diff options
Diffstat (limited to 'test/results/flow-info')
114 files changed, 3598 insertions, 808 deletions
diff --git a/test/results/flow-info/caches_cfg/teams.pcap.out b/test/results/flow-info/caches_cfg/teams.pcap.out index 333036c26..3afcf07a3 100644 --- a/test/results/flow-info/caches_cfg/teams.pcap.out +++ b/test/results/flow-info/caches_cfg/teams.pcap.out @@ -33,8 +33,8 @@ RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type [7/16] new: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] - detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] - detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] + detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.221| 0.032| 0.054| 2931.592| 3.400] @@ -238,10 +238,10 @@ RISK: TLS (probably) Not Carrying HTTPS detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] + detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] @@ -281,8 +281,8 @@ new: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] detected: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun] new: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] - detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] - detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] + detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] new: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -543,9 +543,9 @@ idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - end: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable] - end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable] - end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable] + end: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] + end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] + end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] idle: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable] idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] diff --git a/test/results/flow-info/caches_global/bittorrent.pcap.out b/test/results/flow-info/caches_global/bittorrent.pcap.out new file mode 100644 index 000000000..d5eb9a750 --- /dev/null +++ b/test/results/flow-info/caches_global/bittorrent.pcap.out @@ -0,0 +1,130 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [....192.168.1.3][52888] -> [..82.58.216.115][38305] [MIDSTREAM] + detected: [.....1] [ip4][..tcp] [....192.168.1.3][52888] -> [..82.58.216.115][38305] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [.....2] [ip4][..tcp] [....192.168.1.3][52887] -> [....82.57.97.83][53137] [MIDSTREAM] + detected: [.....2] [ip4][..tcp] [....192.168.1.3][52887] -> [....82.57.97.83][53137] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [.....3] [ip4][..tcp] [....192.168.1.3][52895] -> [.83.216.184.241][51413] [MIDSTREAM] + detected: [.....3] [ip4][..tcp] [....192.168.1.3][52895] -> [.83.216.184.241][51413] [BitTorrent][Unknown][Download][Acceptable] + new: [.....4] [ip4][..tcp] [....192.168.1.3][52896] -> [....79.53.228.2][14627] [MIDSTREAM] + detected: [.....4] [ip4][..tcp] [....192.168.1.3][52896] -> [....79.53.228.2][14627] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [.....5] [ip4][..tcp] [....192.168.1.3][52894] -> [..120.62.33.241][39332] [MIDSTREAM] + detected: [.....5] [ip4][..tcp] [....192.168.1.3][52894] -> [..120.62.33.241][39332] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [.....6] [ip4][..tcp] [....192.168.1.3][52897] -> [...151.26.95.30][22673] [MIDSTREAM] + detected: [.....6] [ip4][..tcp] [....192.168.1.3][52897] -> [...151.26.95.30][22673] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [.....7] [ip4][..tcp] [....192.168.1.3][52893] -> [...79.55.129.22][12097] [MIDSTREAM] + detected: [.....7] [ip4][..tcp] [....192.168.1.3][52893] -> [...79.55.129.22][12097] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [.....8] [ip4][..tcp] [....192.168.1.3][52903] -> [..198.100.146.9][60163] [MIDSTREAM] + detected: [.....8] [ip4][..tcp] [....192.168.1.3][52903] -> [..198.100.146.9][60163] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [.....9] [ip4][..tcp] [....192.168.1.3][52902] -> [.190.103.195.56][46633] [MIDSTREAM] + detected: [.....9] [ip4][..tcp] [....192.168.1.3][52902] -> [.190.103.195.56][46633] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....10] [ip4][..tcp] [....192.168.1.3][52907] -> [..82.58.216.115][38305] [MIDSTREAM] + detected: [....10] [ip4][..tcp] [....192.168.1.3][52907] -> [..82.58.216.115][38305] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....11] [ip4][..tcp] [....192.168.1.3][52906] -> [....82.57.97.83][53137] [MIDSTREAM] + detected: [....11] [ip4][..tcp] [....192.168.1.3][52906] -> [....82.57.97.83][53137] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....12] [ip4][..tcp] [....192.168.1.3][52911] -> [...151.26.95.30][22673] [MIDSTREAM] + detected: [....12] [ip4][..tcp] [....192.168.1.3][52911] -> [...151.26.95.30][22673] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....13] [ip4][..tcp] [....192.168.1.3][52912] -> [.151.72.255.163][59928] [MIDSTREAM] + detected: [....13] [ip4][..tcp] [....192.168.1.3][52912] -> [.151.72.255.163][59928] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....14] [ip4][..tcp] [....192.168.1.3][52909] -> [....79.53.228.2][14627] [MIDSTREAM] + detected: [....14] [ip4][..tcp] [....192.168.1.3][52909] -> [....79.53.228.2][14627] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....15] [ip4][..tcp] [....192.168.1.3][52910] -> [..120.62.33.241][39332] [MIDSTREAM] + detected: [....15] [ip4][..tcp] [....192.168.1.3][52910] -> [..120.62.33.241][39332] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....16] [ip4][..tcp] [....192.168.1.3][52908] -> [...79.55.129.22][12097] [MIDSTREAM] + detected: [....16] [ip4][..tcp] [....192.168.1.3][52908] -> [...79.55.129.22][12097] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....17] [ip4][..tcp] [....192.168.1.3][52915] -> [..198.100.146.9][60163] [MIDSTREAM] + detected: [....17] [ip4][..tcp] [....192.168.1.3][52915] -> [..198.100.146.9][60163] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....18] [ip4][..tcp] [....192.168.1.3][52914] -> [.190.103.195.56][46633] [MIDSTREAM] + detected: [....18] [ip4][..tcp] [....192.168.1.3][52914] -> [.190.103.195.56][46633] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....19] [ip4][..tcp] [....192.168.1.3][52917] -> [..151.15.48.189][47001] [MIDSTREAM] + detected: [....19] [ip4][..tcp] [....192.168.1.3][52917] -> [..151.15.48.189][47001] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....20] [ip4][..tcp] [....192.168.1.3][52921] -> [..95.234.159.16][41205] [MIDSTREAM] + detected: [....20] [ip4][..tcp] [....192.168.1.3][52921] -> [..95.234.159.16][41205] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....21] [ip4][..tcp] [....192.168.1.3][52922] -> [..95.237.193.34][11321] [MIDSTREAM] + detected: [....21] [ip4][..tcp] [....192.168.1.3][52922] -> [..95.237.193.34][11321] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + analyse: [....17] [ip4][..tcp] [....192.168.1.3][52915] -> [..198.100.146.9][60163] [BitTorrent][Unknown][Download][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.012| 0.920| 0.247| 0.229| 52345.696| 4.400] + [PKTLEN......: 66.000| 1492.000| 722.400| 635.200| 403438.900| 4.400] + [BINS(c->s)..: 5,1,1,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,0,0] + [DIRECTIONS..: 0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,0,1,1,1,1,0,1,1] + [IATS(ms)....: 176.8,184.0,361.0,337.3,477.6,920.0,779.8,619.5,619.4,156.9,158.1,151.0,161.2,12.0,185.6,163.5,148.9,165.8,153.5,19.2,148.7,12.8,146.1,495.9,130.3,32.1,133.8,27.3,421.5,129.5,27.4] + [PKTLENS.....: 120,132,611,228,66,176,90,86,1492,69,1166,69,609,81,69,389,69,188,609,1492,1492,1492,1492,1492,188,1492,1492,1492,1492,197,1492,1492] + [ENTROPIES...: 6.0,6.1,4.9,5.5,4.8,3.9,5.4,4.3,7.8,4.5,7.7,4.6,7.6,4.7,4.6,7.4,4.6,2.9,7.6,4.9,7.7,7.7,7.8,7.8,3.1,7.7,7.8,7.8,7.8,3.1,7.8,7.9] + new: [....22] [ip4][..tcp] [....192.168.1.3][52927] -> [.83.216.184.241][51413] [MIDSTREAM] + detected: [....22] [ip4][..tcp] [....192.168.1.3][52927] -> [.83.216.184.241][51413] [BitTorrent][Unknown][Download][Acceptable] + new: [....23] [ip4][..tcp] [....192.168.1.3][52926] -> [..93.65.249.100][31336] [MIDSTREAM] + detected: [....23] [ip4][..tcp] [....192.168.1.3][52926] -> [..93.65.249.100][31336] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + new: [....24] [ip4][..tcp] [....192.168.1.3][52925] -> [..93.65.227.100][19116] [MIDSTREAM] + detected: [....24] [ip4][..tcp] [....192.168.1.3][52925] -> [..93.65.227.100][19116] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....2] [ip4][..tcp] [....192.168.1.3][52887] -> [....82.57.97.83][53137] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [....11] [ip4][..tcp] [....192.168.1.3][52906] -> [....82.57.97.83][53137] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....3] [ip4][..tcp] [....192.168.1.3][52895] -> [.83.216.184.241][51413] [BitTorrent][Unknown][Download][Acceptable] + idle: [....22] [ip4][..tcp] [....192.168.1.3][52927] -> [.83.216.184.241][51413] [BitTorrent][Unknown][Download][Acceptable] + end: [....21] [ip4][..tcp] [....192.168.1.3][52922] -> [..95.237.193.34][11321] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [....13] [ip4][..tcp] [....192.168.1.3][52912] -> [.151.72.255.163][59928] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....6] [ip4][..tcp] [....192.168.1.3][52897] -> [...151.26.95.30][22673] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....12] [ip4][..tcp] [....192.168.1.3][52911] -> [...151.26.95.30][22673] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [....20] [ip4][..tcp] [....192.168.1.3][52921] -> [..95.234.159.16][41205] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [....23] [ip4][..tcp] [....192.168.1.3][52926] -> [..93.65.249.100][31336] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....24] [ip4][..tcp] [....192.168.1.3][52925] -> [..93.65.227.100][19116] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....9] [ip4][..tcp] [....192.168.1.3][52902] -> [.190.103.195.56][46633] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....18] [ip4][..tcp] [....192.168.1.3][52914] -> [.190.103.195.56][46633] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....4] [ip4][..tcp] [....192.168.1.3][52896] -> [....79.53.228.2][14627] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....14] [ip4][..tcp] [....192.168.1.3][52909] -> [....79.53.228.2][14627] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....7] [ip4][..tcp] [....192.168.1.3][52893] -> [...79.55.129.22][12097] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....16] [ip4][..tcp] [....192.168.1.3][52908] -> [...79.55.129.22][12097] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [....19] [ip4][..tcp] [....192.168.1.3][52917] -> [..151.15.48.189][47001] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....8] [ip4][..tcp] [....192.168.1.3][52903] -> [..198.100.146.9][60163] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....17] [ip4][..tcp] [....192.168.1.3][52915] -> [..198.100.146.9][60163] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....1] [ip4][..tcp] [....192.168.1.3][52888] -> [..82.58.216.115][38305] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....10] [ip4][..tcp] [....192.168.1.3][52907] -> [..82.58.216.115][38305] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....5] [ip4][..tcp] [....192.168.1.3][52894] -> [..120.62.33.241][39332] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....15] [ip4][..tcp] [....192.168.1.3][52910] -> [..120.62.33.241][39332] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/disable_stun_monitoring/lru_ipv6_caches.pcapng.out b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out index a0e16d76a..9fb54e98e 100644 --- a/test/results/flow-info/disable_stun_monitoring/lru_ipv6_caches.pcapng.out +++ b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out @@ -4,6 +4,10 @@ new: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] detected: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable][] new: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] + detected: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + detection-update: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] new: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] detected: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable] @@ -16,8 +20,6 @@ new: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] detected: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port - detected: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic detection-update: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] diff --git a/test/results/flow-info/caches_global/mining.pcapng.out b/test/results/flow-info/caches_global/mining.pcapng.out new file mode 100644 index 000000000..92210b196 --- /dev/null +++ b/test/results/flow-info/caches_global/mining.pcapng.out @@ -0,0 +1,68 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] + detected: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + analyse: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] [Mining][Unknown][Mining][Unsafe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 9.791| 1.953| 3.005| 9028300.177| 3.500] + [PKTLEN......: 40.000| 283.000| 131.100| 104.000| 10823.600| 4.600] + [BINS(c->s)..: 11,0,4,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 5,1,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0] + [IATS(ms)....: 18.4,18.5,27.7,27.7,25.8,11.4,0.0,37.2,8.3,48.3,236.6,209.3,12.6,9755.4,9791.3,235.5,2439.8,2440.1,7323.7,7588.5,64.9,25.7,10.3,234.7,3831.8,3833.1,885.3,890.1,5008.7,5252.5,238.4] + [PKTLENS.....: 52,46,40,46,214,46,79,283,40,121,283,40,283,40,121,283,40,283,40,188,46,121,46,283,40,283,40,283,40,121,283,40] + [ENTROPIES...: 4.4,4.2,4.7,4.4,5.6,4.6,5.4,5.2,4.6,5.3,5.2,4.7,5.2,4.7,5.3,5.2,4.7,5.1,4.7,4.6,4.7,5.4,4.7,5.2,4.7,5.2,4.8,5.2,4.7,5.3,5.1,4.8] + DAEMON-EVENT: [Processed: 209 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] + detected: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + end: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + analyse: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 50.191| 6.014| 12.034| 144808530.149| 3.200] + [PKTLEN......: 52.000| 355.000| 142.600| 98.900| 9779.100| 4.700] + [BINS(c->s)..: 9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1] + [IATS(ms)....: 82.7,82.7,0.2,82.6,1.5,84.0,12149.8,12261.6,111.7,2618.8,2732.4,113.5,6931.2,7044.0,112.8,7848.9,7848.9,48786.2,308.4,320.0,608.0,50191.4,0.1,0.0,41.7,210.6,4833.2,4833.2,8034.7,8116.9,41.4] + [PKTLENS.....: 60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115] + [ENTROPIES...: 4.8,5.3,5.2,6.2,5.2,5.3,5.1,5.5,5.5,5.1,5.5,5.5,5.2,5.6,5.5,5.1,5.3,4.9,5.4,5.4,5.5,5.4,5.1,5.2,5.2,5.5,5.0,5.3,5.2,5.5,5.2,5.6] + new: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] + detected: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + new: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] + detected: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + analyse: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 71.693| 7.500| 18.614| 346464978.993| 2.400] + [PKTLEN......: 52.000| 1500.000| 358.800| 549.100| 301531.900| 3.700] + [BINS(c->s)..: 8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0] + [BINS(s->c)..: 10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1] + [IATS(ms)....: 80.3,80.3,0.1,83.2,0.0,83.1,0.1,81.0,0.0,80.9,0.3,118.0,882.3,1042.5,71569.6,0.2,71693.1,0.0,0.7,81.6,32242.2,0.2,32323.4,1.5,82.5,7433.0,7432.9,3511.8,0.2,3592.7,1.0] + [PKTLENS.....: 60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77] + [ENTROPIES...: 4.7,5.3,5.1,5.8,5.3,5.7,5.3,6.1,5.7,5.9,5.1,5.8,5.3,5.0,5.2,4.5,4.3,5.3,5.3,5.7,5.2,4.5,4.3,5.4,5.7,5.2,4.9,5.2,4.5,4.3,5.4,5.7] + DAEMON-EVENT: [Processed: 450 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 3 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + analyse: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 170.525| 32.857| 51.784| 2681624034.542| 3.400] + [PKTLEN......: 40.000| 1484.000| 223.600| 347.600| 120860.400| 3.900] + [BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0] + [BINS(s->c)..: 4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1] + [IATS(ms)....: 308.1,308.2,0.2,308.1,0.0,308.0,0.7,308.7,0.0,308.0,0.1,346.7,653.9,1043.1,114411.2,114368.8,308.6,308.5,36863.2,36863.2,20419.9,20419.9,170525.4,170525.4,113243.5,113243.5,35871.3,35871.3,15564.6,0.2,15873.5] + [PKTLENS.....: 60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46] + [ENTROPIES...: 4.8,4.9,4.8,5.7,4.5,5.4,4.8,5.9,5.4,5.7,4.8,5.5,4.5,4.8,4.8,4.8,4.8,4.7,4.8,4.8,4.8,4.8,4.9,4.8,4.9,4.7,4.9,4.7,4.8,4.5,4.2,4.5] + idle: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + idle: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + idle: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/caches_global/ookla.pcap.out b/test/results/flow-info/caches_global/ookla.pcap.out new file mode 100644 index 000000000..d441591d7 --- /dev/null +++ b/test/results/flow-info/caches_global/ookla.pcap.out @@ -0,0 +1,32 @@ + DAEMON-EVENT: init + new: [.....1] [ip4][..tcp] [..192.168.1.192][37790] -> [185.157.229.246][.8080] + detected: [.....1] [ip4][..tcp] [..192.168.1.192][37790] -> [185.157.229.246][.8080] [Ookla][Unknown][Network][Safe] + new: [.....2] [ip4][..tcp] [..192.168.1.192][51156] -> [..89.96.108.170][.8080] + DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] + detected: [.....3] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Unknown][Network][Safe][massarosa-1.speedtest.welcomeitalia.it] + detection-update: [.....3] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Unknown][Network][Safe][massarosa-1.speedtest.welcomeitalia.it] + RISK: HTTP Obsolete Server + new: [.....4] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] + detected: [.....4] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Unknown][Network][Safe] + guessed: [.....2] [ip4][..tcp] [..192.168.1.192][51156] -> [..89.96.108.170][.8080] [Ookla][Unknown][Network][Safe] + idle: [.....2] [ip4][..tcp] [..192.168.1.192][51156] -> [..89.96.108.170][.8080] + idle: [.....1] [ip4][..tcp] [..192.168.1.192][37790] -> [185.157.229.246][.8080] [Ookla][Unknown][Network][Safe] + DAEMON-EVENT: [Processed: 70 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 4|skipped: 0|!detected: 0|guessed: 1|detection-updates: 1|updates: 0] + new: [.....5] [ip4][..tcp] [..192.168.1.128][48854] -> [..104.16.209.12][..443] + detected: [.....5] [ip4][..tcp] [..192.168.1.128][48854] -> [..104.16.209.12][..443] [TLS.Ookla][Cloudflare][Network][Safe][www.speedtest.net] + detection-update: [.....5] [ip4][..tcp] [..192.168.1.128][48854] -> [..104.16.209.12][..443] [TLS.Ookla][Cloudflare][Network][Safe][www.speedtest.net] + idle: [.....4] [ip4][..tcp] [....192.168.1.7][51215] -> [..46.44.253.187][.8080] [Ookla][Unknown][Network][Safe] + end: [.....3] [ip4][..tcp] [....192.168.1.7][51207] -> [..46.44.253.187][...80] [HTTP.Ookla][Unknown][Network][Safe] + RISK: HTTP Obsolete Server + new: [.....6] [ip4][..tcp] [..192.168.1.128][35830] -> [..89.96.108.170][.8080] + detected: [.....6] [ip4][..tcp] [..192.168.1.128][35830] -> [..89.96.108.170][.8080] [TLS][Unknown][Web][Safe][spd-pub-mi-01-01.fastwebnet.it] + RISK: Known Proto on Non Std Port + detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][35830] -> [..89.96.108.170][.8080] [TLS][Unknown][Web][Safe][spd-pub-mi-01-01.fastwebnet.it] + RISK: Known Proto on Non Std Port + detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][35830] -> [..89.96.108.170][.8080] [TLS.Ookla][Unknown][Web][Safe][spd-pub-mi-01-01.fastwebnet.it] + idle: [.....5] [ip4][..tcp] [..192.168.1.128][48854] -> [..104.16.209.12][..443] [TLS.Ookla][Cloudflare][Network][Safe] + idle: [.....6] [ip4][..tcp] [..192.168.1.128][35830] -> [..89.96.108.170][.8080] [TLS.Ookla][Unknown][Web][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/caches_global/teams.pcap.out b/test/results/flow-info/caches_global/teams.pcap.out new file mode 100644 index 000000000..3afcf07a3 --- /dev/null +++ b/test/results/flow-info/caches_global/teams.pcap.out @@ -0,0 +1,560 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] + detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e] + ERROR-EVENT: Unknown packet type [1/16] + new: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [MIDSTREAM] + ERROR-EVENT: Unknown packet type [2/16] + ERROR-EVENT: Unknown packet type [3/16] + ERROR-EVENT: Unknown packet type [4/16] + ERROR-EVENT: Unknown packet type [5/16] + ERROR-EVENT: Unknown packet type [6/16] + new: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] + detected: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] + detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] + new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] + new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] + detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700] + [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900] + [BINS(c->s)..: 10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0] + [IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5] + [PKTLENS.....: 64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40] + [ENTROPIES...: 4.4,4.9,4.5,5.4,4.6,7.4,7.4,4.7,7.5,4.6,7.6,7.1,4.6,6.6,4.6,7.2,4.7,6.0,4.6,6.2,5.1,7.0,5.4,4.6,4.7,4.6,7.6,4.7,7.8,7.8,7.7,4.7] + detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + ERROR-EVENT: Unknown packet type [7/16] + new: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] + detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.221| 0.032| 0.054| 2931.592| 3.400] + [PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400] + [BINS(c->s)..: 5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0] + [BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0] + [IATS(ms)....: 43.2,43.3,94.0,139.8,0.2,45.9,0.1,0.1,1.4,46.8,45.4,177.2,0.0,0.0,221.2,44.0,0.0,0.0,0.0,21.3,21.2,0.0,23.0,23.0,0.0,0.0,0.0,1.2,1.2,0.0,0.0] + [PKTLENS.....: 64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480] + [ENTROPIES...: 4.4,5.2,4.9,5.6,7.3,7.3,4.9,7.7,4.9,5.9,5.5,4.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9] + new: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] + detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] + detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900] + [PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200] + [BINS(c->s)..: 7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0] + [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0] + [IATS(ms)....: 45.3,45.4,0.3,49.2,0.0,48.8,0.2,0.2,1.3,46.5,45.3,1.9,0.0,0.0,47.7,45.8,0.0,0.0,0.0,37.7,37.7,0.0,8.0,8.1,0.0,0.7,37.0,7.8,4.3,49.8,1.3] + [PKTLENS.....: 64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83] + [ENTROPIES...: 4.3,5.2,5.0,6.0,7.3,7.7,5.1,7.3,5.0,6.0,5.7,5.1,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.8,5.1,5.2,5.2,7.5,5.0,5.3] + ERROR-EVENT: Unknown packet type [8/16] + ERROR-EVENT: Unknown packet type [9/16] + new: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] + detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + ERROR-EVENT: Unknown packet type [10/16] + new: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] + detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org] + new: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] + detected: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] + detected: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + ERROR-EVENT: Unknown packet type [11/16] + ERROR-EVENT: Unknown packet type [12/16] + detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org] + RISK: Unidirectional Traffic + detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org] + RISK: Error Code + new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] + detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][] + new: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [MIDSTREAM] + detected: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] + ERROR-EVENT: Unknown packet type [13/16] + new: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] + detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net] + detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net] + ERROR-EVENT: Unknown packet type [14/16] + ERROR-EVENT: Unknown packet type [15/16] + new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] + detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] + detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] + detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com] + new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] + detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com] + new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] + detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] + detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] + detection-update: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] + new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] + detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] + detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] + detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] + detection-update: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com] + detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com] + detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com] + new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] + detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] + detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] + new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] + detection-update: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net] + new: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] + detected: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detected: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] + detection-update: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com] + detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + ERROR-EVENT: Unknown packet type [16/16] + new: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] + detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net] + detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net] + new: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] + new: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [MIDSTREAM] + detected: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe] + detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com] + detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com] + analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.153| 0.028| 0.040| 1626.047| 3.600] + [PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300] + [BINS(c->s)..: 5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0] + [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0] + [IATS(ms)....: 50.5,50.6,0.3,64.6,72.0,0.2,136.5,0.1,0.1,1.4,68.0,86.2,152.9,2.3,0.0,0.0,46.4,44.1,0.0,0.0,0.0,23.6,23.6,0.0,20.9,20.9,0.0,0.0,0.0,0.8,0.8] + [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480] + [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9] + new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] + detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + RISK: Known Proto on Non Std Port + detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + RISK: Known Proto on Non Std Port + analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.201| 0.025| 0.047| 2215.159| 3.200] + [PKTLEN......: 40.000| 1492.000| 340.200| 510.300| 260451.700| 3.800] + [BINS(c->s)..: 11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1] + [IATS(ms)....: 45.7,45.8,0.2,47.9,0.0,47.7,0.0,0.1,0.2,0.1,0.2,9.9,9.9,3.5,10.4,0.4,51.4,37.1,0.2,0.2,0.2,7.1,7.0,1.3,1.2,79.2,201.4,0.0,0.0,167.5,0.2] + [PKTLENS.....: 64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82] + [ENTROPIES...: 4.4,5.0,4.6,5.4,7.1,7.4,4.7,4.7,4.5,7.6,7.6,4.7,7.5,4.7,6.6,6.1,7.6,5.4,4.6,6.0,4.5,5.2,5.4,4.7,7.5,4.7,4.5,7.9,6.6,6.7,4.5,5.4] + new: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] + detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com] + detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com] + new: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] + detected: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe][chatsvcagg.teams.microsoft.com] + new: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] + detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.115| 0.021| 0.031| 968.681| 3.500] + [PKTLEN......: 52.000| 1492.000| 377.200| 521.700| 272149.200| 3.900] + [BINS(c->s)..: 11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1] + [IATS(ms)....: 34.2,34.3,0.3,36.9,0.0,36.6,0.0,0.2,0.2,0.1,0.0,0.1,1.0,12.0,0.3,36.0,22.7,0.2,0.2,0.1,10.4,10.3,0.6,0.6,77.1,91.7,0.0,49.1,80.4,115.1,0.2] + [PKTLENS.....: 64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139] + [ENTROPIES...: 4.3,5.1,4.7,5.5,7.4,7.3,4.8,4.8,7.5,4.7,7.6,7.4,4.8,6.3,6.2,7.5,5.6,4.9,6.0,4.9,5.4,5.5,4.8,7.4,4.9,5.1,7.8,7.0,5.0,6.8,4.7,7.8] + new: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] + detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com] + detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com] + new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] + detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] + detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com] + analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700] + [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800] + [BINS(c->s)..: 9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1] + [IATS(ms)....: 12.7,12.8,0.2,12.4,2.5,0.3,14.9,0.5,0.5,0.2,0.0,0.8,4.9,17.1,1.4,0.0,13.1,0.0,0.2,0.3,0.1,11.8,0.0,11.2,0.1,0.6,112.9,113.7,1998.1,2009.8,174.6] + [PKTLENS.....: 64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345] + [ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3] + analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.540| 0.024| 0.095| 8949.939| 1.900] + [PKTLEN......: 40.000| 1492.000| 331.500| 473.500| 224192.200| 3.900] + [BINS(c->s)..: 9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [BINS(s->c)..: 5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0] + [IATS(ms)....: 11.5,11.6,0.3,11.9,32.5,0.1,44.2,0.2,0.0,0.2,3.8,7.7,0.3,0.1,14.6,1.5,0.0,4.2,0.0,0.3,6.5,0.5,6.7,4.3,9.9,14.2,10.7,10.7,539.6,0.0,0.3] + [PKTLENS.....: 64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248] + [ENTROPIES...: 4.4,4.9,4.5,5.4,4.5,6.7,7.5,4.6,7.6,5.7,4.7,6.5,6.2,7.6,6.5,4.5,7.2,5.8,4.6,4.6,5.3,4.5,5.4,4.6,4.5,7.7,4.7,7.3,4.7,7.8,7.7,7.0] + new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] + detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com] + new: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] + detected: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] + new: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] + detected: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] + new: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] + detected: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com] + detection-update: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] + detection-update: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com] + new: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] + detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com] + detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com] + RISK: Minor Issues + new: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] + detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com] + detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com] + new: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] + new: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] + new: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] + detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] + new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] + new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] + detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net] + detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800] + [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000] + [BINS(c->s)..: 10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1] + [IATS(ms)....: 12.9,13.0,0.5,12.4,2.0,1.5,15.4,0.1,0.1,0.1,0.0,0.1,21.6,33.0,11.5,11.7,0.1,11.8,0.6,13.4,140.4,0.7,154.0,0.2,0.2,0.2,0.2,0.5,0.0,0.1,0.2] + [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492] + [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9] + new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] + detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] + detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.053| 0.020| 0.022| 492.470| 3.900] + [PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100] + [BINS(c->s)..: 9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0] + [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0] + [IATS(ms)....: 48.6,48.7,0.3,51.0,0.1,50.7,0.0,0.3,0.3,1.7,49.8,48.1,1.4,0.0,0.0,50.5,49.1,0.0,0.0,0.0,37.2,37.2,0.0,11.5,11.5,1.0,36.0,16.0,53.0,0.7,0.1] + [PKTLENS.....: 64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52] + [ENTROPIES...: 4.4,5.3,4.9,6.0,7.3,7.3,5.1,4.9,7.6,5.0,5.9,5.7,5.0,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.8,7.9,5.1,7.8,5.1,5.2,7.6,5.1,5.3,5.0] + new: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] + detected: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun] + new: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] + detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + new: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] + detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] + detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] + detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com] + new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] + detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com] + detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400] + [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900] + [BINS(c->s)..: 12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0] + [BINS(s->c)..: 2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0] + [IATS(ms)....: 29.5,29.6,0.2,45.7,0.2,45.7,0.1,0.1,0.1,0.1,0.0,0.1,0.6,23.2,0.2,30.2,0.0,6.1,0.0,0.2,22.9,22.6,1.5,1.4,2.9,0.0,32.7,0.2,30.1,125.5,125.6] + [PKTLENS.....: 64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52] + [ENTROPIES...: 4.4,5.2,4.9,5.6,7.4,7.5,4.9,7.4,4.9,4.8,7.6,7.1,5.0,5.9,6.3,7.4,5.6,6.1,4.9,4.9,5.4,5.6,4.9,7.5,5.0,7.9,6.1,5.1,5.7,5.0,7.5,4.9] + new: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] + detected: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com] + detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com] + new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] + analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.162| 0.032| 0.044| 1964.919| 3.600] + [PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200] + [BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0] + [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1] + [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7] + [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52] + [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2] + detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com] + new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] + detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] + detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com] + new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] + detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detection-update: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] + detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] + detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net] + new: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] + detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] + detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com] + analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.277| 0.019| 0.049| 2449.644| 2.900] + [PKTLEN......: 52.000| 1492.000| 370.200| 512.100| 262257.700| 3.900] + [BINS(c->s)..: 11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1] + [IATS(ms)....: 19.2,19.3,0.2,22.0,0.0,21.8,0.0,0.2,0.2,0.2,0.0,0.2,1.1,12.3,0.3,19.9,0.0,6.3,0.0,0.6,12.0,11.4,1.5,1.4,55.0,62.1,0.0,25.5,0.0,18.4,276.9] + [PKTLENS.....: 64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335] + [ENTROPIES...: 4.4,5.3,4.9,5.6,7.1,7.3,5.0,5.0,7.5,4.9,7.6,7.5,4.9,6.3,6.3,7.6,5.6,5.9,5.0,4.9,5.4,5.7,5.0,7.5,5.0,5.2,7.8,6.2,5.2,5.6,5.0,7.8] + analyse: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 8.978| 0.329| 1.582| 2503841.415| 0.800] + [PKTLEN......: 40.000| 1492.000| 339.200| 486.100| 236250.500| 3.900] + [BINS(c->s)..: 10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1] + [IATS(ms)....: 47.1,47.2,0.5,44.4,0.0,43.9,0.0,0.0,0.2,0.1,0.0,0.2,0.0,4.4,9.7,0.3,46.5,32.1,0.5,0.4,0.1,18.9,1.4,20.2,62.9,403.2,425.0,8978.2,0.0,0.0,0.0] + [PKTLENS.....: 64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78] + [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5] + new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM] + new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] + detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + RISK: Known Proto on Non Std Port + detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org] + RISK: Known Proto on Non Std Port + new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] + new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] + detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] + new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] + detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] + detection-update: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com] + detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] + detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] + new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] + detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] + detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] + detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] + detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] + new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] + detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.153] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152] + RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS + detection-update: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.153] + RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS + new: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] + new: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] + detected: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net] + detection-update: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net] + detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] + detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] + detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] + detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] + detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] + detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] + detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.567| 0.072| 0.275| 75449.426| 1.900] + [PKTLEN......: 40.000| 1492.000| 256.900| 427.000| 182315.300| 3.700] + [BINS(c->s)..: 15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1] + [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9] + [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46] + [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6] + new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] + detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net] + new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] + detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] + analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700] + [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000] + [BINS(c->s)..: 0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 24.8,0.2,101.3,1168.2,1167.0,967.1,50.8,1119.2,0.0,0.0,51.0,80.3,2.0,2.7,3.7,0.0,0.0,0.0,10.7,24.2,9.3,21.5,4.5,19.9,25.3,9.2,24.4,24.6,9.5,26.0,24.3] + [PKTLENS.....: 140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102] + [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2] + idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe] + RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS + end: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe] + RISK: TLS (probably) Not Carrying HTTPS + end: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable] + end: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe] + RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS + idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] + idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] + idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] + idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] + RISK: Minor Issues + idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable] + end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + RISK: TLS (probably) Not Carrying HTTPS + end: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + RISK: TLS (probably) Not Carrying HTTPS + end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe] + idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe] + idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe] + idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe] + idle: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe] + idle: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe] + end: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe] + RISK: TLS (probably) Not Carrying HTTPS + end: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + RISK: TLS (probably) Not Carrying HTTPS + end: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + RISK: TLS (probably) Not Carrying HTTPS + end: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe] + idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe] + RISK: TLS (probably) Not Carrying HTTPS + idle: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] + idle: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + guessed: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [TLS][Telegram][Web][Safe] + RISK: Unidirectional Traffic + end: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] + idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable] + idle: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable] + idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + RISK: Known Proto on Non Std Port + idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe] + RISK: Known Proto on Non Std Port + idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] + guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable] + idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] + idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe] + not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated] + idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] + idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] + idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] + idle: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe] + idle: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable] + idle: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun] + idle: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe] + idle: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe] + RISK: Error Code + idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + end: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] + end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] + end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] + end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] + idle: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable] + idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + idle: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe] + idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + idle: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] + idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] + idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] + idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/caches_global/zoom_p2p.pcapng.out b/test/results/flow-info/caches_global/zoom_p2p.pcapng.out new file mode 100644 index 000000000..99a03c91a --- /dev/null +++ b/test/results/flow-info/caches_global/zoom_p2p.pcapng.out @@ -0,0 +1,113 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] + detected: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + new: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + detected: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + new: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] + detected: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] + new: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] + detected: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] + new: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] + detected: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + new: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] + update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + new: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] + analyse: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.089| 0.026| 0.021| 430.173| 4.500] + [PKTLEN......: 113.000| 1277.000| 673.700| 485.600| 235788.400| 4.500] + [BINS(c->s)..: 0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,0,0,0,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,1,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0] + [IATS(ms)....: 8.4,10.2,12.0,0.1,14.3,5.0,17.5,37.3,28.4,52.5,29.0,88.6,0.2,71.3,10.8,22.4,0.1,28.5,48.7,32.5,39.0,13.4,0.2,30.2,24.5,22.8,31.8,53.4,31.8,40.1,10.0] + [PKTLENS.....: 113,113,113,113,113,113,113,113,113,113,113,1246,1056,1056,1246,800,1245,119,1245,800,800,1245,800,799,118,831,1245,1277,1043,1043,1257,1043] + [ENTROPIES...: 4.9,4.8,4.8,4.9,4.9,4.8,4.8,4.9,4.8,4.8,4.8,7.8,0.5,0.5,7.8,7.7,7.8,5.8,7.8,7.7,7.7,7.8,7.7,7.7,5.8,7.7,7.8,7.8,7.8,7.8,7.8,7.8] + update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] + update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] + update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + idle: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] + update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] + update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + idle: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + guessed: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] [Zoom][Unknown][Video][Acceptable] + RISK: Unidirectional Traffic + idle: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] + guessed: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable] + idle: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] + idle: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + idle: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + new: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] + detected: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] + new: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] + detected: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable][] + new: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] + detected: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + new: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + detected: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + analyse: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 2.031| 0.974| 1.005| 1010541.658| 3.900] + [PKTLEN......: 100.000| 100.000| 100.000| 0.000| 0.000| 5.000] + [BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.0,2023.3,0.0,2021.5,0.0,2008.4,0.0,2013.5,0.0,1994.8,0.0,2022.5,0.0,1990.7,0.1,2022.2,0.0,2022.0,0.1,1995.4,0.0,2020.2,0.0,2002.2,3.1,1996.9,3.1,2014.1,0.0,2030.9,0.0] + [PKTLENS.....: 100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100] + [ENTROPIES...: 5.4,5.3,5.2,5.3,5.4,5.3,5.4,5.3,5.4,5.3,5.3,5.4,5.3,5.3,5.3,5.4,5.3,5.4,5.3,5.3,5.3,5.3,5.3,5.3,5.4,5.3,5.3,5.4,5.4,5.3,5.4,5.3] + new: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] + new: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] + update: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + analyse: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.052| 0.013| 0.016| 253.890| 4.000] + [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000] + [BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.2,27.3,11.2,7.7,6.8,1.5,0.1,13.3,6.9,1.7,40.5,0.2,15.5,0.6,33.3,0.2,50.8,0.4,5.9,5.7,52.3,0.4,7.2,2.3,22.7,0.2,31.0,0.2,40.9,0.2,22.6] + [PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112] + [ENTROPIES...: 5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0] + analyse: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.055| 0.027| 0.014| 209.331| 4.700] + [PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000] + [BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 23.8,0.3,29.8,1.6,40.5,0.5,22.7,46.4,8.7,38.1,43.6,20.5,19.3,34.0,24.4,41.5,21.1,25.0,31.1,47.2,23.8,22.9,54.8,6.0,45.0,14.9,26.8,31.6,48.3,23.8,18.7] + [PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112] + [ENTROPIES...: 4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9] + idle: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable] + guessed: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable] + RISK: Unidirectional Traffic + idle: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] + idle: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + idle: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + guessed: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable] + RISK: Unidirectional Traffic + idle: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] + idle: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/anyconnect-vpn.pcap.out b/test/results/flow-info/default/anyconnect-vpn.pcap.out index 0aa87a3fc..3fa8eb17c 100644 --- a/test/results/flow-info/default/anyconnect-vpn.pcap.out +++ b/test/results/flow-info/default/anyconnect-vpn.pcap.out @@ -89,7 +89,7 @@ detected: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Unknown][Web][Safe][] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detection-update: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert About To Expire + RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] detected: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][lb._dns-sd._udp.0.128.28.172.in-addr.arpa] new: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] @@ -220,9 +220,7 @@ new: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] detected: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlezone._tcp.local] detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local] - RISK: Susp DNS Traffic detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlezone._tcp.local] - RISK: Susp DNS Traffic new: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] detected: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] [ICMP][Unknown][Network][Acceptable] idle: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] @@ -256,7 +254,6 @@ RISK: Error Code idle: [.....5] [ip6][icmp6] [..............fe80::2e7e:81ff:feb0:4aa1] -> [................................ff02::1] [ICMPV6][Unknown][Network][Acceptable] idle: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] - RISK: Susp DNS Traffic idle: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] idle: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable] RISK: Error Code @@ -272,7 +269,7 @@ end: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [TLS][Apple][Web][Safe] RISK: Known Proto on Non Std Port idle: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Unknown][Web][Safe] - RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert About To Expire + RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn idle: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] idle: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable] RISK: Error Code diff --git a/test/results/flow-info/default/beckhoff_ads.pcapng.out b/test/results/flow-info/default/beckhoff_ads.pcapng.out new file mode 100644 index 000000000..670ea4571 --- /dev/null +++ b/test/results/flow-info/default/beckhoff_ads.pcapng.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.1.99][49201] -> [....192.168.1.8][48898] + detected: [.....1] [ip4][..tcp] [...192.168.1.99][49201] -> [....192.168.1.8][48898] [BeckhoffADS][Unknown][IoT-Scada][Acceptable] + analyse: [.....1] [ip4][..tcp] [...192.168.1.99][49201] -> [....192.168.1.8][48898] [BeckhoffADS][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 25.812| 1.672| 6.314| 39862191.260| 1.100] + [PKTLEN......: 40.000| 318.000| 100.400| 47.800| 2284.800| 4.900] + [BINS(c->s)..: 3,5,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,13,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 0.3,0.4,0.4,1.2,198.9,25613.3,25812.4,4.0,3.7,24.0,23.6,51.0,51.0,4.0,4.0,2.1,2.5,1.9,1.9,2.0,2.0,2.0,2.0,2.0,2.0,2.0,2.0,2.0,2.0,2.0,2.0] + [PKTLENS.....: 48,48,40,78,86,40,90,90,90,318,118,86,78,86,82,82,118,86,136,87,133,86,134,87,135,86,134,87,136,87,134,86] + [ENTROPIES...: 4.1,4.5,4.3,4.1,4.1,4.5,3.9,3.9,3.9,3.6,3.4,4.0,4.1,4.1,4.0,4.1,3.3,4.0,4.9,4.1,4.9,4.1,4.9,4.1,5.0,4.1,4.9,4.1,5.0,4.1,4.9,4.1] + idle: [.....1] [ip4][..tcp] [...192.168.1.99][49201] -> [....192.168.1.8][48898] [BeckhoffADS][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/bitcoin.pcap.out b/test/results/flow-info/default/bitcoin.pcap.out index 80f08d2bc..e28e540f9 100644 --- a/test/results/flow-info/default/bitcoin.pcap.out +++ b/test/results/flow-info/default/bitcoin.pcap.out @@ -5,16 +5,6 @@ detected: [.....1] [ip4][..tcp] [..192.168.1.142][55317] -> [188.165.213.169][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] new: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [MIDSTREAM] detected: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] - analyse: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 141.657| 9.231| 28.185| 794377756.606| 1.900] - [PKTLEN......: 72.000| 1500.000| 1182.700| 570.200| 325114.200| 4.800] - [BINS(c->s)..: 0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 1,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0] - [DIRECTIONS..: 0,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] - [IATS(ms)....: 52.7,59.2,36072.7,6972.6,71059.7,141657.3,28238.3,0.1,33.0,0.0,0.0,1933.1,0.0,0.0,0.0,0.0,4.5,16.8,0.3,4.1,0.5,12.1,1.1,0.3,10.6,15.7,2.7,0.0,3.1,4.1,7.9] - [PKTLENS.....: 157,157,72,113,107,113,96,1500,1500,1500,1500,1031,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] - [ENTROPIES...: 4.3,4.4,4.9,5.2,4.7,5.6,4.9,7.4,7.5,7.5,7.5,7.4,3.6,3.4,3.5,3.5,3.5,3.4,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5] new: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] analyse: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] @@ -29,7 +19,7 @@ [ENTROPIES...: 4.5,4.5,5.1,5.3,4.9,4.9,5.1,4.8,3.6,3.5,3.6,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5,3.5] new: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] - DAEMON-EVENT: [Processed: 214 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Processed: 106 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] analyse: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy @@ -53,11 +43,11 @@ [IATS(ms)....: 128.2,113.3,17195.1,11450.8,3438.7,6.8,2755.3,41186.4,319.9,321.8,0.0,347.4,8283.5,31.9,35.0,52.7,19.0,36.6,49.3,41.1,63.9,2.3,29.1,27.7,37.4,32.7,49.2,24.6,33.7,41.1,34.1] [PKTLENS.....: 157,157,72,107,107,107,107,113,96,1500,1500,1500,1385,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] [ENTROPIES...: 4.4,4.4,5.0,4.7,4.7,4.8,4.8,5.6,5.0,6.6,6.6,6.6,6.6,3.4,3.4,3.3,3.3,3.4,3.4,3.3,3.3,3.3,3.3,3.3,3.3,3.3,3.3,3.3,3.3,3.4,3.4,3.3] - DAEMON-EVENT: [Processed: 494 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Processed: 386 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 5 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....6] [ip4][..tcp] [..192.168.1.142][55487] -> [.184.58.165.119][.8333] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [..192.168.1.142][55487] -> [.184.58.165.119][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] - DAEMON-EVENT: [Processed: 621 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Processed: 513 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 6 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] idle: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] idle: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable] diff --git a/test/results/flow-info/default/bittorrent_utp.pcap.out b/test/results/flow-info/default/bittorrent_utp.pcap.out index 651cc4685..ac48b9ebc 100644 --- a/test/results/flow-info/default/bittorrent_utp.pcap.out +++ b/test/results/flow-info/default/bittorrent_utp.pcap.out @@ -18,6 +18,13 @@ [IATS(ms)....: 4392.2,1037.9,5430.3,116.8,116.9,100.5,240.4,139.9,4.5,110.6,115.0,1.0,58.6,60.6,88.2,88.1,37.5,37.7,24.5,24.4,43.7,55.5,11.6,11.8,11.9,53.7,52.8,104.1,173.3,8.3,17.5] [PKTLENS.....: 132,132,48,58,238,505,48,48,103,257,48,48,132,1500,54,1500,54,1500,54,1500,54,82,1500,54,1500,54,1500,48,48,1037,1037,1037] [ENTROPIES...: 5.8,5.9,4.5,4.2,4.4,5.3,4.7,5.3,3.9,5.4,5.3,4.8,5.8,7.8,4.5,7.8,4.6,7.8,4.6,7.8,4.6,4.1,7.8,4.7,7.6,4.7,7.8,4.9,4.8,7.8,7.8,7.7] + DAEMON-EVENT: [Processed: 86 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] + new: [.....2] [ip4][..udp] [......127.0.0.1][49861] -> [......127.0.0.1][33333] + detected: [.....2] [ip4][..udp] [......127.0.0.1][49861] -> [......127.0.0.1][33333] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port idle: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port + idle: [.....2] [ip4][..udp] [......127.0.0.1][49861] -> [......127.0.0.1][33333] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/cassandra.pcap.out b/test/results/flow-info/default/cassandra.pcap.out index 3e5e5d70c..46a23e9ca 100644 --- a/test/results/flow-info/default/cassandra.pcap.out +++ b/test/results/flow-info/default/cassandra.pcap.out @@ -3,28 +3,11 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] detected: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable] - new: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] - detected: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable] - analyse: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 26.002| 1.755| 6.369| 40566842.720| 1.300] - [PKTLEN......: 52.000| 25200.000| 1937.600| 5902.900| 34844348.000| 2.000] - [BINS(c->s)..: 9,2,3,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 4,2,2,1,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3] - [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,0] - [IATS(ms)....: 0.0,0.0,0.2,0.3,5.7,5.7,0.2,0.6,1.5,1.6,1.6,2.3,1.1,3.5,3.5,2.8,4.8,1.9,1.8,0.7,2.5,2.0,1.4,3.4,25963.2,26002.2,1164.0,1204.4,1.3,2.3,5.7] - [PKTLENS.....: 60,60,52,61,52,113,52,83,61,110,61,153,168,179,11131,52,105,543,373,366,243,52,21802,25200,52,110,52,126,133,125,130,143] - [ENTROPIES...: 4.4,4.8,4.6,4.4,4.6,5.2,4.6,4.9,4.5,5.2,4.5,5.4,4.9,5.4,3.8,4.6,5.3,5.0,5.2,4.8,4.9,4.7,5.2,4.6,4.7,5.4,4.7,5.4,4.9,5.5,5.1,5.3] - analyse: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 25.937| 2.293| 6.507| 42345709.961| 2.000] - [PKTLEN......: 52.000| 11498.000| 452.300| 1984.700| 3939065.000| 1.700] - [BINS(c->s)..: 10,2,4,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 8,2,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] - [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0] - [IATS(ms)....: 0.0,0.0,0.7,0.7,5.3,5.3,0.3,0.7,1.7,4.5,3.4,25897.1,25937.1,6.0,46.6,0.7,0.0,0.0,1.2,1.1,2.3,1.2,3.3,41.7,7689.9,7730.3,0.8,0.2,0.6,40.1,3670.2] - [PKTLENS.....: 60,60,52,61,52,113,52,83,61,126,11498,52,187,52,99,126,52,125,52,133,130,52,143,275,52,99,80,52,87,80,52,277] - [ENTROPIES...: 4.4,4.8,4.7,4.5,4.7,5.2,4.7,4.9,4.6,5.3,3.9,4.8,5.7,4.7,5.2,5.4,4.7,5.5,4.7,4.9,5.1,4.8,5.3,5.1,4.7,5.2,4.9,4.6,5.0,4.8,4.6,5.7] - end: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable] - end: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable] + new: [.....2] [ip4][..tcp] [.....198.18.0.3][37892] -> [.....198.18.0.2][.9042] + detected: [.....2] [ip4][..tcp] [.....198.18.0.3][37892] -> [.....198.18.0.2][.9042] [Cassandra][Unknown][Database][Acceptable] + new: [.....3] [ip4][..tcp] [.....198.18.0.2][37184] -> [.....198.18.0.3][.7000] + detected: [.....3] [ip4][..tcp] [.....198.18.0.2][37184] -> [.....198.18.0.3][.7000] [Cassandra][Unknown][Database][Acceptable] + idle: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable] + idle: [.....3] [ip4][..tcp] [.....198.18.0.2][37184] -> [.....198.18.0.3][.7000] [Cassandra][Unknown][Database][Acceptable] + idle: [.....2] [ip4][..tcp] [.....198.18.0.3][37892] -> [.....198.18.0.2][.9042] [Cassandra][Unknown][Database][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ceph.pcap.out b/test/results/flow-info/default/ceph.pcap.out new file mode 100644 index 000000000..8a4918bea --- /dev/null +++ b/test/results/flow-info/default/ceph.pcap.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.....10.0.3.249][35556] -> [......10.0.3.67][.6789] + detected: [.....1] [ip4][..tcp] [.....10.0.3.249][35556] -> [......10.0.3.67][.6789] [Ceph][Unknown][DataTransfer][Acceptable] + analyse: [.....1] [ip4][..tcp] [.....10.0.3.249][35556] -> [......10.0.3.67][.6789] [Ceph][Unknown][DataTransfer][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001|< 0.001|< 0.001|< 0.001| 0.014| 4.500] + [PKTLEN......: 52.000| 3519.000| 277.800| 606.300| 367642.900| 3.600] + [BINS(c->s)..: 8,1,0,2,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,2,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] + [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,0,1,1,0,1] + [IATS(ms)....: 0.1,0.1,0.2,0.3,0.0,0.1,0.0,0.1,0.0,0.1,0.1,0.1,0.0,0.1,0.1,0.2,0.0,0.2,0.4,0.4,0.4,0.3,0.2,0.0,0.1,0.3,0.0,0.4,0.1,0.1,0.1] + [PKTLENS.....: 60,60,52,61,52,61,52,324,188,85,52,78,61,187,61,675,52,160,207,342,331,529,159,675,147,52,187,169,52,3519,52,147] + [ENTROPIES...: 4.4,4.8,4.6,5.0,4.7,5.1,4.7,1.5,2.1,3.9,4.7,4.3,5.0,3.2,5.0,2.3,4.6,3.4,3.5,5.3,5.2,6.2,3.6,2.3,4.0,4.7,3.4,3.6,4.7,2.3,4.6,3.9] + end: [.....1] [ip4][..tcp] [.....10.0.3.249][35556] -> [......10.0.3.67][.6789] [Ceph][Unknown][DataTransfer][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/cip_io.pcap.out b/test/results/flow-info/default/cip_io.pcap.out new file mode 100644 index 000000000..ba388adec --- /dev/null +++ b/test/results/flow-info/default/cip_io.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...192.168.5.62][.2222] -> [...192.168.5.50][.2222] + detected: [.....1] [ip4][..udp] [...192.168.5.62][.2222] -> [...192.168.5.50][.2222] [CIP][Unknown][IoT-Scada][Acceptable] + idle: [.....1] [ip4][..udp] [...192.168.5.62][.2222] -> [...192.168.5.50][.2222] [CIP][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/corba.pcap.out b/test/results/flow-info/default/corba.pcap.out index 6a518cf84..63ee9b72b 100644 --- a/test/results/flow-info/default/corba.pcap.out +++ b/test/results/flow-info/default/corba.pcap.out @@ -1,13 +1,10 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [.....10.101.0.2][.8726] -> [.....10.102.0.2][..900] - detected: [.....1] [ip4][..tcp] [.....10.101.0.2][.8726] -> [.....10.102.0.2][..900] [Corba][Unknown][RPC][Acceptable] - new: [.....2] [ip4][..tcp] [.....10.101.0.2][.8727] -> [.....10.102.0.2][.1049] - detected: [.....2] [ip4][..tcp] [.....10.101.0.2][.8727] -> [.....10.102.0.2][.1049] [Corba][Unknown][RPC][Acceptable] - new: [.....3] [ip4][..tcp] [.....10.101.0.2][.8728] -> [.....10.102.0.2][61191] - detected: [.....3] [ip4][..tcp] [.....10.101.0.2][.8728] -> [.....10.102.0.2][61191] [Corba][Unknown][RPC][Acceptable] - end: [.....1] [ip4][..tcp] [.....10.101.0.2][.8726] -> [.....10.102.0.2][..900] [Corba][Unknown][RPC][Acceptable] - end: [.....2] [ip4][..tcp] [.....10.101.0.2][.8727] -> [.....10.102.0.2][.1049] [Corba][Unknown][RPC][Acceptable] - end: [.....3] [ip4][..tcp] [.....10.101.0.2][.8728] -> [.....10.102.0.2][61191] [Corba][Unknown][RPC][Acceptable] + new: [.....1] [ip4][..tcp] [......127.0.1.1][42717] -> [......127.0.1.1][56899] + detected: [.....1] [ip4][..tcp] [......127.0.1.1][42717] -> [......127.0.1.1][56899] [Corba][Unknown][RPC][Acceptable] + new: [.....2] [ip4][..udp] [....10.95.28.46][34477] -> [....10.95.28.46][15984] + detected: [.....2] [ip4][..udp] [....10.95.28.46][34477] -> [....10.95.28.46][15984] [Corba][Unknown][RPC][Acceptable] + idle: [.....2] [ip4][..udp] [....10.95.28.46][34477] -> [....10.95.28.46][15984] [Corba][Unknown][RPC][Acceptable] + idle: [.....1] [ip4][..tcp] [......127.0.1.1][42717] -> [......127.0.1.1][56899] [Corba][Unknown][RPC][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/custom_rules_ipv6.pcapng.out b/test/results/flow-info/default/custom_rules_ipv6.pcapng.out index 24767bdd3..dd120bb67 100644 --- a/test/results/flow-info/default/custom_rules_ipv6.pcapng.out +++ b/test/results/flow-info/default/custom_rules_ipv6.pcapng.out @@ -12,12 +12,18 @@ idle: [.....1] [ip6][..udp] [.........3ffe:507::1:200:86ff:fe05:80da][21554] -> [......................3ffe:501:4819::42][.5333] DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 1|guessed: 0|detection-updates: 0|updates: 0] - new: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] - new: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] + new: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12719] -> [................................ff02::1][26993] + new: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fedd:a1e2][12719] -> [................................ff02::1][26993] + new: [.....6] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] + new: [.....7] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] idle: [.....2] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][..100] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][.1991] [DTLS][Unknown][Web][Safe] idle: [.....3] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][36098] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][50621] [DTLS][Unknown][Web][Safe] - not-detected: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] [Unknown][Unknown][Unrated] - idle: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] - not-detected: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] [Unknown][Unknown][Unrated] - idle: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] + not-detected: [.....6] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] [Unknown][Unknown][Unrated] + idle: [.....6] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] + not-detected: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fedd:a1e2][12719] -> [................................ff02::1][26993] [Unknown][Unknown][Unrated] + idle: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fedd:a1e2][12719] -> [................................ff02::1][26993] + not-detected: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12719] -> [................................ff02::1][26993] [Unknown][Unknown][Unrated] + idle: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12719] -> [................................ff02::1][26993] + not-detected: [.....7] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] [Unknown][Unknown][Unrated] + idle: [.....7] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dcerpc.pcap.out b/test/results/flow-info/default/dcerpc.pcap.out index 936114a3b..2e89a37e8 100644 --- a/test/results/flow-info/default/dcerpc.pcap.out +++ b/test/results/flow-info/default/dcerpc.pcap.out @@ -2,15 +2,23 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.1.11][49155] -> [...192.168.1.20][34964] - detected: [.....1] [ip4][..udp] [...192.168.1.11][49155] -> [...192.168.1.20][34964] [RPC][Unknown][RPC][Acceptable] + detected: [.....1] [ip4][..udp] [...192.168.1.11][49155] -> [...192.168.1.20][34964] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port new: [.....2] [ip4][..udp] [...192.168.1.20][49161] -> [...192.168.1.11][49155] - detected: [.....2] [ip4][..udp] [...192.168.1.20][49161] -> [...192.168.1.11][49155] [RPC][Unknown][RPC][Acceptable] + detected: [.....2] [ip4][..udp] [...192.168.1.20][49161] -> [...192.168.1.11][49155] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port new: [.....3] [ip4][..udp] [...192.168.1.20][49162] -> [...192.168.1.11][34964] - detected: [.....3] [ip4][..udp] [...192.168.1.20][49162] -> [...192.168.1.11][34964] [RPC][Unknown][RPC][Acceptable] + detected: [.....3] [ip4][..udp] [...192.168.1.20][49162] -> [...192.168.1.11][34964] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port new: [.....4] [ip4][..udp] [...192.168.1.11][49154] -> [...192.168.1.20][49162] - detected: [.....4] [ip4][..udp] [...192.168.1.11][49154] -> [...192.168.1.20][49162] [RPC][Unknown][RPC][Acceptable] - idle: [.....4] [ip4][..udp] [...192.168.1.11][49154] -> [...192.168.1.20][49162] [RPC][Unknown][RPC][Acceptable] - idle: [.....2] [ip4][..udp] [...192.168.1.20][49161] -> [...192.168.1.11][49155] [RPC][Unknown][RPC][Acceptable] - idle: [.....1] [ip4][..udp] [...192.168.1.11][49155] -> [...192.168.1.20][34964] [RPC][Unknown][RPC][Acceptable] - idle: [.....3] [ip4][..udp] [...192.168.1.20][49162] -> [...192.168.1.11][34964] [RPC][Unknown][RPC][Acceptable] + detected: [.....4] [ip4][..udp] [...192.168.1.11][49154] -> [...192.168.1.20][49162] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....4] [ip4][..udp] [...192.168.1.11][49154] -> [...192.168.1.20][49162] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....2] [ip4][..udp] [...192.168.1.20][49161] -> [...192.168.1.11][49155] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [...192.168.1.11][49155] -> [...192.168.1.20][34964] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....3] [ip4][..udp] [...192.168.1.20][49162] -> [...192.168.1.11][34964] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dlms.pcap.out b/test/results/flow-info/default/dlms.pcap.out new file mode 100644 index 000000000..f1a09e549 --- /dev/null +++ b/test/results/flow-info/default/dlms.pcap.out @@ -0,0 +1,14 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.137.20][60797] -> [192.168.137.189][.4060] + detected: [.....1] [ip4][..tcp] [.192.168.137.20][60797] -> [192.168.137.189][.4060] [IEC62056][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Processed: 18 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..udp] [.......10.1.1.1] -> [.......10.2.2.2][.4059] + detected: [.....2] [ip4][..udp] [.......10.1.1.1] -> [.......10.2.2.2][.4059] [IEC62056][Unknown][IoT-Scada][Acceptable] + idle: [.....2] [ip4][..udp] [.......10.1.1.1] -> [.......10.2.2.2][.4059] [IEC62056][Unknown][IoT-Scada][Acceptable] + end: [.....1] [ip4][..tcp] [.192.168.137.20][60797] -> [192.168.137.189][.4060] [IEC62056][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns.pcap.out b/test/results/flow-info/default/dns.pcap.out new file mode 100644 index 000000000..9f35988ab --- /dev/null +++ b/test/results/flow-info/default/dns.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] + detected: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable][www.l.google.com] + DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + ERROR-EVENT: Unknown packet type [1/16] + ERROR-EVENT: Unknown packet type [2/16] + idle: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dtls_certificate_fragments.pcap.out b/test/results/flow-info/default/dtls_certificate_fragments.pcap.out index c296c1698..5f0932ae0 100644 --- a/test/results/flow-info/default/dtls_certificate_fragments.pcap.out +++ b/test/results/flow-info/default/dtls_certificate_fragments.pcap.out @@ -7,7 +7,7 @@ detection-update: [.....1] [ip4][..udp] [.10.186.198.149][39347] -> [..35.210.59.134][44443] [DTLS][GoogleCloud][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detection-update: [.....1] [ip4][..udp] [.10.186.198.149][39347] -> [..35.210.59.134][44443] [DTLS][GoogleCloud][Web][Safe] - RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert About To Expire + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] new: [.....2] [ip4][..udp] [...192.168.1.26][43594] -> [.104.153.87.149][50001] @@ -20,7 +20,7 @@ detection-update: [.....2] [ip4][..udp] [...192.168.1.26][43594] -> [.104.153.87.149][50001] [DTLS.Discord][Discord][Collaborative][Fun] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn idle: [.....1] [ip4][..udp] [.10.186.198.149][39347] -> [..35.210.59.134][44443] [DTLS][GoogleCloud][Web][Safe] - RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert About To Expire + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn idle: [.....2] [ip4][..udp] [...192.168.1.26][43594] -> [.104.153.87.149][50001] [DTLS.Discord][Discord][Collaborative][Fun] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/emotet.pcap.out b/test/results/flow-info/default/emotet.pcap.out index fc37e719e..7c0a683d7 100644 --- a/test/results/flow-info/default/emotet.pcap.out +++ b/test/results/flow-info/default/emotet.pcap.out @@ -13,7 +13,7 @@ [IATS(ms)....: 749.5,749.7,1106.3,1106.8,0.8,369.8,370.6,0.9,325.6,326.2,0.5,0.3,0.7,841.2,842.4,0.9,0.4,0.4,3054.7,3056.4,1.6,247.2,247.8,0.5,1205.1,1205.6,0.4,443.0,443.6,0.7,0.3] [PKTLENS.....: 52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738] [ENTROPIES...: 4.6,5.0,5.0,5.5,5.4,4.8,5.7,5.4,4.8,5.5,5.7,4.8,5.0,4.7,5.3,5.4,4.8,4.9,4.8,5.3,5.6,4.8,5.4,5.6,4.8,5.5,5.1,4.8,5.1,5.3,4.8,5.6] - DAEMON-EVENT: [Processed: 626 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Processed: 50 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable][fkl.co.ke] @@ -27,66 +27,36 @@ [IATS(ms)....: 115.8,115.9,0.3,0.5,204.2,0.1,204.4,0.4,0.2,0.6,0.2,0.2,0.4,0.2,0.5,0.7,0.2,0.2,0.5,115.0,0.2,115.3,0.3,0.3,0.6,9.2,0.2,9.5,0.5,0.2,0.7] [PKTLENS.....: 52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40] [ENTROPIES...: 4.7,4.9,4.7,5.8,4.6,7.4,7.7,4.7,7.8,7.8,4.7,7.8,7.9,4.7,7.8,7.9,4.8,7.8,7.9,4.7,7.9,7.8,4.8,7.9,7.9,4.8,7.9,7.8,4.7,7.8,7.8,4.8] - end: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable] - DAEMON-EVENT: [Processed: 834 pkts][ZLib][compressions: 0|diff: 0 / 0] + idle: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable] + DAEMON-EVENT: [Processed: 108 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] detected: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Web][Acceptable][gandhitoday.org] detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable][gandhitoday.org] RISK: Binary App Transfer - analyse: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 0.261| 0.031| 0.066| 4320.020| 3.000] - [PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100] - [BINS(c->s)..: 16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0] - [IATS(ms)....: 97.3,97.5,0.4,260.9,260.4,3.2,3.2,9.5,9.5,6.2,0.1,6.3,0.1,0.1,0.1,0.2,0.1,0.1,0.2,0.2,0.0,2.6,2.7,60.6,60.7,9.9,9.8,15.1,15.1,12.9,12.9] - [PKTLENS.....: 52,48,46,265,1428,46,1428,46,1428,46,1428,1428,46,1428,46,1428,46,1428,46,1428,46,46,1428,46,1428,46,1428,46,1428,46,1428,46] - [ENTROPIES...: 4.6,5.0,4.3,5.7,4.8,4.4,5.5,4.3,6.0,4.3,6.0,6.2,4.3,5.9,4.4,4.4,4.4,4.5,4.3,4.5,4.4,4.4,4.6,4.4,4.5,4.4,4.5,4.3,4.6,4.3,4.6,4.4] - end: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable] - DAEMON-EVENT: [Processed: 1663 pkts][ZLib][compressions: 0|diff: 0 / 0] + idle: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable] + DAEMON-EVENT: [Processed: 122 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] detected: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Web][Acceptable][filmmogzivota.rs] RISK: HTTP Susp User-Agent detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable][filmmogzivota.rs] RISK: Binary App Transfer, HTTP Susp User-Agent - analyse: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 0.292| 0.042| 0.080| 6342.811| 2.900] - [PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500] - [BINS(c->s)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,18,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0] - [IATS(ms)....: 184.2,184.5,0.2,171.8,120.6,0.1,0.1,292.2,2.7,0.1,0.1,0.1,2.9,2.7,0.1,0.1,3.0,164.7,0.1,0.1,164.8,2.8,0.1,0.1,3.0,2.9,0.1,0.1,0.2,3.2,0.1] - [PKTLENS.....: 52,52,46,192,46,612,1428,1428,46,1428,1428,1428,1100,46,1428,1428,1428,46,1428,1428,1428,46,1428,1428,1428,46,1428,1428,1428,1428,46,46] - [ENTROPIES...: 4.7,4.8,4.5,5.7,4.4,5.6,4.0,5.1,4.5,5.1,5.0,5.3,5.5,4.5,5.1,5.2,5.5,4.5,5.2,5.1,5.3,4.5,5.4,5.1,5.1,4.4,5.2,5.4,5.4,4.9,4.5,4.4] - end: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable] + idle: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable] RISK: Binary App Transfer new: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] detected: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - analyse: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700] - [PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200] - [BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0,1,1] - [IATS(ms)....: 109.4,109.6,14.1,123.8,13.2,122.9,52.7,132.9,80.3,6.5,151.9,1117.1,0.1,0.2,1262.5,0.1,2.9,0.1,3.1,96.9,0.1,96.9,3.1,0.1,0.2,0.1,3.3,0.0,0.1,2.9,0.1] - [PKTLENS.....: 52,52,46,189,46,1418,46,133,282,46,520,46,1428,1428,1428,46,46,1428,1428,52,1428,1428,60,1428,1428,1428,1428,60,60,60,1428,1428] - [ENTROPIES...: 4.7,4.9,4.5,5.4,4.6,7.5,4.6,5.9,7.1,4.5,7.5,4.5,7.9,7.9,7.9,4.5,4.5,7.9,7.9,5.0,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,5.1,5.1,7.8,7.9] new: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] detected: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detection-update: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - end: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable] + idle: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable] RISK: Binary App Transfer, HTTP Susp User-Agent - end: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe] + idle: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe] RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn end: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn diff --git a/test/results/flow-info/default/ethersbus.pcap.out b/test/results/flow-info/default/ethersbus.pcap.out new file mode 100644 index 000000000..41063fe2f --- /dev/null +++ b/test/results/flow-info/default/ethersbus.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...172.16.1.120][.2467] -> [...172.16.1.135][.5050] + detected: [.....1] [ip4][..udp] [...172.16.1.120][.2467] -> [...172.16.1.135][.5050] [Ether-S-Bus][Unknown][IoT-Scada][Acceptable] + idle: [.....1] [ip4][..udp] [...172.16.1.120][.2467] -> [...172.16.1.135][.5050] [Ether-S-Bus][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ethersio.pcap.out b/test/results/flow-info/default/ethersio.pcap.out new file mode 100644 index 000000000..473a30fa1 --- /dev/null +++ b/test/results/flow-info/default/ethersio.pcap.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [....172.23.2.27][.1024] -> [....172.23.2.15][.6060] + detected: [.....1] [ip4][..udp] [....172.23.2.27][.1024] -> [....172.23.2.15][.6060] [EtherSIO][Unknown][IoT-Scada][Acceptable] + analyse: [.....1] [ip4][..udp] [....172.23.2.27][.1024] -> [....172.23.2.15][.6060] [EtherSIO][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.111| 0.097| 0.019| 344.403| 4.900] + [PKTLEN......: 52.000| 77.000| 76.200| 4.300| 18.900| 5.000] + [BINS(c->s)..: 1,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 96.2,97.4,107.9,96.1,97.6,109.9,95.5,95.6,98.4,0.0,111.0,95.5,96.5,96.0,110.0,97.0,97.0,97.9,109.1,95.7,95.9,95.7,111.5,95.3,100.1,106.3,95.5,95.6,108.9,95.6,95.9] + [PKTLENS.....: 77,77,77,77,77,77,77,77,77,52,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77] + [ENTROPIES...: 3.4,3.3,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.7,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.4,3.3,3.4,3.4] + idle: [.....1] [ip4][..udp] [....172.23.2.27][.1024] -> [....172.23.2.15][.6060] [EtherSIO][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/exe_download.pcap.out b/test/results/flow-info/default/exe_download.pcap.out index a2ebfa4bd..ee5e346f4 100644 --- a/test/results/flow-info/default/exe_download.pcap.out +++ b/test/results/flow-info/default/exe_download.pcap.out @@ -6,16 +6,6 @@ RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable][144.91.69.195] RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server - analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 0.320| 0.062| 0.115| 13236.602| 3.000] - [PKTLEN......: 40.000| 1500.000| 854.500| 668.400| 446708.300| 4.400] - [BINS(c->s)..: 10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,2,0,0,8,0,0,7,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,1,1,0] - [IATS(ms)....: 319.3,319.5,0.7,1.1,298.1,0.0,298.6,1.6,0.1,1.8,2.4,2.7,0.0,5.0,0.2,28.6,0.1,28.9,100.7,305.8,0.0,0.0,0.1,205.2,0.2,0.2,0.7,0.0,0.0,0.0,0.7] - [PKTLENS.....: 52,44,40,193,40,1500,1308,40,1404,1404,40,1404,1500,1288,40,1404,1404,1404,40,40,1500,1500,1212,1404,40,1404,40,1500,1500,1500,1116,40] - [ENTROPIES...: 4.4,4.9,4.6,5.8,4.7,3.7,0.3,4.6,0.3,4.4,4.6,5.7,5.5,5.4,4.5,5.9,5.8,5.7,4.6,4.6,5.4,5.4,5.4,5.7,4.6,5.6,4.5,5.7,5.8,5.6,5.7,4.6] - end: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable] + idle: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable] RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/exe_download_as_png.pcap.out b/test/results/flow-info/default/exe_download_as_png.pcap.out index 5b64bcc92..89cec19cd 100644 --- a/test/results/flow-info/default/exe_download_as_png.pcap.out +++ b/test/results/flow-info/default/exe_download_as_png.pcap.out @@ -16,6 +16,6 @@ [IATS(ms)....: 400.2,400.5,0.2,0.7,612.7,0.0,613.0,0.4,0.5,0.8,0.4,0.5,0.9,1.1,0.4,1.6,0.4,0.7,1.1,417.7,1.4,0.1,419.5,0.7,0.4,0.9,2.6,0.2,2.8,26.6,0.3] [PKTLENS.....: 52,44,40,189,40,1500,1308,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404] [ENTROPIES...: 4.6,4.9,4.7,5.5,4.6,3.4,0.3,4.8,0.3,4.6,4.8,4.5,3.4,4.7,3.3,3.5,4.7,4.1,5.3,4.7,5.5,4.6,5.0,4.7,4.4,2.7,4.7,6.3,4.4,4.7,4.0,2.8] - end: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Unknown][Web][Acceptable] + idle: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Unknown][Web][Acceptable] RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/fins.pcap.out b/test/results/flow-info/default/fins.pcap.out new file mode 100644 index 000000000..ff2993285 --- /dev/null +++ b/test/results/flow-info/default/fins.pcap.out @@ -0,0 +1,37 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [....10.4.14.102][58722] -> [.10.130.130.130][.9600] + detected: [.....1] [ip4][..udp] [....10.4.14.102][58722] -> [.10.130.130.130][.9600] [FINS][Unknown][IoT-Scada][Acceptable] + analyse: [.....1] [ip4][..udp] [....10.4.14.102][58722] -> [.10.130.130.130][.9600] [FINS][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001|< 0.001|< 0.001|< 0.001|< 0.001| 5.000] + [PKTLEN......: 44.000| 65.000| 47.200| 3.500| 12.600| 5.000] + [BINS(c->s)..: 31,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0] + [PKTLENS.....: 46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,52,48,44,48,50,46,46,46,46,46,50,48,65] + [ENTROPIES...: 4.0,4.0,4.0,4.1,4.0,4.1,4.0,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.2,4.0,4.0,4.0,4.3,3.9,3.9,3.9,3.9,3.8,4.1,3.9,3.7] + DAEMON-EVENT: [Processed: 245 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + ERROR-EVENT: Captured packet size is smaller than expected packet size [1/16] + new: [.....2] [ip4][..tcp] [.....10.1.1.173][17134] -> [.....10.1.1.164][.9600] + ERROR-EVENT: Captured packet size is smaller than expected packet size [2/16] + ERROR-EVENT: Captured packet size is smaller than expected packet size [3/16] + ERROR-EVENT: Captured packet size is smaller than expected packet size [4/16] + detected: [.....2] [ip4][..tcp] [.....10.1.1.173][17134] -> [.....10.1.1.164][.9600] [FINS][Unknown][IoT-Scada][Acceptable] + ERROR-EVENT: Captured packet size is smaller than expected packet size [5/16] + ERROR-EVENT: Captured packet size is smaller than expected packet size [6/16] + ERROR-EVENT: Captured packet size is smaller than expected packet size [7/16] + ERROR-EVENT: Captured packet size is smaller than expected packet size [8/16] + ERROR-EVENT: Captured packet size is smaller than expected packet size [9/16] + ERROR-EVENT: Captured packet size is smaller than expected packet size [10/16] + idle: [.....1] [ip4][..udp] [....10.4.14.102][58722] -> [.10.130.130.130][.9600] [FINS][Unknown][IoT-Scada][Acceptable] + ERROR-EVENT: Captured packet size is smaller than expected packet size [1/16] + new: [.....3] [ip4][..udp] [.....10.1.1.173][54855] -> [.....10.1.1.164][.9600] + detected: [.....3] [ip4][..udp] [.....10.1.1.173][54855] -> [.....10.1.1.164][.9600] [FINS][Unknown][IoT-Scada][Acceptable] + ERROR-EVENT: Captured packet size is smaller than expected packet size [2/16] + end: [.....2] [ip4][..tcp] [.....10.1.1.173][17134] -> [.....10.1.1.164][.9600] [FINS][Unknown][IoT-Scada][Acceptable] + idle: [.....3] [ip4][..udp] [.....10.1.1.173][54855] -> [.....10.1.1.164][.9600] [FINS][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ftp.pcap.out b/test/results/flow-info/default/ftp.pcap.out index 2ac1ba2f7..d379ae187 100644 --- a/test/results/flow-info/default/ftp.pcap.out +++ b/test/results/flow-info/default/ftp.pcap.out @@ -29,7 +29,7 @@ [PKTLENS.....: 64,60,52,1492,64,1492,52,1492,52,1492,1492,52,1492,52,1492,1492,1492,52,52,1492,1492,52,1492,52,1492,1492,52,52,1492,52,1492,1492] [ENTROPIES...: 4.3,5.3,4.9,0.4,5.0,0.4,5.0,0.4,4.8,0.4,0.4,4.9,0.4,4.8,0.4,0.4,0.4,4.9,4.8,0.4,0.4,4.9,0.4,4.8,0.4,0.4,5.2,5.0,0.4,4.8,0.4,0.4] not-detected: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] [Unknown][Unknown][Unrated] - end: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] + idle: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] end: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Unknown][Download][Unsafe] RISK: Unsafe Protocol, Clear-Text Credentials end: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] [FTP_DATA][Unknown][Download][Acceptable] diff --git a/test/results/flow-info/default/gearman.pcap.out b/test/results/flow-info/default/gearman.pcap.out new file mode 100644 index 000000000..744bbed94 --- /dev/null +++ b/test/results/flow-info/default/gearman.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.80.1][23405] -> [.192.168.80.128][.4730] + detected: [.....1] [ip4][..tcp] [...192.168.80.1][23405] -> [.192.168.80.128][.4730] [Gearman][Unknown][RPC][Acceptable] + idle: [.....1] [ip4][..tcp] [...192.168.80.1][23405] -> [.192.168.80.128][.4730] [Gearman][Unknown][RPC][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/geforcenow.pcapng.out b/test/results/flow-info/default/geforcenow.pcapng.out index 5ade85c21..14a494319 100644 --- a/test/results/flow-info/default/geforcenow.pcapng.out +++ b/test/results/flow-info/default/geforcenow.pcapng.out @@ -26,9 +26,9 @@ detection-update: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable][] RISK: Known Proto on Non Std Port detection-update: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS][Nvidia][Safe] - RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detection-update: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun] - RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long + RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long analyse: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.690| 0.065| 0.136| 18500.616| 3.200] @@ -40,7 +40,7 @@ [PKTLENS.....: 124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105] [ENTROPIES...: 5.8,5.8,5.8,5.7,5.0,5.0,5.0,5.0,6.5,6.7,4.8,6.6,6.2,4.4,3.8,5.3,6.0,5.8,6.4,6.3,5.9,6.0,5.4,6.0,6.2,6.1,5.4,5.6,5.8,6.1,5.7,6.1] idle: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun] - RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long + RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long idle: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out index 61a725470..6314c8103 100644 --- a/test/results/flow-info/default/gnutella.pcap.out +++ b/test/results/flow-info/default/gnutella.pcap.out @@ -3063,16 +3063,20 @@ idle: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [....31] [ip4][..tcp] [......10.0.2.15][50193] -> [....89.75.52.19][46010] [Unknown][Unknown][Unrated] + RISK: TCP Connection Issues end: [....31] [ip4][..tcp] [......10.0.2.15][50193] -> [....89.75.52.19][46010] idle: [...322] [ip4][..udp] [......10.0.2.15][28681] -> [..45.88.117.219][.6909] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [....28] [ip4][..tcp] [......10.0.2.15][50190] -> [..80.140.63.147][29545] [Unknown][Unknown][Unrated] + RISK: TCP Connection Issues end: [....28] [ip4][..tcp] [......10.0.2.15][50190] -> [..80.140.63.147][29545] idle: [...314] [ip4][..udp] [......10.0.2.15][28681] -> [..71.237.202.91][16117] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [....30] [ip4][..tcp] [......10.0.2.15][50192] -> [....45.65.87.24][16201] [Unknown][Unknown][Unrated] + RISK: TCP Connection Issues end: [....30] [ip4][..tcp] [......10.0.2.15][50192] -> [....45.65.87.24][16201] not-detected: [....29] [ip4][..tcp] [......10.0.2.15][50191] -> [.207.38.163.228][.6778] [Unknown][Unknown][Unrated] + RISK: TCP Connection Issues end: [....29] [ip4][..tcp] [......10.0.2.15][50191] -> [.207.38.163.228][.6778] update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol @@ -3476,6 +3480,7 @@ idle: [...357] [ip4][..udp] [......10.0.2.15][28681] -> [...98.35.85.238][32173] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [....90] [ip4][..tcp] [......10.0.2.15][50245] -> [..73.62.225.181][46843] [Unknown][Unknown][Unrated] + RISK: TCP Connection Issues end: [....90] [ip4][..tcp] [......10.0.2.15][50245] -> [..73.62.225.181][46843] idle: [...318] [ip4][..udp] [......10.0.2.15][28681] -> [173.183.183.110][59920] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol diff --git a/test/results/flow-info/default/google_chat.pcapng.out b/test/results/flow-info/default/google_chat.pcapng.out new file mode 100644 index 000000000..de9cf78c8 --- /dev/null +++ b/test/results/flow-info/default/google_chat.pcapng.out @@ -0,0 +1,8 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.88.231][46172] -> [..142.251.1.100][..443] + detected: [.....1] [ip4][..tcp] [.192.168.88.231][46172] -> [..142.251.1.100][..443] [TLS.GoogleChat][Google][Chat][Acceptable][chat.google.com] + detection-update: [.....1] [ip4][..tcp] [.192.168.88.231][46172] -> [..142.251.1.100][..443] [TLS.GoogleChat][Google][Chat][Acceptable][chat.google.com] + idle: [.....1] [ip4][..tcp] [.192.168.88.231][46172] -> [..142.251.1.100][..443] [TLS.GoogleChat][Google][Chat][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/google_meet.pcapng.out b/test/results/flow-info/default/google_meet.pcapng.out new file mode 100644 index 000000000..98b6ef56f --- /dev/null +++ b/test/results/flow-info/default/google_meet.pcapng.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.88.231][43268] -> [.173.194.73.101][..443] + detected: [.....1] [ip4][..tcp] [.192.168.88.231][43268] -> [.173.194.73.101][..443] [TLS.GoogleMeet][Google][Chat][Acceptable][meet.google.com] + detection-update: [.....1] [ip4][..tcp] [.192.168.88.231][43268] -> [.173.194.73.101][..443] [TLS.GoogleMeet][Google][Chat][Acceptable][meet.google.com] + new: [.....2] [ip4][..udp] [.192.168.88.231][59369] -> [.173.194.73.101][..443] + detected: [.....2] [ip4][..udp] [.192.168.88.231][59369] -> [.173.194.73.101][..443] [QUIC.GoogleMeet][Google][Chat][Acceptable][meet.google.com] + idle: [.....2] [ip4][..udp] [.192.168.88.231][59369] -> [.173.194.73.101][..443] [QUIC.GoogleMeet][Google][Chat][Acceptable] + idle: [.....1] [ip4][..tcp] [.192.168.88.231][43268] -> [.173.194.73.101][..443] [TLS.GoogleMeet][Google][Chat][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/gquic_only_from_server.pcap.out b/test/results/flow-info/default/gquic_only_from_server.pcap.out new file mode 100644 index 000000000..ba5a45e21 --- /dev/null +++ b/test/results/flow-info/default/gquic_only_from_server.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] + detected: [.....1] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable] + idle: [.....1] [ip4][..udp] [...213.202.7.26][..443] -> [..10.189.122.71][60524] [QUIC][Unknown][Web][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/h323_tcp.pcap.out b/test/results/flow-info/default/h323_tcp.pcap.out new file mode 100644 index 000000000..4b14e2046 --- /dev/null +++ b/test/results/flow-info/default/h323_tcp.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......10.1.6.18][.1720] -> [.....10.1.3.143][32803] + detected: [.....1] [ip4][..tcp] [......10.1.6.18][.1720] -> [.....10.1.3.143][32803] [H323][Unknown][VoIP][Acceptable] + idle: [.....1] [ip4][..tcp] [......10.1.6.18][.1720] -> [.....10.1.3.143][32803] [H323][Unknown][VoIP][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/hart_ip.pcap.out b/test/results/flow-info/default/hart_ip.pcap.out new file mode 100644 index 000000000..f525a0654 --- /dev/null +++ b/test/results/flow-info/default/hart_ip.pcap.out @@ -0,0 +1,23 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.0.101][49905] -> [...192.168.0.10][.5094] + detected: [.....1] [ip4][..udp] [..192.168.0.101][49905] -> [...192.168.0.10][.5094] [HART-IP][Unknown][IoT-Scada][Acceptable] + new: [.....2] [ip4][..udp] [...192.168.0.10][.5095] -> [..192.168.0.101][49905] + detected: [.....2] [ip4][..udp] [...192.168.0.10][.5095] -> [..192.168.0.101][49905] [HART-IP][Unknown][IoT-Scada][Acceptable] + new: [.....3] [ip4][..tcp] [..192.168.0.101][49559] -> [...192.168.0.10][.5094] + detected: [.....3] [ip4][..tcp] [..192.168.0.101][49559] -> [...192.168.0.10][.5094] [HART-IP][Unknown][IoT-Scada][Acceptable] + analyse: [.....3] [ip4][..tcp] [..192.168.0.101][49559] -> [...192.168.0.10][.5094] [HART-IP][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.053| 0.028| 0.023| 521.776| 4.400] + [PKTLEN......: 40.000| 96.000| 56.600| 16.000| 257.100| 4.900] + [BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 5,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] + [IATS(ms)....: 0.5,0.6,0.1,0.5,6.6,7.0,40.7,44.4,3.9,48.1,52.6,4.4,47.6,51.7,4.2,47.7,52.1,4.4,47.7,52.2,4.3,47.6,51.3,3.8,48.3,52.1,3.8,48.3,52.1,3.7,48.2] + [PKTLENS.....: 52,52,40,53,46,53,40,53,77,40,57,64,40,57,67,40,57,83,40,61,96,40,57,83,40,57,80,40,57,91,40,57] + [ENTROPIES...: 4.6,4.7,4.6,4.5,4.3,4.5,4.6,4.4,4.8,4.6,4.5,4.6,4.4,4.6,4.7,4.6,4.6,4.5,4.5,4.7,4.7,4.5,4.7,5.6,4.6,4.7,3.9,4.6,4.7,4.2,4.6,4.7] + idle: [.....1] [ip4][..udp] [..192.168.0.101][49905] -> [...192.168.0.10][.5094] [HART-IP][Unknown][IoT-Scada][Acceptable] + idle: [.....2] [ip4][..udp] [...192.168.0.10][.5095] -> [..192.168.0.101][49905] [HART-IP][Unknown][IoT-Scada][Acceptable] + end: [.....3] [ip4][..tcp] [..192.168.0.101][49559] -> [...192.168.0.10][.5094] [HART-IP][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/hislip.pcap.out b/test/results/flow-info/default/hislip.pcap.out new file mode 100644 index 000000000..20829674f --- /dev/null +++ b/test/results/flow-info/default/hislip.pcap.out @@ -0,0 +1,56 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [....10.64.0.127][51053] -> [.....10.64.0.72][.4880] + detected: [.....1] [ip4][..tcp] [....10.64.0.127][51053] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + new: [.....2] [ip4][..tcp] [....10.64.0.127][51054] -> [.....10.64.0.72][.4880] + detected: [.....2] [ip4][..tcp] [....10.64.0.127][51054] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + new: [.....3] [ip4][..tcp] [....10.64.0.127][51055] -> [.....10.64.0.72][.4880] + detected: [.....3] [ip4][..tcp] [....10.64.0.127][51055] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + new: [.....4] [ip4][..tcp] [....10.64.0.127][51056] -> [.....10.64.0.72][.4880] + detected: [.....4] [ip4][..tcp] [....10.64.0.127][51056] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + analyse: [.....4] [ip4][..tcp] [....10.64.0.127][51056] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 19.039| 5.872| 6.792| 46137172.034| 3.900] + [PKTLEN......: 40.000| 94.000| 52.400| 10.800| 117.400| 5.000] + [BINS(c->s)..: 20,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0] + [IATS(ms)....: 0.2,0.3,14.8,15.0,0.3,0.3,217.9,3286.1,3504.1,208.2,10280.3,10488.4,202.6,18835.9,19038.6,211.1,3164.6,3375.7,204.9,18603.8,18610.2,8174.3,8385.6,202.7,7510.4,7713.1,211.3,16164.1,16375.4,215.5,6808.2] + [PKTLENS.....: 52,52,40,56,56,64,64,40,56,56,40,56,56,40,94,56,40,56,56,40,56,40,56,56,40,56,56,40,56,56,40,56] + [ENTROPIES...: 4.2,4.9,4.2,3.8,4.2,3.5,4.0,4.2,3.8,4.0,4.2,3.7,4.1,4.2,4.8,4.0,4.2,3.8,4.0,4.2,4.3,4.2,3.7,4.1,4.2,4.0,3.9,4.2,4.0,3.9,4.2,4.0] + analyse: [.....2] [ip4][..tcp] [....10.64.0.127][51054] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 30.221| 11.502| 11.630| 135266715.042| 4.100] + [PKTLEN......: 40.000| 94.000| 51.800| 10.700| 114.400| 5.000] + [BINS(c->s)..: 18,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1] + [IATS(ms)....: 0.2,0.3,14.8,15.1,0.4,0.3,217.9,13272.9,13259.6,13350.3,13554.9,221.3,22465.6,22686.9,200.5,2983.6,3184.1,214.3,30221.2,30007.2,24848.2,24848.5,211.0,6444.7,6655.7,200.7,18636.3,18641.5,30200.4,29994.8,30014.7] + [PKTLENS.....: 52,52,40,56,56,64,64,40,56,40,56,56,40,56,56,40,94,56,40,46,52,56,56,40,56,56,40,56,40,46,52,46] + [ENTROPIES...: 4.2,4.7,4.3,3.9,4.1,3.5,3.9,4.3,4.3,4.3,3.8,4.0,4.2,4.0,4.0,4.3,4.9,4.0,4.2,4.1,4.4,4.1,3.9,4.2,4.1,4.0,4.2,4.2,4.2,4.1,4.4,4.1] + analyse: [.....3] [ip4][..tcp] [....10.64.0.127][51055] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 30.224| 10.753| 11.914| 141939022.234| 4.000] + [PKTLEN......: 40.000| 81.000| 55.100| 11.500| 131.200| 5.000] + [BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1] + [IATS(ms)....: 0.2,0.4,15.4,15.6,202.7,30224.3,30021.9,21890.5,21890.7,221.3,2690.2,2911.5,0.2,0.4,30016.5,30016.5,22101.3,22101.6,211.1,5004.6,5215.8,205.6,30216.1,30010.9,15065.1,15272.5,6292.5,6085.3,219.3,2500.5,2719.8] + [PKTLENS.....: 52,52,40,63,56,40,46,52,66,69,40,66,56,81,40,46,52,66,69,40,66,69,40,46,52,56,46,66,69,40,66,56] + [ENTROPIES...: 4.2,4.8,4.2,4.3,3.9,4.2,4.1,4.2,4.4,4.6,4.2,4.5,4.2,5.1,4.2,4.1,4.2,4.5,4.6,4.2,4.5,4.6,4.2,4.0,4.3,4.1,4.1,4.4,4.7,4.2,4.4,4.2] + analyse: [.....1] [ip4][..tcp] [....10.64.0.127][51053] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 30.237| 14.395| 13.485| 181848479.105| 4.100] + [PKTLEN......: 40.000| 103.000| 54.900| 14.000| 195.000| 5.000] + [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 11,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0] + [IATS(ms)....: 0.2,0.4,10.8,11.1,202.7,4710.7,4913.4,218.8,8156.7,8375.5,0.2,0.5,7975.4,7975.7,215.7,30237.0,30021.5,30014.8,30014.8,29999.1,29999.1,21560.7,21561.0,0.2,0.5,30013.1,30013.1,30014.7,30014.7,29999.2,29999.2] + [PKTLENS.....: 52,52,40,63,56,40,62,103,40,66,56,81,40,66,69,40,46,52,46,52,46,52,66,56,81,40,46,52,46,52,46,52] + [ENTROPIES...: 4.2,4.8,4.3,4.4,4.1,4.3,4.3,5.3,4.1,4.5,4.3,5.1,4.2,4.5,4.7,4.1,3.9,4.2,3.9,4.2,3.9,4.2,4.4,4.3,5.1,4.2,4.1,4.3,4.1,4.3,4.1,4.3] + end: [.....1] [ip4][..tcp] [....10.64.0.127][51053] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + end: [.....2] [ip4][..tcp] [....10.64.0.127][51054] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + end: [.....3] [ip4][..tcp] [....10.64.0.127][51055] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + end: [.....4] [ip4][..tcp] [....10.64.0.127][51056] -> [.....10.64.0.72][.4880] [HiSLIP][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/hl7.pcap.out b/test/results/flow-info/default/hl7.pcap.out new file mode 100644 index 000000000..d71c07a79 --- /dev/null +++ b/test/results/flow-info/default/hl7.pcap.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.....10.0.0.155][49242] -> [.....10.0.0.126][.6661] + detected: [.....1] [ip4][..tcp] [.....10.0.0.155][49242] -> [.....10.0.0.126][.6661] [HL7][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....1] [ip4][..tcp] [.....10.0.0.155][49242] -> [.....10.0.0.126][.6661] [HL7][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http.pcapng.out b/test/results/flow-info/default/http.pcapng.out new file mode 100644 index 000000000..b36af79c7 --- /dev/null +++ b/test/results/flow-info/default/http.pcapng.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.128][42170] -> [.216.58.208.142][...80] + detected: [.....1] [ip4][..tcp] [..192.168.1.128][42170] -> [.216.58.208.142][...80] [HTTP.Google][Google][Web][Acceptable][google.com] + end: [.....1] [ip4][..tcp] [..192.168.1.128][42170] -> [.216.58.208.142][...80] [HTTP.Google][Google][Web][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ieee_c37118.pcap.out b/test/results/flow-info/default/ieee_c37118.pcap.out new file mode 100644 index 000000000..3a8c1f282 --- /dev/null +++ b/test/results/flow-info/default/ieee_c37118.pcap.out @@ -0,0 +1,32 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.0.20][36835] -> [..192.168.0.241][.4712] + detected: [.....1] [ip4][..tcp] [...192.168.0.20][36835] -> [..192.168.0.241][.4712] [IEEE-C37118][Unknown][IoT-Scada][Acceptable] + analyse: [.....1] [ip4][..tcp] [...192.168.0.20][36835] -> [..192.168.0.241][.4712] [IEEE-C37118][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.040| 0.018| 0.013| 176.295| 4.500] + [PKTLEN......: 52.000| 186.000| 81.600| 31.500| 989.700| 4.900] + [BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 3,14,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0] + [IATS(ms)....: 1.2,1.3,0.2,1.8,0.7,2.3,1.0,1.8,1.0,20.1,39.0,19.9,2.8,19.9,19.9,20.0,39.1,20.0,20.2,38.0,20.0,20.0,40.0,19.9,22.6,20.2,20.1,37.5,19.9,20.0,40.0] + [PKTLENS.....: 60,64,52,70,52,186,52,70,52,106,106,52,106,52,106,52,106,52,106,106,52,106,106,52,106,52,106,106,52,106,106,52] + [ENTROPIES...: 4.5,5.0,4.9,4.7,5.0,4.4,4.9,4.7,5.0,5.7,5.6,5.0,5.6,5.0,5.7,5.0,5.7,5.0,5.7,5.6,4.9,5.6,5.6,4.9,5.6,4.9,5.7,5.6,5.0,5.6,5.6,5.0] + DAEMON-EVENT: [Processed: 417 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..udp] [...192.168.0.10][.4712] -> [...192.168.0.60][.4713] + detected: [.....2] [ip4][..udp] [...192.168.0.10][.4712] -> [...192.168.0.60][.4713] [IEEE-C37118][Unknown][IoT-Scada][Acceptable] + analyse: [.....2] [ip4][..udp] [...192.168.0.10][.4712] -> [...192.168.0.60][.4713] [IEEE-C37118][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.020| 0.318| 0.042| 0.073| 5330.315| 3.900] + [PKTLEN......: 46.000| 402.000| 83.400| 57.900| 3351.100| 4.800] + [BINS(c->s)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,28,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] + [IATS(ms)....: 316.8,318.0,54.4,59.6,20.2,20.0,19.8,20.0,20.0,20.2,19.8,20.0,20.2,19.8,20.2,19.8,20.0,20.0,20.0,20.2,19.8,20.0,20.0,20.0,20.2,19.8,20.0,20.0,20.0,20.2,19.8] + [PKTLENS.....: 46,46,402,46,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76] + [ENTROPIES...: 4.4,4.2,4.1,4.4,4.9,4.9,5.0,4.8,4.9,4.9,5.0,5.0,5.0,4.9,5.0,4.9,4.9,4.9,5.0,5.0,5.0,4.8,5.0,4.9,5.1,4.8,4.8,4.9,4.9,4.9,4.9,4.9] + end: [.....1] [ip4][..tcp] [...192.168.0.20][36835] -> [..192.168.0.241][.4712] [IEEE-C37118][Unknown][IoT-Scada][Acceptable] + idle: [.....2] [ip4][..udp] [...192.168.0.10][.4712] -> [...192.168.0.60][.4713] [IEEE-C37118][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ip_fragmented_garbage.pcap.out b/test/results/flow-info/default/ip_fragmented_garbage.pcap.out index f36ccbffb..5b3cf27e9 100644 --- a/test/results/flow-info/default/ip_fragmented_garbage.pcap.out +++ b/test/results/flow-info/default/ip_fragmented_garbage.pcap.out @@ -21,87 +21,12 @@ new: [.....2] [ip4][..tcp] [.......10.0.0.2][18730] -> [.....10.128.0.2][20304] [MIDSTREAM] new: [.....3] [ip4][..tcp] [.......10.0.0.2][.9253] -> [.....10.128.0.2][24102] new: [.....4] [ip4][..tcp] [.......10.0.0.2][16417] -> [.....10.128.0.2][16419] - new: [.....5] [ip4][..tcp] [.......10.0.0.2][21029] -> [.....10.128.0.2][22878] [MIDSTREAM] - new: [.....6] [ip4][..tcp] [.......10.0.0.2][24101] -> [.....10.128.0.2][.9251] - new: [.....7] [ip4][..tcp] [.......10.0.0.2][10790] -> [.....10.128.0.2][24101] - new: [.....8] [ip4][..tcp] [.......10.0.0.2][.9508] -> [.....10.128.0.2][.8995] - new: [.....9] [ip4][..tcp] [.......10.0.0.2][13617] -> [.....10.128.0.2][10536] [MIDSTREAM] - new: [....10] [ip4][..tcp] [.......10.0.0.2][14387] -> [.....10.128.0.2][14646] [MIDSTREAM] - new: [....11] [ip4][..tcp] [.......10.0.0.2][18248] -> [.....10.128.0.2][19019] [MIDSTREAM] - new: [....12] [ip4][..tcp] [.......10.0.0.2][13105] -> [.....10.128.0.2][14648] [MIDSTREAM] - new: [....13] [ip4][..tcp] [.......10.0.0.2][16243] -> [.....10.128.0.2][21055] - new: [....14] [ip4][..tcp] [.......10.0.0.2][17458] -> [.....10.128.0.2][10790] [MIDSTREAM] - new: [....15] [ip4][..tcp] [.......10.0.0.2][.2612] -> [.....10.128.0.2][12849] [MIDSTREAM] - new: [....16] [ip4][..tcp] [.......10.0.0.2][16199] -> [.....10.128.0.2][21055] - new: [....17] [ip4][..tcp] [.......10.0.0.2][19273] -> [.....10.128.0.2][19016] [MIDSTREAM] - new: [....18] [ip4][..tcp] [.......10.0.0.2][.9566] -> [.....10.128.0.2][18498] [MIDSTREAM] - new: [....19] [ip4][..tcp] [.......10.0.0.2][11892] -> [.....10.128.0.2][26470] - new: [....20] [ip4][..tcp] [.......10.0.0.2][.9508] -> [.....10.128.0.2][.8998] - new: [....21] [ip4][..tcp] [.......10.0.0.2][13362] -> [.....10.128.0.2][12596] [MIDSTREAM] - new: [....22] [ip4][..tcp] [.......10.0.0.2][18258] -> [.....10.128.0.2][16199] [MIDSTREAM] - new: [....23] [ip4][..tcp] [.......10.0.0.2][18762] -> [.....10.128.0.2][18503] - new: [....24] [ip4][..tcp] [.......10.0.0.2][24136] -> [.....10.128.0.2][16967] [MIDSTREAM] - new: [....25] [ip4][..tcp] [.......10.0.0.2][29799] -> [.....10.128.0.2][26228] - new: [....26] [ip4][..tcp] [.......10.0.0.2][.9251] -> [.....10.128.0.2][.9770] - new: [....27] [ip4][..tcp] [.......10.0.0.2][17751] -> [.....10.128.0.2][.9024] - new: [....28] [ip4][..tcp] [.......10.0.0.2][27502] -> [.....10.128.0.2][30307] - new: [....29] [ip4][..tcp] [.......10.0.0.2][10792] -> [.....10.128.0.2][10790] not-detected: [.....4] [ip4][..tcp] [.......10.0.0.2][16417] -> [.....10.128.0.2][16419] [Unknown][Unknown][Unrated] end: [.....4] [ip4][..tcp] [.......10.0.0.2][16417] -> [.....10.128.0.2][16419] - not-detected: [.....8] [ip4][..tcp] [.......10.0.0.2][.9508] -> [.....10.128.0.2][.8995] [Unknown][Unknown][Unrated] - idle: [.....8] [ip4][..tcp] [.......10.0.0.2][.9508] -> [.....10.128.0.2][.8995] - not-detected: [....20] [ip4][..tcp] [.......10.0.0.2][.9508] -> [.....10.128.0.2][.8998] [Unknown][Unknown][Unrated] - idle: [....20] [ip4][..tcp] [.......10.0.0.2][.9508] -> [.....10.128.0.2][.8998] - not-detected: [.....7] [ip4][..tcp] [.......10.0.0.2][10790] -> [.....10.128.0.2][24101] [Unknown][Unknown][Unrated] - end: [.....7] [ip4][..tcp] [.......10.0.0.2][10790] -> [.....10.128.0.2][24101] not-detected: [.....1] [ip4][..tcp] [.......10.0.0.2][24102] -> [.....10.128.0.2][10792] [Unknown][Unknown][Unrated] end: [.....1] [ip4][..tcp] [.......10.0.0.2][24102] -> [.....10.128.0.2][10792] not-detected: [.....2] [ip4][..tcp] [.......10.0.0.2][18730] -> [.....10.128.0.2][20304] [Unknown][Unknown][Unrated] end: [.....2] [ip4][..tcp] [.......10.0.0.2][18730] -> [.....10.128.0.2][20304] - not-detected: [....24] [ip4][..tcp] [.......10.0.0.2][24136] -> [.....10.128.0.2][16967] [Unknown][Unknown][Unrated] - end: [....24] [ip4][..tcp] [.......10.0.0.2][24136] -> [.....10.128.0.2][16967] - not-detected: [....27] [ip4][..tcp] [.......10.0.0.2][17751] -> [.....10.128.0.2][.9024] [Unknown][Unknown][Unrated] - idle: [....27] [ip4][..tcp] [.......10.0.0.2][17751] -> [.....10.128.0.2][.9024] - not-detected: [....10] [ip4][..tcp] [.......10.0.0.2][14387] -> [.....10.128.0.2][14646] [Unknown][Unknown][Unrated] - end: [....10] [ip4][..tcp] [.......10.0.0.2][14387] -> [.....10.128.0.2][14646] - not-detected: [....16] [ip4][..tcp] [.......10.0.0.2][16199] -> [.....10.128.0.2][21055] [Unknown][Unknown][Unrated] - end: [....16] [ip4][..tcp] [.......10.0.0.2][16199] -> [.....10.128.0.2][21055] - not-detected: [....23] [ip4][..tcp] [.......10.0.0.2][18762] -> [.....10.128.0.2][18503] [Unknown][Unknown][Unrated] - idle: [....23] [ip4][..tcp] [.......10.0.0.2][18762] -> [.....10.128.0.2][18503] - not-detected: [....11] [ip4][..tcp] [.......10.0.0.2][18248] -> [.....10.128.0.2][19019] [Unknown][Unknown][Unrated] - end: [....11] [ip4][..tcp] [.......10.0.0.2][18248] -> [.....10.128.0.2][19019] - not-detected: [....13] [ip4][..tcp] [.......10.0.0.2][16243] -> [.....10.128.0.2][21055] [Unknown][Unknown][Unrated] - end: [....13] [ip4][..tcp] [.......10.0.0.2][16243] -> [.....10.128.0.2][21055] - not-detected: [....28] [ip4][..tcp] [.......10.0.0.2][27502] -> [.....10.128.0.2][30307] [Unknown][Unknown][Unrated] - idle: [....28] [ip4][..tcp] [.......10.0.0.2][27502] -> [.....10.128.0.2][30307] - not-detected: [.....6] [ip4][..tcp] [.......10.0.0.2][24101] -> [.....10.128.0.2][.9251] [Unknown][Unknown][Unrated] - end: [.....6] [ip4][..tcp] [.......10.0.0.2][24101] -> [.....10.128.0.2][.9251] not-detected: [.....3] [ip4][..tcp] [.......10.0.0.2][.9253] -> [.....10.128.0.2][24102] [Unknown][Unknown][Unrated] end: [.....3] [ip4][..tcp] [.......10.0.0.2][.9253] -> [.....10.128.0.2][24102] - not-detected: [....26] [ip4][..tcp] [.......10.0.0.2][.9251] -> [.....10.128.0.2][.9770] [Unknown][Unknown][Unrated] - idle: [....26] [ip4][..tcp] [.......10.0.0.2][.9251] -> [.....10.128.0.2][.9770] - not-detected: [....25] [ip4][..tcp] [.......10.0.0.2][29799] -> [.....10.128.0.2][26228] [Unknown][Unknown][Unrated] - idle: [....25] [ip4][..tcp] [.......10.0.0.2][29799] -> [.....10.128.0.2][26228] - not-detected: [.....5] [ip4][..tcp] [.......10.0.0.2][21029] -> [.....10.128.0.2][22878] [Unknown][Unknown][Unrated] - idle: [.....5] [ip4][..tcp] [.......10.0.0.2][21029] -> [.....10.128.0.2][22878] - not-detected: [....29] [ip4][..tcp] [.......10.0.0.2][10792] -> [.....10.128.0.2][10790] [Unknown][Unknown][Unrated] - idle: [....29] [ip4][..tcp] [.......10.0.0.2][10792] -> [.....10.128.0.2][10790] - not-detected: [....15] [ip4][..tcp] [.......10.0.0.2][.2612] -> [.....10.128.0.2][12849] [Unknown][Unknown][Unrated] - end: [....15] [ip4][..tcp] [.......10.0.0.2][.2612] -> [.....10.128.0.2][12849] - not-detected: [....12] [ip4][..tcp] [.......10.0.0.2][13105] -> [.....10.128.0.2][14648] [Unknown][Unknown][Unrated] - end: [....12] [ip4][..tcp] [.......10.0.0.2][13105] -> [.....10.128.0.2][14648] - not-detected: [....21] [ip4][..tcp] [.......10.0.0.2][13362] -> [.....10.128.0.2][12596] [Unknown][Unknown][Unrated] - end: [....21] [ip4][..tcp] [.......10.0.0.2][13362] -> [.....10.128.0.2][12596] - not-detected: [....17] [ip4][..tcp] [.......10.0.0.2][19273] -> [.....10.128.0.2][19016] [Unknown][Unknown][Unrated] - idle: [....17] [ip4][..tcp] [.......10.0.0.2][19273] -> [.....10.128.0.2][19016] - not-detected: [....18] [ip4][..tcp] [.......10.0.0.2][.9566] -> [.....10.128.0.2][18498] [Unknown][Unknown][Unrated] - end: [....18] [ip4][..tcp] [.......10.0.0.2][.9566] -> [.....10.128.0.2][18498] - not-detected: [....19] [ip4][..tcp] [.......10.0.0.2][11892] -> [.....10.128.0.2][26470] [Unknown][Unknown][Unrated] - end: [....19] [ip4][..tcp] [.......10.0.0.2][11892] -> [.....10.128.0.2][26470] - not-detected: [....14] [ip4][..tcp] [.......10.0.0.2][17458] -> [.....10.128.0.2][10790] [Unknown][Unknown][Unrated] - end: [....14] [ip4][..tcp] [.......10.0.0.2][17458] -> [.....10.128.0.2][10790] - not-detected: [.....9] [ip4][..tcp] [.......10.0.0.2][13617] -> [.....10.128.0.2][10536] [Unknown][Unknown][Unrated] - end: [.....9] [ip4][..tcp] [.......10.0.0.2][13617] -> [.....10.128.0.2][10536] - not-detected: [....22] [ip4][..tcp] [.......10.0.0.2][18258] -> [.....10.128.0.2][16199] [Unknown][Unknown][Unrated] - end: [....22] [ip4][..tcp] [.......10.0.0.2][18258] -> [.....10.128.0.2][16199] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/iso9506-1-mms.pcap.out b/test/results/flow-info/default/iso9506-1-mms.pcap.out new file mode 100644 index 000000000..24a0b0eaa --- /dev/null +++ b/test/results/flow-info/default/iso9506-1-mms.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...172.16.0.101][.1345] -> [...172.16.202.5][..102] + detected: [.....1] [ip4][..tcp] [...172.16.0.101][.1345] -> [...172.16.202.5][..102] [ISO9506-1-MMS][Unknown][IoT-Scada][Acceptable] + end: [.....1] [ip4][..tcp] [...172.16.0.101][.1345] -> [...172.16.202.5][..102] [ISO9506-1-MMS][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/jsonrpc.pcap.out b/test/results/flow-info/default/jsonrpc.pcap.out new file mode 100644 index 000000000..45d58b5c8 --- /dev/null +++ b/test/results/flow-info/default/jsonrpc.pcap.out @@ -0,0 +1,13 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......127.0.0.1][36646] -> [......127.0.0.1][.8080] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][36646] -> [......127.0.0.1][.8080] [JSON-RPC][Unknown][RPC][Acceptable] + new: [.....2] [ip4][..tcp] [..192.168.8.251][51084] -> [.179.99.210.200][...80] + detected: [.....2] [ip4][..tcp] [..192.168.8.251][51084] -> [.179.99.210.200][...80] [HTTP.JSON-RPC][Unknown][RPC][Acceptable][mdotti.dyndns.org] + detection-update: [.....2] [ip4][..tcp] [..192.168.8.251][51084] -> [.179.99.210.200][...80] [HTTP.JSON-RPC][Unknown][RPC][Acceptable][mdotti.dyndns.org] + RISK: HTTP Obsolete Server + idle: [.....2] [ip4][..tcp] [..192.168.8.251][51084] -> [.179.99.210.200][...80] [HTTP.JSON-RPC][Unknown][RPC][Acceptable] + RISK: HTTP Obsolete Server + end: [.....1] [ip4][..tcp] [......127.0.0.1][36646] -> [......127.0.0.1][.8080] [JSON-RPC][Unknown][RPC][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/kafka.pcapng.out b/test/results/flow-info/default/kafka.pcapng.out new file mode 100644 index 000000000..370172211 --- /dev/null +++ b/test/results/flow-info/default/kafka.pcapng.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......127.0.0.1][46136] -> [......127.0.0.1][.9092] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][46136] -> [......127.0.0.1][.9092] [Kafka][Unknown][RPC][Acceptable] + end: [.....1] [ip4][..tcp] [......127.0.0.1][46136] -> [......127.0.0.1][.9092] [Kafka][Unknown][RPC][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/kcp.pcap.out b/test/results/flow-info/default/kcp.pcap.out new file mode 100644 index 000000000..afc41c6ec --- /dev/null +++ b/test/results/flow-info/default/kcp.pcap.out @@ -0,0 +1,35 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..udp] [....................................::1][47356] -> [....................................::1][.8000] + detected: [.....1] [ip6][..udp] [....................................::1][47356] -> [....................................::1][.8000] [KCP][Unknown][Network][Acceptable] + analyse: [.....1] [ip6][..udp] [....................................::1][47356] -> [....................................::1][.8000] [KCP][Unknown][Network][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.000| 0.196| 0.321| 102808.969| 3.600] + [PKTLEN......: 72.000| 1520.000| 522.500| 630.900| 398013.800| 4.000] + [BINS(c->s)..: 1,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0] + [BINS(s->c)..: 1,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,1,0,0,0] + [IATS(ms)....: 10.1,20.1,0.0,20.2,59.6,69.8,99.9,99.9,99.9,99.8,90.9,90.9,100.0,100.1,109.9,109.8,399.3,0.0,399.3,0.3,10.1,0.0,10.1,990.7,990.4,990.1,0.0,999.9,9.7,109.5,0.0] + [PKTLENS.....: 1520,72,1520,1176,96,104,104,104,104,104,104,104,104,104,104,104,104,1520,104,104,72,1520,1176,96,104,104,1520,1520,104,104,1520,1520] + [ENTROPIES...: 7.9,1.9,7.9,7.9,2.0,1.8,2.3,1.8,2.3,1.8,2.3,1.8,2.3,1.8,2.3,1.9,2.4,7.9,1.9,2.4,2.0,7.9,7.9,2.1,2.2,2.7,7.9,7.9,2.2,2.7,7.9,7.9] + new: [.....2] [ip6][..udp] [....................................::1][47988] -> [....................................::1][54548] + detected: [.....2] [ip6][..udp] [....................................::1][47988] -> [....................................::1][54548] [KCP][Unknown][Network][Acceptable] + new: [.....3] [ip6][..udp] [....................................::1][52761] -> [....................................::1][.8661] + detected: [.....3] [ip6][..udp] [....................................::1][52761] -> [....................................::1][.8661] [KCP][Unknown][Network][Acceptable] + new: [.....4] [ip6][..udp] [....................................::1][14077] -> [....................................::1][32425] + detected: [.....4] [ip6][..udp] [....................................::1][14077] -> [....................................::1][32425] [KCP][Unknown][Network][Acceptable] + new: [.....5] [ip6][..udp] [....................................::1][61499] -> [....................................::1][15990] + detected: [.....5] [ip6][..udp] [....................................::1][61499] -> [....................................::1][15990] [KCP][Unknown][Network][Acceptable] + new: [.....6] [ip6][..udp] [....................................::1][47270] -> [....................................::1][52845] + detected: [.....6] [ip6][..udp] [....................................::1][47270] -> [....................................::1][52845] [KCP][Unknown][Network][Acceptable] + new: [.....7] [ip6][..udp] [....................................::1][43926] -> [....................................::1][41488] + detected: [.....7] [ip6][..udp] [....................................::1][43926] -> [....................................::1][41488] [KCP][Unknown][Network][Acceptable] + idle: [.....1] [ip6][..udp] [....................................::1][47356] -> [....................................::1][.8000] [KCP][Unknown][Network][Acceptable] + idle: [.....2] [ip6][..udp] [....................................::1][47988] -> [....................................::1][54548] [KCP][Unknown][Network][Acceptable] + idle: [.....7] [ip6][..udp] [....................................::1][43926] -> [....................................::1][41488] [KCP][Unknown][Network][Acceptable] + idle: [.....4] [ip6][..udp] [....................................::1][14077] -> [....................................::1][32425] [KCP][Unknown][Network][Acceptable] + idle: [.....5] [ip6][..udp] [....................................::1][61499] -> [....................................::1][15990] [KCP][Unknown][Network][Acceptable] + idle: [.....6] [ip6][..udp] [....................................::1][47270] -> [....................................::1][52845] [KCP][Unknown][Network][Acceptable] + idle: [.....3] [ip6][..udp] [....................................::1][52761] -> [....................................::1][.8661] [KCP][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/lru_ipv6_caches.pcapng.out b/test/results/flow-info/default/lru_ipv6_caches.pcapng.out index a0e16d76a..9fb54e98e 100644 --- a/test/results/flow-info/default/lru_ipv6_caches.pcapng.out +++ b/test/results/flow-info/default/lru_ipv6_caches.pcapng.out @@ -4,6 +4,10 @@ new: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] detected: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable][] new: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] + detected: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port + detection-update: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] new: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] detected: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable] @@ -16,8 +20,6 @@ new: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] detected: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port - detected: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic detection-update: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] diff --git a/test/results/flow-info/default/mining.pcapng.out b/test/results/flow-info/default/mining.pcapng.out new file mode 100644 index 000000000..92210b196 --- /dev/null +++ b/test/results/flow-info/default/mining.pcapng.out @@ -0,0 +1,68 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] + detected: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + analyse: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] [Mining][Unknown][Mining][Unsafe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 9.791| 1.953| 3.005| 9028300.177| 3.500] + [PKTLEN......: 40.000| 283.000| 131.100| 104.000| 10823.600| 4.600] + [BINS(c->s)..: 11,0,4,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 5,1,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0] + [IATS(ms)....: 18.4,18.5,27.7,27.7,25.8,11.4,0.0,37.2,8.3,48.3,236.6,209.3,12.6,9755.4,9791.3,235.5,2439.8,2440.1,7323.7,7588.5,64.9,25.7,10.3,234.7,3831.8,3833.1,885.3,890.1,5008.7,5252.5,238.4] + [PKTLENS.....: 52,46,40,46,214,46,79,283,40,121,283,40,283,40,121,283,40,283,40,188,46,121,46,283,40,283,40,283,40,121,283,40] + [ENTROPIES...: 4.4,4.2,4.7,4.4,5.6,4.6,5.4,5.2,4.6,5.3,5.2,4.7,5.2,4.7,5.3,5.2,4.7,5.1,4.7,4.6,4.7,5.4,4.7,5.2,4.7,5.2,4.8,5.2,4.7,5.3,5.1,4.8] + DAEMON-EVENT: [Processed: 209 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] + detected: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + end: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + analyse: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 50.191| 6.014| 12.034| 144808530.149| 3.200] + [PKTLEN......: 52.000| 355.000| 142.600| 98.900| 9779.100| 4.700] + [BINS(c->s)..: 9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1] + [IATS(ms)....: 82.7,82.7,0.2,82.6,1.5,84.0,12149.8,12261.6,111.7,2618.8,2732.4,113.5,6931.2,7044.0,112.8,7848.9,7848.9,48786.2,308.4,320.0,608.0,50191.4,0.1,0.0,41.7,210.6,4833.2,4833.2,8034.7,8116.9,41.4] + [PKTLENS.....: 60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115] + [ENTROPIES...: 4.8,5.3,5.2,6.2,5.2,5.3,5.1,5.5,5.5,5.1,5.5,5.5,5.2,5.6,5.5,5.1,5.3,4.9,5.4,5.4,5.5,5.4,5.1,5.2,5.2,5.5,5.0,5.3,5.2,5.5,5.2,5.6] + new: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] + detected: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + new: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] + detected: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + analyse: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 71.693| 7.500| 18.614| 346464978.993| 2.400] + [PKTLEN......: 52.000| 1500.000| 358.800| 549.100| 301531.900| 3.700] + [BINS(c->s)..: 8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0] + [BINS(s->c)..: 10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1] + [IATS(ms)....: 80.3,80.3,0.1,83.2,0.0,83.1,0.1,81.0,0.0,80.9,0.3,118.0,882.3,1042.5,71569.6,0.2,71693.1,0.0,0.7,81.6,32242.2,0.2,32323.4,1.5,82.5,7433.0,7432.9,3511.8,0.2,3592.7,1.0] + [PKTLENS.....: 60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77] + [ENTROPIES...: 4.7,5.3,5.1,5.8,5.3,5.7,5.3,6.1,5.7,5.9,5.1,5.8,5.3,5.0,5.2,4.5,4.3,5.3,5.3,5.7,5.2,4.5,4.3,5.4,5.7,5.2,4.9,5.2,4.5,4.3,5.4,5.7] + DAEMON-EVENT: [Processed: 450 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 3 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + analyse: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 170.525| 32.857| 51.784| 2681624034.542| 3.400] + [PKTLEN......: 40.000| 1484.000| 223.600| 347.600| 120860.400| 3.900] + [BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0] + [BINS(s->c)..: 4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1] + [IATS(ms)....: 308.1,308.2,0.2,308.1,0.0,308.0,0.7,308.7,0.0,308.0,0.1,346.7,653.9,1043.1,114411.2,114368.8,308.6,308.5,36863.2,36863.2,20419.9,20419.9,170525.4,170525.4,113243.5,113243.5,35871.3,35871.3,15564.6,0.2,15873.5] + [PKTLENS.....: 60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46] + [ENTROPIES...: 4.8,4.9,4.8,5.7,4.5,5.4,4.8,5.9,5.4,5.7,4.8,5.5,4.5,4.8,4.8,4.8,4.8,4.7,4.8,4.8,4.8,4.8,4.9,4.8,4.9,4.7,4.9,4.7,4.8,4.5,4.2,4.5] + idle: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + idle: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + idle: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] + RISK: Unsafe Protocol + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/monero.pcap.out b/test/results/flow-info/default/monero.pcap.out index 42fc32249..863005d42 100644 --- a/test/results/flow-info/default/monero.pcap.out +++ b/test/results/flow-info/default/monero.pcap.out @@ -1,36 +1,16 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] - detected: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - new: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] - detected: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 71.693| 7.500| 18.614| 346464978.993| 2.400] - [PKTLEN......: 52.000| 1500.000| 358.800| 549.100| 301531.900| 3.700] - [BINS(c->s)..: 8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0] - [BINS(s->c)..: 10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1] - [IATS(ms)....: 80.3,80.3,0.1,83.2,0.0,83.1,0.1,81.0,0.0,80.9,0.3,118.0,882.3,1042.5,71569.6,0.2,71693.1,0.0,0.7,81.6,32242.2,0.2,32323.4,1.5,82.5,7433.0,7432.9,3511.8,0.2,3592.7,1.0] - [PKTLENS.....: 60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77] - [ENTROPIES...: 4.7,5.3,5.1,5.8,5.3,5.7,5.3,6.1,5.7,5.9,5.1,5.8,5.3,5.0,5.2,4.5,4.3,5.3,5.3,5.7,5.2,4.5,4.3,5.4,5.7,5.2,4.9,5.2,4.5,4.3,5.4,5.7] - analyse: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 170.525| 32.857| 51.784| 2681624034.542| 3.400] - [PKTLEN......: 40.000| 1484.000| 223.600| 347.600| 120860.400| 3.900] - [BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0] - [BINS(s->c)..: 4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1] - [IATS(ms)....: 308.1,308.2,0.2,308.1,0.0,308.0,0.7,308.7,0.0,308.0,0.1,346.7,653.9,1043.1,114411.2,114368.8,308.6,308.5,36863.2,36863.2,20419.9,20419.9,170525.4,170525.4,113243.5,113243.5,35871.3,35871.3,15564.6,0.2,15873.5] - [PKTLENS.....: 60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46] - [ENTROPIES...: 4.8,4.9,4.8,5.7,4.5,5.4,4.8,5.9,5.4,5.7,4.8,5.5,4.5,4.8,4.8,4.8,4.8,4.7,4.8,4.8,4.8,4.8,4.9,4.8,4.9,4.7,4.9,4.7,4.8,4.5,4.2,4.5] - DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - idle: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + new: [.....1] [ip4][..tcp] [..192.168.2.100][48882] -> [...159.69.36.66][18080] + detected: [.....1] [ip4][..tcp] [..192.168.2.100][48882] -> [...159.69.36.66][18080] [Monero][Unknown][Crypto_Currency][Acceptable] + new: [.....2] [ip4][..tcp] [..192.168.2.100][39378] -> [....78.56.22.89][18080] + detected: [.....2] [ip4][..tcp] [..192.168.2.100][39378] -> [....78.56.22.89][18080] [Monero][Unknown][Crypto_Currency][Acceptable] + new: [.....3] [ip4][..tcp] [..192.168.2.100][42810] -> [..62.210.127.86][18080] + detected: [.....3] [ip4][..tcp] [..192.168.2.100][42810] -> [..62.210.127.86][18080] [Monero][Unknown][Crypto_Currency][Acceptable] + new: [.....4] [ip4][..tcp] [..192.168.2.100][38004] -> [...100.42.27.58][18085] + detected: [.....4] [ip4][..tcp] [..192.168.2.100][38004] -> [...100.42.27.58][18085] [Monero][Unknown][Crypto_Currency][Acceptable] + idle: [.....3] [ip4][..tcp] [..192.168.2.100][42810] -> [..62.210.127.86][18080] [Monero][Unknown][Crypto_Currency][Acceptable] + idle: [.....2] [ip4][..tcp] [..192.168.2.100][39378] -> [....78.56.22.89][18080] [Monero][Unknown][Crypto_Currency][Acceptable] + idle: [.....1] [ip4][..tcp] [..192.168.2.100][48882] -> [...159.69.36.66][18080] [Monero][Unknown][Crypto_Currency][Acceptable] + idle: [.....4] [ip4][..tcp] [..192.168.2.100][38004] -> [...100.42.27.58][18085] [Monero][Unknown][Crypto_Currency][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mumble.pcapng.out b/test/results/flow-info/default/mumble.pcapng.out new file mode 100644 index 000000000..1403a45d4 --- /dev/null +++ b/test/results/flow-info/default/mumble.pcapng.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.88.208][50085] -> [...5.39.185.162][64738] + new: [.....2] [ip4][..udp] [.192.168.88.208][50085] -> [.87.122.110.156][64738] + detected: [.....1] [ip4][..udp] [.192.168.88.208][50085] -> [...5.39.185.162][64738] [Mumble][Unknown][VoIP][Fun] + detected: [.....2] [ip4][..udp] [.192.168.88.208][50085] -> [.87.122.110.156][64738] [Mumble][Unknown][VoIP][Fun] + new: [.....3] [ip4][..tcp] [.192.168.88.208][50059] -> [.151.101.66.217][..443] + detected: [.....3] [ip4][..tcp] [.192.168.88.208][50059] -> [.151.101.66.217][..443] [TLS.Mumble][Unknown][VoIP][Fun][publist.mumble.info] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [.....3] [ip4][..tcp] [.192.168.88.208][50059] -> [.151.101.66.217][..443] [TLS.Mumble][Unknown][VoIP][Fun][publist.mumble.info] + RISK: TLS (probably) Not Carrying HTTPS + idle: [.....1] [ip4][..udp] [.192.168.88.208][50085] -> [...5.39.185.162][64738] [Mumble][Unknown][VoIP][Fun] + idle: [.....3] [ip4][..tcp] [.192.168.88.208][50059] -> [.151.101.66.217][..443] [TLS.Mumble][Unknown][VoIP][Fun] + RISK: TLS (probably) Not Carrying HTTPS + idle: [.....2] [ip4][..udp] [.192.168.88.208][50085] -> [.87.122.110.156][64738] [Mumble][Unknown][VoIP][Fun] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mysql-8.pcap.out b/test/results/flow-info/default/mysql-8.pcap.out deleted file mode 100644 index fd867ebd8..000000000 --- a/test/results/flow-info/default/mysql-8.pcap.out +++ /dev/null @@ -1,12 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [..192.168.1.105][.8738] -> [...10.42.18.198][.3306] - detected: [.....1] [ip4][..tcp] [..192.168.1.105][.8738] -> [...10.42.18.198][.3306] [MySQL][Unknown][Database][Acceptable] - DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....2] [ip4][..tcp] [..192.168.20.80][47044] -> [.192.168.20.108][.3306] - detected: [.....2] [ip4][..tcp] [..192.168.20.80][47044] -> [.192.168.20.108][.3306] [MySQL][Unknown][Database][Acceptable] - idle: [.....1] [ip4][..tcp] [..192.168.1.105][.8738] -> [...10.42.18.198][.3306] [MySQL][Unknown][Database][Acceptable] - end: [.....2] [ip4][..tcp] [..192.168.20.80][47044] -> [.192.168.20.108][.3306] [MySQL][Unknown][Database][Acceptable] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mysql.pcapng.out b/test/results/flow-info/default/mysql.pcapng.out new file mode 100644 index 000000000..6c2a11518 --- /dev/null +++ b/test/results/flow-info/default/mysql.pcapng.out @@ -0,0 +1,12 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.88.231][36732] -> [.192.168.88.201][.3306] + detected: [.....1] [ip4][..tcp] [.192.168.88.231][36732] -> [.192.168.88.201][.3306] [MySQL][Unknown][Database][Acceptable] + DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..tcp] [.192.168.88.231][36272] -> [.192.168.88.200][.3306] + detected: [.....2] [ip4][..tcp] [.192.168.88.231][36272] -> [.192.168.88.200][.3306] [MySQL][Unknown][Database][Acceptable] + end: [.....2] [ip4][..tcp] [.192.168.88.231][36272] -> [.192.168.88.200][.3306] [MySQL][Unknown][Database][Acceptable] + end: [.....1] [ip4][..tcp] [.192.168.88.231][36732] -> [.192.168.88.201][.3306] [MySQL][Unknown][Database][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/nomachine.pcapng.out b/test/results/flow-info/default/nomachine.pcapng.out new file mode 100644 index 000000000..5e7a8cbb9 --- /dev/null +++ b/test/results/flow-info/default/nomachine.pcapng.out @@ -0,0 +1,24 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.88.231][48084] -> [.192.168.88.208][.4000] + detected: [.....1] [ip4][..tcp] [.192.168.88.231][48084] -> [.192.168.88.208][.4000] [NoMachine][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + analyse: [.....1] [ip4][..tcp] [.192.168.88.231][48084] -> [.192.168.88.208][.4000] [NoMachine][Unknown][RemoteAccess][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.638| 0.177| 0.449| 201543.221| 2.300] + [PKTLEN......: 40.000| 1281.000| 114.500| 213.600| 45617.600| 4.000] + [BINS(c->s)..: 13,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 3,8,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1] + [IATS(ms)....: 0.2,0.2,0.3,43.9,970.9,1014.5,2.7,11.4,49.9,1596.3,1638.1,0.6,0.8,0.8,0.1,0.1,0.1,0.8,42.2,71.3,29.8,0.0,0.0,0.1,0.1,0.6,0.6,0.2,0.1,0.3,0.2] + [PKTLENS.....: 60,52,40,52,40,51,40,170,1281,40,166,91,40,113,40,77,40,162,162,40,103,40,109,40,77,119,91,40,77,93,40,77] + [ENTROPIES...: 4.8,5.0,4.7,5.2,4.9,5.2,4.7,5.3,7.6,4.8,6.5,5.9,4.8,6.2,4.8,5.7,4.8,6.7,6.7,4.7,6.0,4.6,6.2,4.7,5.7,6.4,6.0,4.7,5.7,6.0,4.7,5.7] + new: [.....2] [ip4][..udp] [.192.168.88.231][56019] -> [.192.168.88.208][.4000] + detected: [.....2] [ip4][..udp] [.192.168.88.231][56019] -> [.192.168.88.208][.4000] [NoMachine][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + idle: [.....2] [ip4][..udp] [.192.168.88.231][56019] -> [.192.168.88.208][.4000] [NoMachine][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + end: [.....1] [ip4][..tcp] [.192.168.88.231][48084] -> [.192.168.88.208][.4000] [NoMachine][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/opc-ua.pcap.out b/test/results/flow-info/default/opc-ua.pcap.out new file mode 100644 index 000000000..81cf62203 --- /dev/null +++ b/test/results/flow-info/default/opc-ua.pcap.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......127.0.0.1][57420] -> [......127.0.0.1][.4840] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][57420] -> [......127.0.0.1][.4840] [OPC-UA][Unknown][IoT-Scada][Acceptable] + analyse: [.....1] [ip4][..tcp] [......127.0.0.1][57420] -> [......127.0.0.1][.4840] [OPC-UA][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001|< 0.001|< 0.001|< 0.001| 0.002| 4.800] + [PKTLEN......: 52.000| 660.000| 127.300| 136.700| 18687.800| 4.500] + [BINS(c->s)..: 9,1,1,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 10,0,2,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0] + [IATS(ms)....: 0.1,0.1,0.0,0.1,0.1,0.1,0.1,0.1,0.2,0.1,0.2,0.2,0.2,0.1,0.1,0.1,0.2,0.1,0.1,0.1,0.1,0.1,0.2,0.1,0.1,0.1,0.1,0.1,0.1,0.0,0.1] + [PKTLENS.....: 64,64,52,52,108,52,80,52,184,52,187,52,145,52,556,52,218,52,660,52,213,52,148,52,179,52,123,52,185,52,128,52] + [ENTROPIES...: 3.8,4.5,4.4,4.4,4.5,4.4,4.0,4.4,4.6,4.4,4.8,4.4,4.6,4.4,5.2,4.5,4.6,4.5,5.5,4.5,4.9,4.5,5.0,4.5,4.5,4.4,4.2,4.5,4.6,4.5,4.2,4.5] + end: [.....1] [ip4][..tcp] [......127.0.0.1][57420] -> [......127.0.0.1][.4840] [OPC-UA][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/openflow.pcap.out b/test/results/flow-info/default/openflow.pcap.out new file mode 100644 index 000000000..1b83b2f49 --- /dev/null +++ b/test/results/flow-info/default/openflow.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.107.110.12.153][49234] -> [.107.110.12.153][.6653] + detected: [.....1] [ip4][..tcp] [.107.110.12.153][49234] -> [.107.110.12.153][.6653] [OpenFlow][Unknown][Network][Acceptable] + end: [.....1] [ip4][..tcp] [.107.110.12.153][49234] -> [.107.110.12.153][.6653] [OpenFlow][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/openvpn-tlscrypt.pcap.out b/test/results/flow-info/default/openvpn-tlscrypt.pcap.out new file mode 100644 index 000000000..02cb58b96 --- /dev/null +++ b/test/results/flow-info/default/openvpn-tlscrypt.pcap.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + ERROR-EVENT: Unknown datalink layer packet [1/16] + ERROR-EVENT: Unknown datalink layer packet [2/16] + ERROR-EVENT: Unknown datalink layer packet [3/16] + ERROR-EVENT: Unknown datalink layer packet [4/16] + ERROR-EVENT: Unknown datalink layer packet [5/16] + ERROR-EVENT: Unknown datalink layer packet [6/16] + ERROR-EVENT: Unknown datalink layer packet [7/16] + ERROR-EVENT: Unknown datalink layer packet [8/16] + ERROR-EVENT: Unknown datalink layer packet [9/16] + ERROR-EVENT: Unknown datalink layer packet [10/16] + ERROR-EVENT: Unknown datalink layer packet [11/16] + ERROR-EVENT: Unknown datalink layer packet [12/16] + ERROR-EVENT: Unknown datalink layer packet [13/16] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/openvpn.pcap.out b/test/results/flow-info/default/openvpn.pcap.out index ede367ca0..b75018661 100644 --- a/test/results/flow-info/default/openvpn.pcap.out +++ b/test/results/flow-info/default/openvpn.pcap.out @@ -1,10 +1,34 @@ DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] - detected: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable] + new: [.....1] [ip4][..udp] [..192.168.75.18][60201] -> [.166.161.181.18][..443] + new: [.....2] [ip4][..udp] [.69.197.143.179][..443] -> [......10.0.2.15][60201] + detected: [.....2] [ip4][..udp] [.69.197.143.179][..443] -> [......10.0.2.15][60201] [OpenVPN][Unknown][VPN][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detected: [.....1] [ip4][..udp] [..192.168.75.18][60201] -> [.166.161.181.18][..443] [OpenVPN][Unknown][VPN][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + DAEMON-EVENT: [Processed: 21 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] + detected: [.....3] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] [OpenVPN][Unknown][VPN][Acceptable] + analyse: [.....3] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] [OpenVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.014| 0.075| 0.247| 61045.854| 1.800] + [PKTLEN......: 52.000| 400.000| 115.400| 89.500| 8001.300| 4.700] + [BINS(c->s)..: 14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0] + [IATS(ms)....: 0.2,0.4,1013.4,1014.5,3.6,5.5,3.3,44.9,41.0,0.5,0.3,40.4,40.4,1.0,18.1,17.8,0.4,0.3,37.1,37.3,0.3,0.3,0.3,0.2,0.3,0.3,0.2,0.3,0.2,0.2,0.2] + [PKTLENS.....: 60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76] + [ENTROPIES...: 4.6,5.1,5.0,5.2,5.1,5.2,5.0,5.4,5.1,5.3,5.0,5.3,4.9,5.3,5.0,5.8,5.0,5.4,5.3,5.0,6.4,5.3,6.6,5.4,6.7,5.4,6.0,5.3,5.8,5.4,6.9,5.3] + idle: [.....2] [ip4][..udp] [.69.197.143.179][..443] -> [......10.0.2.15][60201] [OpenVPN][Unknown][VPN][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [..192.168.75.18][60201] -> [.166.161.181.18][..443] [OpenVPN][Unknown][VPN][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + DAEMON-EVENT: [Processed: 216 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] + detected: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable] RISK: Known Proto on Non Std Port - analyse: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable] + analyse: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.998| 0.088| 0.234| 54526.591| 2.700] [PKTLEN......: 52.000| 357.000| 140.300| 75.300| 5671.500| 4.800] @@ -14,12 +38,13 @@ [IATS(ms)....: 54.9,55.0,945.3,997.7,0.5,52.9,0.2,76.4,76.2,41.0,2.7,0.1,43.9,0.1,0.2,0.3,40.5,40.5,41.0,41.0,0.1,0.1,0.3,41.0,41.0,40.3,40.3,0.5,0.1,0.6,40.1] [PKTLENS.....: 60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196] [ENTROPIES...: 4.6,5.1,4.9,5.5,5.1,5.6,4.9,5.8,5.1,5.7,5.1,6.0,6.1,5.7,6.5,6.7,5.0,6.6,6.2,6.4,5.7,6.7,6.7,4.8,6.1,6.1,6.4,5.8,6.6,6.8,5.0,6.4] - DAEMON-EVENT: [Processed: 95 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] - detected: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + idle: [.....3] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] [OpenVPN][Unknown][VPN][Acceptable] + DAEMON-EVENT: [Processed: 311 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] + detected: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] RISK: Known Proto on Non Std Port - analyse: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + analyse: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.196| 0.045| 0.060| 3547.546| 3.900] [PKTLEN......: 70.000| 331.000| 126.400| 58.600| 3436.100| 4.900] @@ -29,14 +54,14 @@ [IATS(ms)....: 195.2,195.8,0.8,177.2,176.2,0.5,0.5,0.5,0.4,0.5,0.5,98.5,98.6,29.6,29.6,19.8,19.8,0.4,0.5,50.1,50.0,29.9,30.0,20.3,20.2,9.5,9.5,38.3,38.3,31.9,31.9] [PKTLENS.....: 70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78] [ENTROPIES...: 5.3,5.5,5.7,5.6,5.9,5.6,6.0,5.7,6.6,5.7,6.7,5.7,6.6,5.7,6.4,5.7,6.6,5.6,6.6,5.7,6.0,5.6,6.4,5.7,6.6,5.6,6.6,5.6,6.3,5.7,6.5,5.7] - idle: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable] + idle: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable] RISK: Known Proto on Non Std Port - DAEMON-EVENT: [Processed: 178 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] - detected: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + DAEMON-EVENT: [Processed: 394 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] + detected: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] RISK: Known Proto on Non Std Port - analyse: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + analyse: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 2.242| 0.188| 0.537| 288658.031| 2.400] [PKTLEN......: 70.000| 331.000| 123.300| 58.900| 3466.400| 4.900] @@ -46,8 +71,40 @@ [IATS(ms)....: 2195.9,2242.5,46.7,0.1,203.1,15.1,218.1,0.6,0.6,0.5,0.5,3.5,3.5,185.2,185.2,0.4,0.4,39.5,39.5,9.4,9.4,82.3,82.3,3.8,3.8,34.2,34.2,15.7,15.7,74.3,74.3] [PKTLENS.....: 70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78] [ENTROPIES...: 5.2,5.3,5.4,5.5,5.6,5.5,5.8,5.6,6.1,5.5,6.6,5.5,6.7,5.6,6.6,5.5,6.4,5.6,6.7,5.5,6.5,5.6,6.0,5.6,6.3,5.6,6.6,5.6,6.6,5.5,6.4,5.6] - idle: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + idle: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Processed: 514 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] + detected: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + analyse: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 2.241| 0.219| 0.513| 263196.672| 2.800] + [PKTLEN......: 46.000| 1228.000| 227.900| 364.900| 133184.400| 3.900] + [BINS(c->s)..: 5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1] + [IATS(ms)....: 216.1,332.2,5.8,3.4,337.9,58.0,0.1,0.1,0.1,307.1,10.0,20.5,1960.2,1.5,0.6,2241.1,1.7,0.7,299.0,1.5,2.3,0.2,300.0,2.0,1.3,0.7,338.5,1.2,1.5,0.3,340.9] + [PKTLENS.....: 46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50] + [ENTROPIES...: 4.7,4.8,5.0,5.3,4.5,5.1,7.4,6.7,7.7,7.6,5.0,5.1,5.1,5.4,5.5,5.6,5.1,5.1,5.1,5.7,5.7,5.9,5.8,5.1,5.2,5.1,5.1,6.5,6.6,5.9,6.1,5.1] + idle: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] RISK: Known Proto on Non Std Port - idle: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable] + DAEMON-EVENT: [Processed: 614 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....8] [ip4][..tcp] [......127.0.0.1][36138] -> [......127.0.0.1][..443] + detected: [.....8] [ip4][..tcp] [......127.0.0.1][36138] -> [......127.0.0.1][..443] [OpenVPN][Unknown][VPN][Acceptable] + RISK: Known Proto on Non Std Port + analyse: [.....8] [ip4][..tcp] [......127.0.0.1][36138] -> [......127.0.0.1][..443] [OpenVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.222| 0.027| 0.055| 2999.563| 3.100] + [PKTLEN......: 40.000| 1500.000| 296.700| 446.100| 199012.800| 3.800] + [BINS(c->s)..: 7,1,4,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0] + [BINS(s->c)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,0] + [IATS(ms)....: 22.2,22.3,1.2,1.5,24.4,24.6,0.4,0.6,0.2,0.1,221.4,221.5,0.8,1.0,0.1,0.1,0.2,0.2,52.3,56.4,4.2,2.7,0.1,2.8,0.1,0.1,0.0,22.2,65.6,62.0,18.8] + [PKTLENS.....: 60,46,40,96,46,108,40,104,46,395,46,1166,40,104,1426,40,46,104,46,976,104,46,1166,1500,46,767,46,46,104,40,613,40] + [ENTROPIES...: 4.4,4.4,4.3,5.8,3.9,5.9,4.4,5.9,4.0,7.4,3.9,7.8,4.3,5.8,7.8,4.3,4.0,5.9,4.0,7.8,5.9,4.0,7.8,7.9,4.0,7.8,4.0,3.9,5.7,4.2,7.6,4.3] + idle: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + end: [.....8] [ip4][..tcp] [......127.0.0.1][36138] -> [......127.0.0.1][..443] [OpenVPN][Unknown][VPN][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/openvpn_nohmac.pcapng.out b/test/results/flow-info/default/openvpn_nohmac.pcapng.out new file mode 100644 index 000000000..4cb59b6ef --- /dev/null +++ b/test/results/flow-info/default/openvpn_nohmac.pcapng.out @@ -0,0 +1,18 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] + detected: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + analyse: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 2.241| 0.219| 0.513| 263196.672| 2.800] + [PKTLEN......: 46.000| 1228.000| 227.900| 364.900| 133184.400| 3.900] + [BINS(c->s)..: 5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1] + [IATS(ms)....: 216.1,332.2,5.8,3.4,337.9,58.0,0.1,0.1,0.1,307.1,10.0,20.5,1960.2,1.5,0.6,2241.1,1.7,0.7,299.0,1.5,2.3,0.2,300.0,2.0,1.3,0.7,338.5,1.2,1.5,0.3,340.9] + [PKTLENS.....: 46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50] + [ENTROPIES...: 4.7,4.8,5.0,5.3,4.5,5.1,7.4,6.7,7.7,7.6,5.0,5.1,5.1,5.4,5.5,5.6,5.1,5.1,5.1,5.7,5.7,5.9,5.8,5.1,5.2,5.1,5.1,6.5,6.6,5.9,6.1,5.1] + update: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + idle: [.....1] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/openvpn_nohmac_tcp.pcapng.out b/test/results/flow-info/default/openvpn_nohmac_tcp.pcapng.out new file mode 100644 index 000000000..8e6e46731 --- /dev/null +++ b/test/results/flow-info/default/openvpn_nohmac_tcp.pcapng.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] + detected: [.....1] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] [OpenVPN][Unknown][VPN][Acceptable] + analyse: [.....1] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] [OpenVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.014| 0.075| 0.247| 61045.854| 1.800] + [PKTLEN......: 52.000| 400.000| 115.400| 89.500| 8001.300| 4.700] + [BINS(c->s)..: 14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0] + [IATS(ms)....: 0.2,0.4,1013.4,1014.5,3.6,5.5,3.3,44.9,41.0,0.5,0.3,40.4,40.4,1.0,18.1,17.8,0.4,0.3,37.1,37.3,0.3,0.3,0.3,0.2,0.3,0.3,0.2,0.3,0.2,0.2,0.2] + [PKTLENS.....: 60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76] + [ENTROPIES...: 4.6,5.1,5.0,5.2,5.1,5.2,5.0,5.4,5.1,5.3,5.0,5.3,4.9,5.3,5.0,5.8,5.0,5.4,5.3,5.0,6.4,5.3,6.6,5.4,6.7,5.4,6.0,5.3,5.8,5.4,6.9,5.3] + idle: [.....1] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] [OpenVPN][Unknown][VPN][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out index 328856df4..9eaad9b51 100644 --- a/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -31,13 +31,13 @@ DAEMON-EVENT: [Processed: 14 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 2] new: [.....7] [ip4][..udp] [......127.0.0.1][..100] -> [......127.0.0.1][..200] - detected: [.....7] [ip4][..udp] [......127.0.0.1][..100] -> [......127.0.0.1][..200] [Steam][Unknown][Game][Fun] - update: [.....7] [ip4][..udp] [......127.0.0.1][..100] -> [......127.0.0.1][..200] [Steam][Unknown][Game][Fun] + update: [.....7] [ip4][..udp] [......127.0.0.1][..100] -> [......127.0.0.1][..200] DAEMON-EVENT: [Processed: 16 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 5 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] new: [.....8] [ip4][..udp] [......127.0.0.1][17788] -> [......127.0.0.1][17788] detected: [.....8] [ip4][..udp] [......127.0.0.1][17788] -> [......127.0.0.1][17788] [PPStream][Unknown][Streaming][Fun] - idle: [.....7] [ip4][..udp] [......127.0.0.1][..100] -> [......127.0.0.1][..200] [Steam][Unknown][Game][Fun] + not-detected: [.....7] [ip4][..udp] [......127.0.0.1][..100] -> [......127.0.0.1][..200] [Unknown][Unknown][Unrated] + idle: [.....7] [ip4][..udp] [......127.0.0.1][..100] -> [......127.0.0.1][..200] idle: [.....4] [ip4][..tcp] [..192.168.1.128][....1] -> [121.254.200.130][.1119] [Starcraft][Unknown][Game][Fun] RISK: TCP Connection Issues idle: [.....6] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.236.254][.1119] [Starcraft][Unknown][Game][Fun] @@ -47,7 +47,7 @@ idle: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [Starcraft][Starcraft][Game][Fun] RISK: TCP Connection Issues DAEMON-EVENT: [Processed: 17 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] + DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 1|guessed: 0|detection-updates: 0|updates: 3] new: [.....9] [ip4][..tcp] [..192.168.1.128][....1] -> [........1.2.3.4][...10] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [..192.168.1.128][....1] -> [........1.2.3.4][...10] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic, TCP Connection Issues diff --git a/test/results/flow-info/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/flow-info/default/ossfuzz_seed_fake_traces_2.pcapng.out index 7bbf48be7..4bd60d0eb 100644 --- a/test/results/flow-info/default/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/test/results/flow-info/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -1,23 +1,38 @@ DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [.172.26.235.166][55630] -> [...172.30.92.62][..119] - new: [.....2] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] - detected: [.....1] [ip4][..tcp] [.172.26.235.166][55630] -> [...172.30.92.62][..119] [Usenet][Unknown][Web][Acceptable] - detected: [.....2] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Unknown][Web][Acceptable] - DAEMON-EVENT: [Processed: 12 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....3] [ip4][..udp] [..10.147.205.42][43462] -> [..10.45.123.132][51820] - new: [.....4] [ip4][..udp] [.......10.9.0.1][43462] -> [.......10.9.0.2][51820] - detected: [.....4] [ip4][..udp] [.......10.9.0.1][43462] -> [.......10.9.0.2][51820] [WireGuard][Unknown][VPN][Acceptable] - idle: [.....1] [ip4][..tcp] [.172.26.235.166][55630] -> [...172.30.92.62][..119] [Usenet][Unknown][Web][Acceptable] - idle: [.....2] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Unknown][Web][Acceptable] - DAEMON-EVENT: [Processed: 16 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 2 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....5] [ip4][..tcp] [..172.16.20.244][59038] -> [...172.16.20.75][.5432] - detected: [.....5] [ip4][..tcp] [..172.16.20.244][59038] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable] - guessed: [.....3] [ip4][..udp] [..10.147.205.42][43462] -> [..10.45.123.132][51820] [WireGuard][Unknown][VPN][Acceptable] - idle: [.....3] [ip4][..udp] [..10.147.205.42][43462] -> [..10.45.123.132][51820] - end: [.....5] [ip4][..tcp] [..172.16.20.244][59038] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable] - idle: [.....4] [ip4][..udp] [.......10.9.0.1][43462] -> [.......10.9.0.2][51820] [WireGuard][Unknown][VPN][Acceptable] + new: [.....1] [ip4][..tcp] [....192.168.0.1][.8787] -> [.....10.10.10.1][32177] + detected: [.....1] [ip4][..tcp] [....192.168.0.1][.8787] -> [.....10.10.10.1][32177] [TeamViewer][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + analyse: [.....1] [ip4][..tcp] [....192.168.0.1][.8787] -> [.....10.10.10.1][32177] [TeamViewer][Unknown][RemoteAccess][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.274| 0.067| 0.088| 7794.386| 3.800] + [PKTLEN......: 40.000| 1500.000| 369.000| 516.400| 266637.300| 3.800] + [BINS(c->s)..: 5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0] + [BINS(s->c)..: 11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1] + [IATS(ms)....: 136.3,137.2,0.6,1.8,12.1,11.9,35.7,0.1,35.8,0.0,88.3,88.6,11.6,11.6,151.9,0.1,152.0,35.7,35.9,255.8,274.4,18.6,256.5,257.6,1.1,0.3,0.3,28.9,0.0,29.1,0.0] + [PKTLENS.....: 60,44,46,77,40,106,40,1500,418,40,40,88,46,187,46,1500,1276,46,1118,40,1129,1141,40,480,96,40,88,40,1500,415,40,40] + [ENTROPIES...: 4.6,4.6,4.3,4.6,4.6,4.0,4.5,7.6,7.4,4.4,4.6,4.9,4.4,3.8,4.4,7.7,7.8,4.3,7.7,4.6,7.5,7.7,4.6,6.5,4.5,4.6,3.8,4.6,7.5,7.3,4.6,4.6] + DAEMON-EVENT: [Processed: 59 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..tcp] [.172.26.235.166][55630] -> [...172.30.92.62][..119] + new: [.....3] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] + detected: [.....2] [ip4][..tcp] [.172.26.235.166][55630] -> [...172.30.92.62][..119] [Usenet][Unknown][Web][Acceptable] + detected: [.....3] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Unknown][Web][Acceptable] + idle: [.....1] [ip4][..tcp] [....192.168.0.1][.8787] -> [.....10.10.10.1][32177] [TeamViewer][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Processed: 71 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....4] [ip4][..udp] [..10.147.205.42][43462] -> [..10.45.123.132][51820] + new: [.....5] [ip4][..udp] [.......10.9.0.1][43462] -> [.......10.9.0.2][51820] + detected: [.....5] [ip4][..udp] [.......10.9.0.1][43462] -> [.......10.9.0.2][51820] [WireGuard][Unknown][VPN][Acceptable] + idle: [.....2] [ip4][..tcp] [.172.26.235.166][55630] -> [...172.30.92.62][..119] [Usenet][Unknown][Web][Acceptable] + idle: [.....3] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Unknown][Web][Acceptable] + DAEMON-EVENT: [Processed: 75 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....6] [ip4][..tcp] [..172.16.20.244][59038] -> [...172.16.20.75][.5432] + detected: [.....6] [ip4][..tcp] [..172.16.20.244][59038] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable] + guessed: [.....4] [ip4][..udp] [..10.147.205.42][43462] -> [..10.45.123.132][51820] [WireGuard][Unknown][VPN][Acceptable] + idle: [.....4] [ip4][..udp] [..10.147.205.42][43462] -> [..10.45.123.132][51820] + end: [.....6] [ip4][..tcp] [..172.16.20.244][59038] -> [...172.16.20.75][.5432] [PostgreSQL][Unknown][Database][Acceptable] + idle: [.....5] [ip4][..udp] [.......10.9.0.1][43462] -> [.......10.9.0.2][51820] [WireGuard][Unknown][VPN][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/pia.pcap.out b/test/results/flow-info/default/pia.pcap.out new file mode 100644 index 000000000..15eceb53c --- /dev/null +++ b/test/results/flow-info/default/pia.pcap.out @@ -0,0 +1,13 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.88.3][56854] -> [..143.244.45.60][..443] + detected: [.....1] [ip4][..tcp] [...192.168.88.3][56854] -> [..143.244.45.60][..443] [TLS][Unknown][Web][Safe][] + RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + detection-update: [.....1] [ip4][..tcp] [...192.168.88.3][56854] -> [..143.244.45.60][..443] [TLS][Unknown][Web][Safe][] + RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + detection-update: [.....1] [ip4][..tcp] [...192.168.88.3][56854] -> [..143.244.45.60][..443] [TLS.PrivateInternetAccess][Unknown][VPN][Acceptable][] + RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + idle: [.....1] [ip4][..tcp] [...192.168.88.3][56854] -> [..143.244.45.60][..443] [TLS.PrivateInternetAccess][Unknown][VPN][Acceptable] + RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/profinet-io-le.pcap.out b/test/results/flow-info/default/profinet-io-le.pcap.out new file mode 100644 index 000000000..d2a9e8130 --- /dev/null +++ b/test/results/flow-info/default/profinet-io-le.pcap.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [....10.10.0.150][.1566] -> [....10.10.0.129][34964] + detected: [.....1] [ip4][..udp] [....10.10.0.150][.1566] -> [....10.10.0.129][34964] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [....10.10.0.150][.1566] -> [....10.10.0.129][34964] [DCERPC.PROFINET_IO][Unknown][IoT-Scada][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/protonvpn.pcap.out b/test/results/flow-info/default/protonvpn.pcap.out index bcbf7d8af..7d03b6e1c 100644 --- a/test/results/flow-info/default/protonvpn.pcap.out +++ b/test/results/flow-info/default/protonvpn.pcap.out @@ -5,12 +5,12 @@ detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][37810] -> [185.159.159.148][..443] [TLS.ProtonVPN][Unknown][VPN][Acceptable][vpn-api.proton.me] RISK: TLS Cert Expired new: [.....2] [ip4][..udp] [......10.0.2.15][57701] -> [....217.23.3.76][..443] - detected: [.....2] [ip4][..udp] [......10.0.2.15][57701] -> [....217.23.3.76][..443] [WireGuard][ProtonVPN][VPN][Acceptable] + detected: [.....2] [ip4][..udp] [......10.0.2.15][57701] -> [....217.23.3.76][..443] [WireGuard][Unknown][VPN][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 40 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] new: [.....3] [ip4][..tcp] [....2.58.241.67][37710] -> [........8.8.8.8][..443] - idle: [.....2] [ip4][..udp] [......10.0.2.15][57701] -> [....217.23.3.76][..443] [WireGuard][ProtonVPN][VPN][Acceptable] + idle: [.....2] [ip4][..udp] [......10.0.2.15][57701] -> [....217.23.3.76][..443] [WireGuard][Unknown][VPN][Acceptable] RISK: Known Proto on Non Std Port idle: [.....1] [ip4][..tcp] [......10.0.2.15][37810] -> [185.159.159.148][..443] [TLS.ProtonVPN][Unknown][VPN][Acceptable] RISK: TLS Cert Expired diff --git a/test/results/flow-info/default/ptpv2.pcap.out b/test/results/flow-info/default/ptpv2.pcap.out new file mode 100644 index 000000000..2298866b2 --- /dev/null +++ b/test/results/flow-info/default/ptpv2.pcap.out @@ -0,0 +1,13 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..udp] [........................fe80::20:9400:d][..320] -> [...............fe80::2b0:aeff:fe01:f921][..320] + detected: [.....1] [ip6][..udp] [........................fe80::20:9400:d][..320] -> [...............fe80::2b0:aeff:fe01:f921][..320] [PTPv2][Unknown][System][Acceptable] + new: [.....2] [ip6][..udp] [........................fe80::20:9400:e][..320] -> [...............fe80::2b0:aeff:fe01:f921][..320] + detected: [.....2] [ip6][..udp] [........................fe80::20:9400:e][..320] -> [...............fe80::2b0:aeff:fe01:f921][..320] [PTPv2][Unknown][System][Acceptable] + new: [.....3] [ip6][..udp] [...............fe80::2b0:aeff:fe01:f921][..319] -> [........................fe80::20:9400:d][..319] + detected: [.....3] [ip6][..udp] [...............fe80::2b0:aeff:fe01:f921][..319] -> [........................fe80::20:9400:d][..319] [PTPv2][Unknown][System][Acceptable] + idle: [.....3] [ip6][..udp] [...............fe80::2b0:aeff:fe01:f921][..319] -> [........................fe80::20:9400:d][..319] [PTPv2][Unknown][System][Acceptable] + idle: [.....2] [ip6][..udp] [........................fe80::20:9400:e][..320] -> [...............fe80::2b0:aeff:fe01:f921][..320] [PTPv2][Unknown][System][Acceptable] + idle: [.....1] [ip6][..udp] [........................fe80::20:9400:d][..320] -> [...............fe80::2b0:aeff:fe01:f921][..320] [PTPv2][Unknown][System][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic_frags_different_dcid.pcapng.out b/test/results/flow-info/default/quic_frags_different_dcid.pcapng.out new file mode 100644 index 000000000..9c65eefe2 --- /dev/null +++ b/test/results/flow-info/default/quic_frags_different_dcid.pcapng.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...129.21.84.33][37229] -> [..73.185.34.172][..443] + detected: [.....1] [ip4][..udp] [...129.21.84.33][37229] -> [..73.185.34.172][..443] [QUIC][Unknown][Web][Acceptable] + detection-update: [.....1] [ip4][..udp] [...129.21.84.33][37229] -> [..73.185.34.172][..443] [QUIC][Unknown][Web][Acceptable] + detection-update: [.....1] [ip4][..udp] [...129.21.84.33][37229] -> [..73.185.34.172][..443] [QUIC.Cloudflare][Unknown][Media][Acceptable][cdnjs.cloudflare.com] + idle: [.....1] [ip4][..udp] [...129.21.84.33][37229] -> [..73.185.34.172][..443] [QUIC.Cloudflare][Unknown][Media][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/radius_false_positive.pcapng.out b/test/results/flow-info/default/radius_false_positive.pcapng.out index 0f37db6f9..09c29e022 100644 --- a/test/results/flow-info/default/radius_false_positive.pcapng.out +++ b/test/results/flow-info/default/radius_false_positive.pcapng.out @@ -2,7 +2,6 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [................2bc6:b5ac:cb3b:676b::18][..443] -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff][53129] - guessed: [.....1] [ip6][..udp] [................2bc6:b5ac:cb3b:676b::18][..443] -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff][53129] [QUIC][Unknown][Web][Acceptable] - RISK: Unidirectional Traffic - idle: [.....1] [ip6][..udp] [................2bc6:b5ac:cb3b:676b::18][..443] -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff][53129] + detected: [.....1] [ip6][..udp] [................2bc6:b5ac:cb3b:676b::18][..443] -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff][53129] [QUIC][Unknown][Web][Acceptable] + idle: [.....1] [ip6][..udp] [................2bc6:b5ac:cb3b:676b::18][..443] -> [3dba:3762:c186:e122:89b0:5170:a86c:ecff][53129] [QUIC][Unknown][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/radmin3.pcapng.out b/test/results/flow-info/default/radmin3.pcapng.out new file mode 100644 index 000000000..b8d364e15 --- /dev/null +++ b/test/results/flow-info/default/radmin3.pcapng.out @@ -0,0 +1,14 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.88.208][49736] -> [.192.168.88.197][.4899] + detected: [.....1] [ip4][..tcp] [.192.168.88.208][49736] -> [.192.168.88.197][.4899] [Radmin][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + new: [.....2] [ip4][..tcp] [.192.168.88.208][49739] -> [.192.168.88.197][.4899] + detected: [.....2] [ip4][..tcp] [.192.168.88.208][49739] -> [.192.168.88.197][.4899] [Radmin][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + end: [.....1] [ip4][..tcp] [.192.168.88.208][49736] -> [.192.168.88.197][.4899] [Radmin][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + idle: [.....2] [ip4][..tcp] [.192.168.88.208][49739] -> [.192.168.88.197][.4899] [Radmin][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/raft.pcap.out b/test/results/flow-info/default/raft.pcap.out new file mode 100644 index 000000000..576b0f376 --- /dev/null +++ b/test/results/flow-info/default/raft.pcap.out @@ -0,0 +1,30 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......127.0.0.1][46286] -> [......127.0.0.1][.9002] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][46286] -> [......127.0.0.1][.9002] [Raft][Unknown][Network][Acceptable] + new: [.....2] [ip4][..tcp] [......127.0.0.1][38488] -> [......127.0.0.1][.9001] + detected: [.....2] [ip4][..tcp] [......127.0.0.1][38488] -> [......127.0.0.1][.9001] [Raft][Unknown][Network][Acceptable] + analyse: [.....1] [ip4][..tcp] [......127.0.0.1][46286] -> [......127.0.0.1][.9002] [Raft][Unknown][Network][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.126| 0.072| 0.057| 3268.504| 4.300] + [PKTLEN......: 40.000| 200.000| 81.500| 47.500| 2252.800| 4.800] + [BINS(c->s)..: 2,3,9,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] + [IATS(ms)....: 0.0,0.0,0.0,0.1,0.0,0.0,4.6,4.6,1.9,1.9,119.0,119.0,125.0,125.1,125.0,125.0,125.7,125.7,105.3,105.3,19.2,19.2,125.1,125.1,125.1,125.1,125.4,125.4,106.0,106.0,19.2] + [PKTLENS.....: 52,52,40,80,40,96,40,96,40,128,40,152,40,176,40,200,40,128,40,104,40,128,40,128,40,128,40,128,40,104,40,128] + [ENTROPIES...: 4.2,4.5,4.3,3.8,4.3,2.8,4.4,2.8,4.3,3.1,4.4,2.5,4.4,2.4,4.4,2.2,4.3,2.5,4.4,2.6,4.4,2.6,4.3,2.6,4.4,2.6,4.3,2.6,4.4,2.6,4.4,2.6] + analyse: [.....2] [ip4][..tcp] [......127.0.0.1][38488] -> [......127.0.0.1][.9001] [Raft][Unknown][Network][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.137| 0.072| 0.057| 3254.516| 4.300] + [PKTLEN......: 40.000| 88.000| 62.500| 22.700| 516.800| 4.900] + [BINS(c->s)..: 2,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] + [IATS(ms)....: 0.0,0.0,0.0,0.0,0.0,0.0,6.0,6.0,0.2,0.2,119.1,119.1,125.1,125.1,137.2,137.2,116.4,116.4,102.3,102.3,22.0,22.0,125.1,125.1,125.1,125.1,125.3,125.3,103.4,103.4,22.0] + [PKTLENS.....: 52,52,40,80,40,80,40,80,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88] + [ENTROPIES...: 4.3,4.5,4.4,3.9,4.4,3.0,4.4,3.0,4.3,2.9,4.3,2.9,4.4,2.9,4.4,2.8,4.3,2.8,4.4,2.8,4.3,2.8,4.4,2.8,4.4,2.8,4.4,2.8,4.3,2.8,4.3,2.8] + idle: [.....1] [ip4][..tcp] [......127.0.0.1][46286] -> [......127.0.0.1][.9002] [Raft][Unknown][Network][Acceptable] + idle: [.....2] [ip4][..tcp] [......127.0.0.1][38488] -> [......127.0.0.1][.9001] [Raft][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rdp3.pcap.out b/test/results/flow-info/default/rdp3.pcap.out new file mode 100644 index 000000000..5465ff192 --- /dev/null +++ b/test/results/flow-info/default/rdp3.pcap.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [....10.150.9.21][.1685] -> [...10.157.4.161][.3389] + detected: [.....1] [ip4][..tcp] [....10.150.9.21][.1685] -> [...10.157.4.161][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + idle: [.....1] [ip4][..tcp] [....10.150.9.21][.1685] -> [...10.157.4.161][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/resp.pcap.out b/test/results/flow-info/default/resp.pcap.out new file mode 100644 index 000000000..7127d59b5 --- /dev/null +++ b/test/results/flow-info/default/resp.pcap.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.88.221][51882] -> [.192.168.88.231][.6379] + detected: [.....1] [ip4][..tcp] [.192.168.88.221][51882] -> [.192.168.88.231][.6379] [RESP][Unknown][Database][Acceptable] + analyse: [.....1] [ip4][..tcp] [.192.168.88.221][51882] -> [.192.168.88.231][.6379] [RESP][Unknown][Database][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 15.070| 1.377| 3.744| 14016768.377| 2.200] + [PKTLEN......: 52.000| 20324.000| 2873.300| 5036.000| 25361708.000| 3.200] + [BINS(c->s)..: 16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1] + [IATS(ms)....: 3.1,3.2,0.5,2.0,1.4,2.8,0.1,0.1,1.8,1.8,0.0,0.0,0.0,0.0,1.6,1.6,0.1,0.0,0.7,0.7,0.0,0.0,0.1,0.0,3178.2,3181.4,3.3,15066.9,15069.9,3076.3,3076.5] + [PKTLENS.....: 60,60,52,69,52,7292,52,7292,52,10188,52,14532,52,4396,52,2948,52,20324,52,5844,52,5844,52,12041,52,66,59,52,52,52,94,57] + [ENTROPIES...: 4.8,5.3,5.1,5.3,5.1,4.7,5.0,4.7,5.0,4.6,5.2,4.6,5.2,4.6,5.2,4.7,5.2,4.7,5.1,4.7,5.2,4.7,5.1,4.7,5.2,5.3,5.2,5.2,5.2,5.1,5.4,5.2] + end: [.....1] [ip4][..tcp] [.192.168.88.221][51882] -> [.192.168.88.231][.6379] [RESP][Unknown][Database][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/roughtime.pcap.out b/test/results/flow-info/default/roughtime.pcap.out new file mode 100644 index 000000000..ccdd0e710 --- /dev/null +++ b/test/results/flow-info/default/roughtime.pcap.out @@ -0,0 +1,18 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.2.100][36225] -> [.64.233.164.158][.2002] + detected: [.....1] [ip4][..udp] [..192.168.2.100][36225] -> [.64.233.164.158][.2002] [Roughtime][Google][System][Acceptable] + new: [.....2] [ip4][..udp] [..192.168.2.100][39393] -> [...35.192.98.51][.2002] + detected: [.....2] [ip4][..udp] [..192.168.2.100][39393] -> [...35.192.98.51][.2002] [Roughtime][GoogleCloud][System][Acceptable] + DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..udp] [..162.159.200.1][.2002] -> [..192.168.2.100][49021] + detected: [.....3] [ip4][..udp] [..162.159.200.1][.2002] -> [..192.168.2.100][49021] [Roughtime][Cloudflare][System][Acceptable] + idle: [.....2] [ip4][..udp] [..192.168.2.100][39393] -> [...35.192.98.51][.2002] [Roughtime][GoogleCloud][System][Acceptable] + idle: [.....1] [ip4][..udp] [..192.168.2.100][36225] -> [.64.233.164.158][.2002] [Roughtime][Google][System][Acceptable] + new: [.....4] [ip4][..udp] [...35.192.98.51][.2002] -> [..192.168.2.100][57626] + detected: [.....4] [ip4][..udp] [...35.192.98.51][.2002] -> [..192.168.2.100][57626] [Roughtime][GoogleCloud][System][Acceptable] + idle: [.....4] [ip4][..udp] [...35.192.98.51][.2002] -> [..192.168.2.100][57626] [Roughtime][GoogleCloud][System][Acceptable] + idle: [.....3] [ip4][..udp] [..162.159.200.1][.2002] -> [..192.168.2.100][49021] [Roughtime][Cloudflare][System][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rtps.pcap.out b/test/results/flow-info/default/rtps.pcap.out new file mode 100644 index 000000000..7c5b32439 --- /dev/null +++ b/test/results/flow-info/default/rtps.pcap.out @@ -0,0 +1,25 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] + detected: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + update: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + update: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + update: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + update: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + update: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + update: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + update: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + update: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [......127.0.0.1][28108] -> [......127.0.0.1][.7410] [RTPS][Unknown][RPC][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/s7comm-plus.pcap.out b/test/results/flow-info/default/s7comm-plus.pcap.out new file mode 100644 index 000000000..5a0629007 --- /dev/null +++ b/test/results/flow-info/default/s7comm-plus.pcap.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.25.177][53162] -> [.192.168.25.131][..102] + detected: [.....1] [ip4][..tcp] [.192.168.25.177][53162] -> [.192.168.25.131][..102] [S7CommPlus][Unknown][IoT-Scada][Acceptable] + analyse: [.....1] [ip4][..tcp] [.192.168.25.177][53162] -> [.192.168.25.131][..102] [S7CommPlus][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.996| 0.038| 0.175| 30656.291| 1.200] + [PKTLEN......: 40.000| 337.000| 100.300| 73.000| 5323.400| 4.700] + [BINS(c->s)..: 12,2,6,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 4,2,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0] + [IATS(ms)....: 0.0,0.7,0.9,0.0,0.4,0.0,1.7,2.5,0.0,13.8,4.3,17.7,0.0,12.3,0.0,17.8,4.8,0.0,1.5,0.0,7.2,5.7,0.0,28.6,0.0,33.3,4.7,0.0,36.3,995.8,0.0] + [PKTLENS.....: 52,52,46,40,40,76,76,76,257,257,46,177,47,47,162,162,71,47,47,123,123,84,47,47,133,133,337,47,47,46,133,133] + [ENTROPIES...: 4.6,4.6,4.5,4.7,4.7,5.3,5.3,5.2,5.5,5.5,4.1,5.2,4.6,4.6,4.7,4.7,4.2,4.6,4.6,4.6,4.6,4.3,4.5,4.5,4.9,4.9,1.6,4.5,4.5,4.1,4.9,4.9] + idle: [.....1] [ip4][..tcp] [.192.168.25.177][53162] -> [.192.168.25.131][..102] [S7CommPlus][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/s7comm.pcap.out b/test/results/flow-info/default/s7comm.pcap.out index 456007b46..ebbe6ea70 100644 --- a/test/results/flow-info/default/s7comm.pcap.out +++ b/test/results/flow-info/default/s7comm.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [MIDSTREAM] - detected: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Unknown][Network][Acceptable] - analyse: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Unknown][Network][Acceptable] + detected: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [S7Comm][Unknown][IoT-Scada][Acceptable] + analyse: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [S7Comm][Unknown][IoT-Scada][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.009| 0.005| 0.003| 11.033| 4.500] [PKTLEN......: 47.000| 261.000| 77.200| 40.300| 1625.500| 4.900] @@ -13,5 +13,5 @@ [IATS(ms)....: 3.7,3.9,3.1,3.1,0.1,7.0,6.9,4.6,9.0,4.4,0.6,7.0,6.4,0.3,6.0,5.7,0.3,9.0,8.7,0.2,9.0,8.8,0.2,9.0,8.8,0.2,9.0,8.8,0.2,5.0,4.7] [PKTLENS.....: 62,62,65,67,47,73,121,47,73,121,47,73,261,47,73,121,47,69,101,47,69,101,47,69,101,47,69,101,47,71,77,47] [ENTROPIES...: 4.4,4.3,4.3,3.9,4.5,4.6,3.9,4.5,4.4,3.5,4.5,4.5,2.4,4.4,4.5,3.9,4.5,4.4,4.4,4.5,4.4,4.4,4.4,4.4,4.4,4.5,4.4,4.4,4.4,4.7,4.4,4.5] - idle: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [s7comm][Unknown][Network][Acceptable] + idle: [.....1] [ip4][..tcp] [...192.168.1.10][.4185] -> [...192.168.1.40][..102] [S7Comm][Unknown][IoT-Scada][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/sites.pcapng.out b/test/results/flow-info/default/sites.pcapng.out index a7aa66b10..5061a294a 100644 --- a/test/results/flow-info/default/sites.pcapng.out +++ b/test/results/flow-info/default/sites.pcapng.out @@ -218,7 +218,7 @@ detected: [....45] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS][Google][Web][Safe][googleplus.com] detection-update: [....45] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS][Google][Web][Safe][googleplus.com] new: [....46] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] - detected: [....46] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] [QUIC.GooglePlus][Google][SocialNetwork][Fun][plus.google.com] + detected: [....46] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] [QUIC.Google][Google][Web][Acceptable][plus.google.com] update: [....44] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Google][Web][Acceptable] DAEMON-EVENT: [Processed: 512 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 10 / 46|skipped: 0|!detected: 0|guessed: 4|detection-updates: 47|updates: 1] @@ -229,12 +229,28 @@ idle: [....39] [ip4][..tcp] [..192.168.1.128][33664] -> [108.138.185.106][..443] [TLS.AmazonVideo][AmazonAWS][Video][Fun] idle: [....40] [ip4][..tcp] [..192.168.1.128][56458] -> [142.250.185.142][..443] [TLS.GoogleDrive][Google][Cloud][Acceptable] idle: [....45] [ip4][..tcp] [..192.168.1.128][50608] -> [142.250.185.206][..443] [TLS][Google][Web][Safe] - idle: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Unknown][Streaming][Fun] idle: [....42] [ip4][..tcp] [..192.168.1.128][56836] -> [...13.107.42.13][..443] [TLS.MS_OneDrive][Azure][Cloud][Acceptable] idle: [....44] [ip4][..udp] [..192.168.1.128][38642] -> [.216.58.212.142][..443] [QUIC.Google][Google][Web][Acceptable] idle: [....43] [ip4][..tcp] [..192.168.1.128][45014] -> [129.226.107.210][..443] [TLS.IFLIX][Tencent][Video][Fun] idle: [....41] [ip4][..tcp] [..192.168.1.128][33102] -> [...13.81.118.91][..443] [TLS.Microsoft][Azure][Cloud][Safe] - idle: [....46] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] [QUIC.GooglePlus][Google][SocialNetwork][Fun] + idle: [....46] [ip4][..udp] [..192.168.1.128][36832] -> [142.250.181.238][..443] [QUIC.Google][Google][Web][Acceptable] idle: [....38] [ip4][..tcp] [..192.168.1.128][57878] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe] idle: [....37] [ip4][..tcp] [..192.168.1.128][45898] -> [..15.160.39.187][..443] [TLS.AppleSiri][AmazonAWS][VirtAssistant][Acceptable] + DAEMON-EVENT: [Processed: 520 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 47|skipped: 0|!detected: 0|guessed: 4|detection-updates: 49|updates: 1] + new: [....48] [ip4][..tcp] [.192.168.88.231][33920] -> [..185.5.161.203][..443] + detected: [....48] [ip4][..tcp] [.192.168.88.231][33920] -> [..185.5.161.203][..443] [TLS.ElectronicArts][Unknown][Game][Fun][origin-a.akamaihd.net] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....48] [ip4][..tcp] [.192.168.88.231][33920] -> [..185.5.161.203][..443] [TLS.ElectronicArts][Unknown][Game][Fun][origin-a.akamaihd.net] + RISK: TLS (probably) Not Carrying HTTPS + new: [....49] [ip4][..tcp] [.192.168.88.231][49950] -> [159.153.191.240][..443] + detected: [....49] [ip4][..tcp] [.192.168.88.231][49950] -> [159.153.191.240][..443] [TLS.ElectronicArts][Unknown][Game][Fun][accounts.ea.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....49] [ip4][..tcp] [.192.168.88.231][49950] -> [159.153.191.240][..443] [TLS.ElectronicArts][Unknown][Game][Fun][accounts.ea.com] + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS + idle: [....47] [ip4][..tcp] [..192.168.1.128][53978] -> [..208.85.40.158][..443] [TLS.Pandora][Unknown][Streaming][Fun] + idle: [....48] [ip4][..tcp] [.192.168.88.231][33920] -> [..185.5.161.203][..443] [TLS.ElectronicArts][Unknown][Game][Fun] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....49] [ip4][..tcp] [.192.168.88.231][49950] -> [159.153.191.240][..443] [TLS.ElectronicArts][Unknown][Game][Fun] + RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/skinny.pcap.out b/test/results/flow-info/default/skinny.pcap.out index 076d97d36..85797a979 100644 --- a/test/results/flow-info/default/skinny.pcap.out +++ b/test/results/flow-info/default/skinny.pcap.out @@ -35,61 +35,6 @@ [IATS(ms)....: 0.0,19.9,0.0,25.6,0.0,20.0,0.0,19.9,0.0,19.9,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0,20.0,0.0] [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] [ENTROPIES...: 4.2,4.2,4.8,4.8,4.4,4.4,5.1,5.1,4.4,4.4,4.9,4.9,5.5,5.5,5.1,5.1,5.2,5.2,5.1,5.1,5.3,5.3,5.2,5.2,5.6,5.6,5.8,5.8,5.2,5.2,5.2,5.2] - analyse: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] [RTP][Unknown][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.020| 0.020| 0.020|< 0.001| 0.001| 5.000] - [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] - [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS(ms)....: 20.0,20.0,19.9,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.1,20.0,20.0,20.0,20.1,19.9,20.0,20.0,20.0,19.9,20.0,20.1,20.0,20.0,20.0] - [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] - [ENTROPIES...: 4.3,4.8,5.1,4.9,5.1,5.1,5.2,5.9,5.3,4.8,5.1,5.2,4.8,4.8,4.9,4.7,4.5,4.6,4.6,4.5,4.5,4.3,4.4,4.6,4.4,4.4,4.5,4.8,4.7,4.8,3.9,4.3] - analyse: [.....5] [ip4][..udp] [.192.168.195.50][17726] -> [.192.168.193.24][.9399] [RTP][Unknown][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.020| 0.020| 0.020|< 0.001|< 0.001| 5.000] - [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] - [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS(ms)....: 20.0,20.0,20.1,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0] - [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] - [ENTROPIES...: 4.4,4.4,5.6,5.2,5.4,5.6,5.3,5.1,4.8,4.5,4.8,4.4,4.1,3.9,3.8,3.3,3.4,3.4,3.6,4.3,4.6,4.8,4.8,4.6,4.4,6.2,4.9,6.3,6.5,6.2,6.5,6.5] - analyse: [.....6] [ip4][..udp] [.192.168.195.58][32152] -> [.192.168.193.24][.9396] [RTP][Unknown][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.019| 0.021| 0.020|< 0.001| 0.020| 5.000] - [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] - [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS(ms)....: 19.8,20.0,20.1,19.9,20.0,20.0,20.0,20.0,20.0,20.0,20.0,19.9,20.0,20.0,20.0,20.0,20.0,20.0,20.5,19.5,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0] - [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] - [ENTROPIES...: 4.4,4.4,5.6,5.2,5.4,5.7,5.3,5.1,4.8,4.4,4.8,4.4,4.1,3.8,3.8,3.2,3.4,3.4,3.5,4.3,4.6,4.8,4.8,4.5,4.4,6.2,4.9,6.4,6.4,6.2,6.5,6.5] - analyse: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] [RTP][Unknown][Media][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.020| 0.020| 0.020|< 0.001| 0.001| 5.000] - [PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000] - [BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [IATS(ms)....: 20.0,20.0,20.1,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.0,20.1,20.0,20.0,20.0,20.1,19.9,20.0,19.9,20.0,19.9,20.0,20.1,20.0,20.0,20.0,20.0,20.0,20.0] - [PKTLENS.....: 200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200] - [ENTROPIES...: 4.9,5.0,5.1,5.2,5.8,5.2,4.8,5.0,5.2,4.8,4.8,4.9,4.7,4.5,4.6,4.6,4.5,4.5,4.3,4.4,4.6,4.4,4.4,4.5,4.8,4.7,4.7,3.9,4.3,5.2,5.6,5.5] - new: [.....8] [ip4][..tcp] [.192.168.195.58][50917] -> [.....10.16.2.25][.2000] [MIDSTREAM] - detected: [.....8] [ip4][..tcp] [.192.168.195.58][50917] -> [.....10.16.2.25][.2000] [CiscoSkinny][Unknown][VoIP][Acceptable] - analyse: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [CiscoSkinny][Unknown][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 7.046| 0.705| 1.877| 3523893.789| 2.200] - [PKTLEN......: 46.000| 532.000| 96.900| 93.800| 8793.000| 4.600] - [BINS(c->s)..: 10,2,0,0,4,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,0,0,1,0,1,1,1,0,0,0,0,1,0,1,0,0,1,0,1,1,0,1,1,1,0,1,0,0,0,0,1] - [IATS(ms)....: 0.0,0.1,0.7,0.7,19.9,3583.0,19.3,3622.2,2.1,0.0,0.0,18.0,15.9,20.1,36.3,2.1,20.0,30.9,40.0,6.9,19.1,13.1,64.1,28.3,103.9,42.3,80.4,6999.6,0.0,5.8,7045.9] - [PKTLENS.....: 76,68,72,46,252,46,60,60,46,68,56,64,46,532,46,184,184,46,184,46,88,172,46,92,92,46,92,46,68,68,64,46] - [ENTROPIES...: 4.2,4.7,4.6,4.6,4.3,4.5,4.2,4.5,4.6,4.1,4.5,4.3,4.4,3.3,4.4,2.7,2.6,4.4,2.7,4.4,3.8,4.8,4.5,4.0,3.9,4.6,4.0,4.6,4.5,4.6,4.4,4.6] - new: [.....9] [ip4][.icmp] [.192.168.195.50] -> [.192.168.195.58] - detected: [.....9] [ip4][.icmp] [.192.168.195.50] -> [.192.168.195.58] [ICMP][Unknown][Network][Acceptable] - idle: [.....9] [ip4][.icmp] [.192.168.195.50] -> [.192.168.195.58] [ICMP][Unknown][Network][Acceptable] idle: [.....1] [ip4][..tcp] [.192.168.195.58][49399] -> [.192.168.193.12][.2000] [CiscoSkinny][Unknown][VoIP][Acceptable] idle: [.....2] [ip4][..tcp] [.192.168.193.12][.2000] -> [.192.168.195.50][51532] [CiscoSkinny][Unknown][VoIP][Acceptable] idle: [.....5] [ip4][..udp] [.192.168.195.50][17726] -> [.192.168.193.24][.9399] [RTP][Unknown][Media][Acceptable] @@ -97,5 +42,4 @@ idle: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] [RTP][Unknown][Media][Acceptable] idle: [.....6] [ip4][..udp] [.192.168.195.58][32152] -> [.192.168.193.24][.9396] [RTP][Unknown][Media][Acceptable] idle: [.....4] [ip4][..udp] [.192.168.195.58][32144] -> [.192.168.195.50][17718] [RTP][Unknown][Media][Acceptable] - idle: [.....8] [ip4][..tcp] [.192.168.195.58][50917] -> [.....10.16.2.25][.2000] [CiscoSkinny][Unknown][VoIP][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/skype.pcap.out b/test/results/flow-info/default/skype.pcap.out index 986aa14d8..cf6645056 100644 --- a/test/results/flow-info/default/skype.pcap.out +++ b/test/results/flow-info/default/skype.pcap.out @@ -1191,7 +1191,7 @@ RISK: Unidirectional Traffic not-detected: [...227] [ip4][..tcp] [...192.168.1.34][50108] -> [...157.56.52.28][40009] [Unknown][Unknown][Unrated] RISK: Fully encrypted flow - end: [...227] [ip4][..tcp] [...192.168.1.34][50108] -> [...157.56.52.28][40009] + idle: [...227] [ip4][..tcp] [...192.168.1.34][50108] -> [...157.56.52.28][40009] idle: [...228] [ip4][..udp] [...192.168.1.34][49485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] idle: [...231] [ip4][.icmp] [....192.168.1.1] -> [...192.168.1.34] [ICMP][Unknown][Network][Acceptable] idle: [...267] [ip4][..udp] [...192.168.1.34][63421] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable] @@ -1473,7 +1473,7 @@ end: [...270] [ip4][..tcp] [...192.168.1.34][50132] -> [...149.13.32.15][13392] end: [...271] [ip4][..tcp] [...192.168.1.34][50133] -> [...149.13.32.15][13392] [TLS][Unknown][Web][Safe] RISK: Known Proto on Non Std Port - end: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS.Skype_Teams][Unknown][VoIP][Acceptable] + idle: [....15] [ip4][..tcp] [...192.168.1.34][50028] -> [.157.56.126.211][..443] [TLS.Skype_Teams][Unknown][VoIP][Acceptable] RISK: Obsolete TLS (v1.1 or older) idle: [...235] [ip4][..udp] [...192.168.1.34][13021] -> [..76.185.207.12][45493] [Skype_Teams.Skype_TeamsCall][Unknown][VoIP][Acceptable] idle: [...279] [ip4][..udp] [...192.168.1.34][..123] -> [..17.253.48.245][..123] [NTP][Apple][System][Acceptable] diff --git a/test/results/flow-info/default/spotify_tcp.pcap.out b/test/results/flow-info/default/spotify_tcp.pcap.out new file mode 100644 index 000000000..ed36d15ef --- /dev/null +++ b/test/results/flow-info/default/spotify_tcp.pcap.out @@ -0,0 +1,5 @@ + DAEMON-EVENT: init + new: [.....1] [ip4][..tcp] [......10.0.2.15][48628] -> [..35.190.243.72][.4070] + detected: [.....1] [ip4][..tcp] [......10.0.2.15][48628] -> [..35.190.243.72][.4070] [Spotify][Google][Music][Fun] + idle: [.....1] [ip4][..tcp] [......10.0.2.15][48628] -> [..35.190.243.72][.4070] [Spotify][Google][Music][Fun] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/steam.pcap.out b/test/results/flow-info/default/steam.pcap.out deleted file mode 100644 index 268344602..000000000 --- a/test/results/flow-info/default/steam.pcap.out +++ /dev/null @@ -1,184 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.13][27018] - detected: [.....1] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.13][27018] [Steam][Steam][Game][Fun] - new: [.....2] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27019] - detected: [.....2] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27019] [Steam][Steam][Game][Fun] - new: [.....3] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27018] - detected: [.....3] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27018] [Steam][Unknown][Game][Fun] - new: [.....4] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.6][27017] - detected: [.....4] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.6][27017] [Steam][Unknown][Game][Fun] - new: [.....5] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.172][27018] - detected: [.....5] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.172][27018] [Steam][Unknown][Game][Fun] - new: [.....6] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27017] - detected: [.....6] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27017] [Steam][Unknown][Game][Fun] - new: [.....7] [ip4][..udp] [192.168.188.149][45665] -> [...68.142.91.36][27017] - detected: [.....7] [ip4][..udp] [192.168.188.149][45665] -> [...68.142.91.36][27017] [Steam][Unknown][Game][Fun] - new: [.....8] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27018] - detected: [.....8] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27018] [Steam][Steam][Game][Fun] - new: [.....9] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27018] - detected: [.....9] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27018] [Steam][Unknown][Game][Fun] - new: [....10] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.171.83][27017] - detected: [....10] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.171.83][27017] [Steam][Unknown][Game][Fun] - new: [....11] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27019] - detected: [....11] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27019] [Steam][Unknown][Game][Fun] - new: [....12] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.170][27017] - detected: [....12] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.170][27017] [Steam][Unknown][Game][Fun] - new: [....13] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.14][27019] - detected: [....13] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.14][27019] [Steam][Steam][Game][Fun] - new: [....14] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.187][27018] - detected: [....14] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.187][27018] [Steam][Unknown][Game][Fun] - new: [....15] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.172][27017] - detected: [....15] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.172][27017] [Steam][Unknown][Game][Fun] - new: [....16] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.6][27019] - detected: [....16] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.6][27019] [Steam][Unknown][Game][Fun] - new: [....17] [ip4][..udp] [192.168.188.149][45665] -> [...68.142.91.34][27017] - detected: [....17] [ip4][..udp] [192.168.188.149][45665] -> [...68.142.91.34][27017] [Steam][Unknown][Game][Fun] - new: [....18] [ip4][..udp] [192.168.188.149][45665] -> [...203.77.185.4][27017] - detected: [....18] [ip4][..udp] [192.168.188.149][45665] -> [...203.77.185.4][27017] [Steam][Unknown][Game][Fun] - new: [....19] [ip4][..udp] [192.168.188.149][45665] -> [.68.142.116.179][27017] - detected: [....19] [ip4][..udp] [192.168.188.149][45665] -> [.68.142.116.179][27017] [Steam][Unknown][Game][Fun] - new: [....20] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.188][27017] - detected: [....20] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.188][27017] [Steam][Unknown][Game][Fun] - new: [....21] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.171.82][27017] - detected: [....21] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.171.82][27017] [Steam][Unknown][Game][Fun] - new: [....22] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.185][27018] - detected: [....22] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.185][27018] [Steam][Unknown][Game][Fun] - new: [....23] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.5][27019] - detected: [....23] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.5][27019] [Steam][Unknown][Game][Fun] - new: [....24] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.13][27017] - detected: [....24] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.13][27017] [Steam][Steam][Game][Fun] - new: [....25] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.14][27017] - detected: [....25] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.14][27017] [Steam][Steam][Game][Fun] - new: [....26] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.174][27017] - detected: [....26] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.174][27017] [Steam][Unknown][Game][Fun] - new: [....27] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.171][27017] - detected: [....27] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.171][27017] [Steam][Unknown][Game][Fun] - new: [....28] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.85][27018] - detected: [....28] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.85][27018] [Steam][Unknown][Game][Fun] - new: [....29] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.5][27018] - detected: [....29] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.5][27018] [Steam][Unknown][Game][Fun] - new: [....30] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.175][27017] - detected: [....30] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.175][27017] [Steam][Unknown][Game][Fun] - new: [....31] [ip4][..udp] [192.168.188.149][45665] -> [...203.77.185.5][27017] - detected: [....31] [ip4][..udp] [192.168.188.149][45665] -> [...203.77.185.5][27017] [Steam][Unknown][Game][Fun] - new: [....32] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.15][27018] - detected: [....32] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.15][27018] [Steam][Steam][Game][Fun] - new: [....33] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.15][27019] - detected: [....33] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.15][27019] [Steam][Steam][Game][Fun] - new: [....34] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.174][27018] - detected: [....34] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.174][27018] [Steam][Unknown][Game][Fun] - new: [....35] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.84][27017] - detected: [....35] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.84][27017] [Steam][Unknown][Game][Fun] - new: [....36] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27017] - detected: [....36] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27017] [Steam][Steam][Game][Fun] - new: [....37] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27017] - detected: [....37] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27017] [Steam][Unknown][Game][Fun] - new: [....38] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.187][27017] - detected: [....38] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.187][27017] [Steam][Unknown][Game][Fun] - new: [....39] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.5][27017] - detected: [....39] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.5][27017] [Steam][Unknown][Game][Fun] - new: [....40] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.84][27018] - detected: [....40] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.84][27018] [Steam][Unknown][Game][Fun] - new: [....41] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.85][27017] - detected: [....41] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.85][27017] [Steam][Unknown][Game][Fun] - new: [....42] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27018] - detected: [....42] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27018] [Steam][Unknown][Game][Fun] - new: [....43] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.185][27017] - detected: [....43] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.185][27017] [Steam][Unknown][Game][Fun] - new: [....44] [ip4][..udp] [192.168.188.149][45665] -> [...68.142.91.35][27017] - detected: [....44] [ip4][..udp] [192.168.188.149][45665] -> [...68.142.91.35][27017] [Steam][Unknown][Game][Fun] - new: [....45] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.13][27019] - detected: [....45] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.13][27019] [Steam][Steam][Game][Fun] - new: [....46] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.170][27018] - detected: [....46] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.170][27018] [Steam][Unknown][Game][Fun] - new: [....47] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.15][27017] - detected: [....47] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.15][27017] [Steam][Steam][Game][Fun] - new: [....48] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.175][27018] - detected: [....48] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.175][27018] [Steam][Unknown][Game][Fun] - new: [....49] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27019] - detected: [....49] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27019] [Steam][Unknown][Game][Fun] - new: [....50] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.188][27018] - detected: [....50] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.188][27018] [Steam][Unknown][Game][Fun] - new: [....51] [ip4][..udp] [192.168.188.149][45665] -> [.68.142.116.178][27017] - detected: [....51] [ip4][..udp] [192.168.188.149][45665] -> [.68.142.116.178][27017] [Steam][Unknown][Game][Fun] - new: [....52] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.6][27018] - detected: [....52] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.6][27018] [Steam][Unknown][Game][Fun] - new: [....53] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.14][27018] - detected: [....53] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.14][27018] [Steam][Steam][Game][Fun] - new: [....54] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.171][27018] - detected: [....54] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.171][27018] [Steam][Unknown][Game][Fun] - new: [....55] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27017] - detected: [....55] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27017] [Steam][Unknown][Game][Fun] - DAEMON-EVENT: [Processed: 104 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 55 / 55|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [....56] [ip4][..udp] [...118.105.60.5][14963] -> [....2.95.26.169][27036] - detected: [....56] [ip4][..udp] [...118.105.60.5][14963] -> [....2.95.26.169][27036] [Steam][Unknown][Game][Fun] - idle: [....37] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27017] [Steam][Unknown][Game][Fun] - idle: [.....6] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27017] [Steam][Unknown][Game][Fun] - idle: [....39] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.5][27017] [Steam][Unknown][Game][Fun] - idle: [.....4] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.6][27017] [Steam][Unknown][Game][Fun] - idle: [....52] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.6][27018] [Steam][Unknown][Game][Fun] - idle: [....29] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.5][27018] [Steam][Unknown][Game][Fun] - idle: [.....9] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27018] [Steam][Unknown][Game][Fun] - idle: [.....3] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27018] [Steam][Unknown][Game][Fun] - idle: [....49] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27019] [Steam][Unknown][Game][Fun] - idle: [....23] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.5][27019] [Steam][Unknown][Game][Fun] - idle: [....16] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.6][27019] [Steam][Unknown][Game][Fun] - idle: [....11] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27019] [Steam][Unknown][Game][Fun] - idle: [....27] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.171][27017] [Steam][Unknown][Game][Fun] - idle: [....15] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.172][27017] [Steam][Unknown][Game][Fun] - idle: [....12] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.170][27017] [Steam][Unknown][Game][Fun] - idle: [....54] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.171][27018] [Steam][Unknown][Game][Fun] - idle: [....46] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.170][27018] [Steam][Unknown][Game][Fun] - idle: [.....5] [ip4][..udp] [192.168.188.149][45665] -> [..69.28.145.172][27018] [Steam][Unknown][Game][Fun] - idle: [....55] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27017] [Steam][Unknown][Game][Fun] - idle: [....43] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.185][27017] [Steam][Unknown][Game][Fun] - idle: [....38] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.187][27017] [Steam][Unknown][Game][Fun] - idle: [....30] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.175][27017] [Steam][Unknown][Game][Fun] - idle: [....26] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.174][27017] [Steam][Unknown][Game][Fun] - idle: [....20] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.188][27017] [Steam][Unknown][Game][Fun] - idle: [....50] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.188][27018] [Steam][Unknown][Game][Fun] - idle: [....48] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.175][27018] [Steam][Unknown][Game][Fun] - idle: [....42] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27018] [Steam][Unknown][Game][Fun] - idle: [....34] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.174][27018] [Steam][Unknown][Game][Fun] - idle: [....22] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.185][27018] [Steam][Unknown][Game][Fun] - idle: [....14] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.187][27018] [Steam][Unknown][Game][Fun] - idle: [....31] [ip4][..udp] [192.168.188.149][45665] -> [...203.77.185.5][27017] [Steam][Unknown][Game][Fun] - idle: [....18] [ip4][..udp] [192.168.188.149][45665] -> [...203.77.185.4][27017] [Steam][Unknown][Game][Fun] - idle: [....44] [ip4][..udp] [192.168.188.149][45665] -> [...68.142.91.35][27017] [Steam][Unknown][Game][Fun] - idle: [....51] [ip4][..udp] [192.168.188.149][45665] -> [.68.142.116.178][27017] [Steam][Unknown][Game][Fun] - idle: [....19] [ip4][..udp] [192.168.188.149][45665] -> [.68.142.116.179][27017] [Steam][Unknown][Game][Fun] - idle: [....17] [ip4][..udp] [192.168.188.149][45665] -> [...68.142.91.34][27017] [Steam][Unknown][Game][Fun] - idle: [.....7] [ip4][..udp] [192.168.188.149][45665] -> [...68.142.91.36][27017] [Steam][Unknown][Game][Fun] - idle: [....41] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.85][27017] [Steam][Unknown][Game][Fun] - idle: [....35] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.84][27017] [Steam][Unknown][Game][Fun] - idle: [....21] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.171.82][27017] [Steam][Unknown][Game][Fun] - idle: [....10] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.171.83][27017] [Steam][Unknown][Game][Fun] - idle: [....40] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.84][27018] [Steam][Unknown][Game][Fun] - idle: [....28] [ip4][..udp] [192.168.188.149][45665] -> [.208.111.133.85][27018] [Steam][Unknown][Game][Fun] - idle: [....47] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.15][27017] [Steam][Steam][Game][Fun] - idle: [....25] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.14][27017] [Steam][Steam][Game][Fun] - idle: [....36] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27017] [Steam][Steam][Game][Fun] - idle: [....24] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.13][27017] [Steam][Steam][Game][Fun] - idle: [....53] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.14][27018] [Steam][Steam][Game][Fun] - idle: [....32] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.15][27018] [Steam][Steam][Game][Fun] - idle: [.....8] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27018] [Steam][Steam][Game][Fun] - idle: [.....1] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.13][27018] [Steam][Steam][Game][Fun] - idle: [....33] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.15][27019] [Steam][Steam][Game][Fun] - idle: [....45] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.13][27019] [Steam][Steam][Game][Fun] - idle: [....13] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.14][27019] [Steam][Steam][Game][Fun] - idle: [.....2] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27019] [Steam][Steam][Game][Fun] - DAEMON-EVENT: [Processed: 105 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 56|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [....57] [ip4][..udp] [245.111.219.147][27380] -> [104.191.198.151][27036] - detected: [....57] [ip4][..udp] [245.111.219.147][27380] -> [104.191.198.151][27036] [Steam][Unknown][Game][Fun] - idle: [....56] [ip4][..udp] [...118.105.60.5][14963] -> [....2.95.26.169][27036] [Steam][Unknown][Game][Fun] - DAEMON-EVENT: [Processed: 106 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 57|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [....58] [ip4][..udp] [...98.10.157.76][10595] -> [164.144.140.184][27036] - detected: [....58] [ip4][..udp] [...98.10.157.76][10595] -> [164.144.140.184][27036] [Steam][Unknown][Game][Fun] - idle: [....57] [ip4][..udp] [245.111.219.147][27380] -> [104.191.198.151][27036] [Steam][Unknown][Game][Fun] - idle: [....58] [ip4][..udp] [...98.10.157.76][10595] -> [164.144.140.184][27036] [Steam][Unknown][Game][Fun] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/steam.pcapng.out b/test/results/flow-info/default/steam.pcapng.out new file mode 100644 index 000000000..735d12460 --- /dev/null +++ b/test/results/flow-info/default/steam.pcapng.out @@ -0,0 +1,32 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.88.231][27036] -> [.192.168.88.255][27036] + detected: [.....1] [ip4][..udp] [.192.168.88.231][27036] -> [.192.168.88.255][27036] [Steam][Unknown][Game][Fun] + new: [.....2] [ip4][..tcp] [.192.168.88.231][59739] -> [....2.20.254.25][...80] + detected: [.....2] [ip4][..tcp] [.192.168.88.231][59739] -> [....2.20.254.25][...80] [HTTP.Steam][Unknown][Game][Fun][test.steampowered.com] + new: [.....3] [ip4][..tcp] [.192.168.88.231][54243] -> [.188.114.98.224][..443] + detected: [.....3] [ip4][..tcp] [.192.168.88.231][54243] -> [.188.114.98.224][..443] [TLS.Dota2][Cloudflare][Game][Fun][www.dota2.com] + detection-update: [.....3] [ip4][..tcp] [.192.168.88.231][54243] -> [.188.114.98.224][..443] [TLS.Dota2][Cloudflare][Game][Fun][www.dota2.com] + new: [.....4] [ip4][..udp] [.192.168.88.231][46604] -> [.155.133.252.86][27045] + detected: [.....4] [ip4][..udp] [.192.168.88.231][46604] -> [.155.133.252.86][27045] [SteamDatagramRelay][Steam][Game][Fun] + new: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] + detected: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] [TLS.Steam][Unknown][Game][Fun][api.steampowered.com] + detection-update: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] [TLS.Steam][Unknown][Game][Fun][api.steampowered.com] + new: [.....6] [ip4][..tcp] [.162.254.198.46][27038] -> [.192.168.88.231][50983] + detected: [.....6] [ip4][..tcp] [.162.254.198.46][27038] -> [.192.168.88.231][50983] [TLS.Steam][Steam][Game][Fun][ext3-sto1.steamserver.net] + RISK: Known Proto on Non Std Port + detection-update: [.....6] [ip4][..tcp] [.162.254.198.46][27038] -> [.192.168.88.231][50983] [TLS.Steam][Steam][Game][Fun][ext3-sto1.steamserver.net] + RISK: Known Proto on Non Std Port + new: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] + detected: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] [TLS.Steam][Unknown][Game][Fun][store.steampowered.com] + detection-update: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] [TLS.Steam][Unknown][Game][Fun][store.steampowered.com] + idle: [.....6] [ip4][..tcp] [.162.254.198.46][27038] -> [.192.168.88.231][50983] [TLS.Steam][Steam][Game][Fun] + RISK: Known Proto on Non Std Port + idle: [.....5] [ip4][..tcp] [.192.168.88.231][57749] -> [...23.52.29.119][..443] [TLS.Steam][Unknown][Game][Fun] + idle: [.....3] [ip4][..tcp] [.192.168.88.231][54243] -> [.188.114.98.224][..443] [TLS.Dota2][Cloudflare][Game][Fun] + idle: [.....7] [ip4][..tcp] [.192.168.88.231][42070] -> [..95.100.141.15][..443] [TLS.Steam][Unknown][Game][Fun] + idle: [.....1] [ip4][..udp] [.192.168.88.231][27036] -> [.192.168.88.255][27036] [Steam][Unknown][Game][Fun] + idle: [.....4] [ip4][..udp] [.192.168.88.231][46604] -> [.155.133.252.86][27045] [SteamDatagramRelay][Steam][Game][Fun] + end: [.....2] [ip4][..tcp] [.192.168.88.231][59739] -> [....2.20.254.25][...80] [HTTP.Steam][Unknown][Game][Fun] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/steam_datagram_relay_ping.pcapng.out b/test/results/flow-info/default/steam_datagram_relay_ping.pcapng.out deleted file mode 100644 index 9a3b607b0..000000000 --- a/test/results/flow-info/default/steam_datagram_relay_ping.pcapng.out +++ /dev/null @@ -1,7 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [..192.168.2.100][52157] -> [..139.45.193.10][27018] - detected: [.....1] [ip4][..udp] [..192.168.2.100][52157] -> [..139.45.193.10][27018] [Steam][Unknown][Game][Fun] - idle: [.....1] [ip4][..udp] [..192.168.2.100][52157] -> [..139.45.193.10][27018] [Steam][Unknown][Game][Fun] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stomp.pcapng.out b/test/results/flow-info/default/stomp.pcapng.out new file mode 100644 index 000000000..40951083e --- /dev/null +++ b/test/results/flow-info/default/stomp.pcapng.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.88.231][34732] -> [.192.168.88.198][61613] + detected: [.....1] [ip4][..tcp] [.192.168.88.231][34732] -> [.192.168.88.198][61613] [STOMP][Unknown][RPC][Acceptable] + end: [.....1] [ip4][..tcp] [.192.168.88.231][34732] -> [.192.168.88.198][61613] [STOMP][Unknown][RPC][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun.pcap.out b/test/results/flow-info/default/stun.pcap.out index 86fd9977e..9b081b1b5 100644 --- a/test/results/flow-info/default/stun.pcap.out +++ b/test/results/flow-info/default/stun.pcap.out @@ -10,7 +10,7 @@ detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN][Google][Network][Acceptable][] RISK: Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN][Google][Network][Acceptable][] - detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][turn.l.google.com] + detection-update: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable][turn.l.google.com] new: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] detected: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable] end: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] @@ -18,7 +18,7 @@ DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 3|updates: 0] new: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] detected: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable][] - idle: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + idle: [.....2] [ip4][..udp] [.192.168.12.169][43016] -> [.74.125.247.128][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable] idle: [.....3] [ip4][.icmp] [.192.168.12.169] -> [.74.125.247.128] [ICMP][Google][Network][Acceptable] update: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] update: [.....4] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] @@ -61,8 +61,8 @@ DAEMON-EVENT: [Processed: 161 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 3] new: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] - detected: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] - analyse: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + detected: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable][] + analyse: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.836| 0.131| 0.227| 51553.292| 3.400] [PKTLEN......: 62.000| 1226.000| 179.200| 221.300| 48965.100| 4.400] @@ -72,6 +72,18 @@ [IATS(ms)....: 22.9,25.6,18.8,27.0,9.0,16.5,8.2,0.0,96.0,9.4,96.1,13.9,9.7,14.0,0.0,0.0,28.4,12.0,233.2,17.4,835.9,625.3,352.7,699.8,203.7,550.7,72.1,9.0,20.6,28.1,14.7] [PKTLENS.....: 136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95] [ENTROPIES...: 5.9,5.9,5.0,5.9,7.3,6.7,5.8,5.7,7.4,5.7,6.0,6.2,6.4,5.9,6.1,5.4,5.4,5.6,5.9,5.3,5.2,5.9,5.8,5.2,6.1,5.9,6.0,6.1,6.0,5.9,6.1,5.9] - idle: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] idle: [.....6] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable] + DAEMON-EVENT: [Processed: 194 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 3] + new: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] + detected: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] + detection-update: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Safe] + RISK: Missing SNI TLS Extn + idle: [.....7] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable] + idle: [.....8] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Safe] + RISK: Missing SNI TLS Extn DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_dtls_rtp.pcapng.out b/test/results/flow-info/default/stun_dtls_rtp.pcapng.out new file mode 100644 index 000000000..a38b4961c --- /dev/null +++ b/test/results/flow-info/default/stun_dtls_rtp.pcapng.out @@ -0,0 +1,19 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305] + detected: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.258| 0.044| 0.058| 3387.402| 4.000] + [PKTLEN......: 68.000| 1231.000| 221.200| 244.400| 59721.800| 4.400] + [BINS(c->s)..: 0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0] + [IATS(ms)....: 23.5,57.2,58.6,110.3,0.4,107.9,0.1,0.0,31.9,33.2,42.6,42.8,84.1,83.2,24.8,0.6,0.4,2.5,24.8,0.1,0.1,34.2,28.1,7.9,22.9,203.2,6.7,19.6,19.9,258.1,19.4] + [PKTLENS.....: 144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112] + [ENTROPIES...: 6.0,5.8,5.0,7.4,5.9,6.8,5.9,5.7,7.4,6.7,7.4,5.7,6.3,5.9,6.3,5.5,6.0,5.9,5.7,5.4,5.4,5.8,5.5,5.5,5.5,5.5,6.1,6.2,6.3,6.0,7.5,6.2] + idle: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/flow-info/default/stun_dtls_rtp_unidir.pcapng.out new file mode 100644 index 000000000..4bbb511f2 --- /dev/null +++ b/test/results/flow-info/default/stun_dtls_rtp_unidir.pcapng.out @@ -0,0 +1,18 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [......10.10.0.1][65226] -> [.......10.1.0.3][57730] + detected: [.....1] [ip4][..udp] [......10.10.0.1][65226] -> [.......10.1.0.3][57730] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port + new: [.....2] [ip4][..udp] [.......10.1.0.3][.5853] -> [......10.10.0.1][.2808] + detected: [.....2] [ip4][..udp] [.......10.1.0.3][.5853] -> [......10.10.0.1][.2808] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip4][..udp] [......10.10.0.1][65226] -> [.......10.1.0.3][57730] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....2] [ip4][..udp] [.......10.1.0.3][.5853] -> [......10.10.0.1][.2808] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [......10.10.0.1][65226] -> [.......10.1.0.3][57730] [STUN][Unknown][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....2] [ip4][..udp] [.......10.1.0.3][.5853] -> [......10.10.0.1][.2808] [STUN][Unknown][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out b/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out index fd995d58c..01966b217 100644 --- a/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out +++ b/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out @@ -7,7 +7,9 @@ detection-update: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [STUN][Unknown][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [DTLS][Unknown][Safe] - RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Unidirectional Traffic - idle: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [DTLS][Unknown][Safe] - RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Unidirectional Traffic + RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [DTLS][Unknown][Network][Safe] + RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [DTLS][Unknown][Network][Safe] + RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out b/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out index 073b7c8ea..a3bd46999 100644 --- a/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out +++ b/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out @@ -7,7 +7,9 @@ detection-update: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [STUN][Unknown][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [DTLS][Unknown][Safe] - RISK: Known Proto on Non Std Port, Self-signed Cert, Unidirectional Traffic - idle: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [DTLS][Unknown][Safe] - RISK: Known Proto on Non Std Port, Self-signed Cert, Unidirectional Traffic + RISK: Self-signed Cert, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [DTLS][Unknown][Network][Safe] + RISK: Self-signed Cert, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [DTLS][Unknown][Network][Safe] + RISK: Self-signed Cert, Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_google_meet.pcapng.out b/test/results/flow-info/default/stun_google_meet.pcapng.out index 7ba3086b6..79c143ba4 100644 --- a/test/results/flow-info/default/stun_google_meet.pcapng.out +++ b/test/results/flow-info/default/stun_google_meet.pcapng.out @@ -8,12 +8,12 @@ detected: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port new: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] - detected: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + detected: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable][] RISK: Known Proto on Non Std Port new: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] - detected: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + detected: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable][] RISK: Known Proto on Non Std Port - analyse: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + analyse: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.164| 0.015| 0.039| 1549.851| 2.400] [PKTLEN......: 65.000| 1231.000| 290.000| 203.200| 41279.000| 4.700] @@ -24,10 +24,10 @@ [PKTLENS.....: 152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288] [ENTROPIES...: 5.9,5.7,5.9,5.0,5.7,7.3,6.8,7.4,4.6,7.1,7.1,7.2,7.1,7.0,7.0,7.1,7.1,7.0,7.1,7.1,7.1,7.1,5.7,5.7,7.0,7.1,7.0,6.4,7.2,7.1,7.1,7.1] new: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] - detected: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + detected: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable][] new: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] - detected: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] - analyse: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + detected: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable][] + analyse: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.000| 0.179| 0.232| 53990.769| 4.000] [PKTLEN......: 68.000| 565.000| 110.700| 85.700| 7337.900| 4.800] @@ -37,11 +37,11 @@ [IATS(ms)....: 28.7,31.6,20.7,57.3,57.1,114.9,326.7,7.6,0.3,359.3,399.5,20.9,399.5,20.8,60.3,761.6,238.3,310.5,33.1,16.7,106.5,1.4,298.5,11.7,401.0,18.9,1000.0,80.4,40.3,278.6,42.3] [PKTLENS.....: 152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91] [ENTROPIES...: 6.0,5.6,6.0,5.7,6.0,5.7,7.6,6.0,5.5,5.6,5.5,5.7,5.7,5.9,5.5,6.0,5.6,5.3,5.8,6.1,5.6,5.7,5.8,5.8,5.5,5.9,5.6,5.3,5.9,5.6,6.3,6.0] - detection-update: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable][] + detection-update: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleMeet][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port - detection-update: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable][] + detection-update: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleMeet][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port - analyse: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + analyse: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.030| 8.438| 2.374| 2.514| 6318722.646| 4.300] [PKTLEN......: 92.000| 152.000| 118.200| 26.300| 690.900| 5.000] @@ -51,14 +51,41 @@ [IATS(ms)....: 30.2,90.8,78.2,1745.7,1745.6,749.7,749.8,2799.7,2799.8,3108.6,3108.4,997.5,997.5,1610.3,1610.3,582.5,582.8,6554.8,6554.5,8437.5,8437.6,882.4,882.5,6551.7,6551.4,792.4,792.6,993.0,993.0,897.1,896.9] [PKTLENS.....: 152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92] [ENTROPIES...: 6.0,5.6,6.1,5.6,6.0,5.5,6.0,5.6,6.1,5.7,5.9,5.8,6.1,5.6,6.0,5.6,6.1,5.6,6.0,5.6,6.0,5.6,6.0,5.6,6.1,5.6,6.0,5.7,6.0,5.7,6.0,5.7] - idle: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + update: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - idle: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable] + update: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable] + update: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleMeet][Google][Network][Acceptable] RISK: Known Proto on Non Std Port - idle: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + update: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port - idle: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - idle: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable] + update: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleMeet][Google][Network][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Processed: 214 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 6 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 6] + new: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305] + detected: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.082| 0.009| 0.020| 398.613| 2.800] + [PKTLEN......: 85.000| 1251.000| 300.000| 206.900| 42788.400| 4.700] + [BINS(c->s)..: 0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,1,4,1,0,0,0,0,18,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1] + [IATS(ms)....: 26.9,81.6,0.7,74.4,3.0,28.0,16.5,24.8,0.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,11.5,16.0,2.8,0.0,0.0,0.0,0.0,0.0,0.0] + [PKTLENS.....: 172,124,168,205,124,1251,594,168,618,85,308,308,308,308,308,308,308,308,308,308,308,308,129,129,124,308,308,308,308,165,308,308] + [ENTROPIES...: 6.0,5.7,5.8,5.0,5.9,7.3,6.7,5.9,7.4,4.7,7.0,7.1,7.1,7.1,7.0,7.0,7.1,7.1,7.0,7.1,7.0,7.1,5.7,5.7,5.7,7.1,7.1,7.0,7.0,6.1,7.0,7.0] + idle: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable] + idle: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleMeet][Google][Network][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleMeet][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleMeet][Google][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleMeet][Google][Network][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_zoom.pcapng.out b/test/results/flow-info/default/stun_zoom.pcapng.out index f25bb1a62..694a74d6d 100644 --- a/test/results/flow-info/default/stun_zoom.pcapng.out +++ b/test/results/flow-info/default/stun_zoom.pcapng.out @@ -9,16 +9,18 @@ detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] RISK: Known Proto on Non Std Port detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Safe] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Missing SNI TLS Extn + detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe] + RISK: Missing SNI TLS Extn new: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] detected: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] RISK: Known Proto on Non Std Port detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Safe] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe] + RISK: Missing SNI TLS Extn detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Missing SNI TLS Extn detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] RISK: Known Proto on Non Std Port analyse: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable] @@ -32,7 +34,7 @@ [PKTLENS.....: 184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42] [ENTROPIES...: 5.8,5.8,5.8,5.8,5.6,5.8,5.2,5.2,5.9,5.8,5.2,5.7,5.6,5.7,5.9,5.3,4.1,5.7,7.0,7.3,7.3,7.4,7.2,6.1,5.7,5.7,6.1,5.7,6.1,5.4,6.0,4.3] idle: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Missing SNI TLS Extn idle: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/synscan.pcap.out b/test/results/flow-info/default/synscan.pcap.out index 41e02f436..5ba044991 100644 --- a/test/results/flow-info/default/synscan.pcap.out +++ b/test/results/flow-info/default/synscan.pcap.out @@ -3627,13 +3627,13 @@ not-detected: [..1448] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][51103] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [..1448] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][51103] - not-detected: [...182] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4000] [Unknown][Unknown][Unrated] + guessed: [...182] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4000] [NoMachine][Unknown][RemoteAccess][Acceptable] RISK: Unidirectional Traffic idle: [...182] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4000] not-detected: [..1842] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4001] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [..1842] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4001] - not-detected: [...233] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4000] [Unknown][Unknown][Unrated] + guessed: [...233] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4000] [NoMachine][Unknown][RemoteAccess][Acceptable] RISK: Unidirectional Traffic idle: [...233] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4000] not-detected: [..1919] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4001] [Unknown][Unknown][Unrated] @@ -3756,13 +3756,13 @@ not-detected: [...355] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2001] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...355] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2001] - not-detected: [..1496] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2002] [Unknown][Unknown][Unrated] + guessed: [..1496] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2002] [Roughtime][Unknown][System][Acceptable] RISK: Unidirectional Traffic idle: [..1496] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2002] not-detected: [...388] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2001] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...388] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2001] - not-detected: [..1553] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2002] [Unknown][Unknown][Unrated] + guessed: [..1553] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2002] [Roughtime][Unknown][System][Acceptable] RISK: Unidirectional Traffic idle: [..1553] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2002] not-detected: [..1185] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.2003] [Unknown][Unknown][Unrated] @@ -4671,10 +4671,10 @@ not-detected: [..1364] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2179] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [..1364] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.2179] - guessed: [....39] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..135] [RPC][Unknown][RPC][Acceptable] + guessed: [....39] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..135] [DCERPC][Unknown][RPC][Acceptable] RISK: Unidirectional Traffic idle: [....39] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..135] - guessed: [....61] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..135] [RPC][Unknown][RPC][Acceptable] + guessed: [....61] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..135] [DCERPC][Unknown][RPC][Acceptable] RISK: Unidirectional Traffic idle: [....61] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][..135] guessed: [....14] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..139] [NetBIOS][Unknown][System][Acceptable][] @@ -5637,13 +5637,13 @@ not-detected: [...259] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.6788] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...259] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.6788] - not-detected: [..1740] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.6789] [Unknown][Unknown][Unrated] + guessed: [..1740] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.6789] [Ceph][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic idle: [..1740] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.6789] not-detected: [...279] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.6788] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...279] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.6788] - not-detected: [..1814] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.6789] [Unknown][Unknown][Unrated] + guessed: [..1814] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.6789] [Ceph][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic idle: [..1814] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.6789] not-detected: [...497] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][..646] [Unknown][Unknown][Unrated] @@ -5958,13 +5958,13 @@ not-detected: [..1118] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.8994] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [..1118] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.8994] - not-detected: [...333] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4899] [Unknown][Unknown][Unrated] + guessed: [...333] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4899] [Radmin][Unknown][RemoteAccess][Acceptable] RISK: Unidirectional Traffic idle: [...333] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4899] not-detected: [...692] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4900] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...692] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.4900] - not-detected: [...369] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4899] [Unknown][Unknown][Unrated] + guessed: [...369] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4899] [Radmin][Unknown][RemoteAccess][Acceptable] RISK: Unidirectional Traffic idle: [...369] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4899] not-detected: [...755] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.4900] [Unknown][Unknown][Unrated] @@ -6090,13 +6090,13 @@ not-detected: [..1863] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][50006] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [..1863] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][50006] - not-detected: [...268] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.7000] [Unknown][Unknown][Unrated] + guessed: [...268] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.7000] [Cassandra][Unknown][Database][Acceptable] RISK: Unidirectional Traffic idle: [...268] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.7000] not-detected: [...616] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.7001] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...616] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.7001] - not-detected: [...311] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.7000] [Unknown][Unknown][Unrated] + guessed: [...311] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.7000] [Cassandra][Unknown][Database][Acceptable] RISK: Unidirectional Traffic idle: [...311] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.7000] not-detected: [...947] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.7002] [Unknown][Unknown][Unrated] @@ -7716,10 +7716,10 @@ not-detected: [...652] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.1248] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...652] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.1248] - not-detected: [..1191] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.3300] [Unknown][Unknown][Unrated] + guessed: [..1191] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.3300] [Ceph][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic idle: [..1191] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.3300] - not-detected: [..1265] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.3300] [Unknown][Unknown][Unrated] + guessed: [..1265] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.3300] [Ceph][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic idle: [..1265] [ip4][..tcp] [.....172.16.0.8][36051] -> [...64.13.134.52][.3300] not-detected: [...505] [ip4][..tcp] [.....172.16.0.8][36050] -> [...64.13.134.52][.3301] [Unknown][Unknown][Unrated] diff --git a/test/results/flow-info/default/teams.pcap.out b/test/results/flow-info/default/teams.pcap.out index 333036c26..3afcf07a3 100644 --- a/test/results/flow-info/default/teams.pcap.out +++ b/test/results/flow-info/default/teams.pcap.out @@ -33,8 +33,8 @@ RISK: TLS (probably) Not Carrying HTTPS ERROR-EVENT: Unknown packet type [7/16] new: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] - detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] - detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] + detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.221| 0.032| 0.054| 2931.592| 3.400] @@ -238,10 +238,10 @@ RISK: TLS (probably) Not Carrying HTTPS detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] + detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS - detection-update: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] @@ -281,8 +281,8 @@ new: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] detected: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun] new: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] - detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] - detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com] + detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] + detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com] new: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com] RISK: TLS (probably) Not Carrying HTTPS @@ -543,9 +543,9 @@ idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - end: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable] - end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable] - end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable] + end: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] + end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] + end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable] end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe] idle: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable] idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable] diff --git a/test/results/flow-info/default/telegram.pcap.out b/test/results/flow-info/default/telegram.pcap.out index 9bcd689a8..206b3f384 100644 --- a/test/results/flow-info/default/telegram.pcap.out +++ b/test/results/flow-info/default/telegram.pcap.out @@ -77,8 +77,6 @@ detected: [....24] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.16.4][..538] [Telegram][Telegram][Chat][Acceptable] new: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] new: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] - detected: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] [OpenVPN][Unknown][VPN][Acceptable] - RISK: Known Proto on Non Std Port analyse: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521] [Telegram][Telegram][Chat][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.501| 0.118| 0.112| 12556.351| 4.400] @@ -219,8 +217,9 @@ idle: [....36] [ip4][..udp] [...192.168.1.77][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun] idle: [....14] [ip4][..udp] [...192.168.1.53][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun] idle: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - idle: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] [OpenVPN][Unknown][VPN][Acceptable] - RISK: Known Proto on Non Std Port + not-detected: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] [Unknown][Unknown][Unrated] + RISK: Unidirectional Traffic + idle: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] idle: [....35] [ip4][..udp] [...192.168.1.77][50822] -> [..216.58.205.68][..443] [QUIC.Google][Google][Web][Acceptable] idle: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe] idle: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] diff --git a/test/results/flow-info/default/tftp.pcap.out b/test/results/flow-info/default/tftp.pcap.out index d6626aa9e..d328f9f1b 100644 --- a/test/results/flow-info/default/tftp.pcap.out +++ b/test/results/flow-info/default/tftp.pcap.out @@ -38,8 +38,18 @@ new: [.....7] [ip4][..udp] [...172.28.5.170][62058] -> [....172.28.5.91][44618] detected: [.....7] [ip4][..udp] [...172.28.5.170][62058] -> [....172.28.5.91][44618] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Known Proto on Non Std Port + idle: [.....5] [ip4][..udp] [....172.28.4.53][54627] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] + DAEMON-EVENT: [Processed: 107 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 7|skipped: 0|!detected: 0|guessed: 2|detection-updates: 0|updates: 0] + new: [.....8] [ip4][..udp] [...192.168.2.45][35840] -> [..192.168.2.200][...69] + detected: [.....8] [ip4][..udp] [...192.168.2.45][35840] -> [..192.168.2.200][...69] [TFTP][Unknown][DataTransfer][Acceptable] + new: [.....9] [ip4][..udp] [..192.168.2.200][47649] -> [...192.168.2.45][35840] + detected: [.....9] [ip4][..udp] [..192.168.2.200][47649] -> [...192.168.2.45][35840] [TFTP][Unknown][DataTransfer][Acceptable] + RISK: Known Proto on Non Std Port idle: [.....7] [ip4][..udp] [...172.28.5.170][62058] -> [....172.28.5.91][44618] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Known Proto on Non Std Port - idle: [.....5] [ip4][..udp] [....172.28.4.53][54627] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] + idle: [.....8] [ip4][..udp] [...192.168.2.45][35840] -> [..192.168.2.200][...69] [TFTP][Unknown][DataTransfer][Acceptable] + idle: [.....9] [ip4][..udp] [..192.168.2.200][47649] -> [...192.168.2.45][35840] [TFTP][Unknown][DataTransfer][Acceptable] + RISK: Known Proto on Non Std Port idle: [.....6] [ip4][..udp] [....172.28.5.91][44618] -> [...172.28.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls_certificate_too_long.pcap.out b/test/results/flow-info/default/tls_certificate_too_long.pcap.out index 17a213acd..54c925f2d 100644 --- a/test/results/flow-info/default/tls_certificate_too_long.pcap.out +++ b/test/results/flow-info/default/tls_certificate_too_long.pcap.out @@ -55,11 +55,11 @@ detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com] detection-update: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net] detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com] - RISK: Binary App Transfer, HTTP Susp Header + RISK: HTTP Susp Header new: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com] detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com] - RISK: Binary App Transfer, HTTP Susp Header + RISK: HTTP Susp Header new: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [MIDSTREAM] new: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] detected: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe][time-macos.apple.com] @@ -136,9 +136,9 @@ idle: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251] [IGMP][Unknown][Network][Acceptable] idle: [.....7] [ip4][....2] [..192.168.1.139] -> [......224.0.0.2] [IGMP][Unknown][Network][Acceptable] end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe] - RISK: Binary App Transfer, HTTP Susp Header + RISK: HTTP Susp Header end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe] - RISK: Binary App Transfer, HTTP Susp Header + RISK: HTTP Susp Header idle: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe] idle: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe] idle: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable] diff --git a/test/results/flow-info/default/tls_malicious_sha1.pcapng.out b/test/results/flow-info/default/tls_malicious_sha1.pcapng.out new file mode 100644 index 000000000..9b069cbf1 --- /dev/null +++ b/test/results/flow-info/default/tls_malicious_sha1.pcapng.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:9726:f643:a838:b0c4][40294] -> [...............2a00:1450:4002:414::2013][..443] + detected: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:9726:f643:a838:b0c4][40294] -> [...............2a00:1450:4002:414::2013][..443] [TLS][Google][Web][Safe][www.prbtest.dev] + detection-update: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:9726:f643:a838:b0c4][40294] -> [...............2a00:1450:4002:414::2013][..443] [TLS][Google][Web][Safe][www.prbtest.dev] + detection-update: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:9726:f643:a838:b0c4][40294] -> [...............2a00:1450:4002:414::2013][..443] [TLS][Google][Web][Safe][www.prbtest.dev] + idle: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:9726:f643:a838:b0c4][40294] -> [...............2a00:1450:4002:414::2013][..443] [TLS][Google][Web][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tor.pcap.out b/test/results/flow-info/default/tor.pcap.out index 3b4833a1d..f79a9ebc0 100644 --- a/test/results/flow-info/default/tor.pcap.out +++ b/test/results/flow-info/default/tor.pcap.out @@ -8,7 +8,7 @@ detected: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe][www.ct7ctrgb6cr7.com] RISK: Obsolete TLS (v1.1 or older) detection-update: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe][www.ct7ctrgb6cr7.com] - RISK: Obsolete TLS (v1.1 or older), TLS Cert About To Expire + RISK: Obsolete TLS (v1.1 or older) ERROR-EVENT: Unknown packet type [4/16] new: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] detected: [.....2] [ip4][..tcp] [..192.168.1.252][51111] -> [....46.59.52.31][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.e6r5p57kbafwrxj3plz.com] @@ -81,9 +81,9 @@ detected: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.gfu7hbxpfp.com] RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol detection-update: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe][www.t3i3ru.com] - RISK: Obsolete TLS (v1.1 or older), TLS Cert About To Expire + RISK: Obsolete TLS (v1.1 or older) detection-update: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous][www.gfu7hbxpfp.com] - RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol, TLS Cert About To Expire + RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol ERROR-EVENT: Unknown packet type [4/16] new: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] detected: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe][www.jmts2id.com] @@ -102,7 +102,7 @@ [ENTROPIES...: 4.5,4.9,4.4,5.4,4.8,7.4,6.7,5.9,6.1,7.8,6.6,4.4,7.7,4.8,7.7,4.7,7.7,7.6,4.7,7.6,7.6,4.7,7.7,4.4,7.7,4.8,7.6,7.7,4.8,7.7,7.7,4.7] ERROR-EVENT: Unknown packet type [5/16] end: [.....1] [ip4][..tcp] [..192.168.1.252][51110] -> [..91.143.93.242][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older), TLS Cert About To Expire + RISK: Obsolete TLS (v1.1 or older) idle: [.....5] [ip4][..udp] [..192.168.1.252][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol guessed: [.....6] [ip4][..tcp] [..192.168.1.252][51104] -> [...157.56.30.46][..443] [TLS][Azure][Web][Safe] @@ -145,13 +145,13 @@ [ENTROPIES...: 4.5,4.9,4.4,5.3,4.8,7.4,6.7,6.0,6.2,7.9,6.5,4.4,7.7,4.8,7.6,4.9,7.7,7.7,7.6,7.7,7.6,4.5,7.7,4.9,7.6,4.5,7.7,4.5,4.5,4.7,4.7,4.5] update: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] end: [.....8] [ip4][..tcp] [..192.168.1.252][51175] -> [..91.143.93.242][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous] - RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol, TLS Cert About To Expire + RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol idle: [.....4] [ip4][..udp] [....192.168.1.1][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable] idle: [....11] [ip6][..udp] [..............fe80::c583:1972:5728:7323][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] end: [....10] [ip4][..tcp] [..192.168.1.252][51185] -> [.62.210.137.230][..443] [TLS][Unknown][Web][Safe] RISK: Obsolete TLS (v1.1 or older) end: [.....7] [ip4][..tcp] [..192.168.1.252][51174] -> [.212.83.155.250][..443] [TLS][Unknown][Web][Safe] - RISK: Obsolete TLS (v1.1 or older), TLS Cert About To Expire + RISK: Obsolete TLS (v1.1 or older) idle: [.....3] [ip4][..tcp] [..192.168.1.252][51112] -> [...38.229.70.53][..443] [TLS.Tor][Unknown][VPN][Potentially Dangerous] RISK: Obsolete TLS (v1.1 or older), Susp DGA Domain name, Unsafe Protocol idle: [.....9] [ip4][..tcp] [..192.168.1.252][51176] -> [...38.229.70.53][..443] [TLS][Unknown][Web][Safe] diff --git a/test/results/flow-info/default/uftp_v4_v5.pcap.out b/test/results/flow-info/default/uftp_v4_v5.pcap.out new file mode 100644 index 000000000..1f1801f08 --- /dev/null +++ b/test/results/flow-info/default/uftp_v4_v5.pcap.out @@ -0,0 +1,25 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.......10.0.0.1][37173] -> [......230.4.4.1][.1044] + detected: [.....1] [ip4][..udp] [.......10.0.0.1][37173] -> [......230.4.4.1][.1044] [UFTP][Unknown][Download][Acceptable] + new: [.....2] [ip4][..udp] [.......10.0.0.1][37173] -> [.....230.5.5.56][.1044] + detected: [.....2] [ip4][..udp] [.......10.0.0.1][37173] -> [.....230.5.5.56][.1044] [UFTP][Unknown][Download][Acceptable] + analyse: [.....2] [ip4][..udp] [.......10.0.0.1][37173] -> [.....230.5.5.56][.1044] [UFTP][Unknown][Download][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.003| 0.034| 0.012| 0.006| 31.090| 4.800] + [PKTLEN......: 52.000| 1352.000| 1271.900| 310.400| 96320.500| 4.900] + [BINS(c->s)..: 1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS(ms)....: 30.1,34.2,2.6,10.2,10.6,10.6,10.8,10.2,10.6,10.6,10.6,10.6,10.6,10.5,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6,10.6] + [PKTLENS.....: 52,88,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352] + [ENTROPIES...: 4.0,4.4,6.3,6.3,6.3,6.3,6.2,6.4,6.3,6.2,6.3,6.2,6.1,6.3,6.3,6.3,6.3,6.2,6.3,6.3,6.3,6.3,6.3,6.3,6.3,6.3,6.3,6.3,6.3,6.3,6.2,6.3] + DAEMON-EVENT: [Processed: 240 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..udp] [..192.168.1.186][37457] -> [......230.4.4.1][.1044] + detected: [.....3] [ip4][..udp] [..192.168.1.186][37457] -> [......230.4.4.1][.1044] [UFTP][Unknown][Download][Acceptable] + idle: [.....1] [ip4][..udp] [.......10.0.0.1][37173] -> [......230.4.4.1][.1044] [UFTP][Unknown][Download][Acceptable] + idle: [.....2] [ip4][..udp] [.......10.0.0.1][37173] -> [.....230.5.5.56][.1044] [UFTP][Unknown][Download][Acceptable] + idle: [.....3] [ip4][..udp] [..192.168.1.186][37457] -> [......230.4.4.1][.1044] [UFTP][Unknown][Download][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/umas.pcap.out b/test/results/flow-info/default/umas.pcap.out new file mode 100644 index 000000000..d7ffe2a8b --- /dev/null +++ b/test/results/flow-info/default/umas.pcap.out @@ -0,0 +1,17 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.63.100][.7718] -> [.192.168.63.253][..502] + detected: [.....1] [ip4][..tcp] [.192.168.63.100][.7718] -> [.192.168.63.253][..502] [Modbus.UMAS][Unknown][IoT-Scada][Acceptable] + analyse: [.....1] [ip4][..tcp] [.192.168.63.100][.7718] -> [.192.168.63.253][..502] [Modbus.UMAS][Unknown][IoT-Scada][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.007| 0.006| 0.002| 3.171| 4.900] + [PKTLEN......: 40.000| 301.000| 114.800| 89.300| 7972.700| 4.600] + [BINS(c->s)..: 14,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 4,2,3,3,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 0.9,1.0,0.8,1.8,4.7,6.0,7.0,6.8,7.3,7.3,5.7,6.0,6.2,6.2,5.9,5.6,6.1,6.4,7.2,6.9,5.8,5.8,6.0,5.9,6.0,6.0,6.1,6.1,5.9,5.9,6.3] + [PKTLENS.....: 52,50,40,50,50,96,51,63,300,300,51,97,51,159,50,116,51,63,301,301,50,116,50,116,59,153,59,209,59,153,59,299] + [ENTROPIES...: 4.2,4.7,4.5,4.3,4.6,4.5,4.3,4.1,1.4,1.4,4.3,4.8,4.3,2.8,4.3,3.9,4.2,4.1,7.8,7.8,4.4,3.9,4.4,3.9,4.1,3.9,4.2,3.1,4.2,2.4,4.2,2.7] + end: [.....1] [ip4][..tcp] [.192.168.63.100][.7718] -> [.192.168.63.253][..502] [Modbus.UMAS][Unknown][IoT-Scada][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/webdav.pcap.out b/test/results/flow-info/default/webdav.pcap.out new file mode 100644 index 000000000..5e5cf1804 --- /dev/null +++ b/test/results/flow-info/default/webdav.pcap.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [....10.24.8.189][50652] -> [..104.156.149.6][...80] + detected: [.....1] [ip4][..tcp] [....10.24.8.189][50652] -> [..104.156.149.6][...80] [HTTP.WebDAV][Unknown][Collaborative][Acceptable][104.156.149.6] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI + end: [.....1] [ip4][..tcp] [....10.24.8.189][50652] -> [..104.156.149.6][...80] [HTTP.WebDAV][Unknown][Collaborative][Acceptable] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/yandex.pcapng.out b/test/results/flow-info/default/yandex.pcapng.out index 6a48a2dee..eb50daab9 100644 --- a/test/results/flow-info/default/yandex.pcapng.out +++ b/test/results/flow-info/default/yandex.pcapng.out @@ -28,7 +28,6 @@ detected: [.....7] [ip4][..tcp] [..192.168.1.249][42954] -> [...77.88.21.127][..443] [TLS.YandexDisk][Yandex][Cloud][Safe][1.downloader.disk.yandex.kz] detection-update: [.....7] [ip4][..tcp] [..192.168.1.249][42954] -> [...77.88.21.127][..443] [TLS.YandexDisk][Yandex][Cloud][Safe][1.downloader.disk.yandex.kz] detection-update: [.....7] [ip4][..tcp] [..192.168.1.249][42954] -> [...77.88.21.127][..443] [TLS.YandexDisk][Yandex][Cloud][Safe][1.downloader.disk.yandex.kz] - RISK: TLS Cert About To Expire new: [.....8] [ip4][..tcp] [..192.168.1.249][45224] -> [....77.88.21.37][..443] detected: [.....8] [ip4][..tcp] [..192.168.1.249][45224] -> [....77.88.21.37][..443] [TLS.YandexMail][Yandex][Email][Safe][mail.yandex.kz] RISK: Unidirectional Traffic @@ -38,7 +37,6 @@ idle: [.....3] [ip4][..tcp] [..192.168.1.249][42102] -> [178.154.131.216][..443] [TLS.Yandex][Yandex][Web][Safe] RISK: Unidirectional Traffic idle: [.....7] [ip4][..tcp] [..192.168.1.249][42954] -> [...77.88.21.127][..443] [TLS.YandexDisk][Yandex][Cloud][Safe] - RISK: TLS Cert About To Expire idle: [.....6] [ip4][..tcp] [..192.168.1.249][58832] -> [.87.250.250.134][..443] [TLS.YandexDirect][Yandex][Advertisement][Tracker/Ads] idle: [.....8] [ip4][..tcp] [..192.168.1.249][45224] -> [....77.88.21.37][..443] [TLS.YandexMail][Yandex][Email][Safe] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/yojimbo.pcap.out b/test/results/flow-info/default/yojimbo.pcap.out new file mode 100644 index 000000000..19a8c1a39 --- /dev/null +++ b/test/results/flow-info/default/yojimbo.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [......127.0.0.1][34638] -> [......127.0.0.1][40000] + detected: [.....1] [ip4][..udp] [......127.0.0.1][34638] -> [......127.0.0.1][40000] [Yojimbo][Unknown][Game][Fun] + idle: [.....1] [ip4][..udp] [......127.0.0.1][34638] -> [......127.0.0.1][40000] [Yojimbo][Unknown][Game][Fun] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/zcash.pcap.out b/test/results/flow-info/default/zcash.pcap.out deleted file mode 100644 index e6763839e..000000000 --- a/test/results/flow-info/default/zcash.pcap.out +++ /dev/null @@ -1,21 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] - detected: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 50.191| 6.014| 12.034| 144808530.149| 3.200] - [PKTLEN......: 52.000| 355.000| 142.600| 98.900| 9779.100| 4.700] - [BINS(c->s)..: 9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1] - [IATS(ms)....: 82.7,82.7,0.2,82.6,1.5,84.0,12149.8,12261.6,111.7,2618.8,2732.4,113.5,6931.2,7044.0,112.8,7848.9,7848.9,48786.2,308.4,320.0,608.0,50191.4,0.1,0.0,41.7,210.6,4833.2,4833.2,8034.7,8116.9,41.4] - [PKTLENS.....: 60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115] - [ENTROPIES...: 4.8,5.3,5.2,6.2,5.2,5.3,5.1,5.5,5.5,5.1,5.5,5.5,5.2,5.6,5.5,5.1,5.3,4.9,5.4,5.4,5.5,5.4,5.1,5.2,5.2,5.5,5.0,5.3,5.2,5.5,5.2,5.6] - DAEMON-EVENT: [Processed: 87 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - idle: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/zoom.pcap.out b/test/results/flow-info/default/zoom.pcap.out index 781f6c8c4..5dbe1628f 100644 --- a/test/results/flow-info/default/zoom.pcap.out +++ b/test/results/flow-info/default/zoom.pcap.out @@ -147,6 +147,40 @@ [ENTROPIES...: 5.9,4.8,4.4,4.6,5.1,4.8,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5,0.5] new: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] detected: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] [Zoom][Unknown][Video][Acceptable] + DAEMON-EVENT: [Processed: 697 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 33 / 33|skipped: 0|!detected: 0|guessed: 0|detection-updates: 26|updates: 0] + ERROR-EVENT: Unknown packet type [1/16] + ERROR-EVENT: Unknown packet type [2/16] + ERROR-EVENT: Unknown packet type [3/16] + ERROR-EVENT: Unknown packet type [4/16] + ERROR-EVENT: Unknown packet type [5/16] + ERROR-EVENT: Unknown packet type [6/16] + ERROR-EVENT: Unknown packet type [7/16] + ERROR-EVENT: Unknown packet type [8/16] + ERROR-EVENT: Unknown packet type [9/16] + ERROR-EVENT: Unknown packet type [10/16] + ERROR-EVENT: Unknown packet type [11/16] + ERROR-EVENT: Unknown packet type [12/16] + ERROR-EVENT: Unknown packet type [13/16] + ERROR-EVENT: Unknown packet type [14/16] + ERROR-EVENT: Unknown packet type [15/16] + ERROR-EVENT: Unknown packet type [16/16] + ERROR-EVENT: Unknown packet type [1/16] + ERROR-EVENT: Unknown packet type [2/16] + ERROR-EVENT: Unknown packet type [3/16] + ERROR-EVENT: Unknown packet type [4/16] + ERROR-EVENT: Unknown packet type [5/16] + ERROR-EVENT: Unknown packet type [6/16] + ERROR-EVENT: Unknown packet type [7/16] + ERROR-EVENT: Unknown packet type [8/16] + ERROR-EVENT: Unknown packet type [9/16] + ERROR-EVENT: Unknown packet type [10/16] + ERROR-EVENT: Unknown packet type [11/16] + ERROR-EVENT: Unknown packet type [12/16] + ERROR-EVENT: Unknown packet type [13/16] + ERROR-EVENT: Unknown packet type [14/16] + ERROR-EVENT: Unknown packet type [15/16] + ERROR-EVENT: Unknown packet type [16/16] idle: [....17] [ip4][.icmp] [..192.168.1.117] -> [..162.255.38.14] [ICMP][Zoom][Network][Acceptable] idle: [.....9] [ip4][..udp] [..192.168.1.117][65394] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] RISK: Error Code diff --git a/test/results/flow-info/default/zoom2.pcap.out b/test/results/flow-info/default/zoom2.pcap.out index d0ce50a73..4248302cd 100644 --- a/test/results/flow-info/default/zoom2.pcap.out +++ b/test/results/flow-info/default/zoom2.pcap.out @@ -9,7 +9,10 @@ detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Zoom][Video][Acceptable][zoomsjccv154mmr.sjc.zoom.us] RISK: TLS (probably) Not Carrying HTTPS new: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] - detected: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable] + detected: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable] + detection-update: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable] + RISK: Unidirectional Traffic + detection-update: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable] analyse: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.167| 0.025| 0.040| 1639.456| 3.600] @@ -21,9 +24,15 @@ [PKTLENS.....: 151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064] [ENTROPIES...: 5.8,5.8,4.9,4.2,5.4,5.6,4.8,4.3,5.6,4.7,4.7,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,4.8,0.6,0.6,0.6,0.6,0.6,0.6,0.6] new: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] + detected: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable] + detection-update: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable] + RISK: Unidirectional Traffic new: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] - detected: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable] - detected: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable] + detected: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable] + detection-update: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable] + detection-update: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable] + RISK: Unidirectional Traffic + detection-update: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [Zoom][Zoom][Video][Acceptable] analyse: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.176| 0.043| 0.049| 2389.122| 4.100] @@ -44,12 +53,9 @@ [IATS(ms)....: 102.1,187.6,0.0,105.6,0.1,93.5,0.0,87.6,70.7,0.1,106.0,0.0,21.5,32.8,59.0,0.0,48.4,5.5,49.5,50.2,0.0,0.0,55.2,45.7,56.3,52.4,0.0,59.8,52.1,47.7,58.6] [PKTLENS.....: 153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55] [ENTROPIES...: 5.8,5.9,4.8,4.3,5.5,5.5,4.8,4.4,5.6,5.5,5.6,4.4,4.5,3.6,3.9,5.5,3.6,3.9,4.5,3.7,4.5,4.5,3.9,3.7,4.0,3.7,4.5,3.9,3.7,3.9,3.9,3.7] - new: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154] - detected: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154] [ICMP][Zoom][Network][Acceptable] idle: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable] idle: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Zoom][Video][Acceptable] RISK: TLS (probably) Not Carrying HTTPS idle: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable] idle: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable] - idle: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154] [ICMP][Zoom][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/flow-info/disable_metadata/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..2cfc0bcb4 --- /dev/null +++ b/test/results/flow-info/disable_metadata/tls_verylong_certificate.pcap.out @@ -0,0 +1,19 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] + detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.022| 0.005| 0.007| 43.853| 3.500] + [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000] + [BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1] + [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] + [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] + [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] + end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_process_response_disable/dns.pcap.out b/test/results/flow-info/dns_process_response_disable/dns.pcap.out new file mode 100644 index 000000000..9f35988ab --- /dev/null +++ b/test/results/flow-info/dns_process_response_disable/dns.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] + detected: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable][www.l.google.com] + DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + ERROR-EVENT: Unknown packet type [1/16] + ERROR-EVENT: Unknown packet type [2/16] + idle: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/flow-info/dns_subclassification_and_process_response_disable/dns.pcap.out new file mode 100644 index 000000000..9f35988ab --- /dev/null +++ b/test/results/flow-info/dns_subclassification_and_process_response_disable/dns.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] + detected: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable][www.l.google.com] + DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + ERROR-EVENT: Unknown packet type [1/16] + ERROR-EVENT: Unknown packet type [2/16] + idle: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/dns_subclassification_disable/dns.pcap.out b/test/results/flow-info/dns_subclassification_disable/dns.pcap.out new file mode 100644 index 000000000..9f35988ab --- /dev/null +++ b/test/results/flow-info/dns_subclassification_disable/dns.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] + detected: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable][www.l.google.com] + DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + ERROR-EVENT: Unknown packet type [1/16] + ERROR-EVENT: Unknown packet type [2/16] + idle: [.....1] [ip4][..udp] [.192.168.170.20][...53] -> [..192.168.170.8][32795] [DNS.Google][Unknown][Network][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out deleted file mode 100644 index d014bfd75..000000000 --- a/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out +++ /dev/null @@ -1,154 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] - detected: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com] - detection-update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com] - new: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] - detected: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][g.whatsapp.net] - detection-update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][g.whatsapp.net] - new: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [MIDSTREAM] - detected: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Apple][Cloud][Acceptable] - new: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] - detected: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun] - new: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] - detected: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable] - analyse: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 0.304| 0.044| 0.076| 5836.115| 3.200] - [PKTLEN......: 52.000| 1440.000| 295.400| 467.500| 218553.500| 3.800] - [BINS(c->s)..: 11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1] - [IATS(ms)....: 40.7,137.0,170.4,304.1,130.2,0.1,31.0,5.3,0.0,0.4,0.0,0.2,0.0,1.2,210.1,0.3,0.0,0.0,0.2,0.0,0.3,41.4,129.9,0.1,0.0,0.0,0.0,1.0,24.3,131.9,0.0] - [PKTLENS.....: 64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52] - [ENTROPIES...: 4.5,5.1,5.0,7.2,5.1,6.1,6.0,6.5,7.9,5.9,7.9,6.7,7.9,6.7,7.9,5.0,5.0,5.0,5.1,5.1,5.1,5.0,7.8,5.6,5.9,6.2,5.7,6.2,5.0,7.3,5.0,5.0] - new: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] - detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net] - detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net] - new: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] - detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] - detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] - analyse: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.163| 0.020| 0.047| 2203.182| 2.500] - [PKTLEN......: 52.000| 1440.000| 343.600| 489.700| 239839.300| 3.900] - [BINS(c->s)..: 10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0] - [IATS(ms)....: 19.7,127.7,2.8,126.3,2.9,0.0,0.0,21.0,0.2,145.2,0.0,0.0,0.0,0.0,0.0,163.3,0.0,0.0,0.0,0.2,0.0,0.0,17.5,0.3,0.0,0.0,2.4,0.3,0.1,0.4,0.6] - [PKTLENS.....: 64,60,52,569,52,1440,1440,335,52,52,116,98,95,87,388,311,52,223,126,83,52,100,484,52,52,52,52,1440,52,1440,1440,83] - [ENTROPIES...: 4.5,5.2,5.0,5.0,5.1,7.8,7.9,7.4,5.0,5.1,6.0,6.0,6.0,5.7,7.3,7.2,5.1,7.0,6.3,5.8,5.0,6.0,7.5,4.9,5.0,5.0,4.9,7.9,5.0,7.9,7.9,5.7] - new: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] - detected: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable] - new: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [MIDSTREAM] - detected: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS][Apple][Web][Safe] - new: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] - detected: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - new: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] - detected: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - new: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] - detected: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_raop._tcp.local] - new: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] - detected: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_raop._tcp.local] - new: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] - detected: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - new: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] - detected: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - new: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] - detected: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - new: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] - detected: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - new: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] - detected: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] - new: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] - detected: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - new: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] - detected: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][pps.whatsapp.net] - detection-update: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][pps.whatsapp.net] - new: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] - detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net] - detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net] - analyse: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 0.129| 0.020| 0.031| 949.768| 3.500] - [PKTLEN......: 52.000| 1440.000| 374.400| 526.300| 277041.400| 3.900] - [BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1] - [IATS(ms)....: 37.2,39.0,11.1,51.5,1.0,0.1,0.0,42.8,0.1,34.6,3.8,0.4,0.2,0.3,76.2,0.0,34.9,0.4,0.3,3.6,0.0,2.9,1.3,3.4,77.4,53.7,129.1,1.4,0.0,0.2,0.1] - [PKTLENS.....: 64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440] - [ENTROPIES...: 4.4,5.1,4.9,4.8,5.0,7.8,7.9,7.3,4.9,4.9,6.1,5.9,5.9,5.8,7.0,7.0,6.4,4.9,4.9,5.6,5.1,5.8,5.0,5.9,4.9,5.0,7.6,4.9,7.9,7.9,7.8,7.8] - new: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] - detected: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac] - new: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] - detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port - analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 12.196| 1.588| 3.050| 9304956.469| 3.200] - [PKTLEN......: 30.000| 306.000| 110.000| 87.200| 7598.900| 4.600] - [BINS(c->s)..: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1] - [IATS(ms)....: 0.1,13.4,0.1,12194.2,12196.2,104.4,0.1,105.1,0.0,108.6,104.6,3043.3,3048.9,3100.9,3096.0,3015.3,3016.6,2001.9,2.2,107.1,164.0,190.1,88.5,28.8,198.6,134.0,3008.1,91.0,35.6,0.3,36.5] - [PKTLENS.....: 154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72] - [ENTROPIES...: 6.5,6.5,5.3,5.3,4.6,4.5,6.5,6.5,5.2,5.1,4.6,4.5,4.6,4.5,4.6,4.5,4.6,4.5,5.7,5.2,7.0,7.1,7.1,6.6,7.3,7.0,7.2,4.6,4.5,6.5,6.5,5.2] - new: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] - detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port - analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: < 0.001| 1.204| 0.182| 0.229| 52393.320| 4.200] - [PKTLEN......: 54.000| 301.000| 144.900| 51.700| 2672.500| 4.900] - [BINS(c->s)..: 1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1] - [IATS(ms)....: 578.2,623.6,1203.7,72.5,167.2,11.6,115.7,158.4,0.0,172.8,173.6,169.8,156.2,136.6,155.3,179.8,99.3,157.4,38.3,163.4,181.3,166.6,142.4,3.0,26.0,115.3,6.1,171.8,106.3,56.2,143.4] - [PKTLENS.....: 72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179] - [ENTROPIES...: 5.5,5.6,5.5,5.6,5.5,5.6,6.9,7.1,6.7,6.6,7.3,6.5,6.7,6.6,6.5,6.6,6.5,6.6,6.7,6.8,6.7,6.7,6.7,6.7,6.5,5.2,6.6,6.6,6.7,6.6,6.6,6.8] - detection-update: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_homekit._tcp.local] - detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_homekit._tcp.local] - new: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [MIDSTREAM] - update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable] - update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable] - update: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun] - update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable] - new: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] - detected: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - new: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] - detected: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - new: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] - detected: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Unknown][Network][Acceptable] - idle: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Apple][Cloud][Acceptable] - not-detected: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [Unknown][Unknown][Unrated] - idle: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] - end: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable] - idle: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] - idle: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] - RISK: Known Proto on Non Std Port - idle: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - idle: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable] - idle: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] - idle: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable] - idle: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable] - end: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS][Apple][Web][Safe] - idle: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - idle: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] - idle: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] - idle: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] - idle: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun] - idle: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] - RISK: Known Proto on Non Std Port - idle: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - idle: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable] - idle: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - idle: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - idle: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Unknown][Network][Acceptable] - idle: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable] - idle: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable] - idle: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] - idle: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable] - idle: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] - idle: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/flow-info/flow_risk_lists_disable/protonvpn.pcap.out new file mode 100644 index 000000000..7d03b6e1c --- /dev/null +++ b/test/results/flow-info/flow_risk_lists_disable/protonvpn.pcap.out @@ -0,0 +1,20 @@ + DAEMON-EVENT: init + new: [.....1] [ip4][..tcp] [......10.0.2.15][37810] -> [185.159.159.148][..443] + detected: [.....1] [ip4][..tcp] [......10.0.2.15][37810] -> [185.159.159.148][..443] [TLS.ProtonVPN][Unknown][VPN][Acceptable][vpn-api.proton.me] + detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][37810] -> [185.159.159.148][..443] [TLS.ProtonVPN][Unknown][VPN][Acceptable][vpn-api.proton.me] + detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][37810] -> [185.159.159.148][..443] [TLS.ProtonVPN][Unknown][VPN][Acceptable][vpn-api.proton.me] + RISK: TLS Cert Expired + new: [.....2] [ip4][..udp] [......10.0.2.15][57701] -> [....217.23.3.76][..443] + detected: [.....2] [ip4][..udp] [......10.0.2.15][57701] -> [....217.23.3.76][..443] [WireGuard][Unknown][VPN][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Processed: 40 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] + new: [.....3] [ip4][..tcp] [....2.58.241.67][37710] -> [........8.8.8.8][..443] + idle: [.....2] [ip4][..udp] [......10.0.2.15][57701] -> [....217.23.3.76][..443] [WireGuard][Unknown][VPN][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..tcp] [......10.0.2.15][37810] -> [185.159.159.148][..443] [TLS.ProtonVPN][Unknown][VPN][Acceptable] + RISK: TLS Cert Expired + guessed: [.....3] [ip4][..tcp] [....2.58.241.67][37710] -> [........8.8.8.8][..443] [TLS][Google][Web][Safe] + RISK: Anonymous Subscriber, Unidirectional Traffic + idle: [.....3] [ip4][..tcp] [....2.58.241.67][37710] -> [........8.8.8.8][..443] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/guessing_disable/webex.pcap.out b/test/results/flow-info/guessing_disable/webex.pcap.out new file mode 100644 index 000000000..f3d4f355e --- /dev/null +++ b/test/results/flow-info/guessing_disable/webex.pcap.out @@ -0,0 +1,416 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] + detected: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] + RISK: TLS (probably) Not Carrying HTTPS + analyse: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.557| 0.113| 0.156| 24421.341| 3.700] + [PKTLEN......: 40.000| 2760.000| 387.900| 588.900| 346810.600| 3.800] + [BINS(c->s)..: 9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0] + [IATS(ms)....: 6.5,6.7,0.2,0.6,505.7,557.3,57.9,60.1,0.9,55.6,257.5,309.3,10.1,61.4,0.8,0.7,299.2,351.3,56.0,56.2,0.8,52.9,0.4,2.8,268.6,322.3,52.3,51.9,18.4,69.5,0.5] + [PKTLENS.....: 60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504] + [ENTROPIES...: 4.4,4.7,4.7,5.5,4.7,7.3,4.8,7.1,4.7,7.2,4.6,5.6,4.6,7.7,4.5,6.3,4.6,7.9,4.7,7.8,4.8,7.6,4.6,7.3,4.7,7.9,4.7,7.7,4.7,7.6,4.5,7.6] + new: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] + detected: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] + new: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] + detected: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] + RISK: TLS (probably) Not Carrying HTTPS + detected: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][radcom.webex.com] + RISK: TLS (probably) Not Carrying HTTPS + analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.455| 0.115| 0.126| 15828.845| 4.100] + [PKTLEN......: 40.000| 18006.000| 1574.700| 3700.100| 13691057.000| 2.900] + [BINS(c->s)..: 10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0] + [IATS(ms)....: 5.6,6.8,0.2,1.5,404.7,455.3,0.6,51.3,245.8,245.9,0.4,0.3,223.3,274.8,51.6,0.4,0.3,283.1,286.1,84.1,131.8,50.9,51.2,56.8,56.7,181.0,181.0,56.1,58.6,54.5,58.4] + [PKTLENS.....: 60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40] + [ENTROPIES...: 4.4,4.7,4.6,5.9,4.7,6.4,4.7,5.6,4.6,7.6,4.7,7.6,4.7,7.9,7.6,4.6,7.6,4.7,8.0,4.6,7.9,4.6,8.0,4.6,7.9,4.7,7.9,4.6,8.0,4.6,8.0,4.7] + new: [.....5] [ip4][..tcp] [..10.133.206.47][54651] -> [..185.63.147.10][..443] [MIDSTREAM] + new: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] [MIDSTREAM] + new: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] + detected: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + new: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] + detected: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Unknown][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + new: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] + detected: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + analyse: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.031| 0.154| 0.247| 61096.366| 3.800] + [PKTLEN......: 40.000| 8887.000| 1108.500| 2294.900| 5266403.500| 3.100] + [BINS(c->s)..: 12,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,4] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] + [IATS(ms)....: 3.1,3.2,1.9,2.2,397.0,448.1,52.0,52.1,0.4,52.4,209.8,261.8,51.8,1.3,1.0,979.9,1031.5,52.6,53.5,94.1,93.8,53.1,53.9,119.1,117.5,148.4,147.8,51.4,51.4,96.7,96.6] + [PKTLENS.....: 60,40,40,103,40,1400,40,2619,40,366,40,99,576,40,74,40,1400,40,8157,40,1400,40,8887,40,173,40,1400,40,6717,40,1400,40] + [ENTROPIES...: 4.4,4.7,4.7,5.3,4.6,7.2,4.7,7.2,4.6,7.3,4.6,6.0,7.6,4.5,5.7,4.6,7.9,4.7,8.0,4.7,7.9,4.7,8.0,4.7,6.8,4.6,7.9,4.6,8.0,4.7,7.9,4.7] + new: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] + new: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] + detected: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] + detected: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] + detected: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....14] [ip4][..tcp] [.......10.8.0.1][45814] -> [...62.109.231.3][..443] + detected: [....14] [ip4][..tcp] [.......10.8.0.1][45814] -> [...62.109.231.3][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] + new: [....16] [ip4][..tcp] [.......10.8.0.1][47116] -> [.114.29.202.139][..443] + new: [....17] [ip4][..tcp] [.......10.8.0.1][52730] -> [...173.243.4.76][..443] + new: [....18] [ip4][..tcp] [.......10.8.0.1][52219] -> [..64.68.121.100][..443] + new: [....19] [ip4][..tcp] [.......10.8.0.1][55969] -> [...64.68.121.99][..443] + detected: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....16] [ip4][..tcp] [.......10.8.0.1][47116] -> [.114.29.202.139][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....17] [ip4][..tcp] [.......10.8.0.1][52730] -> [...173.243.4.76][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....20] [ip4][..tcp] [.......10.8.0.1][47841] -> [..114.29.200.11][..443] + detected: [....18] [ip4][..tcp] [.......10.8.0.1][52219] -> [..64.68.121.100][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....19] [ip4][..tcp] [.......10.8.0.1][55969] -> [...64.68.121.99][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....20] [ip4][..tcp] [.......10.8.0.1][47841] -> [..114.29.200.11][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....21] [ip4][..tcp] [.......10.8.0.1][51370] -> [...64.68.105.97][..443] + new: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] + detected: [....21] [ip4][..tcp] [.......10.8.0.1][51370] -> [...64.68.105.97][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....23] [ip4][..tcp] [.......10.8.0.1][41386] -> [..64.68.105.103][..443] + detected: [....23] [ip4][..tcp] [.......10.8.0.1][41386] -> [..64.68.105.103][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][45814] -> [...62.109.231.3][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][52730] -> [...173.243.4.76][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....23] [ip4][..tcp] [.......10.8.0.1][41386] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....21] [ip4][..tcp] [.......10.8.0.1][51370] -> [...64.68.105.97][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][52219] -> [..64.68.121.100][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][55969] -> [...64.68.121.99][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + new: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] + detected: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] [SIP][Unknown][VoIP][Acceptable] + detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][47116] -> [.114.29.202.139][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][47841] -> [..114.29.200.11][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + new: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] + detected: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Google][Advertisement][Acceptable][ssl.google-analytics.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....26] [ip4][..tcp] [.......10.8.0.1][47135] -> [.114.29.202.139][..443] + new: [....27] [ip4][..tcp] [.......10.8.0.1][41757] -> [.114.29.213.212][..443] + new: [....28] [ip4][..tcp] [.......10.8.0.1][51676] -> [..114.29.204.49][..443] + new: [....29] [ip4][..tcp] [.......10.8.0.1][37139] -> [...64.68.105.98][..443] + new: [....30] [ip4][..tcp] [.......10.8.0.1][41394] -> [..64.68.105.103][..443] + new: [....31] [ip4][..tcp] [.......10.8.0.1][51134] -> [.62.109.224.120][..443] + new: [....32] [ip4][..tcp] [.......10.8.0.1][51135] -> [.62.109.224.120][..443] + new: [....33] [ip4][..tcp] [..10.133.206.47][33459] -> [...80.74.110.68][..443] [MIDSTREAM] + detected: [....33] [ip4][..tcp] [..10.133.206.47][33459] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] + new: [....34] [ip4][..tcp] [.......10.8.0.1][33511] -> [...80.74.110.68][..443] + new: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] + detected: [....26] [ip4][..tcp] [.......10.8.0.1][47135] -> [.114.29.202.139][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....27] [ip4][..tcp] [.......10.8.0.1][41757] -> [.114.29.213.212][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....28] [ip4][..tcp] [.......10.8.0.1][51676] -> [..114.29.204.49][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....29] [ip4][..tcp] [.......10.8.0.1][37139] -> [...64.68.105.98][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....30] [ip4][..tcp] [.......10.8.0.1][41394] -> [..64.68.105.103][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....31] [ip4][..tcp] [.......10.8.0.1][51134] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....32] [ip4][..tcp] [.......10.8.0.1][51135] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....34] [ip4][..tcp] [.......10.8.0.1][33511] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Google][Advertisement][Acceptable][ssl.google-analytics.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] + new: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] + detected: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + detection-update: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + new: [....38] [ip4][..tcp] [.......10.8.0.1][41419] -> [..64.68.105.103][..443] + detected: [....38] [ip4][..tcp] [.......10.8.0.1][41419] -> [..64.68.105.103][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....38] [ip4][..tcp] [.......10.8.0.1][41419] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + new: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] + detected: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + analyse: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 2.215| 0.340| 0.548| 300050.219| 3.700] + [PKTLEN......: 40.000| 10567.000| 619.600| 1915.700| 3669828.500| 2.500] + [BINS(c->s)..: 13,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 4,1,1,1,0,1,1,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0] + [IATS(ms)....: 14.2,16.6,0.1,3.2,966.8,968.2,50.6,52.1,160.0,217.3,56.9,151.8,203.4,506.4,456.2,506.1,506.2,258.0,307.3,51.0,1.8,210.7,261.7,55.5,54.3,51.9,51.3,2214.6,2165.1,3.2,2.9] + [PKTLENS.....: 60,40,40,103,40,3947,40,366,40,99,514,40,258,40,1010,40,10567,40,157,40,274,40,109,40,205,40,385,40,546,40,588,40] + [ENTROPIES...: 4.5,4.8,4.8,5.4,4.7,7.3,4.8,7.2,4.7,5.9,7.5,4.7,7.2,4.7,7.7,4.8,8.0,4.8,6.6,4.8,7.2,4.8,6.1,4.8,6.9,4.8,7.3,4.7,7.5,4.8,7.6,4.8] + detection-update: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + analyse: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 2.270| 0.347| 0.598| 357673.959| 3.300] + [PKTLEN......: 40.000| 3947.000| 310.600| 685.400| 469733.500| 3.500] + [BINS(c->s)..: 3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 9.1,24.1,0.4,16.5,915.3,917.4,50.7,52.7,154.6,206.6,52.4,7.9,9.4,3.3,2.1,963.3,962.0,0.5,0.4,0.4,0.3,562.0,562.1,368.6,368.5,0.7,0.6,2270.1,2270.1,1.0,1.0] + [PKTLENS.....: 60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40] + [ENTROPIES...: 4.4,4.7,4.6,5.4,4.7,7.3,4.8,7.3,4.8,6.0,7.6,4.8,7.6,4.8,6.5,4.8,7.6,4.8,7.6,4.8,7.4,4.8,7.4,4.7,7.6,4.7,6.5,4.7,7.6,4.7,7.0,4.8] + new: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] + detected: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....41] [ip4][..tcp] [.......10.8.0.1][55669] -> [..173.243.0.110][..443] + detected: [....41] [ip4][..tcp] [.......10.8.0.1][55669] -> [..173.243.0.110][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....41] [ip4][..tcp] [.......10.8.0.1][55669] -> [..173.243.0.110][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + update: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] [SIP][Unknown][VoIP][Acceptable] + new: [....42] [ip4][..tcp] [.......10.8.0.1][55671] -> [..173.243.0.110][..443] + detected: [....42] [ip4][..tcp] [.......10.8.0.1][55671] -> [..173.243.0.110][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....42] [ip4][..tcp] [.......10.8.0.1][55671] -> [..173.243.0.110][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + new: [....43] [ip4][..tcp] [.......10.8.0.1][51839] -> [.62.109.229.158][..443] + detected: [....43] [ip4][..tcp] [.......10.8.0.1][51839] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] + detected: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] + RISK: Obsolete TLS (v1.1 or older) + new: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] + new: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] + detected: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable][cp.pushwoosh.com] + detected: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable][cp.pushwoosh.com] + detection-update: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable][cp.pushwoosh.com] + RISK: HTTP Obsolete Server + detection-update: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable][cp.pushwoosh.com] + RISK: HTTP Obsolete Server + detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe][api.crittercism.com] + RISK: Obsolete TLS (v1.1 or older) + new: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] + detected: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] + new: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] + detected: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] + detected: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + new: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] + detected: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] + detected: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + new: [....53] [ip4][..udp] [.......10.8.0.1][51772] -> [.62.109.229.158][.9000] + new: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] + analyse: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][Webex][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 1.367| 0.190| 0.352| 124124.103| 3.400] + [PKTLEN......: 40.000| 3947.000| 234.000| 677.200| 458632.100| 3.100] + [BINS(c->s)..: 7,0,2,3,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 10,2,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] + [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,1] + [IATS(ms)....: 4.2,5.0,6.4,7.6,1312.6,1366.7,17.5,71.4,145.7,199.0,0.3,53.7,129.5,180.9,0.2,51.5,121.2,172.3,51.5,51.2,125.5,176.2,50.8,50.8,0.5,1.0,264.3,263.8,0.8,0.9,1006.9] + [PKTLENS.....: 60,40,40,227,40,3947,40,366,40,99,40,114,40,77,40,418,40,109,40,529,40,130,40,194,40,162,40,162,40,146,40,109] + [ENTROPIES...: 4.5,4.8,4.8,5.2,4.7,7.3,4.8,7.3,4.8,6.0,4.8,6.2,4.8,5.7,4.8,7.5,4.8,6.2,4.8,7.4,4.8,6.4,4.8,6.8,4.7,6.6,4.6,6.6,4.8,6.4,4.7,6.2] + new: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] + detected: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + new: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] + new: [....57] [ip4][..tcp] [.......10.8.0.1][51195] -> [.62.109.224.120][..443] + detected: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detected: [....57] [ip4][..tcp] [.......10.8.0.1][51195] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe][] + RISK: Obsolete TLS (v1.1 or older) + detection-update: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable][] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + update: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] [SIP][Unknown][VoIP][Acceptable] + end: [....45] [ip4][..tcp] [.......10.8.0.1][59756] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable] + RISK: HTTP Obsolete Server + end: [....46] [ip4][..tcp] [.......10.8.0.1][59757] -> [...78.46.237.91][...80] [HTTP][Unknown][Web][Acceptable] + RISK: HTTP Obsolete Server + idle: [....24] [ip4][..udp] [.......10.8.0.1][64538] -> [....172.16.1.75][.5060] [SIP][Unknown][VoIP][Acceptable] + end: [....19] [ip4][..tcp] [.......10.8.0.1][55969] -> [...64.68.121.99][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....11] [ip4][..tcp] [.......10.8.0.1][51646] -> [..114.29.204.49][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....28] [ip4][..tcp] [.......10.8.0.1][51676] -> [..114.29.204.49][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....12] [ip4][..tcp] [.......10.8.0.1][47498] -> [209.197.222.159][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....40] [ip4][..tcp] [.......10.8.0.1][51833] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....43] [ip4][..tcp] [.......10.8.0.1][51839] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....52] [ip4][..tcp] [.......10.8.0.1][51857] -> [.62.109.229.158][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + guessed: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] [TLS][Webex][Web][Safe] + RISK: TCP Connection Issues + end: [....54] [ip4][..tcp] [.......10.8.0.1][51859] -> [.62.109.229.158][..443] + end: [....14] [ip4][..tcp] [.......10.8.0.1][45814] -> [...62.109.231.3][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....18] [ip4][..tcp] [.......10.8.0.1][52219] -> [..64.68.121.100][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....20] [ip4][..tcp] [.......10.8.0.1][47841] -> [..114.29.200.11][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....10] [ip4][..tcp] [.......10.8.0.1][41726] -> [.114.29.213.212][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....27] [ip4][..tcp] [.......10.8.0.1][41757] -> [.114.29.213.212][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + guessed: [....53] [ip4][..udp] [.......10.8.0.1][51772] -> [.62.109.229.158][.9000] [Webex][Webex][VoIP][Acceptable] + idle: [....53] [ip4][..udp] [.......10.8.0.1][51772] -> [.62.109.229.158][.9000] + guessed: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] [TLS][AmazonAWS][Web][Safe] + end: [.....6] [ip4][..tcp] [..10.133.206.47][59447] -> [..107.20.242.44][..443] + end: [....17] [ip4][..tcp] [.......10.8.0.1][52730] -> [...173.243.4.76][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....33] [ip4][..tcp] [..10.133.206.47][33459] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] + end: [....15] [ip4][..tcp] [.......10.8.0.1][44492] -> [..64.68.104.140][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + guessed: [.....5] [ip4][..tcp] [..10.133.206.47][54651] -> [..185.63.147.10][..443] [TLS][Unknown][Web][Safe] + end: [.....5] [ip4][..tcp] [..10.133.206.47][54651] -> [..185.63.147.10][..443] + end: [.....8] [ip4][..tcp] [.......10.8.0.1][49048] -> [..23.44.253.243][..443] [TLS.Webex][Unknown][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + idle: [....25] [ip4][..tcp] [.......10.8.0.1][43433] -> [..216.58.208.40][..443] [TLS.Google][Google][Advertisement][Acceptable] + RISK: TLS (probably) Not Carrying HTTPS + end: [....21] [ip4][..tcp] [.......10.8.0.1][51370] -> [...64.68.105.97][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....31] [ip4][..tcp] [.......10.8.0.1][51134] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....32] [ip4][..tcp] [.......10.8.0.1][51135] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....36] [ip4][..tcp] [.......10.8.0.1][51154] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + idle: [....37] [ip4][..tcp] [.......10.8.0.1][51155] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....39] [ip4][..tcp] [.......10.8.0.1][55665] -> [..173.243.0.110][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....41] [ip4][..tcp] [.......10.8.0.1][55669] -> [..173.243.0.110][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....42] [ip4][..tcp] [.......10.8.0.1][55671] -> [..173.243.0.110][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + idle: [....55] [ip4][..tcp] [.......10.8.0.1][51190] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....50] [ip4][..tcp] [.......10.8.0.1][55687] -> [..173.243.0.110][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....34] [ip4][..tcp] [.......10.8.0.1][33511] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + idle: [....56] [ip4][..tcp] [.......10.8.0.1][51194] -> [.62.109.224.120][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....35] [ip4][..tcp] [.......10.8.0.1][33512] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + idle: [....57] [ip4][..tcp] [.......10.8.0.1][51195] -> [.62.109.224.120][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....22] [ip4][..tcp] [.......10.8.0.1][37129] -> [...64.68.105.98][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....29] [ip4][..tcp] [.......10.8.0.1][37139] -> [...64.68.105.98][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....47] [ip4][..tcp] [.......10.8.0.1][33551] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....48] [ip4][..tcp] [.......10.8.0.1][33553] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....49] [ip4][..tcp] [.......10.8.0.1][33554] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + idle: [....51] [ip4][..tcp] [.......10.8.0.1][33559] -> [...80.74.110.68][..443] [TLS][Unknown][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....13] [ip4][..tcp] [.......10.8.0.1][57647] -> [..64.68.121.153][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....16] [ip4][..tcp] [.......10.8.0.1][47116] -> [.114.29.202.139][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....26] [ip4][..tcp] [.......10.8.0.1][47135] -> [.114.29.202.139][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....44] [ip4][..tcp] [.......10.8.0.1][46211] -> [...54.241.32.14][..443] [TLS][AmazonAWS][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + idle: [.....1] [ip4][..tcp] [.......10.8.0.1][41346] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: TLS (probably) Not Carrying HTTPS + idle: [.....2] [ip4][..tcp] [.......10.8.0.1][41348] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: TLS (probably) Not Carrying HTTPS + idle: [.....3] [ip4][..tcp] [.......10.8.0.1][41350] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: TLS (probably) Not Carrying HTTPS + idle: [.....4] [ip4][..tcp] [.......10.8.0.1][41351] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: TLS (probably) Not Carrying HTTPS + end: [.....7] [ip4][..tcp] [.......10.8.0.1][41354] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [.....9] [ip4][..tcp] [.......10.8.0.1][41358] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....23] [ip4][..tcp] [.......10.8.0.1][41386] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + end: [....30] [ip4][..tcp] [.......10.8.0.1][41394] -> [..64.68.105.103][..443] [TLS][Webex][Web][Safe] + RISK: Obsolete TLS (v1.1 or older) + end: [....38] [ip4][..tcp] [.......10.8.0.1][41419] -> [..64.68.105.103][..443] [TLS.Webex][Webex][VoIP][Acceptable] + RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/http_process_response_disable/http.pcapng.out b/test/results/flow-info/http_process_response_disable/http.pcapng.out new file mode 100644 index 000000000..b36af79c7 --- /dev/null +++ b/test/results/flow-info/http_process_response_disable/http.pcapng.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.128][42170] -> [.216.58.208.142][...80] + detected: [.....1] [ip4][..tcp] [..192.168.1.128][42170] -> [.216.58.208.142][...80] [HTTP.Google][Google][Web][Acceptable][google.com] + end: [.....1] [ip4][..tcp] [..192.168.1.128][42170] -> [.216.58.208.142][...80] [HTTP.Google][Google][Web][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/flow-info/http_process_response_disable/http_asymmetric.pcapng.out new file mode 100644 index 000000000..1481b9b76 --- /dev/null +++ b/test/results/flow-info/http_process_response_disable/http_asymmetric.pcapng.out @@ -0,0 +1,16 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [....192.168.0.1][.1044] -> [.....10.10.10.1][...80] + new: [.....2] [ip4][..tcp] [..192.168.1.146][...80] -> [..192.168.1.103][.1044] + detected: [.....1] [ip4][..tcp] [....192.168.0.1][.1044] -> [.....10.10.10.1][...80] [HTTP][Unknown][Web][Acceptable][proxy.wiresharkfest.acropolis.local] + RISK: Unidirectional Traffic + detected: [.....2] [ip4][..tcp] [..192.168.1.146][...80] -> [..192.168.1.103][.1044] [HTTP][Unknown][Web][Acceptable][] + RISK: HTTP Susp User-Agent, Unidirectional Traffic + detection-update: [.....2] [ip4][..tcp] [..192.168.1.146][...80] -> [..192.168.1.103][.1044] [HTTP][Unknown][Web][Acceptable][] + RISK: HTTP Susp User-Agent, Error Code, Unidirectional Traffic + end: [.....2] [ip4][..tcp] [..192.168.1.146][...80] -> [..192.168.1.103][.1044] [HTTP][Unknown][Web][Acceptable] + RISK: HTTP Susp User-Agent, Error Code, Unidirectional Traffic + end: [.....1] [ip4][..tcp] [....192.168.0.1][.1044] -> [.....10.10.10.1][...80] [HTTP][Unknown][Web][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/ip_lists_disable/1kxun.pcap.out b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out new file mode 100644 index 000000000..2b471b0ff --- /dev/null +++ b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out @@ -0,0 +1,875 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] + detected: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] + detected: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] + detected: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] + detected: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Unknown][Network][Acceptable][] + new: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] [MIDSTREAM] + new: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] + detected: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] + detected: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] + detected: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][shen] + new: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] + detected: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + new: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] + detected: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] + detected: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] + detected: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] + detected: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] + detected: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi] + detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi] + RISK: Unidirectional Traffic + detection-update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][jp.kankan.1kxun.mobi] + new: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] + detected: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + new: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] + detected: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com] + detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com] + RISK: Unidirectional Traffic + new: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] [MIDSTREAM] + new: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] + detected: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] + new: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] + detected: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] + detected: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] + detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] + new: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976] + new: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] + detected: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com] + detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com] + RISK: Unidirectional Traffic + detection-update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun][kankan.1kxun.com] + new: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] + detection-update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][kankan.1kxun.com] + detected: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] [HTTP.1kxun][Unknown][Streaming][Fun][kankan.1kxun.com] + new: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] + detected: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] + detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] + RISK: Unidirectional Traffic + detection-update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun][pic.1kxun.com] + new: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] + new: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] + new: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] + new: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] + new: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] + new: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] + new: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] + detected: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] + detected: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + detected: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + detected: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + analyse: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.056| 0.011| 0.020| 413.706| 3.100] + [PKTLEN......: 40.000| 1300.000| 821.900| 585.300| 342554.800| 4.500] + [BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1] + [IATS(ms)....: 0.0,52.1,52.2,0.0,5.5,0.0,48.2,11.6,0.8,0.1,0.1,0.0,0.3,0.0,0.0,0.0,0.5,56.2,0.0,50.5,3.5,0.1,0.1,53.9,0.0,17.7,0.1,0.1,0.1,0.0,0.1] + [PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.2,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.9,7.8] + analyse: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.066| 0.012| 0.024| 579.055| 2.800] + [PKTLEN......: 40.000| 1300.000| 743.100| 600.300| 360321.400| 4.400] + [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0] + [IATS(ms)....: 0.0,54.6,54.7,0.0,4.2,0.1,64.5,0.1,0.0,0.0,0.1,0.0,0.7,0.1,0.1,0.1,61.7,0.0,0.9,65.4,0.1,66.2,0.1,0.5,2.9,0.6,0.1,0.1,0.1,3.9,0.0] + [PKTLENS.....: 52,52,52,40,40,399,399,46,359,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40] + [ENTROPIES...: 4.5,4.5,5.0,4.7,4.7,5.8,5.8,4.4,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8] + analyse: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.067| 0.012| 0.023| 544.113| 2.900] + [PKTLEN......: 40.000| 1300.000| 743.200| 600.200| 360235.600| 4.400] + [BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1] + [IATS(ms)....: 0.0,53.2,53.3,0.0,4.6,0.1,61.5,0.0,0.3,0.1,57.3,0.0,5.1,0.1,0.3,0.0,0.3,0.1,5.9,0.0,1.4,65.1,0.1,0.1,0.1,66.8,0.0,3.8,0.1,0.8,0.1] + [PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,7.5,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8] + analyse: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.096| 0.013| 0.026| 693.255| 2.700] + [PKTLEN......: 40.000| 1300.000| 833.000| 555.000| 308021.300| 4.600] + [BINS(c->s)..: 6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0] + [IATS(ms)....: 0.0,50.7,50.8,0.0,5.7,0.0,60.3,0.1,0.1,0.1,0.0,0.1,0.7,0.0,0.0,0.1,0.3,56.3,0.0,72.3,0.1,0.0,0.1,0.2,0.1,0.1,0.1,0.3,0.0,96.5,0.1] + [PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409] + [ENTROPIES...: 4.5,4.5,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.7,5.8,5.8] + analyse: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.142| 0.016| 0.032| 1046.271| 2.800] + [PKTLEN......: 40.000| 1300.000| 822.000| 585.200| 342449.500| 4.500] + [BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1] + [IATS(ms)....: 0.1,51.9,52.1,0.0,5.2,0.1,60.5,0.9,0.0,0.0,0.1,0.0,0.4,0.1,0.0,0.1,0.2,85.1,142.0,0.0,40.8,2.5,0.1,0.1,0.1,43.6,0.1,0.4,0.1,0.1,0.0] + [PKTLENS.....: 52,52,52,40,40,402,402,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,6.7,7.7,7.8,7.7,7.7,7.7,7.7,7.6,4.1,6.3,4.8,4.8,7.7,7.8,7.7,7.7,7.7,4.8,4.8,7.7,7.7,5.6,3.0] + new: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] + detected: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][sanji-lifebook-] + RISK: Unsafe Protocol + new: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] + new: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] + detected: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + RISK: HTTP Susp User-Agent + detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi] + RISK: HTTP Susp User-Agent + analyse: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.147| 0.015| 0.033| 1100.854| 2.600] + [PKTLEN......: 40.000| 1300.000| 693.600| 612.000| 374554.600| 4.300] + [BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1] + [IATS(ms)....: 0.1,37.8,38.0,0.1,1.8,0.1,39.0,109.8,0.2,146.8,0.0,0.3,0.1,0.1,0.1,0.5,0.0,0.2,0.1,0.1,0.4,0.0,0.2,36.3,36.5,0.0,0.4,0.1,0.5,0.1,0.1] + [PKTLENS.....: 52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300] + [ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,5.0,4.8,4.8,4.8,5.3,5.2,5.1,4.7,4.7,6.0,5.1,5.2,4.8,4.8,5.8,5.1,4.7,4.7,4.5,4.7,4.7,5.6,5.2] + new: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] + detected: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable][218.244.135.170] + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI + new: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] + detected: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] + detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] + RISK: Unidirectional Traffic + detection-update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun][vv.video.qq.com] + new: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] + detected: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] [HTTP.QQ][Unknown][Chat][Fun][vv.video.qq.com] + new: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] + new: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] + detected: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable][42.120.51.152] + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI + new: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] + detected: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] + detected: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] + detected: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detection-update: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + new: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] + new: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] + detected: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] + detected: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + detected: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.145] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] + analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.399| 0.070| 0.104| 10878.943| 3.600] + [PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100] + [BINS(c->s)..: 9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0] + [IATS(ms)....: 0.1,76.5,76.6,0.0,1.1,0.0,62.3,0.1,61.8,0.0,298.9,0.1,399.0,66.5,0.2,166.1,0.0,60.3,0.5,0.1,60.8,0.0,117.1,0.0,178.1,0.5,62.0,0.0,102.3,44.3,349.7] + [PKTLENS.....: 52,52,48,40,40,292,292,46,65,485,485,485,485,46,1300,1300,40,40,1300,1300,528,40,40,267,267,46,65,477,477,46,733,40] + [ENTROPIES...: 4.6,4.6,5.0,5.0,5.0,5.8,5.8,4.7,5.4,6.1,6.1,6.1,6.1,4.6,5.3,4.7,4.9,4.9,4.7,5.2,4.9,4.9,4.9,5.8,5.8,4.6,5.4,6.1,6.1,4.7,5.7,4.9] + detected: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Web][Acceptable][183.131.48.144] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + detection-update: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Media][Acceptable][183.131.48.144] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + new: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] + detected: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] + detected: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] + detected: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] + detected: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] + detected: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] + detected: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable][macbook-air] + new: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] + new: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] [MIDSTREAM] + new: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] [MIDSTREAM] + new: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] + detected: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] + new: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + detection-update: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][api.magicansoft.com] + RISK: Error Code + new: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [MIDSTREAM] + new: [....62] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][63659] -> [..............................ff02::1:3][.5355] + detected: [....62] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][63659] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....63] [ip4][..udp] [..192.168.3.236][51714] -> [....224.0.0.252][.5355] + detected: [....63] [ip4][..udp] [..192.168.3.236][51714] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] + detected: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][isatap] + new: [....65] [ip4][..udp] [192.168.140.140][62976] -> [255.255.255.255][62976] + new: [....66] [ip6][..udp] [.......2001:b020:6::c2a0:bbff:fe73:eb57][62976] -> [................................ff02::1][62976] + new: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] + detected: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][sanji-lifebook-] + new: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] + detected: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][gfile] + new: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] + detected: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][nasfile] + new: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] + detected: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][macbookair-e1d0] + RISK: Unsafe Protocol + new: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] + new: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] + detected: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....73] [ip4][..udp] [...192.168.5.41][54470] -> [....224.0.0.252][.5355] + detected: [....73] [ip4][..udp] [...192.168.5.41][54470] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] + detected: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][joanna-pc] + new: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] + detected: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] + detected: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlecast._tcp.local] + new: [....77] [ip4][..udp] [..192.168.2.186][32768] -> [255.255.255.255][.1947] + new: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] + detected: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + new: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] + detected: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] + detected: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] + detected: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] + detected: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] + detected: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable][[ff02::c]:1900] + new: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] + detected: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....86] [ip4][..udp] [.59.120.208.212][32768] -> [255.255.255.255][.1947] + new: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] + detected: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detection-update: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + new: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + new: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] + new: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] + detected: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] + detected: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....92] [ip4][..udp] [...192.168.5.44][58702] -> [....224.0.0.252][.5355] + detected: [....92] [ip4][..udp] [...192.168.5.44][58702] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] + detected: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + new: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + new: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] + detected: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] + detected: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] + detected: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] + detected: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] + detected: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] + detected: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [MIDSTREAM] + new: [...102] [ip4][..udp] [...192.168.5.37][54506] -> [....224.0.0.252][.5355] + detected: [...102] [ip4][..udp] [...192.168.5.37][54506] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...103] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][64568] -> [..............................ff02::1:3][.5355] + detected: [...103] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][64568] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...104] [ip4][..udp] [...192.168.5.49][64568] -> [....224.0.0.252][.5355] + detected: [...104] [ip4][..udp] [...192.168.5.49][64568] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] + detected: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][kevin-pc] + new: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [MIDSTREAM] + detected: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS][Facebook][Web][Safe] + new: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] + detection-update: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS][Facebook][Web][Safe] + RISK: Unidirectional Traffic + detection-update: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS][Facebook][Web][Safe] + detected: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detection-update: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + new: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] + detected: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS.Line][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp] + detection-update: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS.Line][Unknown][Network][Acceptable][dl-obs.official.line.naver.jp] + new: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80] + new: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] + detected: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] [HTTP.Line][Unknown][Chat][Acceptable][dl-obs.official.line.naver.jp] + detected: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80] [HTTP.Line][Unknown][Chat][Acceptable][dl-obs.official.line.naver.jp] + new: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] + detected: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...112] [ip4][..udp] [....192.168.5.9][62822] -> [....224.0.0.252][.5355] + detected: [...112] [ip4][..udp] [....192.168.5.9][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...113] [ip4][..tcp] [.....31.13.87.1][..443] -> [...192.168.5.16][53578] [MIDSTREAM] + detected: [...113] [ip4][..tcp] [.....31.13.87.1][..443] -> [...192.168.5.16][53578] [TLS][Facebook][Web][Safe] + new: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] + detected: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...115] [ip4][..udp] [..192.168.3.236][59730] -> [....224.0.0.252][.5355] + detected: [...115] [ip4][..udp] [..192.168.3.236][59730] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] + detected: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + new: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] + detected: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + detection-update: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe][192.168.115.75] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + update: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] + update: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] + update: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976] + update: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Unknown][Network][Acceptable] + update: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] + update: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + update: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] + update: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + update: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun] + update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] + update: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + analyse: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 45.001| 1.464| 7.949| 63183326.806| 0.100] + [PKTLEN......: 40.000| 1300.000| 781.600| 593.200| 351838.700| 4.400] + [BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0] + [IATS(ms)....: 0.0,54.5,54.6,0.0,4.9,0.0,65.5,0.1,0.1,0.4,0.1,0.1,0.2,0.0,0.0,0.0,0.0,61.5,0.0,69.0,0.1,0.1,0.0,0.7,0.1,0.1,0.1,0.5,70.7,0.0,45001.1] + [PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1267,40,40,41] + [ENTROPIES...: 4.6,4.6,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.9,4.9,4.8] + new: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] + detected: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][sc.arrancar.org] + new: [...119] [ip4][..udp] [...192.168.5.16][..123] -> [..17.253.26.125][..123] + detected: [...119] [ip4][..udp] [...192.168.5.16][..123] -> [..17.253.26.125][..123] [NTP][Apple][System][Acceptable] + new: [...120] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][57148] -> [..............................ff02::1:3][.5355] + detected: [...120] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][57148] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...121] [ip4][..udp] [...192.168.5.41][55593] -> [....224.0.0.252][.5355] + detected: [...121] [ip4][..udp] [...192.168.5.41][55593] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...122] [ip4][..udp] [...192.168.5.57][64428] -> [....224.0.0.252][.5355] + detected: [...122] [ip4][..udp] [...192.168.5.57][64428] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] + detected: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] + detected: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] + detected: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...126] [ip4][..udp] [...192.168.5.50][49766] -> [....224.0.0.252][.5355] + detected: [...126] [ip4][..udp] [...192.168.5.50][49766] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...127] [ip4][..udp] [...192.168.5.44][59062] -> [....224.0.0.252][.5355] + detected: [...127] [ip4][..udp] [...192.168.5.44][59062] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] + detected: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + new: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] + detected: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable] + update: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + update: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] + RISK: Unsafe Protocol + update: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] + update: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] + update: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun] + update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] + update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + DAEMON-EVENT: [Processed: 1032 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 129 / 129|skipped: 0|!detected: 0|guessed: 0|detection-updates: 19|updates: 38] + new: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [MIDSTREAM] + detected: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] + RISK: Known Proto on Non Std Port + new: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [MIDSTREAM] + detected: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] + RISK: Known Proto on Non Std Port + new: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [MIDSTREAM] + detected: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun][ws.1kxun.mobi] + RISK: Known Proto on Non Std Port + new: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.mobi] + new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM] + detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com] + detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi] + RISK: Binary App Transfer + new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] + new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com] + idle: [....44] [ip4][..udp] [...192.168.5.37][57325] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [....78] [ip4][..udp] [...192.168.5.48][59797] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...108] [ip4][..udp] [...192.168.5.16][63372] -> [.....168.95.1.1][...53] [DNS.Line][Unknown][Network][Acceptable] + idle: [.....7] [ip4][..udp] [...192.168.5.41][55312] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [...125] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][49766] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...109] [ip4][..tcp] [...192.168.5.16][53627] -> [...203.69.81.73][...80] [HTTP.Line][Unknown][Chat][Acceptable] + idle: [...110] [ip4][..tcp] [...192.168.5.16][53628] -> [...203.69.81.73][...80] [HTTP.Line][Unknown][Chat][Acceptable] + idle: [....14] [ip4][..udp] [..192.168.115.8][51024] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] + not-detected: [....77] [ip4][..udp] [..192.168.2.186][32768] -> [255.255.255.255][.1947] [Unknown][Unknown][Unrated] + idle: [....77] [ip4][..udp] [..192.168.2.186][32768] -> [255.255.255.255][.1947] + idle: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [...120] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][57148] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [.....8] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] + idle: [....63] [ip4][..udp] [..192.168.3.236][51714] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....40] [ip4][..tcp] [..192.168.115.8][49608] -> [203.205.151.234][...80] [HTTP.QQ][Unknown][Chat][Fun] + idle: [....51] [ip4][..udp] [....192.168.5.9][55484] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [....50] [ip4][..udp] [.192.168.101.33][55485] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [.....3] [ip4][..udp] [...192.168.5.44][51389] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [...113] [ip4][..tcp] [.....31.13.87.1][..443] -> [...192.168.5.16][53578] [TLS][Facebook][Web][Safe] + idle: [...106] [ip4][..tcp] [...192.168.5.16][53580] -> [....31.13.87.36][..443] [TLS][Facebook][Web][Safe] + not-detected: [....66] [ip6][..udp] [.......2001:b020:6::c2a0:bbff:fe73:eb57][62976] -> [................................ff02::1][62976] [Unknown][Unknown][Unrated] + idle: [....66] [ip6][..udp] [.......2001:b020:6::c2a0:bbff:fe73:eb57][62976] -> [................................ff02::1][62976] + not-detected: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976] [Unknown][Unknown][Unrated] + idle: [....23] [ip6][..udp] [..2001:b030:214:100:c2a0:bbff:fe73:eb47][62976] -> [................................ff02::1][62976] + idle: [...126] [ip4][..udp] [...192.168.5.50][49766] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....91] [ip4][..udp] [..192.168.3.236][62069] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...105] [ip4][..udp] [...192.168.5.41][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] + idle: [....74] [ip4][..udp] [....192.168.5.9][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] + idle: [.....4] [ip4][..udp] [..192.168.119.1][...67] -> [255.255.255.255][...68] [DHCP][Unknown][Network][Acceptable] + idle: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + not-detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] + idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] + idle: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....55] [ip4][..udp] [...192.168.5.16][...68] -> [..192.168.119.1][...67] [DHCP][Unknown][Network][Acceptable] + idle: [....54] [ip4][..udp] [...192.168.5.49][51704] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [.....2] [ip4][..udp] [...192.168.5.57][55809] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [...103] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][64568] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...122] [ip4][..udp] [...192.168.5.57][64428] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable] + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI + idle: [...114] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][61172] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....75] [ip4][..udp] [...192.168.5.48][49701] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [....68] [ip4][..udp] [...192.168.5.45][59461] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] + idle: [...118] [ip4][..udp] [..192.168.0.104][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] + idle: [....69] [ip4][..udp] [...192.168.5.45][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] + idle: [....64] [ip4][..udp] [..192.168.3.236][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] + idle: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] + idle: [....70] [ip4][..udp] [...192.168.5.45][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] + RISK: Unsafe Protocol + idle: [....35] [ip4][..udp] [...192.168.5.67][..138] -> [192.168.255.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] + RISK: Unsafe Protocol + idle: [....43] [ip4][..udp] [...192.168.5.37][56366] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...104] [ip4][..udp] [...192.168.5.49][64568] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....38] [ip4][..tcp] [..192.168.115.8][49607] -> [218.244.135.170][.9099] [HTTP][Alibaba][Web][Acceptable] + RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI + idle: [....48] [ip4][..udp] [....192.168.5.9][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....47] [ip4][..udp] [.192.168.101.33][58456] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....81] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][62756] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + not-detected: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] + idle: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] + idle: [....73] [ip4][..udp] [...192.168.5.41][54470] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....76] [ip4][..udp] [...192.168.5.64][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + idle: [...102] [ip4][..udp] [...192.168.5.37][54506] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [....67] [ip4][..udp] [...192.168.5.45][59789] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] + guessed: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][] + RISK: Unidirectional Traffic + end: [.....5] [ip4][..tcp] [...192.168.5.16][53605] -> [.68.233.253.133][...80] + idle: [....82] [ip4][..udp] [...192.168.5.50][62756] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + guessed: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable][] + RISK: Unidirectional Traffic + end: [....58] [ip4][..tcp] [...192.168.5.16][53613] -> [.68.233.253.133][...80] + not-detected: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] [Unknown][Unknown][Unrated] + idle: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] + end: [....59] [ip4][..tcp] [...192.168.5.16][53624] -> [.68.233.253.133][...80] [HTTP][Unknown][Web][Acceptable] + RISK: Error Code + idle: [....92] [ip4][..udp] [...192.168.5.44][58702] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....62] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][63659] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...112] [ip4][..udp] [....192.168.5.9][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...111] [ip4][..udp] [.192.168.101.33][62822] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] + idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] + idle: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + idle: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + RISK: HTTP Susp User-Agent + idle: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + RISK: HTTP Susp User-Agent + idle: [....25] [ip4][..tcp] [..192.168.115.8][49598] -> [.222.73.254.167][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + guessed: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + end: [....17] [ip4][..tcp] [...192.168.5.16][53622] -> [.192.168.115.75][..443] + end: [....45] [ip4][..tcp] [...192.168.5.16][53623] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + end: [....87] [ip4][..tcp] [...192.168.5.16][53625] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + end: [...107] [ip4][..tcp] [...192.168.5.16][53626] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + end: [...117] [ip4][..tcp] [...192.168.5.16][53629] -> [.192.168.115.75][..443] [TLS][Unknown][Web][Safe] + RISK: Weak TLS Cipher, HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS + idle: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + not-detected: [....65] [ip4][..udp] [192.168.140.140][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] + idle: [....65] [ip4][..udp] [192.168.140.140][62976] -> [255.255.255.255][62976] + not-detected: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] + idle: [....71] [ip4][..udp] [...192.168.10.7][62976] -> [255.255.255.255][62976] + not-detected: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] + idle: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] + idle: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + idle: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + not-detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] + idle: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] + idle: [...116] [ip6][..udp] [..............fe80::f65c:89ff:fe89:e607][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + idle: [....72] [ip6][..udp] [..............fe80::4568:efbc:40b1:1346][50194] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...127] [ip4][..udp] [...192.168.5.44][59062] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....90] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][49735] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun] + idle: [...124] [ip4][..udp] [...192.168.5.50][57143] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + not-detected: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] + idle: [....79] [ip4][..udp] [..192.168.0.100][50925] -> [255.255.255.255][.5678] + idle: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] + idle: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + idle: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] + idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] + end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + idle: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80] [HTTP][Unknown][Media][Acceptable] + RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI + idle: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun] + not-detected: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] + idle: [....89] [ip6][..udp] [................fe80::4e5e:cff:feea:365][.5678] -> [................................ff02::1][.5678] + not-detected: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] [Unknown][Unknown][Unrated] + idle: [....60] [ip6][..udp] [...............fe80::4e5e:cff:fe9a:ec54][.5678] -> [................................ff02::1][.5678] + idle: [...119] [ip4][..udp] [...192.168.5.16][..123] -> [..17.253.26.125][..123] [NTP][Apple][System][Acceptable] + idle: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] + guessed: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] [TLS][Unknown][Web][Safe] + idle: [....57] [ip4][..tcp] [..192.168.115.8][49596] -> [..203.66.182.87][..443] + idle: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] + idle: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + idle: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + idle: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [...121] [ip4][..udp] [...192.168.5.41][55593] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + not-detected: [....86] [ip4][..udp] [.59.120.208.212][32768] -> [255.255.255.255][.1947] [Unknown][Unknown][Unrated] + idle: [....86] [ip4][..udp] [.59.120.208.212][32768] -> [255.255.255.255][.1947] + idle: [...115] [ip4][..udp] [..192.168.3.236][59730] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] + idle: [....84] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][.1900] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable] + new: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][messages.1kxun.mobi] + new: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [MIDSTREAM] + detected: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] + RISK: HTTP Susp User-Agent + detection-update: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] + RISK: HTTP Susp User-Agent, Unidirectional Traffic + detection-update: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun][pingma.qq.com] + RISK: HTTP Susp User-Agent, Error Code + new: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [MIDSTREAM] + detected: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com] + detection-update: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun][android.yingshi.tcclick.1kxun.com] + RISK: Error Code + new: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + analyse: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.895| 0.069| 0.184| 33990.969| 2.200] + [PKTLEN......: 260.000| 21652.000| 4534.200| 5608.100| 31450232.000| 4.200] + [BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1] + [IATS(ms)....: 356.2,0.1,308.1,0.1,2.4,3.2,0.1,200.2,0.0,0.1,0.0,0.0,0.0,0.0,0.0,1.6,0.1,0.1,0.0,0.0,0.0,0.0,0.0,0.0,895.3,372.0,0.0,1.3,0.1,1.9,0.0] + [PKTLENS.....: 264,373,13012,14452,2932,2932,1492,7252,2932,1492,2932,2932,1492,1492,1492,1492,1492,4372,6324,2932,2932,1492,1492,1492,788,260,373,17332,21652,1492,4372,17332] + [ENTROPIES...: 5.9,5.7,8.0,8.0,7.9,7.9,7.9,8.0,7.9,7.8,7.9,7.9,7.9,7.8,7.8,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.8,7.8,7.7,5.8,5.8,8.0,8.0,7.9,7.9,8.0] + new: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [MIDSTREAM] + detected: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun][release.bigdata.1kxun.com] + new: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable][tcad.wedolook.com] + new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM] + detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com] + analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300] + [PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600] + [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12] + [DIRECTIONS..: 0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] + [IATS(ms)....: 380.4,4.6,408.6,215.7,0.5,1.0,1.0,178.5,0.3,0.5,379.6,185.4,1.4,0.7,331.7,5.7,174.2,6.1,0.3,0.9,170.5,0.4,6.0,1.1,0.3,0.7,169.5,0.5,0.6,5.3,0.4] + [PKTLENS.....: 817,1492,1253,488,1492,1492,7252,4372,1492,1492,2504,476,2932,8692,1492,2932,8692,2932,1492,1492,7252,1492,1492,2932,1492,1492,2932,1492,1492,2932,1492,1492] + [ENTROPIES...: 5.9,7.7,7.8,5.9,7.6,7.9,8.0,8.0,7.9,7.9,7.9,5.9,7.8,8.0,7.9,7.9,8.0,7.9,7.9,7.9,8.0,7.9,7.8,7.9,7.8,7.8,7.9,7.9,7.9,7.9,7.9,7.9] + new: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [MIDSTREAM] + detected: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable][qzonestyle.gtimg.cn] + new: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [MIDSTREAM] + detected: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Google][Advertisement][Acceptable][pagead2.googlesyndication.com] + new: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [MIDSTREAM] + detected: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com] + new: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + new: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [MIDSTREAM] + detected: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com] + analyse: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.887| 0.071| 0.171| 29312.068| 2.600] + [PKTLEN......: 337.000| 18772.000| 3143.800| 3724.000| 13867894.000| 4.300] + [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1] + [IATS(ms)....: 223.7,209.6,1.7,0.0,207.2,0.4,1.3,0.7,0.5,0.5,1.2,204.0,0.4,1.4,0.7,0.6,3.5,0.0,0.0,886.9,237.6,0.5,1.0,2.5,0.8,206.7,0.9,0.4,0.9,0.0,0.7] + [PKTLENS.....: 566,2932,1492,1492,11572,1492,1492,2932,1492,1492,1492,7252,1492,1492,1492,1492,4372,1492,2932,4239,578,337,1492,8692,18772,1492,2932,1492,1492,5812,1492,1316] + [ENTROPIES...: 5.9,7.9,7.8,7.8,8.0,7.8,7.9,7.9,7.9,7.9,7.8,8.0,7.8,7.8,7.8,7.9,7.9,7.8,7.9,7.9,5.9,5.8,7.8,8.0,8.0,7.9,7.9,7.9,7.9,8.0,7.9,7.9] + analyse: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.900| 0.096| 0.189| 35619.967| 3.000] + [PKTLEN......: 337.000| 18772.000| 3651.900| 4182.900| 17496908.000| 4.300] + [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1] + [IATS(ms)....: 205.6,2.1,0.0,0.0,0.0,224.8,0.4,0.3,1.4,0.0,193.7,0.4,0.4,1.7,1.3,1.9,226.0,899.7,238.0,0.0,2.4,199.2,0.5,1.0,1.3,0.0,0.0,407.3,371.5,0.0,1.5] + [PKTLENS.....: 566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772] + [ENTROPIES...: 5.9,5.9,7.3,7.9,7.9,7.9,7.8,7.8,7.8,7.9,8.0,7.8,7.8,7.8,7.9,7.9,7.9,7.9,5.9,5.8,8.0,8.0,7.9,7.9,8.0,7.9,8.0,7.7,5.9,5.9,7.9,8.0] + new: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [MIDSTREAM] + detected: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] + new: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + new: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [MIDSTREAM] + detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi] + analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 6.045| 1.047| 1.982| 3926937.043| 3.000] + [PKTLEN......: 486.000| 14452.000| 2813.500| 2993.900| 8963654.000| 4.400] + [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1] + [IATS(ms)....: 188.5,0.0,1.4,179.4,1.4,0.7,0.4,2.4,0.7,270.1,0.1,0.0,0.6,0.0,3892.8,3428.9,186.1,186.3,192.6,209.0,367.2,352.3,5253.8,5339.0,3.6,6045.0,5959.1,0.4,0.5,194.9,189.4] + [PKTLENS.....: 486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083] + [ENTROPIES...: 5.9,7.8,7.9,8.0,7.9,8.0,7.9,7.9,8.0,7.9,7.9,7.9,8.0,8.0,8.0,5.9,6.4,5.9,7.5,5.9,6.2,5.9,6.5,5.8,6.5,6.8,5.8,6.4,7.8,7.9,5.8,6.9] + new: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [MIDSTREAM] + detected: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] + new: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [MIDSTREAM] + detected: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable][m.vpon.com] + new: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [MIDSTREAM] + detected: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + new: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [MIDSTREAM] + detected: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + new: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [MIDSTREAM] + detected: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + new: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [MIDSTREAM] + detected: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable][setting.rayjump.com] + new: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [MIDSTREAM] + detected: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + new: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [MIDSTREAM] + detected: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + detection-update: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + RISK: Unidirectional Traffic + detection-update: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + new: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [MIDSTREAM] + detected: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + new: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [MIDSTREAM] + detected: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] + new: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [MIDSTREAM] + detected: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable][tw.api.vpon.com] + new: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [MIDSTREAM] + detected: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable][cdn.liftoff.io] + new: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [MIDSTREAM] + detected: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun][cdn.liftoff.io] + new: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [MIDSTREAM] + detected: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + new: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [MIDSTREAM] + detected: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + new: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [MIDSTREAM] + detected: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + new: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [MIDSTREAM] + detected: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable][hybird.rayjump.com] + new: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [MIDSTREAM] + detected: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][] + RISK: HTTP Susp User-Agent + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][] + RISK: HTTP Susp User-Agent, Unidirectional Traffic + new: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [MIDSTREAM] + detected: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + RISK: Unidirectional Traffic + new: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [MIDSTREAM] + detected: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][] + RISK: Unidirectional Traffic + new: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [MIDSTREAM] + detected: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable][tknet-cdn.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + RISK: Unidirectional Traffic + detection-update: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable][adx-tk.rayjump.com] + detection-update: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable][de01.rayjump.com] + new: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [MIDSTREAM] + detected: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable][impression-east.liftoff.io] + new: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [MIDSTREAM] + detected: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable][adexp.liftoff.io] + new: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [MIDSTREAM] + detected: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable][play.google.com] + new: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [MIDSTREAM] + detected: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable][click.liftoff.io] + new: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [MIDSTREAM] + detected: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + detection-update: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + RISK: Unidirectional Traffic + detection-update: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable][analytics.rayjump.com] + new: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [MIDSTREAM] + detected: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable][net.rayjump.com] + idle: [...147] [ip4][..tcp] [..192.168.2.126][45388] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...148] [ip4][..tcp] [..192.168.2.126][45398] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...163] [ip4][..tcp] [..192.168.2.126][44368] -> [..172.217.18.98][...80] [HTTP.GoogleServices][Google][Web][Acceptable] + idle: [...178] [ip4][..tcp] [..192.168.2.126][56826] -> [...8.209.97.107][...80] [HTTP][Alibaba][Web][Acceptable] + idle: [...149] [ip4][..tcp] [..192.168.2.126][45414] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...151] [ip4][..tcp] [..192.168.2.126][45422] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...152] [ip4][..tcp] [..192.168.2.126][45424] -> [..161.117.13.29][...80] [HTTP][Alibaba][Streaming][Acceptable] + idle: [...154] [ip4][..tcp] [..192.168.2.126][51888] -> [.119.28.164.143][...80] [HTTP][Tencent][Web][Acceptable] + idle: [...192] [ip4][..tcp] [..192.168.2.126][54810] -> [..18.233.123.55][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...184] [ip4][..tcp] [..192.168.2.126][36636] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...185] [ip4][..tcp] [..192.168.2.126][36640] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...186] [ip4][..tcp] [..192.168.2.126][36654] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...187] [ip4][..tcp] [..192.168.2.126][36660] -> [...18.64.103.30][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...180] [ip4][..tcp] [..192.168.2.126][58758] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable] + idle: [...181] [ip4][..tcp] [..192.168.2.126][58760] -> [.202.153.196.53][...80] [HTTP][Unknown][Web][Acceptable] + idle: [...170] [ip4][..tcp] [..192.168.2.126][38314] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...171] [ip4][..tcp] [..192.168.2.126][38316] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...169] [ip4][..tcp] [..192.168.2.126][38326] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...193] [ip4][..tcp] [..192.168.2.126][40204] -> [...18.235.204.9][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...155] [ip4][..tcp] [..192.168.2.126][38354] -> [.142.250.186.34][...80] [HTTP.Google][Google][Advertisement][Acceptable] + idle: [...157] [ip4][..tcp] [..192.168.2.126][49354] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...159] [ip4][..tcp] [..192.168.2.126][49370] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...140] [ip4][..tcp] [..192.168.2.126][49242] -> [.172.104.119.80][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + RISK: Error Code + idle: [...161] [ip4][..tcp] [..192.168.2.126][49412] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...177] [ip4][..tcp] [..192.168.2.126][43266] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...179] [ip4][..tcp] [..192.168.2.126][43272] -> [....18.64.79.58][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...164] [ip4][..tcp] [..192.168.2.126][50140] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...165] [ip4][..tcp] [..192.168.2.126][50148] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...166] [ip4][..tcp] [..192.168.2.126][50164] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...167] [ip4][..tcp] [..192.168.2.126][50166] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable] + idle: [...197] [ip4][..tcp] [..192.168.2.126][51686] -> [....18.64.79.64][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...156] [ip4][..tcp] [..192.168.2.126][36732] -> [142.250.186.174][...80] [HTTP.Google][Google][Advertisement][Acceptable] + idle: [...194] [ip4][..tcp] [..192.168.2.126][53416] -> [.172.217.16.142][...80] [HTTP.Google][Google][Web][Acceptable] + idle: [...189] [ip4][..tcp] [..192.168.2.126][42554] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...190] [ip4][..tcp] [..192.168.2.126][42566] -> [...35.156.44.13][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...195] [ip4][..tcp] [..192.168.2.126][33042] -> [...3.122.190.70][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...173] [ip4][..tcp] [..192.168.2.126][56094] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...175] [ip4][..tcp] [..192.168.2.126][56096] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...174] [ip4][..tcp] [..192.168.2.126][56098] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...176] [ip4][..tcp] [..192.168.2.126][56104] -> [....3.72.69.158][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun] + idle: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun] + RISK: Known Proto on Non Std Port + idle: [...131] [ip4][..tcp] [..192.168.2.126][60972] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun] + RISK: Known Proto on Non Std Port + idle: [...132] [ip4][..tcp] [..192.168.2.126][60984] -> [..172.104.93.92][.1234] [HTTP.1kxun][Unknown][Streaming][Fun] + RISK: Known Proto on Non Std Port + idle: [...196] [ip4][..tcp] [..192.168.2.126][35426] -> [..8.209.112.118][...80] [HTTP][Alibaba][Web][Acceptable] + idle: [...191] [ip4][..tcp] [..192.168.2.126][41940] -> [....18.64.79.50][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...139] [ip4][..tcp] [..192.168.2.126][60148] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...172] [ip4][..tcp] [..192.168.2.126][59324] -> [.104.117.221.10][...80] [HTTP][Unknown][Web][Acceptable] + idle: [...138] [ip4][..tcp] [..192.168.2.126][38834] -> [..119.45.78.184][...80] [HTTP.QQ][Tencent][Chat][Fun] + RISK: HTTP Susp User-Agent, Error Code + idle: [...182] [ip4][..tcp] [..192.168.2.126][35664] -> [.....18.66.2.90][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...183] [ip4][..tcp] [..192.168.2.126][35666] -> [.....18.66.2.90][...80] [HTTP.MpegDash][AmazonAWS][Media][Fun] + idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun] + RISK: Binary App Transfer + idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable] + idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + idle: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...137] [ip4][..tcp] [..192.168.2.126][47272] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun] + idle: [...145] [ip4][..tcp] [..192.168.2.126][35200] -> [...103.29.71.30][...80] [HTTP.1kxun][Unknown][Streaming][Fun] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/flow-info/packets_limit_per_flow/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..2cfc0bcb4 --- /dev/null +++ b/test/results/flow-info/packets_limit_per_flow/tls_verylong_certificate.pcap.out @@ -0,0 +1,19 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] + detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.022| 0.005| 0.007| 43.853| 3.500] + [PKTLEN......: 52.000| 1420.000| 518.600| 615.300| 378610.900| 4.000] + [BINS(c->s)..: 12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1] + [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] + [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] + [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] + end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] + DAEMON-EVENT: shutdown |