DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [MIDSTREAM] new: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [MIDSTREAM] new: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] [MIDSTREAM] new: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] new: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Chat][Fun] RISK: Known Proto on Non Std Port detection-update: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Download][Fun] RISK: Binary App Transfer, Known Proto on Non Std Port new: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] detected: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) detection-update: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [MIDSTREAM] new: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] detected: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) detection-update: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [TLS.Google][Web][Acceptable] RISK: Known Proto on Non Std Port new: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] detected: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] [KakaoTalk_Voice][VoIP][Acceptable] new: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] detected: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] [KakaoTalk_Voice][VoIP][Acceptable] new: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] detected: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Media][Acceptable] new: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] detected: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable] analyse: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Media][Acceptable] [min|max|avg|stddev] [IAT(flow)...: 0.000| 0.389| 0.067| 0.073] [IAT(c->s)...: 0.000| 0.104| 0.052| 0.049][IAT(s->c)...: 0.016| 0.389| 0.090| 0.095] [PKTLEN(c->s): 99.000| 100.000| 99.100| 0.200][PKTLEN(s->c): 99.000| 192.000| 110.100| 25.800] [BINS(c->s)..: 0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,9,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] analyse: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable] [min|max|avg|stddev] [IAT(flow)...: 0.004| 0.144| 0.063| 0.038] [IAT(c->s)...: 0.032| 0.102| 0.057| 0.022][IAT(s->c)...: 0.004| 0.144| 0.071| 0.050] [PKTLEN(c->s): 99.000| 192.000| 112.400| 26.300][PKTLEN(s->c): 99.000| 99.000| 99.000| 0.000] [BINS(c->s)..: 0,13,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] new: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM] detected: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable] new: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [MIDSTREAM] new: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [MIDSTREAM] analyse: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable] [min|max|avg|stddev] [IAT(flow)...: 0.002| 20.337| 1.801| 4.155] [IAT(c->s)...: 0.002| 20.337| 2.259| 5.063][IAT(s->c)...: 0.005| 8.676| 1.245| 2.556] [PKTLEN(c->s): 68.000| 814.000| 204.700| 177.400][PKTLEN(s->c): 68.000| 920.000| 288.900| 276.500] [BINS(c->s)..: 8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] analyse: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable] [min|max|avg|stddev] [IAT(flow)...: 0.000| 21.237| 2.444| 5.342] [IAT(c->s)...: 0.000| 20.472| 2.198| 5.070][IAT(s->c)...: 0.000| 21.237| 2.744| 5.641] [PKTLEN(c->s): 68.000| 862.000| 226.300| 229.600][PKTLEN(s->c): 68.000| 920.000| 319.400| 299.200] [BINS(c->s)..: 9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] new: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [MIDSTREAM] new: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [MIDSTREAM] new: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] new: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] detected: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] detected: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun] RISK: Obsolete TLS (v1.1 or older) detection-update: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] detection-update: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun] RISK: Obsolete TLS (v1.1 or older) guessed: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [HTTP_Proxy][Web][Acceptable] idle: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] guessed: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [TLS.Facebook][SocialNetwork][Fun] end: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] idle: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS.Facebook][SocialNetwork][Fun] RISK: Obsolete TLS (v1.1 or older) guessed: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] [AmazonAWS][Cloud][Acceptable] idle: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] guessed: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [TLS.Facebook][SocialNetwork][Fun] end: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] guessed: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] [TLS.Google][Web][Acceptable] end: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] guessed: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [TLS.Google][Web][Acceptable] end: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] idle: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable] idle: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] [KakaoTalk_Voice][VoIP][Acceptable] end: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Download][Fun] RISK: Binary App Transfer, Known Proto on Non Std Port guessed: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [HTTP][Web][Acceptable] end: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] idle: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher idle: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable] guessed: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Web][Acceptable] idle: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] idle: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher idle: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] idle: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][SocialNetwork][Fun] idle: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Media][Acceptable] idle: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] [KakaoTalk_Voice][VoIP][Acceptable] guessed: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Web][Safe] idle: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] DAEMON-EVENT: shutdown