From 8ebaccc27d779e981b500e80b69f62396dcaa0ca Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Thu, 9 Nov 2023 23:18:55 +0100 Subject: py-flow-info: Improved analyse result printing. Signed-off-by: Toni Uhlig --- .../flow-info/default/starcraft_battle.pcap.out | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'test/results/flow-info/default/starcraft_battle.pcap.out') diff --git a/test/results/flow-info/default/starcraft_battle.pcap.out b/test/results/flow-info/default/starcraft_battle.pcap.out index da8388ada..0063aa839 100644 --- a/test/results/flow-info/default/starcraft_battle.pcap.out +++ b/test/results/flow-info/default/starcraft_battle.pcap.out @@ -49,9 +49,9 @@ detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com] RISK: Binary App Transfer, Susp DGA Domain name analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.072| 0.012| 0.024| 562.008| 2.800] - [PKTLEN......: 40.000| 1500.000| 685.500| 719.000| 516967.300| 4.100] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.072| 0.012| 0.024| 562.008| 2.800] + [PKTLEN......: 40.000| 1500.000| 685.500| 719.000| 516967.300| 4.100] [BINS(c->s)..: 15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] @@ -99,9 +99,9 @@ detected: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun] detected: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net] analyse: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.166| 0.038| 0.053| 2837.592| 3.600] - [PKTLEN......: 40.000| 783.000| 102.400| 136.000| 18494.500| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.166| 0.038| 0.053| 2837.592| 3.600] + [PKTLEN......: 40.000| 783.000| 102.400| 136.000| 18494.500| 4.300] [BINS(c->s)..: 23,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -145,9 +145,9 @@ detected: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net] detected: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net] analyse: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.034| 0.007| 0.013| 169.003| 2.900] - [PKTLEN......: 40.000| 1500.000| 866.800| 718.400| 516058.300| 4.300] + min| max| avg| stddev| variance| entropy + [IAT.........: < 0.001| 0.034| 0.007| 0.013| 169.003| 2.900] + [PKTLEN......: 40.000| 1500.000| 866.800| 718.400| 516058.300| 4.300] [BINS(c->s)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0] -- cgit v1.2.3