 52.000| 1492.000| 406.100| 507.800| 257847.600| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 28.1,28.2,0.1,28.4,1.4,29.7,0.1,0.1,0.1,0.1,27.0,0.0,0.0,3.7,0.0,0.0,30.5,0.1,0.1,27.4,1.6,28.7,0.1,0.1,0.1,0.1,0.3,0.2,0.7,0.7,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1098,52,1308,52,1098,52,770] + [ENTROPIES...: 4.1,5.3,4.7,4.5,4.9,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.1,5.0,5.9,5.8,5.5,4.7,4.7,7.7,5.0,7.8,4.7,7.8,4.7,7.8,4.7,7.9,4.7,7.8,4.7,7.7] + analyse: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.180| 0.027| 0.054| 2903.055| 2.900] + [PKTLEN......: 52.000| 1492.000| 452.000| 548.400| 300791.000| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0] + [IATS(ms)....: 27.8,27.9,0.1,27.5,0.5,27.9,0.4,0.4,0.4,0.1,26.7,1.9,152.3,180.4,0.1,0.0,0.1,0.1,27.3,146.6,173.9,1.4,0.0,1.3,0.1,0.1,0.2,0.0,0.1,0.3,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,76,52,629,52,1098,52,1492,704,52,1098,52,1492,704,52,1358,52] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.0,5.1,5.8,4.8,6.0,5.6,4.8,7.7,5.1,7.8,4.8,7.9,7.7,4.8,7.8,4.8,7.9,7.7,4.8,7.9,4.7] + detected: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] + new: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] + detected: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] + detected: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.028| 0.074| 0.247| 61210.599| 1.800] + [PKTLEN......: 52.000| 1492.000| 351.000| 482.300| 232616.900| 3.900] + [BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,0,1,1] + [IATS(ms)....: 1000.7,1028.3,27.7,0.3,28.6,0.6,28.8,0.7,0.7,1.1,0.3,27.1,1.2,8.9,0.0,35.8,0.0,0.1,0.1,0.6,27.3,2.9,29.6,1.3,0.0,1.3,0.1,0.1,0.8,27.3,0.9] + [PKTLENS.....: 64,64,60,52,569,52,1492,52,1129,52,116,1459,52,52,91,93,52,52,76,52,591,52,1098,52,1492,528,52,1067,52,167,52,348] + [ENTROPIES...: 4.1,4.2,5.2,4.8,4.4,5.1,7.9,4.8,7.8,4.7,5.9,7.9,5.1,5.0,5.8,6.0,4.7,4.7,5.7,4.7,7.6,4.9,7.8,4.8,7.9,7.6,4.8,7.8,4.7,6.6,5.1,7.3] + new: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] + detection-update: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] + new: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] + detected: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.029| 0.007| 0.012| 137.076| 3.300] + [PKTLEN......: 52.000| 1492.000| 397.000| 481.500| 231822.500| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,1] + [IATS(ms)....: 26.8,27.0,0.1,27.3,0.6,27.6,0.8,0.8,0.4,0.1,25.9,1.2,2.5,29.0,0.1,0.1,0.1,0.1,26.1,1.6,0.1,27.6,0.1,0.2,0.1,0.3,0.3,0.1,0.1,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,478,52,52,1098,52,1098,52,882,1098,52,478] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,4.7,7.8,4.8,5.9,7.9,5.1,5.1,5.9,4.8,5.9,5.7,4.8,7.6,5.0,7.8,7.5,4.7,4.7,7.8,4.7,7.8,4.7,7.7,7.8,4.7,7.5] + detection-update: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.058| 0.009| 0.015| 225.527| 3.300] + [PKTLEN......: 52.000| 1492.000| 408.200| 535.400| 286624.800| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1] + [IATS(ms)....: 27.1,27.2,1.0,28.6,1.5,29.1,0.1,0.1,0.2,0.1,27.0,0.1,31.2,57.9,0.1,0.1,1.1,1.0,0.1,26.9,2.3,29.1,0.2,0.1,0.2,0.1,0.2,0.1,0.2,0.1,0.6] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,52,1492,52,1318,52,422] + [ENTROPIES...: 4.2,5.3,4.8,4.4,5.1,7.8,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.8,4.8,5.9,4.8,5.7,4.8,7.6,5.1,7.8,4.8,7.9,7.7,4.8,4.8,7.9,4.7,7.8,4.8,7.5] + detection-update: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.039| 0.008| 0.012| 156.003| 3.400] + [PKTLEN......: 52.000| 1492.000| 410.500| 518.800| 269178.600| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1] + [IATS(ms)....: 27.4,27.5,0.2,27.2,1.4,28.3,0.1,0.1,0.2,0.1,25.7,1.2,12.6,39.1,0.1,0.1,0.1,0.1,26.5,1.3,27.7,0.9,0.9,0.3,0.3,0.4,0.4,0.1,0.0,0.1,0.5] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,1492,52,1492,520,52,480] + [ENTROPIES...: 4.2,5.3,4.8,4.5,5.1,7.9,4.8,7.9,4.8,5.9,7.9,5.0,5.1,5.9,4.8,6.0,5.7,4.8,7.6,5.1,7.8,4.8,7.5,4.8,7.8,4.8,7.9,4.8,7.9,7.6,4.8,7.5] + new: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] + detected: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.032| 0.009| 0.013| 159.388| 3.500] + [PKTLEN......: 52.000| 1492.000| 374.000| 504.400| 254392.600| 3.900] + [BINS(c->s)..: 9,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 7,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,1,0,0,1,1] + [IATS(ms)....: 28.1,28.2,0.1,27.4,1.5,28.8,0.1,0.1,0.2,0.1,28.2,1.2,2.7,31.8,0.1,0.0,0.1,0.1,27.2,1.7,28.7,0.2,0.0,0.2,0.2,0.0,0.0,0.2,0.2,27.0,8.5] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1457,52,52,91,52,93,76,52,591,52,1098,52,1492,104,52,1492,280,367,52,138,52,584] + [ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,4.7,7.9,4.7,5.9,7.8,5.0,4.9,5.9,4.7,5.9,5.5,4.7,7.6,5.0,7.8,4.8,7.9,6.0,4.8,7.9,7.2,7.3,4.8,6.3,5.0,7.6] + analyse: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.036| 0.009| 0.013| 161.218| 3.500] + [PKTLEN......: 52.000| 1492.000| 330.400| 469.300| 220240.500| 3.900] + [BINS(c->s)..: 9,0,1,2,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,1,1] + [IATS(ms)....: 27.8,27.9,0.1,27.1,0.5,27.5,0.8,0.8,0.3,0.1,26.2,1.0,8.7,0.0,35.6,0.1,0.1,0.0,26.0,5.3,31.3,0.2,0.0,0.0,0.2,0.1,1.6,0.1,0.1,26.9,1.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,93,52,76,52,591,52,1098,52,1492,704,132,52,52,154,172,338,52,52] + [ENTROPIES...: 4.2,5.1,4.7,4.5,5.0,7.9,4.8,7.8,4.8,5.8,7.9,5.0,5.1,5.8,5.9,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.9,7.7,6.5,4.7,4.8,6.5,6.6,7.3,5.0,5.0] + analyse: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.122| 0.019| 0.034| 1173.117| 3.100] + [PKTLEN......: 52.000| 1492.000| 390.500| 496.900| 246958.900| 4.000] + [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1] + [IATS(ms)....: 27.4,27.4,0.1,26.3,1.5,27.6,0.1,0.1,0.2,0.1,25.7,0.1,0.1,96.7,0.0,0.0,122.3,0.1,27.2,81.2,0.0,108.4,0.0,0.3,0.3,0.2,0.0,0.2,0.3,0.3,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,591,52,1098,478,52,52,1098,52,1492,488,52,1098,52,271] + [ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.8,4.7,7.8,4.6,5.9,7.9,4.8,4.8,4.9,5.7,5.8,5.6,4.7,7.6,5.0,7.8,7.5,4.8,4.8,7.8,4.8,7.9,7.5,4.8,7.8,4.8,7.1] + analyse: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.126| 0.020| 0.036| 1286.879| 3.200] + [PKTLEN......: 52.000| 1492.000| 386.500| 502.300| 252311.900| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1,1,0,1] + [IATS(ms)....: 31.8,31.9,0.1,31.0,1.6,32.5,1.0,1.0,0.3,0.0,0.0,31.0,1.1,93.8,0.0,125.7,0.0,0.1,0.1,0.1,31.1,87.8,0.0,118.8,0.0,0.3,0.3,0.2,0.0,0.2,0.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1492,55,52,52,91,93,52,52,76,52,591,52,1098,498,52,52,1098,52,1492,528,52,1098] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,4.7,7.8,4.8,6.0,7.9,4.8,5.0,5.0,5.9,5.9,4.8,4.8,5.6,4.8,7.6,5.0,7.8,7.6,4.8,4.8,7.8,4.7,7.9,7.5,4.8,7.8] + new: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] + detected: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.125| 0.019| 0.036| 1295.429| 3.100] + [PKTLEN......: 52.000| 1492.000| 390.500| 500.100| 250056.100| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,1,1,0] + [IATS(ms)....: 27.0,27.1,0.2,27.1,0.5,0.1,27.4,0.1,0.6,0.1,26.6,0.0,98.7,124.6,1.2,1.2,0.1,0.1,0.1,26.2,91.4,117.4,0.2,0.1,0.3,0.0,0.0,0.3,0.2,0.0,0.2] + [PKTLENS.....: 64,60,52,569,52,1492,1129,52,52,116,1465,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,262,52,1098,271,52] + [ENTROPIES...: 4.1,5.2,4.7,4.4,5.0,7.8,7.8,4.7,4.7,5.9,7.9,4.9,4.9,5.9,4.7,5.8,4.7,5.5,4.7,7.6,5.0,7.8,4.8,7.8,4.8,7.9,7.7,7.2,4.7,7.8,7.2,4.7] + new: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] + detected: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] + new: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] + detection-update: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.042| 0.008| 0.013| 169.929| 3.400] + [PKTLEN......: 52.000| 1492.000| 425.100| 548.500| 300824.400| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0] + [IATS(ms)....: 28.7,28.8,0.1,27.4,0.6,27.9,0.8,0.7,0.3,0.1,25.9,0.0,1.1,15.2,0.0,41.9,0.0,0.1,0.1,0.1,27.2,2.9,29.9,0.3,0.0,0.2,0.2,0.2,0.8,0.0,0.9] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,52,91,93,52,52,76,52,660,52,1098,52,1492,704,52,1492,52,1492,726,52] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.8,4.8,7.8,4.7,5.9,7.9,5.0,5.0,5.0,6.0,6.0,4.8,4.8,5.7,4.8,7.6,5.0,7.8,4.8,7.9,7.7,4.8,7.9,4.8,7.9,7.8,4.8] + analyse: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.099| 0.017| 0.025| 636.110| 3.600] + [PKTLEN......: 52.000| 1492.000| 288.800| 419.800| 176233.300| 3.900] + [BINS(c->s)..: 8,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,1,0,0,1] + [IATS(ms)....: 29.8,29.9,0.1,27.6,1.3,0.0,28.8,0.1,0.3,0.0,26.9,0.1,14.1,0.1,40.8,0.1,0.1,0.1,27.1,1.2,28.3,0.7,27.4,96.8,0.1,98.7,0.0,1.2,29.7,0.1,2.9] + [PKTLENS.....: 64,60,52,569,52,1492,1128,52,52,116,1461,52,52,91,93,52,76,52,608,52,527,52,138,52,172,583,52,52,133,52,105,1098] + [ENTROPIES...: 4.1,5.2,4.7,4.5,5.0,7.9,7.8,4.7,4.6,6.0,7.8,4.9,5.0,5.8,5.9,4.8,5.6,4.8,7.5,5.1,7.6,4.8,6.3,5.0,6.6,7.7,5.0,5.1,6.3,4.7,5.8,7.8] + new: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] + new: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] + new: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] + analyse: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.207| 0.028| 0.058| 3307.776| 2.900] + [PKTLEN......: 52.000| 1492.000| 468.700| 574.100| 329541.200| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 26.9,27.0,0.1,29.9,1.5,31.2,0.1,0.1,0.2,0.0,25.7,1.2,169.4,0.0,0.0,207.4,0.0,42.8,141.8,173.3,0.1,0.1,1.3,1.2,0.2,0.2,0.2,0.2,0.1,0.1,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,93,76,52,591,52,1098,52,498,52,1098,52,1492,52,1492,52,1492,52,1350] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,6.0,5.8,5.6,4.8,7.6,5.1,7.8,4.8,7.6,4.8,7.8,4.8,7.9,4.8,7.9,4.8,7.8,4.8,7.9] + detected: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] + detected: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] + detection-update: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.032| 0.009| 0.012| 154.797| 3.600] + [PKTLEN......: 52.000| 1492.000| 341.300| 465.200| 216385.700| 3.900] + [BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0] + [IATS(ms)....: 26.4,26.4,0.1,27.0,0.5,27.4,0.9,0.9,0.3,0.0,25.9,1.2,5.1,32.0,0.1,0.1,0.1,0.1,26.0,1.6,27.4,0.1,0.1,0.3,0.3,0.3,0.1,25.5,1.3,1.3,27.7] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1185,52,154,595,52,52,274,52] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.8,4.8,7.8,4.7,5.8,7.9,4.9,4.9,5.9,4.8,5.9,5.7,4.8,7.6,4.9,7.8,4.7,7.8,4.7,7.8,4.7,6.3,7.6,5.0,5.1,7.2,4.8] + analyse: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.008| 0.012| 146.948| 3.400] + [PKTLEN......: 52.000| 1492.000| 259.000| 395.400| 156313.400| 3.900] + [BINS(c->s)..: 7,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1] + [IATS(ms)....: 26.1,26.2,0.1,25.7,1.6,27.2,0.1,0.1,0.3,0.0,25.7,0.0,1.2,7.7,0.0,34.4,0.1,0.1,0.1,25.8,1.4,27.1,0.1,0.1,0.0,0.1,0.0,24.9,0.1,1.2,0.0] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1461,52,52,52,91,93,52,76,52,608,52,527,52,138,172,603,155,156,52,52,52,52] + [ENTROPIES...: 4.2,5.1,4.7,4.4,4.9,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.1,5.9,5.8,4.7,5.5,4.7,7.7,5.1,7.6,4.7,6.2,6.7,7.6,6.5,6.5,5.0,4.9,5.0,4.9] + analyse: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.009| 0.013| 163.660| 3.600] + [PKTLEN......: 52.000| 1492.000| 255.100| 395.400| 156328.100| 3.800] + [BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0] + [IATS(ms)....: 27.4,27.4,0.1,27.3,0.5,27.6,0.1,0.1,0.2,0.1,26.1,0.5,7.6,0.0,33.8,0.1,1.2,1.1,0.1,27.5,0.4,27.8,0.3,0.1,0.1,26.2,0.0,0.8,0.1,26.6,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,93,52,52,76,52,612,52,527,52,138,172,537,52,52,52,133,52,105] + [ENTROPIES...: 4.2,5.3,4.8,4.4,5.0,7.8,4.8,7.8,4.8,5.9,7.9,5.1,5.0,6.1,5.9,4.7,4.7,5.6,4.8,7.6,5.1,7.6,4.8,6.3,6.6,7.5,5.1,5.0,5.1,6.5,4.8,5.9] + new: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] + detected: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.178| 0.027| 0.054| 2913.054| 2.900] + [PKTLEN......: 52.000| 1492.000| 434.600| 557.900| 311277.200| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0] + [IATS(ms)....: 26.8,26.8,0.1,27.0,1.6,0.0,28.5,0.1,0.2,0.1,25.7,0.0,152.5,0.0,0.1,177.9,0.0,0.1,0.1,26.1,149.1,175.0,1.3,1.3,0.2,0.0,0.2,0.3,0.2,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,1128,52,52,116,1471,52,52,91,93,76,52,52,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,52] + [ENTROPIES...: 4.1,5.2,4.7,4.4,4.9,7.9,7.8,4.6,4.6,5.9,7.9,5.1,5.0,5.8,5.8,5.6,4.7,4.7,4.7,7.6,5.1,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.9,4.7] + new: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] + new: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] + detected: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443] + new: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] + analyse: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.028| 0.204| 0.738| 545057.276| 1.400] + [PKTLEN......: 52.000| 1492.000| 304.700| 439.900| 193493.400| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1] + [IATS(ms)....: 33.0,33.0,0.3,26.6,1.1,27.4,0.1,0.1,0.3,0.1,26.0,1.1,8.9,0.1,35.6,0.1,0.1,0.0,26.2,2.1,28.2,0.1,0.0,0.1,0.5,28.2,27.7,0.1,0.1,3002.0,3028.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,93,52,76,52,591,52,1098,52,1098,453,52,138,253,52,148,52,52,76] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.0,4.9,5.9,5.9,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.8,7.6,4.7,6.3,7.1,4.8,6.6,4.7,4.6,5.6] + new: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] + analyse: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.029| 0.007| 0.012| 139.021| 3.300] + [PKTLEN......: 52.000| 1492.000| 382.700| 493.600| 243675.800| 4.000] + [BINS(c->s)..: 10,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,1,0,0,0] + [IATS(ms)....: 27.0,27.1,0.3,28.1,0.3,28.1,0.3,0.3,0.3,0.1,25.7,1.2,2.7,29.2,0.0,0.1,0.1,0.1,26.0,2.2,0.0,28.1,0.2,0.2,0.1,0.0,0.1,1.8,1.9,0.2,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1467,52,52,91,52,93,76,52,591,52,1098,498,52,1098,52,1492,280,52,1031,52,154,172] + [ENTROPIES...: 4.1,5.1,4.6,4.4,5.0,7.8,4.6,7.8,4.7,5.9,7.9,5.0,5.0,5.8,4.6,6.0,5.6,4.6,7.7,5.0,7.8,7.5,4.6,7.8,4.7,7.9,7.1,4.7,7.8,4.6,6.5,6.6] + analyse: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.189| 0.028| 0.055| 3044.153| 3.000] + [PKTLEN......: 52.000| 1492.000| 416.200| 521.000| 271438.600| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1,0] + [IATS(ms)....: 31.7,31.8,0.2,31.2,1.4,32.3,0.1,0.1,0.4,0.1,30.7,1.2,157.6,0.0,0.1,189.1,0.0,0.3,34.8,142.8,177.3,0.2,0.2,1.2,0.0,1.2,0.3,0.0,0.3,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1492,528,52,1492,704,52,432,52] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.8,4.8,7.8,4.8,5.9,7.8,5.1,5.1,5.9,6.0,5.6,4.7,4.7,7.6,5.1,7.8,4.8,7.8,4.8,7.9,7.6,4.8,7.9,7.7,4.8,7.5,4.8] + detected: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.040| 0.010| 0.014| 190.700| 3.500] + [PKTLEN......: 52.000| 1492.000| 336.200| 468.300| 219266.800| 3.900] + [BINS(c->s)..: 10,0,1,2,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,0,0,0,1] + [IATS(ms)....: 28.5,28.6,0.2,28.6,1.2,29.6,0.1,0.1,0.3,0.1,26.9,0.1,1.1,12.5,0.1,40.4,0.0,0.0,0.1,0.1,28.6,7.8,36.3,0.2,0.1,0.2,0.2,1.9,0.3,0.4,29.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1479,52,52,52,91,93,52,52,76,52,591,52,1098,52,1098,52,1227,52,154,172,472,52] + [ENTROPIES...: 4.2,5.3,4.8,4.4,5.1,7.8,4.8,7.8,4.8,6.0,7.9,5.0,5.1,5.1,6.0,5.8,4.8,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.8,4.8,7.8,4.7,6.4,6.7,7.5,5.1] + detection-update: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.169| 0.025| 0.051| 2565.544| 2.900] + [PKTLEN......: 52.000| 1492.000| 435.800| 558.300| 311649.100| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1] + [IATS(ms)....: 27.1,27.2,0.1,27.6,0.4,0.1,27.8,0.1,0.2,0.1,27.9,0.0,1.2,140.1,0.0,0.1,168.9,0.0,0.1,0.2,26.1,139.2,165.0,0.2,0.1,0.2,0.0,0.1,0.3,0.3,0.2] + [PKTLENS.....: 64,60,52,569,52,1492,1127,52,52,116,1471,52,52,52,91,93,76,52,52,52,629,52,1098,52,1098,52,1492,704,52,1492,52,1492] + [ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,7.8,4.8,4.8,5.9,7.9,5.0,5.0,5.0,5.8,6.0,5.6,4.8,4.8,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.9] + analyse: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.179| 0.027| 0.054| 2949.282| 2.900] + [PKTLEN......: 52.000| 1492.000| 461.800| 572.200| 327423.800| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,5,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 27.7,27.7,0.2,27.4,1.5,28.7,0.1,0.1,0.4,0.0,26.9,0.0,152.5,0.1,179.2,0.0,0.1,0.1,26.1,150.4,176.3,0.2,0.0,0.1,0.3,0.2,0.7,0.7,0.4,0.4,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,93,52,76,52,591,52,1098,52,1492,528,52,1492,52,704,52,1492,52,1492] + [ENTROPIES...: 4.1,5.2,4.8,4.3,5.1,7.8,4.8,7.8,4.8,5.8,7.9,5.0,5.0,5.9,5.9,4.7,5.6,4.7,7.5,5.0,7.8,4.7,7.8,7.5,4.7,7.9,4.7,7.7,4.7,7.9,4.7,7.9] + analyse: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.604| 0.075| 0.151| 22860.368| 3.100] + [PKTLEN......: 52.000| 1492.000| 384.700| 500.500| 250468.600| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,1,0,1,0,1] + [IATS(ms)....: 28.6,28.6,0.1,27.3,1.5,0.1,28.7,0.1,0.2,0.1,27.0,0.0,1.1,153.8,0.0,181.6,0.0,0.1,0.1,0.1,27.4,146.5,0.0,173.7,0.1,603.7,0.0,603.8,141.3,141.3,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,1127,52,52,116,1469,52,52,52,91,93,52,52,76,52,591,52,1098,498,52,52,1098,498,52,1098,52,1492] + [ENTROPIES...: 4.2,5.3,4.8,4.4,5.1,7.9,7.8,4.8,4.8,6.0,7.9,5.1,5.1,5.1,5.9,5.9,4.7,4.8,5.6,4.8,7.6,5.1,7.8,7.6,4.8,4.8,7.8,7.6,4.7,7.8,4.7,7.9] + new: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] + detected: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.188| 0.020| 0.046| 2094.229| 2.900] + [PKTLEN......: 52.000| 1492.000| 356.800| 487.600| 237730.200| 3.900] + [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,0,1,0,0] + [IATS(ms)....: 27.3,27.4,0.1,27.0,0.6,27.4,0.7,0.7,0.4,0.1,25.9,1.2,11.4,0.0,38.1,0.1,0.0,0.1,0.1,26.0,2.8,28.7,0.2,0.0,0.2,0.1,0.1,0.1,188.2,188.4,5.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1463,52,52,91,93,52,76,52,52,591,52,1098,52,1492,704,52,1098,52,52,366,52,138] + [ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.8,4.7,7.8,4.7,5.9,7.9,4.9,5.0,5.9,5.7,4.6,5.6,4.6,4.6,7.6,5.0,7.8,4.7,7.9,7.7,4.6,7.8,4.6,4.7,7.3,4.6,6.2] + new: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] + detected: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.008| 0.012| 144.514| 3.500] + [PKTLEN......: 52.000| 1492.000| 397.200| 485.100| 235309.800| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1,0,1,1,0] + [IATS(ms)....: 27.0,27.1,0.5,27.3,1.5,28.3,0.1,0.1,1.2,0.3,27.0,1.2,7.6,0.1,0.0,34.3,0.1,0.5,26.1,2.9,0.1,28.4,0.0,0.1,0.1,0.2,0.0,0.2,4.5,0.1,4.6] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,93,76,52,52,591,52,1098,1098,52,52,922,52,1098,250,52,1098,682,52] + [ENTROPIES...: 4.2,5.1,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,6.0,5.7,4.8,4.8,7.7,5.0,7.8,7.8,4.8,4.8,7.8,4.6,7.8,7.2,4.8,7.9,7.7,4.8] + new: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] + detected: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.033| 0.008| 0.012| 145.944| 3.400] + [PKTLEN......: 52.000| 1492.000| 372.100| 488.600| 238772.900| 3.900] + [BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,1,1,0,0,0] + [IATS(ms)....: 27.2,27.3,0.3,27.3,1.5,28.5,0.1,0.1,0.4,0.1,27.0,0.0,6.2,0.1,32.7,0.0,0.1,0.1,26.1,2.8,28.8,1.2,1.1,0.3,0.3,0.2,0.0,0.0,0.2,0.1,1.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1491,52,52,91,93,52,76,52,591,52,1098,52,258,52,1098,52,1492,704,610,52,52,148] + [ENTROPIES...: 4.2,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,5.8,7.9,4.9,4.9,5.9,5.9,4.7,5.6,4.7,7.6,4.9,7.8,4.7,7.2,4.7,7.8,4.7,7.9,7.7,7.7,4.7,4.7,6.4] + new: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] + new: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] + detected: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] + detection-update: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.008| 0.012| 142.779| 3.400] + [PKTLEN......: 52.000| 1492.000| 385.300| 506.900| 256960.200| 3.900] + [BINS(c->s)..: 10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0] + [IATS(ms)....: 26.9,27.0,0.1,26.1,1.5,27.4,0.1,0.1,0.2,0.1,25.7,1.2,7.6,34.1,0.1,0.0,0.1,0.1,26.1,2.8,28.8,0.3,0.3,0.9,0.9,0.3,0.0,0.3,0.5,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,52,1492,271,52,138,172,539] + [ENTROPIES...: 4.2,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,6.0,4.8,5.9,5.6,4.8,7.6,4.9,7.8,4.6,7.9,4.6,7.7,4.6,7.9,7.2,4.6,6.3,6.5,7.6] + analyse: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.032| 0.009| 0.013| 162.784| 3.500] + [PKTLEN......: 52.000| 1492.000| 403.100| 505.200| 255231.400| 4.000] + [BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1] + [IATS(ms)....: 27.8,27.9,0.5,28.7,0.6,28.8,0.6,0.6,0.2,0.1,27.2,0.0,5.0,31.9,0.1,0.0,0.1,0.1,27.3,4.1,31.3,0.2,0.1,0.2,0.0,0.2,0.1,0.1,0.2,26.7,1.6] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,830,52,148,52,1044] + [ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,6.0,7.9,5.0,4.9,5.9,4.7,6.0,5.7,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.8,4.7,6.3,5.0,7.8] + analyse: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.031| 0.009| 0.012| 155.373| 3.600] + [PKTLEN......: 52.000| 1492.000| 343.300| 466.300| 217422.700| 3.900] + [BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0] + [IATS(ms)....: 26.5,26.7,0.1,27.2,0.5,27.5,0.1,0.1,0.2,0.1,25.3,1.2,5.0,31.3,0.1,0.1,0.1,0.1,26.1,1.5,27.5,0.1,0.1,0.2,0.2,0.3,0.1,25.6,0.1,2.4,27.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1184,52,154,659,52,52,274,52] + [ENTROPIES...: 4.2,5.3,4.7,4.4,5.1,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.8,7.8,4.8,7.8,4.8,6.4,7.6,4.9,5.0,7.2,4.7] + new: [....62] [ip4][..tcp] [...192.168.1.29][51466] -> [..77.111.247.69][..443] + detected: [....62] [ip4][..tcp] [...192.168.1.29][51466] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....62] [ip4][..tcp] [...192.168.1.29][51466] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + idle: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + guessed: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443] [TLS][Unknown][Web][Safe] + RISK: TCP Connection Issues + end: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443] + end: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....62] [ip4][..tcp] [...192.168.1.29][51466] -> [..77.111.247.69][..443] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/os_detected.pcapng.out b/test/results/flow-info/default/os_detected.pcapng.out index d39a14187..1325d597b 100644 --- a/test/results/flow-info/default/os_detected.pcapng.out +++ b/test/results/flow-info/default/os_detected.pcapng.out @@ -3,7 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] detected: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] [QUIC][Google][Web][Acceptable][] - RISK: Missing SNI TLS Extn, Unidirectional Traffic + RISK: Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] [QUIC][Google][Web][Acceptable] - RISK: Missing SNI TLS Extn, Unidirectional Traffic + RISK: Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out index b2a3cdccd..163b6a36a 100644 --- a/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -8,21 +8,22 @@ new: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] idle: [.....1] [ip4][..udp] [......127.0.0.1][....1] -> [......127.0.0.1][....2] [HalfLife2][Unknown][Game][Fun] update: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] - update: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] - detected: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Starcraft][Unknown][Game][Fun] + detected: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Protobuf][Unknown][Network][Safe] + RISK: Unidirectional Traffic + update: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Protobuf][Unknown][Network][Safe] RISK: Unidirectional Traffic DAEMON-EVENT: [Processed: 10 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 2] new: [.....3] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.206.130][.1119] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.206.130][.1119] [Starcraft][Unknown][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues - idle: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Starcraft][Unknown][Game][Fun] + idle: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Protobuf][Unknown][Network][Safe] RISK: Unidirectional Traffic new: [.....4] [ip4][..tcp] [..192.168.1.128][....1] -> [121.254.200.130][.1119] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [..192.168.1.128][....1] -> [121.254.200.130][.1119] [Starcraft][Unknown][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues new: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [MIDSTREAM] - detected: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [Starcraft][Unknown][Game][Fun] + detected: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [Starcraft][Starcraft][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues new: [.....6] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.236.254][.1119] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.236.254][.1119] [Starcraft][Unknown][Game][Fun] @@ -44,7 +45,7 @@ RISK: Unidirectional Traffic, TCP Connection Issues idle: [.....3] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.206.130][.1119] [Starcraft][Unknown][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues - idle: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [Starcraft][Unknown][Game][Fun] + idle: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [Starcraft][Starcraft][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues DAEMON-EVENT: [Processed: 17 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] diff --git a/test/results/flow-info/default/pinterest.pcap.out b/test/results/flow-info/default/pinterest.pcap.out index 207665063..5cdad211f 100644 --- a/test/results/flow-info/default/pinterest.pcap.out +++ b/test/results/flow-info/default/pinterest.pcap.out @@ -56,14 +56,14 @@ [PKTLENS.....: 80,80,72,589,72,1460,1460,1460,1230,72,72,72,72,165,171,363,383,350,1026,328,72,72,72,330,72,138,72,72,72,110,1460,72] [ENTROPIES...: 4.6,5.1,5.1,4.4,4.9,6.4,5.2,7.3,7.6,5.1,5.0,5.1,5.1,6.0,6.2,7.2,7.1,6.9,7.4,6.9,4.9,4.9,4.9,7.1,5.1,6.1,4.9,5.0,5.1,5.6,7.9,5.1] new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] - detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe][sessions.bugsnag.com] + detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] new: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] - detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe][sessions.bugsnag.com] - detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Unknown][Web][Acceptable][www.google.com] + detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] + detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] new: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] - detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Unknown][Web][Acceptable][www.google.com] + detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com] - analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Unknown][Web][Acceptable] + analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.009| 0.014| 192.210| 3.400] [PKTLEN......: 72.000| 1280.000| 251.000| 327.800| 107441.100| 4.100] @@ -76,7 +76,7 @@ detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com] new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] - analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe] + analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.133| 0.015| 0.030| 874.849| 3.100] [PKTLEN......: 72.000| 1280.000| 309.400| 401.100| 160869.700| 4.100] @@ -112,15 +112,15 @@ [ENTROPIES...: 4.7,5.1,5.1,4.5,5.0,6.7,4.9,5.1,5.1,7.4,5.1,7.3,7.6,5.1,5.2,5.9,6.3,7.4,5.0,5.0,5.0,7.1,6.2,5.2,5.1,7.9,7.9,7.9,5.1,5.1,5.1,7.8] detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe][images.unsplash.com] new: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] - detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Unknown][Web][Acceptable][www.gstatic.com] + detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Google][Web][Acceptable][www.gstatic.com] new: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] - detected: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Unknown][Web][Acceptable][apis.google.com] + detected: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com] new: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] - detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Unknown][Web][Acceptable][www.gstatic.com] - detected: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][connect.facebook.net] - detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Unknown][Web][Acceptable][apis.google.com] - detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][connect.facebook.net] - analyse: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun] + detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Google][Web][Acceptable][www.gstatic.com] + detected: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][connect.facebook.net] + detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com] + detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][connect.facebook.net] + analyse: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.093| 0.011| 0.022| 473.126| 3.000] [PKTLEN......: 72.000| 1452.000| 271.000| 368.400| 135732.300| 4.100] @@ -131,15 +131,15 @@ [PKTLENS.....: 80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199] [ENTROPIES...: 5.1,5.4,5.4,4.6,5.3,7.8,7.8,5.5,5.5,6.2,6.5,7.3,7.3,5.3,5.2,5.3,7.0,6.4,5.9,7.6,5.4,5.4,5.4,5.4,7.5,7.9,6.1,5.4,5.4,5.4,5.9,6.7] new: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] - detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][www.facebook.com] + detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] - detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][www.facebook.com] - detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] - detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] + detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com] + detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][content-autofill.googleapis.com] + detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][content-autofill.googleapis.com] new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [MIDSTREAM] - detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Unknown][Web][Safe] + detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe] RISK: Unidirectional Traffic - analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Unknown][Web][Safe] + analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.029| 0.002| 0.006| 41.161| 1.800] [PKTLEN......: 72.000| 1280.000| 738.800| 578.200| 334348.700| 4.500] @@ -150,9 +150,9 @@ [PKTLENS.....: 230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280] [ENTROPIES...: 6.9,6.7,5.1,5.1,7.0,7.9,5.2,7.8,7.8,7.8,7.8,5.1,5.1,7.8,7.8,5.2,7.9,7.8,7.8,7.9,5.2,5.2,7.8,7.8,6.9,5.8,6.7,5.1,7.8,7.8,7.8,7.8] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] - detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Unknown][Web][Acceptable][accounts.google.com] - detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Unknown][Web][Acceptable][accounts.google.com] - analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.486| 0.062| 0.261| 67965.321| 1.600] [PKTLEN......: 72.000| 1280.000| 238.100| 317.700| 100919.600| 4.100] @@ -162,7 +162,7 @@ [IATS(ms)....: 55.5,55.6,2.6,45.1,17.8,0.0,60.2,0.0,0.3,0.3,9.4,2.5,0.6,42.9,0.0,0.2,0.0,30.6,0.2,14.9,14.7,23.0,0.0,23.0,0.0,0.1,0.0,0.1,1.6,29.4,1485.9] [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237] [ENTROPIES...: 4.8,5.2,5.1,4.7,5.0,7.8,7.8,5.2,5.2,7.6,5.2,6.1,6.5,7.5,5.1,5.1,5.1,7.6,5.2,5.8,5.7,5.2,7.5,6.2,5.2,5.2,5.9,5.1,5.2,6.0,5.1,6.9] - analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Unknown][Web][Acceptable] + analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.009| 0.013| 168.080| 3.500] [PKTLEN......: 72.000| 1280.000| 418.800| 492.400| 242485.900| 4.100] @@ -186,11 +186,11 @@ new: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] detected: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][assets.pinterest.com] - detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Unknown][Advertisement][Acceptable][www.google-analytics.com] + detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable][www.google-analytics.com] detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][assets.pinterest.com] detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][assets.pinterest.com] - detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Unknown][Advertisement][Acceptable][www.google-analytics.com] - analyse: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable][www.google-analytics.com] + analyse: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.157| 0.016| 0.035| 1243.837| 2.700] [PKTLEN......: 72.000| 1280.000| 413.000| 486.700| 236885.800| 4.100] @@ -226,25 +226,25 @@ [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120] [ENTROPIES...: 4.8,5.1,5.2,4.5,5.1,6.9,5.1,5.2,5.2,6.7,7.2,7.3,7.6,5.2,5.1,5.2,5.2,5.6,5.2,6.0,6.4,7.1,5.1,5.1,7.0,6.2,5.2,5.2,5.7,5.0,7.8,7.8] detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][js-agent.newrelic.com] - guessed: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] [TLS][Unknown][Web][Safe] + guessed: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] [TLS][Google][Web][Safe] idle: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] - idle: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe] - idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Unknown][Web][Acceptable] - idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + idle: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe] + idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable] + idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable] idle: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads] - guessed: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51446] -> [...............2a00:1450:4007:816::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51446] -> [...............2a00:1450:4007:816::2003][..443] [TLS][Google][Web][Safe] idle: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51446] -> [...............2a00:1450:4007:816::2003][..443] - guessed: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] [TLS][Google][Web][Safe] idle: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] idle: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] guessed: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38402] -> [.......................2a04:4e42:1d::84][..443] [TLS][Unknown][Web][Safe] idle: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38402] -> [.......................2a04:4e42:1d::84][..443] guessed: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38406] -> [.......................2a04:4e42:1d::84][..443] [TLS][Unknown][Web][Safe] idle: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38406] -> [.......................2a04:4e42:1d::84][..443] - idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Unknown][Web][Safe] - guessed: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47682] -> [...............2a00:1450:4007:816::200a][..443] [TLS][Unknown][Web][Safe] + idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe] + guessed: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47682] -> [...............2a00:1450:4007:816::200a][..443] [TLS][Google][Web][Safe] idle: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47682] -> [...............2a00:1450:4007:816::200a][..443] - idle: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun] + idle: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun] guessed: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56940] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Web][Safe] idle: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56940] -> [......................2a04:4e42:1d::720][..443] idle: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun] @@ -254,29 +254,29 @@ end: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38520] -> [.......................2a04:4e42:1d::84][..443] end: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38522] -> [.......................2a04:4e42:1d::84][..443] idle: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun] - idle: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + idle: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] idle: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe] guessed: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][34626] -> [.....................64:ff9b::acd9:13e2][..443] [TLS][Unknown][Web][Safe] idle: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][34626] -> [.....................64:ff9b::acd9:13e2][..443] - guessed: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54308] -> [...............2a00:1450:4007:806::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54308] -> [...............2a00:1450:4007:806::200e][..443] [TLS][Google][Web][Safe] idle: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54308] -> [...............2a00:1450:4007:806::200e][..443] idle: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] guessed: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33156] -> [.....................64:ff9b::9765:7854][..443] [TLS][Unknown][Web][Safe] idle: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33156] -> [.....................64:ff9b::9765:7854][..443] guessed: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33164] -> [.....................64:ff9b::9765:7854][..443] [TLS][Unknown][Web][Safe] idle: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33164] -> [.....................64:ff9b::9765:7854][..443] - guessed: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] [TLS][Unknown][Web][Safe] + guessed: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] [TLS][Google][Web][Safe] idle: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] idle: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] idle: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun] idle: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun] - guessed: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40560] -> [...............2a00:1450:4007:816::2004][..443] [TLS][Unknown][Web][Safe] + guessed: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40560] -> [...............2a00:1450:4007:816::2004][..443] [TLS][Google][Web][Safe] idle: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40560] -> [...............2a00:1450:4007:816::2004][..443] - idle: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Unknown][Web][Acceptable] - guessed: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48890] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Unknown][Web][Safe] + idle: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable] + guessed: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48890] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Google][Web][Safe] idle: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48890] -> [...............2a00:1450:4007:815::2003][..443] - guessed: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57130] -> [...............2a00:1450:4007:80c::200a][..443] [TLS][Unknown][Web][Safe] + guessed: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57130] -> [...............2a00:1450:4007:80c::200a][..443] [TLS][Google][Web][Safe] idle: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57130] -> [...............2a00:1450:4007:80c::200a][..443] - guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe] + guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe] idle: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [......................2600:1901::7a0b::][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/protobuf.pcap.out b/test/results/flow-info/default/protobuf.pcap.out new file mode 100644 index 000000000..82561fbe3 --- /dev/null +++ b/test/results/flow-info/default/protobuf.pcap.out @@ -0,0 +1,27 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......127.0.0.1][52392] -> [......127.0.0.1][12345] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][52392] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..tcp] [......127.0.0.1][51680] -> [......127.0.0.1][12345] + end: [.....1] [ip4][..tcp] [......127.0.0.1][52392] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + detected: [.....2] [ip4][..tcp] [......127.0.0.1][51680] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: [Processed: 36 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..tcp] [......127.0.0.1][39786] -> [......127.0.0.1][12345] + detected: [.....3] [ip4][..tcp] [......127.0.0.1][39786] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + end: [.....2] [ip4][..tcp] [......127.0.0.1][51680] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: [Processed: 44 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....4] [ip4][..tcp] [......127.0.0.1][42358] -> [......127.0.0.1][12345] + detected: [.....4] [ip4][..tcp] [......127.0.0.1][42358] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + end: [.....3] [ip4][..tcp] [......127.0.0.1][39786] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: [Processed: 52 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....5] [ip4][..tcp] [......127.0.0.1][59030] -> [......127.0.0.1][12345] + detected: [.....5] [ip4][..tcp] [......127.0.0.1][59030] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + end: [.....4] [ip4][..tcp] [......127.0.0.1][42358] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + end: [.....5] [ip4][..tcp] [......127.0.0.1][59030] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/psiphon3.pcap.out b/test/results/flow-info/default/psiphon3.pcap.out index ca4d3a03d..474dd927d 100644 --- a/test/results/flow-info/default/psiphon3.pcap.out +++ b/test/results/flow-info/default/psiphon3.pcap.out @@ -3,11 +3,11 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] detected: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS][Cloudflare][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS][Cloudflare][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.007| 0.011| 114.161| 3.600] @@ -19,7 +19,7 @@ [PKTLENS.....: 60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048] [ENTROPIES...: 4.6,4.6,4.8,4.8,4.8,5.4,4.8,5.4,4.8,4.8,7.0,7.2,7.0,7.2,4.8,4.8,4.8,4.8,5.9,5.9,4.8,4.8,7.0,6.0,7.0,6.0,4.7,4.7,6.3,7.3,5.4,7.8] detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch end: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic-33.pcapng.out b/test/results/flow-info/default/quic-33.pcapng.out index 2233edebe..bd825925f 100644 --- a/test/results/flow-info/default/quic-33.pcapng.out +++ b/test/results/flow-info/default/quic-33.pcapng.out @@ -3,7 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] detected: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic-34.pcap.out b/test/results/flow-info/default/quic-34.pcap.out index 1be4c0b0e..317da963e 100644 --- a/test/results/flow-info/default/quic-34.pcap.out +++ b/test/results/flow-info/default/quic-34.pcap.out @@ -3,7 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] detected: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] [QUIC][Unknown][Web][Acceptable][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] [QUIC][Unknown][Web][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic-forcing-vn-with-data.pcapng.out b/test/results/flow-info/default/quic-forcing-vn-with-data.pcapng.out index 8cf6aa8cf..0884030eb 100644 --- a/test/results/flow-info/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/flow-info/default/quic-forcing-vn-with-data.pcapng.out @@ -5,7 +5,7 @@ detected: [.....1] [ip4][..udp] [.192.168.56.103][55523] -> [.192.168.56.104][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [.192.168.56.103][55523] -> [.192.168.56.104][.4433] [QUIC][Unknown][Web][Acceptable][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....1] [ip4][..udp] [.192.168.56.103][55523] -> [.192.168.56.104][.4433] [QUIC][Unknown][Web][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/flow-info/default/quic_frags_ch_in_multiple_packets.pcapng.out index d4855095c..8b574be99 100644 --- a/test/results/flow-info/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/flow-info/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -5,7 +5,7 @@ detected: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic detection-update: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 2fa4dbf64..976cff19c 100644 --- a/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -196,7 +196,7 @@ DAEMON-EVENT: [Processed: 38 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 27|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 32] new: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] - detected: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Google][Web][Acceptable][beacons4.gvt2.com] + detected: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons4.gvt2.com] RISK: Unidirectional Traffic update: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Unknown][Media][Fun] RISK: Unidirectional Traffic @@ -210,7 +210,7 @@ RISK: Unidirectional Traffic idle: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Unknown][Media][Fun] RISK: Unidirectional Traffic - idle: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Google][Web][Acceptable] + idle: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Unknown][Web][Acceptable] RISK: Unidirectional Traffic idle: [....27] [ip4][..udp] [...168.144.64.5][49324] -> [..35.194.157.47][..443] [QUIC.GoogleCloud][GoogleCloud][Advertisement][Acceptable] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/quic_interop_V.pcapng.out b/test/results/flow-info/default/quic_interop_V.pcapng.out index 53f83884a..9f0437d99 100644 --- a/test/results/flow-info/default/quic_interop_V.pcapng.out +++ b/test/results/flow-info/default/quic_interop_V.pcapng.out @@ -8,7 +8,7 @@ detected: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic new: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] - detected: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][Unknown][Web][Acceptable] + detected: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][AmazonAWS][Web][Acceptable] RISK: Unidirectional Traffic new: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] detected: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] [QUIC][Unknown][Web][Acceptable] @@ -35,7 +35,7 @@ detected: [....11] [ip4][.icmp] [...3.121.242.54] -> [..192.168.1.128] [ICMP][AmazonAWS][Network][Acceptable] RISK: Susp Entropy, Unidirectional Traffic new: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] - detected: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Unknown][Web][Acceptable] + detected: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] detected: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC][AmazonAWS][Web][Acceptable] @@ -56,7 +56,7 @@ detected: [....18] [ip4][..udp] [..192.168.1.128][49151] -> [133.242.206.244][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] - detected: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][Unknown][Web][Acceptable] + detected: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] detected: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] [QUIC][Unknown][Web][Acceptable] @@ -71,7 +71,7 @@ detected: [....23] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56213] -> [.........2400:8902::f03c:91ff:fe69:a454][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] - detected: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][Unknown][Web][Acceptable] + detected: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....25] [ip4][..udp] [..192.168.1.128][37661] -> [..71.202.41.169][.4433] detected: [....25] [ip4][..udp] [..192.168.1.128][37661] -> [..71.202.41.169][.4433] [QUIC][Unknown][Web][Acceptable] @@ -128,7 +128,7 @@ detected: [....42] [ip4][..udp] [..192.168.1.128][45855] -> [133.242.206.244][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....43] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46353] -> [.................2606:4700:10::6816:826][..443] - detected: [....43] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46353] -> [.................2606:4700:10::6816:826][..443] [QUIC][Unknown][Web][Acceptable] + detected: [....43] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46353] -> [.................2606:4700:10::6816:826][..443] [QUIC][Cloudflare][Web][Acceptable] RISK: Unidirectional Traffic new: [....44] [ip4][..udp] [..192.168.1.128][53791] -> [..40.112.191.60][.4434] detected: [....44] [ip4][..udp] [..192.168.1.128][53791] -> [..40.112.191.60][.4434] [QUIC][Azure][Web][Acceptable] @@ -140,7 +140,7 @@ detected: [....46] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49788] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] - detected: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][Unknown][Web][Acceptable] + detected: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AmazonAWS][Web][Acceptable] RISK: Unidirectional Traffic new: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] detected: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] [QUIC][Unknown][Web][Acceptable] @@ -149,7 +149,7 @@ detected: [....49] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44243] -> [......................2001:19f0:4:34::1][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] - detected: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][Unknown][Web][Acceptable] + detected: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] detected: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] @@ -173,7 +173,7 @@ detected: [....57] [ip4][..udp] [..192.168.1.128][50705] -> [.138.91.188.147][.4434] [QUIC][Azure][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] - detected: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Unknown][Web][Acceptable] + detected: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] detected: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] [QUIC][Unknown][Web][Acceptable] @@ -209,7 +209,7 @@ detected: [....69] [ip4][..udp] [..192.168.1.128][43735] -> [..51.158.105.98][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] - detected: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][Unknown][Web][Acceptable] + detected: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....71] [ip4][.icmp] [.202.238.220.92] -> [..192.168.1.128] detected: [....71] [ip4][.icmp] [.202.238.220.92] -> [..192.168.1.128] [ICMP][Unknown][Network][Acceptable] @@ -314,7 +314,7 @@ RISK: Unidirectional Traffic idle: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] idle: [.....6] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][48707] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][..443] - idle: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Unknown][Web][Acceptable] + idle: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] idle: [....65] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53140] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4433] @@ -325,7 +325,7 @@ RISK: Unidirectional Traffic idle: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - idle: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][Unknown][Web][Acceptable] + idle: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AmazonAWS][Web][Acceptable] RISK: Unidirectional Traffic idle: [....63] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38689] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4434] idle: [....10] [ip4][..udp] [..192.168.1.128][38366] -> [.202.238.220.92][.4433] [QUIC][Unknown][Web][Acceptable] @@ -346,7 +346,7 @@ idle: [....39] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49270] -> [..................2001:bc8:47a4:1c25::1][.4434] idle: [....42] [ip4][..udp] [..192.168.1.128][45855] -> [133.242.206.244][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Unknown][Web][Acceptable] + idle: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/reddit.pcap.out b/test/results/flow-info/default/reddit.pcap.out index 90cdeeb31..8412fa4bb 100644 --- a/test/results/flow-info/default/reddit.pcap.out +++ b/test/results/flow-info/default/reddit.pcap.out @@ -4,18 +4,18 @@ new: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] new: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] new: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] - detected: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][safebrowsing.googleapis.com] + detected: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][safebrowsing.googleapis.com] new: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] - detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][safebrowsing.googleapis.com] + detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][safebrowsing.googleapis.com] detected: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] - detection-update: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][safebrowsing.googleapis.com] + detection-update: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][safebrowsing.googleapis.com] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] - detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][safebrowsing.googleapis.com] + detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][safebrowsing.googleapis.com] detected: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] - analyse: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + analyse: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.076| 0.013| 0.023| 533.820| 3.200] [PKTLEN......: 72.000| 1280.000| 281.100| 342.100| 117045.100| 4.200] @@ -118,13 +118,13 @@ new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] new: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] - detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][www.googletagservices.com] + detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] detected: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Unknown][Web][Safe][c.aaxads.com] detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable][c.amazon-adsystem.com] - detection-update: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][www.googletagservices.com] + detection-update: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable][c.amazon-adsystem.com] detection-update: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Unknown][Web][Safe][c.aaxads.com] - analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.008| 0.014| 200.596| 3.100] [PKTLEN......: 72.000| 1280.000| 422.500| 490.000| 240053.700| 4.100] @@ -153,10 +153,10 @@ detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][platform.twitter.com] detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][platform.twitter.com] new: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] - detected: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][www.googletagmanager.com] - detection-update: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][www.googletagmanager.com] + detected: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagmanager.com] + detection-update: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagmanager.com] new: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] - analyse: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + analyse: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.008| 0.014| 205.550| 3.200] [PKTLEN......: 72.000| 1280.000| 415.800| 486.500| 236643.500| 4.100] @@ -175,11 +175,11 @@ detected: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Unknown][Web][Safe][id.rlcdn.com] new: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] new: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] - detected: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Unknown][Media][Fun][www.youtube.com] + detected: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com] detected: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe][secure.quantserve.com] detected: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][sb.scorecardresearch.com] detection-update: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Unknown][Web][Safe][id.rlcdn.com] - detection-update: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Unknown][Media][Fun][www.youtube.com] + detection-update: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com] detection-update: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][sb.scorecardresearch.com] detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe][secure.quantserve.com] detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe][secure.quantserve.com] @@ -201,10 +201,10 @@ new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] detected: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable][ad.doubleclick.net] detected: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable][ad.doubleclick.net] - detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Unknown][Web][Safe][rules.quantcount.com] + detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AmazonAWS][Web][Safe][rules.quantcount.com] detection-update: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable][ad.doubleclick.net] detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable][ad.doubleclick.net] - detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Unknown][Web][Safe][rules.quantcount.com] + detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AmazonAWS][Web][Safe][rules.quantcount.com] analyse: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.011| 0.015| 223.794| 3.600] @@ -227,13 +227,13 @@ [ENTROPIES...: 4.8,5.2,5.2,4.6,5.1,6.8,5.2,7.4,7.6,5.2,5.2,6.4,6.3,7.1,7.1,5.1,5.1,5.1,6.4,5.1,7.0,5.2,5.9,5.2,5.6,5.9,5.2,5.1,5.1,7.5,5.2,7.3] detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][syndication.twitter.com] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] - detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][cdn.syndication.twimg.com] - detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][cdn.syndication.twimg.com] + detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun][cdn.syndication.twimg.com] + detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun][cdn.syndication.twimg.com] new: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] new: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] - detected: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Unknown][Advertisement][Acceptable][static.doubleclick.net] - detected: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Unknown][Web][Acceptable][www.google.com] - analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun] + detected: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Google][Advertisement][Acceptable][static.doubleclick.net] + detected: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] + analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.051| 0.012| 0.018| 319.203| 3.500] [PKTLEN......: 72.000| 1280.000| 307.800| 396.400| 157103.100| 4.100] @@ -243,16 +243,16 @@ [IATS(ms)....: 43.0,43.1,0.3,41.3,10.2,51.1,0.4,38.4,3.5,41.5,0.5,0.0,0.5,0.0,0.1,0.1,2.3,0.2,0.1,38.5,0.0,0.0,0.0,36.0,0.0,0.0,0.1,5.2,2.2,17.6,0.2] [PKTLENS.....: 80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280] [ENTROPIES...: 5.2,5.5,5.4,4.7,5.3,6.2,5.3,5.1,5.3,7.8,5.5,7.8,7.9,5.4,5.4,7.4,5.5,6.4,6.6,7.5,5.4,7.3,7.3,6.5,5.4,5.5,5.4,6.0,5.4,5.4,5.9,7.8] - detection-update: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Unknown][Advertisement][Acceptable][static.doubleclick.net] + detection-update: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Google][Advertisement][Acceptable][static.doubleclick.net] new: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] new: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] new: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] new: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] - detection-update: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Unknown][Web][Acceptable][www.google.com] - detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Unknown][Web][Acceptable][fonts.gstatic.com] - detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Unknown][Web][Acceptable][fonts.gstatic.com] - detected: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Unknown][Media][Fun][yt3.ggpht.com] - analyse: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Unknown][Web][Acceptable] + detection-update: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] + detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com] + detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com] + detected: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun][yt3.ggpht.com] + analyse: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.062| 0.009| 0.018| 308.294| 3.000] [PKTLEN......: 72.000| 1280.000| 412.800| 483.300| 233579.900| 4.100] @@ -262,12 +262,12 @@ [IATS(ms)....: 37.4,37.4,0.2,47.4,15.0,0.0,62.3,0.0,0.4,0.3,2.5,0.2,0.3,39.9,0.1,0.0,2.3,39.3,0.2,2.9,2.6,0.8,0.8,0.3,0.0,0.0,0.3,0.0,0.0,0.1,0.0] [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292] [ENTROPIES...: 4.7,5.3,5.2,4.4,5.1,7.8,7.8,5.2,5.2,7.2,5.2,6.1,6.5,7.3,5.1,5.1,5.1,7.7,5.1,5.8,7.5,5.2,7.8,5.2,7.8,7.9,7.8,5.1,5.2,5.1,7.8,7.2] - detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Unknown][Media][Fun][i.ytimg.com] - detection-update: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Unknown][Media][Fun][yt3.ggpht.com] - detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Unknown][Media][Fun][i.ytimg.com] - detection-update: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Unknown][Web][Acceptable][fonts.gstatic.com] - detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Unknown][Web][Acceptable][fonts.gstatic.com] - analyse: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Unknown][Media][Fun] + detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Google][Media][Fun][i.ytimg.com] + detection-update: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun][yt3.ggpht.com] + detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Google][Media][Fun][i.ytimg.com] + detection-update: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com] + detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com] + analyse: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.069| 0.011| 0.023| 518.376| 2.800] [PKTLEN......: 72.000| 1280.000| 385.700| 459.200| 210886.500| 4.100] @@ -294,18 +294,18 @@ detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][gateway.reddit.com] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] new: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] - detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Unknown][Web][Acceptable][adservice.google.fr] - detected: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Unknown][Web][Acceptable][adservice.google.com] + detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.fr] + detected: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.com] new: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] new: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] detected: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Unknown][Web][Acceptable][aax-eu.amazon-adsystem.com] - detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Unknown][Web][Acceptable][adservice.google.fr] - detection-update: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Unknown][Web][Acceptable][adservice.google.com] - detected: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] - detection-update: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] + detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.fr] + detection-update: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.com] + detected: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] + detection-update: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Unknown][Web][Acceptable][aax-eu.amazon-adsystem.com] detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Unknown][Web][Acceptable][aax-eu.amazon-adsystem.com] - analyse: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Unknown][Web][Acceptable] + analyse: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.008| 0.012| 155.374| 3.400] [PKTLEN......: 72.000| 1280.000| 280.100| 371.700| 138197.800| 4.100] @@ -315,7 +315,7 @@ [IATS(ms)....: 18.5,18.6,0.4,37.2,9.0,0.0,0.0,0.0,45.9,0.0,0.0,0.0,8.7,0.4,0.3,33.6,0.0,0.1,1.2,0.0,25.4,0.0,0.5,7.3,0.0,0.0,6.8,0.0,0.0,3.7,20.5] [PKTLENS.....: 80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72] [ENTROPIES...: 4.8,5.3,5.2,4.6,5.1,7.8,7.8,7.8,7.0,5.2,5.2,5.2,5.2,6.3,6.6,7.3,5.1,5.1,5.1,7.6,5.7,5.3,5.3,5.9,7.7,7.6,5.9,5.2,5.2,5.2,6.0,5.0] - analyse: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + analyse: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.034| 0.007| 0.011| 127.134| 3.400] [PKTLEN......: 72.000| 1280.000| 323.800| 408.200| 166632.700| 4.100] @@ -335,28 +335,28 @@ new: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] new: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] new: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] - detected: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][fonts.googleapis.com] - detected: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detected: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detected: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detected: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detection-update: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] + detected: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][fonts.googleapis.com] + detected: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detected: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detected: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detected: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] new: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] - detection-update: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detection-update: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detection-update: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detection-update: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detection-update: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][fonts.googleapis.com] - detection-update: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detection-update: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detection-update: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detection-update: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - analyse: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + detection-update: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detection-update: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detection-update: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detection-update: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detection-update: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][fonts.googleapis.com] + detection-update: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + analyse: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.009| 0.014| 200.064| 3.400] [PKTLEN......: 72.000| 1280.000| 320.900| 398.400| 158685.900| 4.100] @@ -366,7 +366,7 @@ [IATS(ms)....: 29.5,29.5,0.1,39.8,6.2,0.0,0.0,45.9,0.0,0.0,16.6,7.4,0.9,0.2,45.4,0.2,20.4,0.5,14.7,1.9,0.0,0.0,16.1,2.9,0.0,0.0,3.0,0.0,0.0,1.6,0.0] [PKTLENS.....: 80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280] [ENTROPIES...: 4.9,5.3,5.2,4.6,5.1,7.8,7.9,7.2,5.2,5.2,5.1,6.1,6.5,7.4,7.3,5.0,7.7,5.2,5.8,5.1,5.8,5.0,5.0,5.1,7.6,7.4,6.7,5.2,5.2,5.1,7.8,7.8] - analyse: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + analyse: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.010| 0.013| 181.589| 3.600] [PKTLEN......: 72.000| 1280.000| 270.100| 336.600| 113301.500| 4.200] @@ -380,14 +380,14 @@ detected: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Unknown][Web][Safe][d9.flashtalking.com] detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Unknown][Web][Safe][d9.flashtalking.com] detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Unknown][Web][Safe][d9.flashtalking.com] - idle: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Unknown][Web][Acceptable] - idle: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Unknown][Web][Acceptable] + idle: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable] + idle: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Web][Acceptable] idle: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] - idle: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + idle: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] end: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] end: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] end: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] - guessed: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] [TLS][Unknown][Web][Safe] + guessed: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] [TLS][Google][Web][Safe] RISK: TCP Connection Issues end: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] idle: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] @@ -411,35 +411,35 @@ end: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] end: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] idle: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun] - idle: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + idle: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] idle: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun] idle: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun] idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] idle: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] idle: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun] idle: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] - idle: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun] - idle: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] - idle: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Unknown][Media][Fun] + idle: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun] + idle: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable] + idle: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun] idle: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] idle: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable] idle: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] end: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] idle: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] - idle: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + idle: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] end: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] idle: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] idle: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe] - idle: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + idle: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable] - idle: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + idle: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Google][Advertisement][Acceptable] idle: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] idle: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Unknown][Web][Safe] - idle: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable] + idle: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable] end: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] end: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] end: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] end: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] - idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] - idle: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Unknown][Web][Acceptable] + idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Google][Web][Acceptable] + idle: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Google][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rmcp.pcap.out b/test/results/flow-info/default/rmcp.pcap.out new file mode 100644 index 000000000..33864283d --- /dev/null +++ b/test/results/flow-info/default/rmcp.pcap.out @@ -0,0 +1,38 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.123.212.25.229][49531] -> [..171.47.173.23][..623] + detected: [.....1] [ip4][..udp] [.123.212.25.229][49531] -> [..171.47.173.23][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 1 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] + detected: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] [RMCP][AmazonAWS][System][Safe] + RISK: Unidirectional Traffic + new: [.....3] [ip4][..udp] [..137.141.61.18][59937] -> [...82.132.4.178][..623] + detected: [.....3] [ip4][..udp] [..137.141.61.18][59937] -> [...82.132.4.178][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [.123.212.25.229][49531] -> [..171.47.173.23][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....4] [ip4][..udp] [.129.222.153.30][58065] -> [190.219.142.148][..623] + detected: [.....4] [ip4][..udp] [.129.222.153.30][58065] -> [190.219.142.148][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..137.141.61.18][59937] -> [...82.132.4.178][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] [RMCP][AmazonAWS][System][Safe] + RISK: Unidirectional Traffic + new: [.....5] [ip4][..udp] [..64.240.55.240][57984] -> [...30.144.16.67][..623] + detected: [.....5] [ip4][..udp] [..64.240.55.240][57984] -> [...30.144.16.67][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....6] [ip4][..udp] [..127.36.88.103][34698] -> [.164.114.97.252][..623] + detected: [.....6] [ip4][..udp] [..127.36.88.103][34698] -> [.164.114.97.252][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....6] [ip4][..udp] [..127.36.88.103][34698] -> [.164.114.97.252][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [..64.240.55.240][57984] -> [...30.144.16.67][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....4] [ip4][..udp] [.129.222.153.30][58065] -> [190.219.142.148][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/srvloc.pcap.out b/test/results/flow-info/default/srvloc.pcap.out index 6874d7152..9edf91c2a 100644 --- a/test/results/flow-info/default/srvloc.pcap.out +++ b/test/results/flow-info/default/srvloc.pcap.out @@ -2300,7 +2300,7 @@ DAEMON-EVENT: [Processed: 352 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 346|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 57] new: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] - detected: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] + detected: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] [Service_Location_Protocol][Azure][RPC][Acceptable] RISK: Unidirectional Traffic idle: [...346] [ip4][..udp] [206.240.152.225][52955] -> [..90.145.180.58][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] RISK: Unidirectional Traffic @@ -2309,7 +2309,7 @@ new: [...348] [ip4][..udp] [..175.206.31.84][52553] -> [..69.109.187.54][..427] detected: [...348] [ip4][..udp] [..175.206.31.84][52553] -> [..69.109.187.54][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] RISK: Unidirectional Traffic - idle: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] + idle: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] [Service_Location_Protocol][Azure][RPC][Acceptable] RISK: Unidirectional Traffic DAEMON-EVENT: [Processed: 354 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 348|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 57] diff --git a/test/results/flow-info/default/starcraft_battle.pcap.out b/test/results/flow-info/default/starcraft_battle.pcap.out index c17d67b50..6d65bb66c 100644 --- a/test/results/flow-info/default/starcraft_battle.pcap.out +++ b/test/results/flow-info/default/starcraft_battle.pcap.out @@ -205,7 +205,7 @@ end: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable] guessed: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] [QUIC][Google][Web][Acceptable] idle: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] - guessed: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] [Starcraft][Starcraft][Game][Fun] + guessed: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] [Starcraft][Unknown][Game][Fun] idle: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] guessed: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443] [TLS][Unknown][Web][Safe] end: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443] diff --git a/test/results/flow-info/default/steam.pcap.out b/test/results/flow-info/default/steam.pcap.out index 549cf1db9..6062f97f6 100644 --- a/test/results/flow-info/default/steam.pcap.out +++ b/test/results/flow-info/default/steam.pcap.out @@ -166,6 +166,11 @@ new: [....55] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27017] detected: [....55] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27017] [Steam][Unknown][Game][Fun] RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 104 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 55 / 55|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [....56] [ip4][..udp] [...118.105.60.5][14963] -> [....2.95.26.169][27036] + detected: [....56] [ip4][..udp] [...118.105.60.5][14963] -> [....2.95.26.169][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic idle: [....37] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27017] [Steam][Unknown][Game][Fun] RISK: Unidirectional Traffic idle: [.....6] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27017] [Steam][Unknown][Game][Fun] @@ -276,4 +281,20 @@ RISK: Unidirectional Traffic idle: [.....2] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27019] [Steam][Steam][Game][Fun] RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 105 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 56|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [....57] [ip4][..udp] [245.111.219.147][27380] -> [104.191.198.151][27036] + detected: [....57] [ip4][..udp] [245.111.219.147][27380] -> [104.191.198.151][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [....56] [ip4][..udp] [...118.105.60.5][14963] -> [....2.95.26.169][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 106 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 57|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [....58] [ip4][..udp] [...98.10.157.76][10595] -> [164.144.140.184][27036] + detected: [....58] [ip4][..udp] [...98.10.157.76][10595] -> [164.144.140.184][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [....57] [ip4][..udp] [245.111.219.147][27380] -> [104.191.198.151][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [....58] [ip4][..udp] [...98.10.157.76][10595] -> [164.144.140.184][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun.pcap.out b/test/results/flow-info/default/stun.pcap.out index 47265b1c3..0de2b76b4 100644 --- a/test/results/flow-info/default/stun.pcap.out +++ b/test/results/flow-info/default/stun.pcap.out @@ -6,8 +6,9 @@ DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] - end: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] detected: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable][] + RISK: Unidirectional Traffic + end: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] update: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] update: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] analyse: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] @@ -24,7 +25,9 @@ DAEMON-EVENT: [Processed: 57 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] new: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] - detected: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable][turner.facebook] + detected: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN][Facebook][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable][turner.facebook] RISK: Known Proto on Non Std Port analyse: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -38,19 +41,18 @@ [ENTROPIES...: 4.9,5.6,5.9,5.8,5.9,6.0,5.6,5.8,5.5,5.6,5.9,6.0,6.0,5.9,5.8,5.5,6.0,5.9,6.0,5.9,5.9,6.0,5.8,6.0,5.9,6.0,5.9,5.9,5.8,5.6,6.1,6.0] idle: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 132 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 3] new: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] - detected: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com] + detected: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][] + detection-update: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com] idle: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 152 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 3] new: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] - detected: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS][Google][Web][Safe] - RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleHangoutDuo][Google][VoIP][Acceptable] - RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - analyse: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleHangoutDuo][Google][VoIP][Acceptable] + detected: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + RISK: Unidirectional Traffic + analyse: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.836| 0.131| 0.227| 51553.292| 3.400] [PKTLEN......: 62.000| 1226.000| 179.200| 221.300| 48965.100| 4.400] @@ -60,7 +62,7 @@ [IATS(ms)....: 22.9,25.6,18.8,27.0,9.0,16.5,8.2,0.0,96.0,9.4,96.1,13.9,9.7,14.0,0.0,0.0,28.4,12.0,233.2,17.4,835.9,625.3,352.7,699.8,203.7,550.7,72.1,9.0,20.6,28.1,14.7] [PKTLENS.....: 136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95] [ENTROPIES...: 5.9,5.9,5.0,5.9,7.3,6.7,5.8,5.7,7.4,5.7,6.0,6.2,6.4,5.9,6.1,5.4,5.4,5.6,5.9,5.3,5.2,5.9,5.8,5.2,6.1,5.9,6.0,6.1,6.0,5.9,6.1,5.9] - idle: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleHangoutDuo][Google][VoIP][Acceptable] - RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + idle: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Unidirectional Traffic idle: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_classic.pcap.out b/test/results/flow-info/default/stun_classic.pcap.out index 14053455b..8bf7926a9 100644 --- a/test/results/flow-info/default/stun_classic.pcap.out +++ b/test/results/flow-info/default/stun_classic.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] - detected: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN.RTP][Unknown][Media][Acceptable][] - RISK: Known Proto on Non Std Port - idle: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN.RTP][Unknown][Media][Acceptable] + detected: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN.RTP][Unknown][Network][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out b/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out new file mode 100644 index 000000000..b08d5c8f1 --- /dev/null +++ b/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] + detected: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [DTLS][Unknown][Safe] + RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [DTLS][Unknown][Safe] + RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out b/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out new file mode 100644 index 000000000..995e4ad60 --- /dev/null +++ b/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] + detected: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [DTLS][Unknown][Safe] + RISK: Known Proto on Non Std Port, Self-signed Cert, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [DTLS][Unknown][Safe] + RISK: Known Proto on Non Std Port, Self-signed Cert, Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_google_meet.pcapng.out b/test/results/flow-info/default/stun_google_meet.pcapng.out index 44cf02787..7e0434b56 100644 --- a/test/results/flow-info/default/stun_google_meet.pcapng.out +++ b/test/results/flow-info/default/stun_google_meet.pcapng.out @@ -2,13 +2,17 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] + detected: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN][Google][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] + detected: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN][Google][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] - new: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] detected: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] detected: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic analyse: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.164| 0.015| 0.039| 1549.851| 2.400] @@ -24,6 +28,7 @@ RISK: Unidirectional Traffic new: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] detected: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + RISK: Unidirectional Traffic analyse: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.000| 0.179| 0.232| 53990.769| 4.000] @@ -34,9 +39,9 @@ [IATS(ms)....: 28.7,31.6,20.7,57.3,57.1,114.9,326.7,7.6,0.3,359.3,399.5,20.9,399.5,20.8,60.3,761.6,238.3,310.5,33.1,16.7,106.5,1.4,298.5,11.7,401.0,18.9,1000.0,80.4,40.3,278.6,42.3] [PKTLENS.....: 152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91] [ENTROPIES...: 6.0,5.6,6.0,5.7,6.0,5.7,7.6,6.0,5.5,5.6,5.5,5.7,5.7,5.9,5.5,6.0,5.6,5.3,5.8,6.1,5.6,5.7,5.8,5.8,5.5,5.9,5.6,5.3,5.9,5.6,6.3,6.0] - detected: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + detection-update: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port - detected: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + detection-update: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port analyse: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -49,14 +54,15 @@ [PKTLENS.....: 152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92] [ENTROPIES...: 6.0,5.6,6.1,5.6,6.0,5.5,6.0,5.6,6.1,5.7,5.9,5.8,6.1,5.6,6.0,5.6,6.1,5.6,6.0,5.6,6.0,5.6,6.0,5.6,6.1,5.6,6.0,5.7,6.0,5.7,6.0,5.7] idle: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - idle: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable] RISK: Known Proto on Non Std Port idle: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_msteams_unidir.pcapng.out b/test/results/flow-info/default/stun_msteams_unidir.pcapng.out index 6bb84de57..1cff431c9 100644 --- a/test/results/flow-info/default/stun_msteams_unidir.pcapng.out +++ b/test/results/flow-info/default/stun_msteams_unidir.pcapng.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] - detected: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_Teams][Azure][VoIP][Acceptable][] + detected: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_Teams][Azure][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_signal.pcapng.out b/test/results/flow-info/default/stun_signal.pcapng.out index 5049eddd3..6fa1870b2 100644 --- a/test/results/flow-info/default/stun_signal.pcapng.out +++ b/test/results/flow-info/default/stun_signal.pcapng.out @@ -2,39 +2,57 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] + detected: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] + detected: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] + detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] + detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN][AmazonAWS][Network][Acceptable][] + RISK: Unidirectional Traffic new: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] + detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN][AmazonAWS][Network][Acceptable][] + RISK: Unidirectional Traffic new: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] + detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] detected: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic - detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detected: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + detection-update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][Network][Acceptable][] + detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] RISK: Unidirectional Traffic new: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] + detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] + detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] + detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] + detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] RISK: Unidirectional Traffic - detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable][] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.679| 0.149| 0.201| 40331.911| 3.900] @@ -47,10 +65,6 @@ [ENTROPIES...: 5.8,5.8,5.9,5.8,5.7,5.6,5.9,5.9,5.8,5.8,5.9,5.8,5.7,5.1,5.8,5.3,5.9,5.8,5.8,5.7,5.9,5.8,5.1,5.8,5.2,5.2,5.1,5.8,5.8,5.6,5.1,5.8] update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic - detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] - RISK: Known Proto on Non Std Port - detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] - RISK: Known Proto on Non Std Port analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 17.079| 1.597| 3.547| 12584568.750| 2.800] @@ -61,32 +75,37 @@ [IATS(ms)....: 4.1,63.0,0.0,180.8,3.5,1499.2,2002.8,0.0,4842.0,0.1,17079.4,30.0,28.1,10.0,178.6,30.7,1472.4,2000.5,31.0,3968.8,29.9,37.3,7.8,7927.3,28.5,35.4,6.5,7931.2,29.2,34.6,5.1] [PKTLENS.....: 76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84] [ENTROPIES...: 5.0,5.2,5.1,5.0,5.1,5.1,5.0,5.0,5.1,5.5,5.7,5.0,5.0,5.0,5.0,4.9,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.1,5.1,5.0,5.0,5.0,5.0,5.1] - update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] - update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] new: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] + detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] + detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] + detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] + detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] + detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Unidirectional Traffic new: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] + detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Unidirectional Traffic new: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic - detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN][AmazonAWS][Network][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic @@ -105,56 +124,55 @@ [ENTROPIES...: 5.9,5.8,5.9,5.7,5.9,5.8,5.8,6.0,5.8,5.8,5.9,5.8,5.8,5.2,5.7,5.1,5.8,5.8,5.9,5.7,5.7,5.9,5.2,5.1,5.1,5.8,5.9,5.8,5.1,5.8,5.8,5.8] update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port update: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port - update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port + update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic - detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] - RISK: Known Proto on Non Std Port idle: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic idle: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] - idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port - guessed: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] - idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] + idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port - idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] - idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN][AmazonAWS][Network][Acceptable] + idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] + idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port - idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port idle: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] @@ -163,4 +181,5 @@ RISK: Unidirectional Traffic idle: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] idle: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/flow-info/default/stun_tcp_multiple_msgs_same_pkt.pcap.out new file mode 100644 index 000000000..bff999994 --- /dev/null +++ b/test/results/flow-info/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [166.172.142.131][.3479] -> [..23.183.197.71][42849] + detected: [.....1] [ip4][..tcp] [166.172.142.131][.3479] -> [..23.183.197.71][42849] [STUN][Unknown][Network][Acceptable][] + end: [.....1] [ip4][..tcp] [166.172.142.131][.3479] -> [..23.183.197.71][42849] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_zoom.pcapng.out b/test/results/flow-info/default/stun_zoom.pcapng.out new file mode 100644 index 000000000..47ab35d5a --- /dev/null +++ b/test/results/flow-info/default/stun_zoom.pcapng.out @@ -0,0 +1,30 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] + detected: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Safe] + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + new: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] + detected: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Safe] + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable] + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + analyse: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.194| 0.048| 0.051| 2615.352| 4.100] + [PKTLEN......: 42.000| 1080.000| 270.100| 313.100| 98043.500| 4.300] + [BINS(c->s)..: 0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1] + [IATS(ms)....: 20.2,79.9,20.3,193.8,73.6,0.2,50.4,49.7,26.4,24.4,170.2,80.6,11.0,149.6,50.7,0.0,93.6,0.0,0.0,0.0,0.0,0.0,8.3,29.7,4.8,50.2,80.8,100.2,42.2,3.7,58.5] + [PKTLENS.....: 184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42] + [ENTROPIES...: 5.8,5.8,5.8,5.8,5.6,5.8,5.2,5.2,5.9,5.8,5.2,5.7,5.6,5.7,5.9,5.3,4.1,5.7,7.0,7.3,7.3,7.4,7.2,6.1,5.7,5.7,6.1,5.7,6.1,5.4,6.0,4.3] + idle: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable] + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + idle: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/telegram_videocall.pcapng.out b/test/results/flow-info/default/telegram_videocall.pcapng.out new file mode 100644 index 000000000..5298fef61 --- /dev/null +++ b/test/results/flow-info/default/telegram_videocall.pcapng.out @@ -0,0 +1,210 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] + detected: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + new: [.....2] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] + detected: [.....2] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + new: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] + new: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] + new: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443] + new: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443] + analyse: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.127| 0.025| 0.031| 963.939| 3.900] + [PKTLEN......: 52.000| 1280.000| 541.900| 516.100| 266324.800| 4.300] + [BINS(c->s)..: 6,0,0,1,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 4,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,1,1,1,0,0,1,1,1,1,1] + [IATS(ms)....: 30.7,31.9,0.3,33.0,35.6,10.2,44.5,8.2,4.4,4.1,48.7,1.4,3.1,6.4,36.5,17.8,50.9,88.4,126.9,78.7,32.9,0.1,0.0,0.0,65.5,0.3,2.2,0.0,0.0,0.0,0.0] + [PKTLENS.....: 60,60,52,333,157,52,936,825,672,141,141,52,767,189,301,52,349,317,52,157,52,1280,1280,1280,1280,52,52,1280,1280,1280,1280,1280] + [ENTROPIES...: 4.8,5.2,5.2,7.3,6.7,5.1,7.8,7.7,7.7,6.6,6.6,5.1,7.7,6.9,7.2,5.2,7.4,7.3,5.3,6.7,5.3,7.9,7.8,7.9,7.8,5.2,5.2,7.8,7.8,7.9,7.9,7.8] + new: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] + new: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] + new: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] + analyse: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.047| 0.009| 0.015| 220.392| 3.200] + [PKTLEN......: 52.000| 1280.000| 644.300| 571.900| 327061.800| 4.300] + [BINS(c->s)..: 9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1] + [IATS(ms)....: 30.1,31.4,0.3,0.6,31.5,0.0,0.0,35.0,0.2,6.9,41.7,13.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,46.8,0.1,0.0,0.1,0.9,6.5,31.9,0.0,0.0,0.0,0.0] + [PKTLENS.....: 60,60,52,630,221,52,157,262,52,52,333,221,1280,1280,1280,1280,1280,1280,1280,1280,1280,52,52,52,52,52,285,1280,1280,1280,1280,1280] + [ENTROPIES...: 4.8,5.2,5.2,7.7,7.0,5.2,6.8,7.1,5.2,5.2,7.4,7.1,7.9,7.9,7.8,7.9,7.8,7.8,7.8,7.8,7.8,5.1,5.2,5.1,5.1,5.2,7.1,7.9,7.8,7.9,7.8,7.8] + new: [....10] [ip4][..tcp] [.192.168.12.169][37966] -> [.149.154.167.91][..443] + new: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + detected: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] + detected: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] + detected: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] + detected: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] + detected: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] + detected: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] + detected: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] + detected: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] + detected: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] + detected: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] + detected: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] + detected: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] + detected: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + new: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] + detected: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] + detected: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] + detected: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] + detected: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] + detected: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.475| 0.052| 0.095| 9109.989| 3.600] + [PKTLEN......: 49.000| 265.000| 106.200| 48.900| 2396.000| 4.900] + [BINS(c->s)..: 3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0] + [IATS(ms)....: 75.7,88.0,12.8,2.3,9.0,48.9,21.7,0.2,117.5,0.1,18.9,57.5,0.3,20.7,0.0,35.1,54.6,306.4,41.6,24.8,9.9,17.7,18.1,17.4,474.7,0.1,42.1,15.5,14.1,40.1,18.5] + [PKTLENS.....: 128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119] + [ENTROPIES...: 5.4,5.7,5.3,5.6,5.6,5.5,5.4,5.7,5.8,5.8,5.7,5.6,5.5,5.8,5.7,5.3,5.6,5.8,7.1,6.5,6.4,6.4,6.5,6.4,7.2,5.5,5.7,5.6,6.3,6.4,5.9,6.5] + new: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] + detected: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [MIDSTREAM] + detection-update: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + update: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + analyse: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 25.078| 1.818| 6.147| 37780767.900| 1.500] + [PKTLEN......: 52.000| 1280.000| 482.700| 530.000| 280877.200| 4.100] + [BINS(c->s)..: 14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1] + [IATS(ms)....: 29.1,30.6,0.5,31.6,35.4,6.5,41.7,9.9,0.0,0.0,0.0,46.9,0.0,41.7,2909.6,2997.7,0.0,0.0,0.0,2.4,0.1,0.1,44.3,0.0,0.0,0.1,0.1,0.1,0.1,25044.9,25078.5] + [PKTLENS.....: 60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52] + [ENTROPIES...: 4.9,5.3,5.2,7.6,7.1,5.1,6.9,7.0,7.8,7.8,7.8,7.7,5.2,5.1,5.1,7.5,7.8,7.9,7.8,7.9,7.8,7.8,7.7,5.2,5.0,5.1,5.1,5.2,5.2,5.1,5.1,5.2] + new: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] + detected: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + new: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] + detected: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + new: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] + detected: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + new: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [MIDSTREAM] + detected: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] + RISK: Unidirectional Traffic + guessed: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] [TLS][Telegram][Web][Safe] + RISK: TCP Connection Issues + end: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] + guessed: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + idle: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] + guessed: [....10] [ip4][..tcp] [.192.168.12.169][37966] -> [.149.154.167.91][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + idle: [....10] [ip4][..tcp] [.192.168.12.169][37966] -> [.149.154.167.91][..443] + idle: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + idle: [.....2] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + idle: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] + idle: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] + idle: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] + idle: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + idle: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + idle: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] + guessed: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + end: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443] + guessed: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + end: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443] + guessed: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + end: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] + guessed: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + end: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] + guessed: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + idle: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] + idle: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] + idle: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] + end: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] + RISK: Unidirectional Traffic + guessed: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + idle: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] + idle: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] + idle: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] + idle: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] + idle: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tftp.pcap.out b/test/results/flow-info/default/tftp.pcap.out index 49e75b730..2ef4f5eac 100644 --- a/test/results/flow-info/default/tftp.pcap.out +++ b/test/results/flow-info/default/tftp.pcap.out @@ -2,11 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] - detected: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic new: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] - detected: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic new: [.....3] [ip4][..udp] [..192.168.0.253][50618] -> [...192.168.0.10][...69] detected: [.....3] [ip4][..udp] [..192.168.0.253][50618] -> [...192.168.0.10][...69] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic @@ -28,16 +24,18 @@ new: [.....5] [ip4][..udp] [....172.28.4.53][54627] -> [...172.16.5.170][...69] detected: [.....5] [ip4][..udp] [....172.28.4.53][54627] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic - idle: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic - idle: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic + guessed: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] + guessed: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] idle: [.....4] [ip4][..udp] [...192.168.0.10][.3445] -> [..192.168.0.253][50618] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Known Proto on Non Std Port idle: [.....3] [ip4][..udp] [..192.168.0.253][50618] -> [...192.168.0.10][...69] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic DAEMON-EVENT: [Processed: 102 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 2|detection-updates: 0|updates: 0] new: [.....6] [ip4][..udp] [....172.28.5.91][44618] -> [...172.28.5.170][...69] detected: [.....6] [ip4][..udp] [....172.28.5.91][44618] -> [...172.28.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/tls-esni-fuzzed.pcap.out b/test/results/flow-info/default/tls-esni-fuzzed.pcap.out index 46e642751..9bd4bd450 100644 --- a/test/results/flow-info/default/tls-esni-fuzzed.pcap.out +++ b/test/results/flow-info/default/tls-esni-fuzzed.pcap.out @@ -9,7 +9,7 @@ RISK: Unidirectional Traffic new: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS][Cloudflare][Web][Safe][] - RISK: Missing SNI TLS Extn, Unidirectional Traffic + RISK: Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] idle: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] idle: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] diff --git a/test/results/flow-info/default/tls_ech.pcapng.out b/test/results/flow-info/default/tls_ech.pcapng.out index bcb51fd39..72702c407 100644 --- a/test/results/flow-info/default/tls_ech.pcapng.out +++ b/test/results/flow-info/default/tls_ech.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] - detected: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Unknown][Web][Acceptable][performance.radar.cloudflare.com] - detection-update: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Unknown][Web][Acceptable][performance.radar.cloudflare.com] + detected: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Cloudflare][Web][Acceptable][performance.radar.cloudflare.com] + detection-update: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Cloudflare][Web][Acceptable][performance.radar.cloudflare.com] idle: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls_verylong_certificate.pcap.out b/test/results/flow-info/default/tls_verylong_certificate.pcap.out index 2b5e71b30..4995043bd 100644 --- a/test/results/flow-info/default/tls_verylong_certificate.pcap.out +++ b/test/results/flow-info/default/tls_verylong_certificate.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Web][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Web][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Media][Safe][feodotracker.abuse.ch] + detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.022| 0.005| 0.007| 43.853| 3.500] @@ -15,6 +15,6 @@ [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Media][Safe][feodotracker.abuse.ch] - end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Media][Safe] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tumblr.pcap.out b/test/results/flow-info/default/tumblr.pcap.out index f7e670e87..157025c13 100644 --- a/test/results/flow-info/default/tumblr.pcap.out +++ b/test/results/flow-info/default/tumblr.pcap.out @@ -31,7 +31,7 @@ detected: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Unknown][Web][Safe] RISK: Unidirectional Traffic new: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] - detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe][consent.cmp.oath.com] + detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] analyse: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.045| 0.004| 0.009| 88.667| 2.800] @@ -44,10 +44,10 @@ [ENTROPIES...: 6.6,5.9,6.6,6.5,5.0,5.0,4.9,5.0,7.9,5.1,7.9,5.1,7.9,7.8,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1] detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Unknown][Web][Safe] new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] - detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe][consent.cmp.oath.com] - detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe][consent.cmp.oath.com] - detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe][consent.cmp.oath.com] - analyse: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe] + detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] + detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] + detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] + analyse: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.048| 0.010| 0.016| 259.261| 3.200] [PKTLEN......: 72.000| 1280.000| 300.700| 381.900| 145812.800| 4.100] @@ -126,7 +126,7 @@ new: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe] RISK: Unidirectional Traffic - detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Unknown][Web][Acceptable][apis.google.com] + detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com] new: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] analyse: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] min| max| avg| stddev| variance| entropy @@ -139,10 +139,10 @@ [PKTLENS.....: 72,158,118,72,1120,72,1120,1120,72,72,1120,72,1120,72,1120,1120,1120,1120,1120,1120,1120,72,72,72,72,72,72,72,1120,1120,1120,1120] [ENTROPIES...: 5.3,6.2,5.8,5.1,7.8,5.2,7.8,7.8,5.2,5.2,7.8,5.2,7.8,5.3,7.8,7.8,7.8,7.8,7.8,7.8,7.8,5.3,5.2,5.3,5.3,5.2,5.2,5.3,7.8,7.8,7.8,7.8] detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe] - detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][ajax.googleapis.com] - detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Unknown][Web][Acceptable][apis.google.com] - detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][ajax.googleapis.com] - analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][ajax.googleapis.com] + detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com] + detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][ajax.googleapis.com] + analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.067| 0.011| 0.020| 396.007| 3.200] [PKTLEN......: 72.000| 1280.000| 378.400| 464.300| 215557.600| 4.100] @@ -152,7 +152,7 @@ [IATS(ms)....: 67.4,67.5,0.3,44.1,5.3,0.0,49.1,0.0,0.1,0.1,18.6,10.2,0.7,42.4,0.0,12.9,0.2,14.3,2.0,0.0,16.1,2.6,0.0,2.6,0.0,0.1,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72] [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,7.8,7.8,5.3,5.2,7.5,5.2,6.2,6.5,7.3,5.0,7.7,5.2,5.9,5.0,5.8,5.1,5.2,7.5,7.8,5.1,5.1,7.8,7.8,7.8,5.2,5.1,5.2] - analyse: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Unknown][Web][Acceptable] + analyse: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.083| 0.014| 0.021| 424.643| 3.600] [PKTLEN......: 72.000| 1280.000| 384.200| 474.800| 225406.500| 4.100] @@ -162,7 +162,7 @@ [IATS(ms)....: 30.3,30.3,0.2,70.7,12.6,0.0,0.0,83.0,0.1,0.0,0.9,32.4,0.0,31.5,5.9,16.3,0.1,34.6,1.9,14.2,7.2,10.7,16.9,0.0,0.0,0.0,34.7,0.0,0.0,0.0,0.9] [PKTLENS.....: 80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280] [ENTROPIES...: 4.8,5.3,5.2,4.5,5.1,7.8,7.8,7.2,5.2,5.2,5.2,6.2,5.2,7.6,5.2,6.5,5.8,7.2,5.1,5.7,5.2,5.1,5.2,7.8,7.8,7.8,7.8,5.2,5.2,5.2,5.2,7.8] - detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] [TLS][Unknown][Web][Safe] + detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] [TLS][Google][Web][Safe] detected: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS][Unknown][Web][Safe] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][sb.scorecardresearch.com] @@ -179,9 +179,9 @@ [PKTLENS.....: 80,80,72,692,72,342,72,152,489,72,72,359,72,1259,72,824,72,855,72,836,72,342,72,500,72,1351,72,644,72,672,72,656] [ENTROPIES...: 4.8,5.2,5.2,7.0,5.0,6.8,5.1,6.3,7.5,5.1,5.1,7.3,5.2,7.8,5.2,7.7,5.0,7.7,5.1,7.7,5.0,7.3,5.2,7.6,5.0,7.9,5.2,7.7,5.0,7.6,5.1,7.6] new: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] [MIDSTREAM] - guessed: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48988] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Unknown][Web][Safe] + guessed: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48988] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Google][Web][Safe] idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48988] -> [...............2a00:1450:4007:811::2004][..443] - guessed: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49002] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Unknown][Web][Safe] + guessed: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49002] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Google][Web][Safe] idle: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49002] -> [...............2a00:1450:4007:811::2004][..443] idle: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][41266] -> [....2620:116:800d:21:8c6e:cf2c:8d6:9fb5][..443] idle: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe] @@ -201,47 +201,47 @@ idle: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] guessed: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS][Unknown][Web][Safe] idle: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] - guessed: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49462] -> [...............2a00:1450:4007:809::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49462] -> [...............2a00:1450:4007:809::200e][..443] [TLS][Google][Web][Safe] idle: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49462] -> [...............2a00:1450:4007:809::200e][..443] - guessed: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49464] -> [...............2a00:1450:4007:809::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49464] -> [...............2a00:1450:4007:809::200e][..443] [TLS][Google][Web][Safe] idle: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49464] -> [...............2a00:1450:4007:809::200e][..443] - guessed: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49496] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49496] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Google][Web][Safe] idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49496] -> [...............2a00:1450:4007:815::2003][..443] - guessed: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49546] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49546] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Google][Web][Safe] idle: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49546] -> [...............2a00:1450:4007:815::2003][..443] - idle: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Unknown][Web][Acceptable] + idle: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable] idle: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] - guessed: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57770] -> [...............2a00:1450:4007:80b::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57770] -> [...............2a00:1450:4007:80b::200e][..443] [TLS][Google][Web][Safe] idle: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57770] -> [...............2a00:1450:4007:80b::200e][..443] idle: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Unknown][Web][Safe] - guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57788] -> [...............2a00:1450:4007:80b::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57788] -> [...............2a00:1450:4007:80b::200e][..443] [TLS][Google][Web][Safe] idle: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57788] -> [...............2a00:1450:4007:80b::200e][..443] idle: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] guessed: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] [TLS][Unknown][Web][Safe] idle: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] - guessed: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45706] -> [...............2a00:1450:4007:80a::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45706] -> [...............2a00:1450:4007:80a::200e][..443] [TLS][Google][Web][Safe] idle: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45706] -> [...............2a00:1450:4007:80a::200e][..443] - guessed: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58004] -> [...............2a00:1450:4007:808::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58004] -> [...............2a00:1450:4007:808::200e][..443] [TLS][Google][Web][Safe] idle: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58004] -> [...............2a00:1450:4007:808::200e][..443] guessed: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50906] -> [.....................64:ff9b::d83a:d582][..443] [TLS][Unknown][Web][Safe] idle: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50906] -> [.....................64:ff9b::d83a:d582][..443] idle: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42908] -> [.....................64:ff9b::98c7:1593][..443] [TLS][Unknown][Web][Safe] idle: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57286] -> [.....................64:ff9b::8fcc:d927][..443] - idle: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe] + idle: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe] end: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] - guessed: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][35892] -> [...............2a00:1450:4007:815::2002][..443] [TLS][Unknown][Web][Safe] + guessed: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][35892] -> [...............2a00:1450:4007:815::2002][..443] [TLS][Google][Web][Safe] idle: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][35892] -> [...............2a00:1450:4007:815::2002][..443] - guessed: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44164] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44164] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe] idle: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44164] -> [...............2a00:1450:4007:805::2003][..443] idle: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads] idle: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] - guessed: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58614] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58614] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Google][Web][Safe] idle: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58614] -> [...............2a00:1450:4007:805::200e][..443] - guessed: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58616] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58616] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Google][Web][Safe] idle: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58616] -> [...............2a00:1450:4007:805::200e][..443] - guessed: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58618] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58618] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Google][Web][Safe] idle: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58618] -> [...............2a00:1450:4007:805::200e][..443] - guessed: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] [TLS][Unknown][Web][Safe] + guessed: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] [TLS][Google][Web][Safe] idle: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] idle: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun] idle: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] @@ -249,9 +249,9 @@ guessed: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43602] -> [......................64:ff9b::df9:21c6][..443] [TLS][Unknown][Web][Safe] idle: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43602] -> [......................64:ff9b::df9:21c6][..443] idle: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [TLS][Unknown][Web][Safe] - idle: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] - guessed: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55014] -> [...............2a00:1450:4007:806::200e][..443] [TLS][Unknown][Web][Safe] + idle: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] + guessed: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55014] -> [...............2a00:1450:4007:806::200e][..443] [TLS][Google][Web][Safe] idle: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55014] -> [...............2a00:1450:4007:806::200e][..443] - guessed: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS][Unknown][Web][Safe] + guessed: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS][Google][Web][Safe] idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ultrasurf.pcap.out b/test/results/flow-info/default/ultrasurf.pcap.out index 6495f3ac1..f1d19792b 100644 --- a/test/results/flow-info/default/ultrasurf.pcap.out +++ b/test/results/flow-info/default/ultrasurf.pcap.out @@ -16,9 +16,9 @@ [ENTROPIES...: 7.9,7.9,7.8,7.8,7.9,7.9,5.5,5.4,7.9,7.9,7.9,5.5,7.9,7.9,7.8,7.9,5.5,5.3,5.4,5.4,7.8,5.5,7.8,7.9,7.9,5.5,5.5,7.9,7.9,7.9,7.9,7.9] new: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] detected: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.271| 0.063| 0.099| 9897.855| 3.400] @@ -31,9 +31,9 @@ [ENTROPIES...: 4.7,5.2,5.3,6.1,5.1,7.8,7.8,7.8,5.2,5.2,5.2,6.1,6.4,7.7,6.3,5.9,5.7,6.1,5.8,5.2,6.0,7.9,5.9,7.8,7.7,7.7,5.2,5.9,6.9,6.8,5.9,6.2] new: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] detected: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.269| 0.059| 0.101| 10170.351| 3.100] @@ -47,7 +47,7 @@ idle: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable] RISK: Unidirectional Traffic idle: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/wechat.pcap.out b/test/results/flow-info/default/wechat.pcap.out index 5ca3cd489..155e5e666 100644 --- a/test/results/flow-info/default/wechat.pcap.out +++ b/test/results/flow-info/default/wechat.pcap.out @@ -283,7 +283,7 @@ detection-update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Unknown][Network][Fun][res.wx.qq.com] new: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] new: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] - detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Tencent][Chat][Fun][res.wx.qq.com] + detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun][res.wx.qq.com] analyse: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.615| 0.560| 1.552| 2408711.979| 2.600] @@ -294,9 +294,9 @@ [IATS(ms)....: 315.2,315.3,0.4,318.4,1.9,319.8,0.5,0.5,1.1,1.1,2.6,316.6,315.1,4.6,327.3,29.7,2.7,353.9,21.7,4.6,350.0,32.2,392.6,18.0,3.3,380.6,36.9,359.5,6259.0,6615.4,265.6] [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,250,52,1292,527,52,989,52,1113,52,1480] [ENTROPIES...: 4.7,5.2,5.0,5.9,5.2,6.8,5.1,7.5,5.1,7.3,5.1,6.3,6.0,7.8,7.6,5.1,7.9,6.3,5.0,7.8,7.4,5.1,7.0,5.0,7.8,7.6,5.2,7.8,5.1,7.8,5.1,7.9] - detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Tencent][Chat][Fun][res.wx.qq.com] + detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun][res.wx.qq.com] RISK: Weak TLS Cipher - detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Tencent][Chat][Fun][res.wx.qq.com] + detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun][res.wx.qq.com] RISK: Weak TLS Cipher new: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] detected: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com] @@ -442,7 +442,7 @@ update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable] update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable] RISK: Unidirectional Traffic - guessed: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] [TLS][Tencent][Web][Safe] + guessed: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] [TLS][Unknown][Web][Safe] end: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] guessed: [....43] [ip4][..tcp] [..192.168.1.103][54114] -> [203.205.151.162][..443] [TLS][Unknown][Web][Safe] end: [....43] [ip4][..tcp] [..192.168.1.103][54114] -> [203.205.151.162][..443] diff --git a/test/results/flow-info/default/weibo.pcap.out b/test/results/flow-info/default/weibo.pcap.out index 02ba168ee..ef01a067a 100644 --- a/test/results/flow-info/default/weibo.pcap.out +++ b/test/results/flow-info/default/weibo.pcap.out @@ -15,15 +15,15 @@ new: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP][Unknown][Web][Acceptable][weibo.com] new: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] - detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][www.weibo.com] + detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][www.weibo.com] RISK: Unidirectional Traffic - detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][www.weibo.com] + detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][www.weibo.com] new: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] - detected: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][www.weibo.com] + detected: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun][www.weibo.com] new: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] [MIDSTREAM] new: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [MIDSTREAM] new: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [MIDSTREAM] - analyse: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.482| 0.042| 0.114| 12948.299| 2.500] [PKTLEN......: 52.000| 2924.000| 448.100| 693.400| 480801.900| 3.700] @@ -34,20 +34,20 @@ [PKTLENS.....: 60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488] [ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,5.1,5.1,7.9,5.1,7.9,5.1,5.1,5.1,7.8,5.1,5.2,5.1,7.9,5.1,7.2,5.1,5.1,5.2,7.8,5.1,5.8,5.1,5.2,5.0,7.9,4.9,7.9] new: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] - detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][img.t.sinajs.cn] + detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][img.t.sinajs.cn] RISK: Unidirectional Traffic - detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][img.t.sinajs.cn] + detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][img.t.sinajs.cn] RISK: Minor Issues new: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] new: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] new: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] - detected: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detected: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detected: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] new: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] - detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][js.t.sinajs.cn] + detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][js.t.sinajs.cn] RISK: Unidirectional Traffic - analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.314| 0.038| 0.072| 5116.345| 3.500] [PKTLEN......: 52.000| 2924.000| 696.700| 831.300| 691142.800| 4.000] @@ -57,7 +57,7 @@ [IATS(ms)....: 26.8,26.8,0.2,31.4,283.1,314.3,2.6,2.6,16.7,16.7,12.8,12.8,0.1,0.0,45.7,45.8,5.1,5.0,71.0,71.0,5.5,5.5,32.3,32.3,43.0,43.0,3.2,3.2,2.5,2.5,2.8] [PKTLENS.....: 60,60,52,484,52,566,52,1488,52,2924,52,1488,52,1064,64,1488,52,879,52,566,64,2924,64,1488,64,1488,64,1488,64,1488,64,1488] [ENTROPIES...: 4.6,5.2,5.0,5.9,5.2,5.7,4.9,7.8,4.9,7.9,5.0,7.9,4.9,7.8,5.0,7.9,4.9,7.7,5.0,5.7,5.0,7.9,5.0,7.8,5.1,7.9,5.1,7.9,5.1,7.9,5.0,7.9] - analyse: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.401| 0.041| 0.093| 8612.838| 3.200] [PKTLEN......: 52.000| 4360.000| 833.800| 1162.900| 1352437.000| 3.800] @@ -68,7 +68,7 @@ [PKTLENS.....: 60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488] [ENTROPIES...: 4.6,5.1,4.9,5.9,5.0,5.7,4.8,7.8,4.9,8.0,4.9,7.9,4.8,8.0,4.9,7.9,4.9,5.7,5.0,5.7,5.0,7.9,4.9,7.9,4.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8] new: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] - detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][u1.img.mobile.sina.cn] + detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][u1.img.mobile.sina.cn] RISK: Unidirectional Traffic new: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] detected: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][acjstb.aliyun.com] @@ -86,22 +86,22 @@ new: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] new: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] new: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] - detected: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detected: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detected: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][u1.img.mobile.sina.cn] + detected: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][u1.img.mobile.sina.cn] new: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] - detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][account.weibo.com] + detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][account.weibo.com] RISK: Unidirectional Traffic new: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] - detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][js.t.sinajs.cn] + detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][js.t.sinajs.cn] new: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] - detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][c.weibo.cn] + detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][c.weibo.cn] RISK: Unidirectional Traffic new: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] detection-update: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][g.alicdn.com] new: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] - detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][data.weibo.com] + detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][data.weibo.com] RISK: Unidirectional Traffic new: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] detection-update: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][log.mmstat.com] @@ -110,7 +110,7 @@ new: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] new: [....38] [ip4][..tcp] [..192.168.1.105][50831] -> [...47.89.65.229][..443] new: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] - detected: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][js.t.sinajs.cn] + detected: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][js.t.sinajs.cn] detected: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] [TLS.Alibaba][Unknown][Web][Acceptable][g.alicdn.com] detection-update: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][acjstb.aliyun.com] RISK: Susp DGA Domain name, Risky Domain Name @@ -118,10 +118,10 @@ new: [....41] [ip4][..tcp] [..192.168.1.105][52272] -> [..42.156.184.19][..443] detection-update: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][login.taobao.com] new: [....42] [ip4][..tcp] [..192.168.1.105][47721] -> [.140.205.170.63][..443] - detected: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][u1.img.mobile.sina.cn] + detected: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][u1.img.mobile.sina.cn] new: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] new: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443] - analyse: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.439| 0.087| 0.119| 14239.990| 3.800] [PKTLEN......: 52.000| 1488.000| 514.000| 578.700| 334896.400| 4.100] @@ -131,7 +131,7 @@ [IATS(ms)....: 26.8,26.8,0.3,31.4,276.1,307.3,6.9,6.9,153.9,153.9,2.9,2.9,375.9,438.8,4.4,67.2,2.9,3.0,31.5,31.4,138.5,138.5,6.1,6.1,4.5,4.5,193.5,193.5,28.8,28.7,2.7] [PKTLENS.....: 60,60,52,462,52,563,52,1012,52,563,64,1012,64,511,52,480,52,1488,52,480,64,1488,52,1488,52,1488,52,1488,64,1488,52,1488] [ENTROPIES...: 4.7,5.1,5.0,5.9,5.0,5.8,5.0,7.8,5.0,5.7,5.0,7.8,5.0,5.9,5.1,5.8,5.0,6.4,5.1,5.8,5.1,7.7,5.1,7.7,5.1,7.7,5.1,7.7,5.2,7.7,5.1,7.7] - analyse: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.184| 0.031| 0.055| 2983.622| 3.400] [PKTLEN......: 52.000| 1488.000| 633.200| 674.000| 454231.700| 4.100] @@ -141,7 +141,7 @@ [IATS(ms)....: 62.2,62.2,0.1,161.1,22.7,183.7,5.7,5.7,2.6,2.5,10.5,10.6,5.2,5.3,3.2,3.2,2.5,2.4,5.5,5.5,2.9,2.9,2.6,2.6,4.8,4.8,162.1,162.1,26.3,26.3,3.1] [PKTLENS.....: 60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488] [ENTROPIES...: 4.7,5.2,5.0,5.8,5.1,5.8,5.0,7.8,5.0,7.8,5.1,7.7,5.1,7.7,5.1,7.8,5.0,7.6,5.1,7.9,5.1,7.8,5.1,7.9,5.0,7.8,5.1,5.8,5.1,7.9,5.0,7.8] - analyse: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.252| 0.036| 0.056| 3089.619| 3.800] [PKTLEN......: 52.000| 1488.000| 633.700| 673.800| 454044.400| 4.100] @@ -155,18 +155,18 @@ guessed: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] - idle: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] + idle: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun] idle: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] guessed: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] [TLS][Google][Web][Safe] idle: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] - idle: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] - idle: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] - idle: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] - idle: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] - idle: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + idle: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] + idle: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] + idle: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] + idle: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] + idle: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] guessed: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] [HTTP][Unknown][Web][Acceptable][] idle: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] - idle: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + idle: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] idle: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] guessed: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [TLS][AmazonAWS][Web][Safe] idle: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] @@ -194,9 +194,9 @@ guessed: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] - idle: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] + idle: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun] RISK: Minor Issues - idle: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] + idle: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun] idle: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] guessed: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [TLS][Google][Web][Safe] idle: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] @@ -209,7 +209,7 @@ guessed: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] - idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] + idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun] idle: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] guessed: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] [QUIC][Google][Web][Acceptable] idle: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] @@ -223,7 +223,7 @@ guessed: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] [QUIC][Google][Web][Acceptable] idle: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] idle: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] - idle: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + idle: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun] idle: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] RISK: Susp DGA Domain name, Risky Domain Name idle: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] diff --git a/test/results/flow-info/default/whois.pcapng.out b/test/results/flow-info/default/whois.pcapng.out index b6c013b79..f9be7a375 100644 --- a/test/results/flow-info/default/whois.pcapng.out +++ b/test/results/flow-info/default/whois.pcapng.out @@ -7,9 +7,9 @@ DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] detected: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch end: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] [Whois-DAS][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 18 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] diff --git a/test/results/flow-info/default/zcash.pcap.out b/test/results/flow-info/default/zcash.pcap.out index 0c24246ae..3367a3be8 100644 --- a/test/results/flow-info/default/zcash.pcap.out +++ b/test/results/flow-info/default/zcash.pcap.out @@ -3,7 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] detected: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 50.191| 6.014| 12.034| 144808530.149| 3.200] @@ -17,5 +17,5 @@ DAEMON-EVENT: [Processed: 87 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] idle: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out b/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out index bbcd31915..09ea6804f 100644 --- a/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out @@ -3,9 +3,9 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] detected: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400] @@ -17,5 +17,5 @@ [PKTLENS.....: 60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.4,4.4,4.2,5.9,4.1,7.8,4.1,7.9,4.1,7.1,4.1,5.9,6.2,6.4,6.0,4.1,4.1,6.2,4.1,5.5,4.1,4.1,7.4,5.5,4.1,4.1,4.2,4.1,4.1,4.1,4.2,4.1] idle: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out index 7c228723e..452bca122 100644 --- a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out +++ b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out @@ -40,10 +40,10 @@ detected: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] new: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] detected: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] detected: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] new: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] @@ -67,10 +67,10 @@ new: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] new: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] detected: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] detected: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected detected: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] detected: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] detected: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] @@ -277,10 +277,10 @@ detected: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] detected: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] detected: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] detected: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] @@ -339,12 +339,12 @@ update: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] update: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] update: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun] update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] update: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -400,13 +400,13 @@ update: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] update: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] update: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun] update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] update: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected DAEMON-EVENT: [Processed: 1032 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 129 / 129|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 38] new: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [MIDSTREAM] @@ -465,7 +465,7 @@ idle: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected not-detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] idle: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -520,7 +520,7 @@ guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] idle: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] idle: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] RISK: HTTP Susp User-Agent @@ -545,7 +545,7 @@ not-detected: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] idle: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] idle: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] not-detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] @@ -570,7 +570,7 @@ idle: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable] @@ -591,11 +591,11 @@ idle: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] idle: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] |