DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] [MIDSTREAM] new: [.....2] [ip4][..tcp] [.....10.0.0.227][56916] -> [.....10.0.0.151][.8009] new: [.....3] [ip4][..tcp] [.....10.0.0.227][56320] -> [.....10.0.0.149][.8009] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [.....10.0.0.227][56320] -> [.....10.0.0.149][.8009] [TLS][Web][Safe] RISK: Known Proto on Non Std Port new: [.....4] [ip4][....2] [.......10.0.0.1] -> [......224.0.0.1] detected: [.....4] [ip4][....2] [.......10.0.0.1] -> [......224.0.0.1] [IGMP][Network][Acceptable] new: [.....5] [ip6][icmp6] [..............fe80::2e7e:81ff:feb0:4aa1] -> [................................ff02::1] detected: [.....5] [ip6][icmp6] [..............fe80::2e7e:81ff:feb0:4aa1] -> [................................ff02::1] [ICMPV6][Network][Acceptable] new: [.....6] [ip4][....2] [.....10.0.0.149] -> [....224.0.0.251] detected: [.....6] [ip4][....2] [.....10.0.0.149] -> [....224.0.0.251] [IGMP][Network][Acceptable] new: [.....7] [ip4][....2] [.....10.0.0.149] -> [...239.255.3.22] detected: [.....7] [ip4][....2] [.....10.0.0.149] -> [...239.255.3.22] [IGMP][Network][Acceptable] new: [.....8] [ip4][....2] [.....10.0.0.149] -> [239.255.255.250] detected: [.....8] [ip4][....2] [.....10.0.0.149] -> [239.255.255.250] [IGMP][Network][Acceptable] new: [.....9] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.76.76][...53] detected: [.....9] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] detection-update: [.....9] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] new: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] detected: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] new: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] detected: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] detection-update: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] new: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] detected: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Missing SNI TLS Extn detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn new: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [MIDSTREAM] detected: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [TLS.AmazonAWS][Cloud][Acceptable] new: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] [MIDSTREAM] detected: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] [TLS.AmazonAWS][Cloud][Acceptable] new: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] detected: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Missing SNI TLS Extn detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn analyse: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [min|max|avg|stddev] [IAT(flow)...: 0.000| 0.072| 0.022| 0.022] [IAT(c->s)...: 0.000| 0.045| 0.023| 0.020][IAT(s->c)...: 0.000| 0.072| 0.021| 0.023] [PKTLEN(c->s): 66.000|1514.000| 422.600| 556.700][PKTLEN(s->c): 66.000|1514.000| 597.800| 627.100] [BINS(c->s)..: 11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,2,0,0] [BINS(s->c)..: 6,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0] detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn new: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] detected: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] detection-update: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] new: [....17] [ip4][.icmp] [.....10.0.0.227] -> [....75.75.76.76] detected: [....17] [ip4][.icmp] [.....10.0.0.227] -> [....75.75.76.76] [ICMP][Network][Acceptable] new: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] detected: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] new: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] detected: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] new: [....20] [ip4][....2] [.....10.0.0.213] -> [......224.0.0.2] detected: [....20] [ip4][....2] [.....10.0.0.213] -> [......224.0.0.2] [IGMP][Network][Acceptable] new: [....21] [ip4][....2] [.....10.0.0.213] -> [....224.0.0.251] detected: [....21] [ip4][....2] [.....10.0.0.213] -> [....224.0.0.251] [IGMP][Network][Acceptable] new: [....22] [ip4][..udp] [.....10.0.0.227][.5353] -> [.....10.0.0.213][.5353] detected: [....22] [ip4][..udp] [.....10.0.0.227][.5353] -> [.....10.0.0.213][.5353] [MDNS][Network][Acceptable] new: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] detected: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [MIDSTREAM] new: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [MIDSTREAM] new: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] detected: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] detection-update: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] new: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] detected: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Collaborative][Acceptable] detection-update: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Collaborative][Acceptable] new: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] detected: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][Collaborative][Acceptable] detection-update: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][Collaborative][Acceptable] new: [....29] [ip4][..tcp] [.....10.0.0.227][56910] -> [...35.201.124.9][..443] [MIDSTREAM] detected: [....29] [ip4][..tcp] [.....10.0.0.227][56910] -> [...35.201.124.9][..443] [TLS.GoogleCloud][Cloud][Acceptable] new: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] detected: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detection-update: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] detected: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] new: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] detected: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] new: [....33] [ip4][..udp] [.....10.0.0.227][57261] -> [....75.75.75.75][...53] detected: [....33] [ip4][..udp] [.....10.0.0.227][57261] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] new: [....34] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.75.75][...53] detected: [....34] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....33] [ip4][..udp] [.....10.0.0.227][57261] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....34] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] detection-update: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] new: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] detected: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] new: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] detected: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] analyse: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] [min|max|avg|stddev] [IAT(flow)...: 0.000| 0.385| 0.079| 0.122] [IAT(c->s)...: 0.000| 0.358| 0.081| 0.117][IAT(s->c)...: 0.002| 0.385| 0.078| 0.126] [PKTLEN(c->s): 66.000|1261.000| 250.700| 328.900][PKTLEN(s->c): 66.000|1434.000| 347.300| 483.300] [BINS(c->s)..: 9,2,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 8,2,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0] new: [....37] [ip4][..tcp] [.....10.0.0.227][56881] -> [.162.222.43.153][..443] [MIDSTREAM] new: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] detected: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn analyse: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [min|max|avg|stddev] [IAT(flow)...: 0.000| 0.138| 0.027| 0.033] [IAT(c->s)...: 0.000| 0.097| 0.033| 0.029][IAT(s->c)...: 0.000| 0.138| 0.022| 0.035] [PKTLEN(c->s): 66.000|1031.000| 164.900| 249.400][PKTLEN(s->c): 66.000|1514.000| 854.600| 666.400] [BINS(c->s)..: 12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0] detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn new: [....39] [ip4][..tcp] [.....10.0.0.227][56865] -> [.....10.0.0.149][.8008] [MIDSTREAM] new: [....40] [ip4][..tcp] [.....10.0.0.227][56866] -> [.....10.0.0.151][.8060] [MIDSTREAM] new: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] detected: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] new: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] detected: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][ConnCheck][Acceptable] detected: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable] detected: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable] detection-update: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][ConnCheck][Acceptable] new: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [MIDSTREAM] detected: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] [TLS.AmazonAWS][Cloud][Acceptable] new: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [MIDSTREAM] new: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] detected: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Web][Safe] new: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] detected: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] new: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] detected: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] new: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] detected: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] new: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] detected: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Web][Safe] detection-update: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] detection-update: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] detected: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [TLS.Apple][Web][Safe] RISK: Known Proto on Non Std Port detection-update: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] new: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] detected: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] new: [....51] [ip4][..tcp] [.....10.0.0.227][56871] -> [...8.37.103.196][..443] [MIDSTREAM] detection-update: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] new: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] detected: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] detection-update: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] new: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443] [MIDSTREAM] new: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] detected: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328] detected: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328] [SSDP][System][Acceptable] new: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328] detected: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328] [SSDP][System][Acceptable] new: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] detected: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] detected: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) new: [....59] [ip4][..udp] [.....10.0.0.149][50081] -> [.....10.0.0.227][57547] detected: [....59] [ip4][..udp] [.....10.0.0.149][50081] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] detection-update: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) analyse: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] [min|max|avg|stddev] [IAT(flow)...: 0.000| 0.047| 0.016| 0.019] [IAT(c->s)...: 0.000| 0.047| 0.016| 0.018][IAT(s->c)...: 0.000| 0.047| 0.015| 0.019] [PKTLEN(c->s): 135.000| 199.000| 168.000| 16.800][PKTLEN(s->c): 90.000| 407.000| 258.100| 75.200] [BINS(c->s)..: 0,0,1,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,1,0,0,2,5,1,2,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] new: [....60] [ip4][..udp] [.....10.0.0.227][52595] -> [.......10.0.0.1][..192] new: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] detected: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] new: [....62] [ip4][..tcp] [.....10.0.0.227][56954] -> [.....10.0.0.149][.8008] new: [....63] [ip4][..tcp] [.....10.0.0.227][56955] -> [.....10.0.0.151][.8060] detected: [....62] [ip4][..tcp] [.....10.0.0.227][56954] -> [.....10.0.0.149][.8008] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address detected: [....63] [ip4][..tcp] [.....10.0.0.227][56955] -> [.....10.0.0.151][.8060] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address new: [....64] [ip4][..udp] [.....10.0.0.149][49816] -> [.....10.0.0.227][57547] detected: [....64] [ip4][..udp] [.....10.0.0.149][49816] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] new: [....65] [ip4][..udp] [.....10.0.0.149][48166] -> [.....10.0.0.227][57547] detected: [....65] [ip4][..udp] [.....10.0.0.149][48166] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] new: [....66] [ip4][..udp] [.....10.0.0.149][51382] -> [.....10.0.0.227][57547] detected: [....66] [ip4][..udp] [.....10.0.0.149][51382] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] new: [....67] [ip4][..udp] [.....10.0.0.227][..137] -> [.....10.0.0.255][..137] detected: [....67] [ip4][..udp] [.....10.0.0.227][..137] -> [.....10.0.0.255][..137] [NetBIOS][System][Acceptable] update: [.....5] [ip6][icmp6] [..............fe80::2e7e:81ff:feb0:4aa1] -> [................................ff02::1] [ICMPV6][Network][Acceptable] update: [....17] [ip4][.icmp] [.....10.0.0.227] -> [....75.75.76.76] [ICMP][Network][Acceptable] update: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] new: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] detected: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] new: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] detected: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] [ICMP][Network][Acceptable] idle: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] idle: [....25] [ip4][..tcp] [.....10.0.0.227][56884] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable] guessed: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] [HTTP][Web][Acceptable] end: [.....1] [ip4][..tcp] [.....10.0.0.227][56885] -> [...184.25.56.53][...80] idle: [....61] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] idle: [....24] [ip4][..tcp] [.....10.0.0.227][56917] -> [...184.25.56.77][...80] [HTTP][ConnCheck][Acceptable] idle: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] [ICMP][Network][Acceptable] idle: [....21] [ip4][....2] [.....10.0.0.213] -> [....224.0.0.251] [IGMP][Network][Acceptable] idle: [....20] [ip4][....2] [.....10.0.0.213] -> [......224.0.0.2] [IGMP][Network][Acceptable] idle: [.....6] [ip4][....2] [.....10.0.0.149] -> [....224.0.0.251] [IGMP][Network][Acceptable] idle: [.....4] [ip4][....2] [.......10.0.0.1] -> [......224.0.0.1] [IGMP][Network][Acceptable] idle: [....67] [ip4][..udp] [.....10.0.0.227][..137] -> [.....10.0.0.255][..137] [NetBIOS][System][Acceptable] idle: [....29] [ip4][..tcp] [.....10.0.0.227][56910] -> [...35.201.124.9][..443] idle: [....31] [ip4][..udp] [.....10.0.0.227][64972] -> [....75.75.75.75][...53] idle: [....66] [ip4][..udp] [.....10.0.0.149][51382] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] idle: [....26] [ip4][..udp] [.....10.0.0.227][54851] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] idle: [....22] [ip4][..udp] [.....10.0.0.227][.5353] -> [.....10.0.0.213][.5353] [MDNS][Network][Acceptable] idle: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] idle: [....34] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] idle: [.....9] [ip4][..udp] [.....10.0.0.227][52879] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] idle: [....43] [ip4][..tcp] [.....10.0.0.227][56879] -> [..52.10.115.210][..443] idle: [....58] [ip4][..udp] [.....10.0.0.227][54107] -> [....8.37.102.91][..443] [DTLS][Web][Safe] RISK: Obsolete TLS (v1.1 or older) idle: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] idle: [.....5] [ip6][icmp6] [..............fe80::2e7e:81ff:feb0:4aa1] -> [................................ff02::1] [ICMPV6][Network][Acceptable] idle: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] idle: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable] idle: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] idle: [....46] [ip4][..udp] [.....10.0.0.227][51060] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] idle: [....41] [ip4][..udp] [.....10.0.0.227][57253] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] idle: [....33] [ip4][..udp] [.....10.0.0.227][57261] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] idle: [....17] [ip4][.icmp] [.....10.0.0.227] -> [....75.75.76.76] [ICMP][Network][Acceptable] idle: [.....3] [ip4][..tcp] [.....10.0.0.227][56320] -> [.....10.0.0.149][.8009] [TLS][Web][Safe] RISK: Known Proto on Non Std Port idle: [....10] [ip4][..udp] [.....10.0.0.227][61387] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] idle: [....64] [ip4][..udp] [.....10.0.0.149][49816] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] end: [....44] [ip4][..tcp] [.....10.0.0.227][56886] -> [..17.57.144.116][.5223] [TLS.Apple][Web][Safe] RISK: Known Proto on Non Std Port idle: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Web][Safe] RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn idle: [....23] [ip6][icmp6] [...............fe80::408:3e45:3abc:1552] -> [...............................ff02::16] [ICMPV6][Network][Acceptable] idle: [....32] [ip4][..udp] [.....10.0.0.227][61613] -> [....75.75.75.75][...53] idle: [....47] [ip4][..udp] [.....10.0.0.227][59582] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] idle: [....59] [ip4][..udp] [.....10.0.0.149][50081] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] guessed: [....51] [ip4][..tcp] [.....10.0.0.227][56871] -> [...8.37.103.196][..443] [TLS][Web][Safe] end: [....51] [ip4][..tcp] [.....10.0.0.227][56871] -> [...8.37.103.196][..443] idle: [....65] [ip4][..udp] [.....10.0.0.149][48166] -> [.....10.0.0.227][57547] [SSDP][System][Acceptable] end: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] end: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, Missing SNI TLS Extn idle: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn guessed: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443] [TLS.Google][Web][Acceptable] end: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443] idle: [....14] [ip4][..tcp] [.....10.0.0.227][56914] -> [..52.37.243.173][..443] idle: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] guessed: [....39] [ip4][..tcp] [.....10.0.0.227][56865] -> [.....10.0.0.149][.8008] [CiscoVPN][VPN][Acceptable] end: [....39] [ip4][..tcp] [.....10.0.0.227][56865] -> [.....10.0.0.149][.8008] guessed: [.....2] [ip4][..tcp] [.....10.0.0.227][56916] -> [.....10.0.0.151][.8009] [AJP][Web][Acceptable] idle: [.....2] [ip4][..tcp] [.....10.0.0.227][56916] -> [.....10.0.0.151][.8009] not-detected: [....40] [ip4][..tcp] [.....10.0.0.227][56866] -> [.....10.0.0.151][.8060] [Unknown][Unrated] end: [....40] [ip4][..tcp] [.....10.0.0.227][56866] -> [.....10.0.0.151][.8060] idle: [....62] [ip4][..tcp] [.....10.0.0.227][56954] -> [.....10.0.0.149][.8008] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address idle: [....19] [ip6][..udp] [...............fe80::408:3e45:3abc:1552][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable] idle: [....50] [ip4][..udp] [.....10.0.0.227][49781] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] end: [....63] [ip4][..tcp] [.....10.0.0.227][56955] -> [.....10.0.0.151][.8060] [HTTP][Web][Acceptable] RISK: Known Proto on Non Std Port, HTTP Numeric IP Address not-detected: [....60] [ip4][..udp] [.....10.0.0.227][52595] -> [.......10.0.0.1][..192] [Unknown][Unrated] idle: [....60] [ip4][..udp] [.....10.0.0.227][52595] -> [.......10.0.0.1][..192] idle: [....48] [ip4][..udp] [.....10.0.0.227][64193] -> [....75.75.75.75][...53] [DNS.ApplePush][Cloud][Acceptable] idle: [....52] [ip4][..udp] [.....10.0.0.227][58074] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] end: [....28] [ip4][..tcp] [.....10.0.0.227][56920] -> [...99.86.34.156][..443] [TLS.Slack][Collaborative][Acceptable] idle: [....55] [ip4][..udp] [.....10.0.0.149][38616] -> [.....10.0.0.227][61328] [SSDP][System][Acceptable] guessed: [....37] [ip4][..tcp] [.....10.0.0.227][56881] -> [.162.222.43.153][..443] [TLS][Web][Safe] idle: [....37] [ip4][..tcp] [.....10.0.0.227][56881] -> [.162.222.43.153][..443] idle: [....49] [ip4][..udp] [.....10.0.0.227][51990] -> [....75.75.75.75][...53] [DNS][Network][Acceptable] idle: [....27] [ip4][..udp] [.....10.0.0.227][58155] -> [....75.75.76.76][...53] [DNS.Slack][Collaborative][Acceptable] idle: [....54] [ip4][..udp] [.....10.0.0.227][61328] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] idle: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] [DNS][Network][Acceptable] idle: [....56] [ip4][..udp] [.....10.0.0.151][.1900] -> [.....10.0.0.227][61328] [SSDP][System][Acceptable] idle: [....45] [ip4][..udp] [.....10.0.0.227][60341] -> [....75.75.75.75][...53] [DNS.Apple][Web][Safe] idle: [....42] [ip4][..udp] [.....10.0.0.227][62427] -> [....75.75.75.75][...53] [DNS][ConnCheck][Acceptable] idle: [.....8] [ip4][....2] [.....10.0.0.149] -> [239.255.255.250] [IGMP][Network][Acceptable] idle: [.....7] [ip4][....2] [.....10.0.0.149] -> [...239.255.3.22] [IGMP][Network][Acceptable] DAEMON-EVENT: shutdown