DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [MIDSTREAM] new: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [MIDSTREAM] new: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] [MIDSTREAM] new: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] new: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Chat][Fun][hkminorshort.weixin.qq.com] RISK: Known Proto on Non Std Port new: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] detected: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS][Unknown][Web][Safe][] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) detection-update: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Unknown][Chat][Acceptable][] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [MIDSTREAM] new: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] detected: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS][Unknown][Web][Safe][] RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older) detection-update: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Unknown][Chat][Acceptable][] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher new: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [MIDSTREAM] detected: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [TLS][Google][Web][Safe] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] detected: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] [KakaoTalk_Voice][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic new: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] detected: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] [KakaoTalk_Voice][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic new: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] detected: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Unknown][Media][Acceptable] new: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] detected: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Unknown][Media][Acceptable] analyse: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Unknown][Media][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.389| 0.067| 0.073| 5302.569| 4.200] [PKTLEN......: 83.000| 176.000| 87.200| 16.700| 278.800| 5.000] [BINS(c->s)..: 0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,9,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1] [IATS(ms)....: 2.1,0.1,91.3,0.2,98.3,0.1,103.5,389.0,99.4,0.2,41.7,34.1,94.1,1.2,99.9,98.5,32.0,72.3,100.1,1.0,27.9,87.8,99.7,0.0,76.1,16.1,99.2,84.2,99.9,1.1,113.1] [PKTLENS.....: 84,83,83,83,83,83,83,83,107,83,83,176,99,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83] [ENTROPIES...: 6.0,5.9,5.8,5.8,5.9,5.8,5.9,5.9,6.2,6.0,5.8,6.7,6.2,5.9,5.9,5.9,5.8,6.0,5.9,5.9,5.9,5.9,6.0,5.9,5.8,6.0,6.0,5.9,6.0,5.9,5.9,6.0] analyse: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Unknown][Media][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.004| 0.144| 0.063| 0.038| 1440.325| 4.700] [PKTLEN......: 83.000| 176.000| 90.600| 20.800| 434.500| 5.000] [BINS(c->s)..: 0,13,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,1,0,0,0,1] [IATS(ms)....: 36.1,39.2,140.3,102.0,35.2,98.1,7.9,55.8,42.0,93.4,6.8,89.9,91.8,48.2,40.2,100.1,12.0,81.5,89.4,7.0,84.1,40.7,87.7,54.9,38.8,107.9,4.2,87.6,68.5,32.3,143.9] [PKTLENS.....: 107,176,99,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,150,125,83] [ENTROPIES...: 6.2,6.7,6.2,5.8,5.8,5.9,6.0,5.9,5.9,5.9,5.9,6.0,5.9,5.8,5.9,5.9,6.0,6.0,6.0,6.0,5.8,5.9,5.9,5.9,6.0,6.0,5.9,6.0,5.8,6.7,6.3,6.0] new: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM] detected: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS][Google][Web][Safe] RISK: Unidirectional Traffic new: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [MIDSTREAM] new: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [MIDSTREAM] analyse: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Unknown][Chat][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 20.337| 1.801| 4.155| 17264411.673| 2.900] [PKTLEN......: 52.000| 904.000| 225.500| 230.000| 52885.800| 4.400] [BINS(c->s)..: 8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,0,0,1,1,0,0] [IATS(ms)....: 141.6,151.9,11.8,244.9,5.7,231.7,5.3,268.9,267.9,260.5,295.7,6066.9,6069.5,2.3,183.7,177.4,76.0,36.6,148.1,8359.6,8676.0,4.5,469.8,147.4,147.1,2.6,694.9,724.2,479.8,20336.8,1138.4] [PKTLENS.....: 60,60,52,194,52,904,52,378,286,798,558,52,766,52,222,350,52,52,222,52,238,52,222,52,350,52,222,222,52,64,238,238] [ENTROPIES...: 4.7,5.2,5.2,5.3,5.1,7.4,5.1,7.2,7.1,7.7,7.6,5.1,7.7,5.1,7.0,7.3,5.2,5.1,7.0,5.2,7.0,5.1,6.9,5.1,7.3,5.2,6.9,6.9,5.1,5.1,7.1,7.1] analyse: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Unknown][Chat][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 21.237| 2.444| 5.342| 28541506.814| 2.900] [PKTLEN......: 52.000| 904.000| 251.100| 266.400| 70953.500| 4.300] [BINS(c->s)..: 9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,1] [IATS(ms)....: 148.0,148.3,14.4,196.3,3.7,185.6,22.2,228.4,215.7,291.7,316.8,4536.4,4872.6,301.5,147.9,147.9,122.3,336.2,8596.6,8810.7,73.7,557.6,700.9,602.5,20472.0,917.8,21237.1,519.3,0.3,0.2,1054.3] [PKTLENS.....: 60,60,52,194,52,904,52,378,286,750,718,52,846,830,52,350,52,222,52,350,52,222,222,52,64,238,238,414,52,52,52,64] [ENTROPIES...: 4.7,5.2,5.2,5.3,5.2,7.4,5.2,7.4,7.0,7.7,7.7,5.2,7.8,7.8,5.2,7.3,5.1,7.0,5.2,7.2,5.2,6.8,6.8,5.1,5.1,7.1,7.0,7.4,5.2,5.2,5.2,5.2] new: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [MIDSTREAM] new: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [MIDSTREAM] new: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] new: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] detected: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][mqtt.facebook.com] RISK: Unidirectional Traffic detected: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS][Facebook][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) detection-update: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][mqtt.facebook.com] detection-update: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS][Facebook][Web][Safe][] RISK: Obsolete TLS (v1.1 or older) guessed: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] guessed: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [TLS][Facebook][Web][Safe] RISK: Unidirectional Traffic end: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] idle: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443] [TLS][Facebook][Web][Safe] RISK: Obsolete TLS (v1.1 or older) guessed: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] [AmazonAWS][AmazonAWS][Cloud][Acceptable] idle: [.....3] [ip4][..tcp] [...10.24.82.188][58916] -> [.54.255.185.236][.5222] guessed: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [TLS][Facebook][Web][Safe] RISK: Unidirectional Traffic, TCP Connection Issues end: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] guessed: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] [TLS][Google][Web][Safe] RISK: Unidirectional Traffic, TCP Connection Issues end: [.....5] [ip4][..tcp] [.216.58.220.161][..443] -> [...10.24.82.188][56697] guessed: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [TLS][Google][Web][Safe] RISK: Unidirectional Traffic, TCP Connection Issues end: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] idle: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Unknown][Media][Acceptable] idle: [....11] [ip4][..udp] [...10.24.82.188][10269] -> [....1.201.1.174][23047] [KakaoTalk_Voice][Unknown][VoIP][Acceptable] end: [.....4] [ip4][..tcp] [...10.24.82.188][48489] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Chat][Fun] RISK: Known Proto on Non Std Port guessed: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] [HTTP][Unknown][Web][Acceptable][] end: [.....2] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34533] idle: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Unknown][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher idle: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS][Google][Web][Safe] guessed: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][] idle: [.....1] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] idle: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Unknown][Chat][Acceptable] RISK: Known Proto on Non Std Port, Self-signed Cert, Obsolete TLS (v1.1 or older), Weak TLS Cipher idle: [.....9] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [TLS][Google][Web][Safe] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....20] [ip4][..udp] [...10.24.82.188][25223] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun] idle: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Unknown][Media][Acceptable] idle: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] [KakaoTalk_Voice][Unknown][VoIP][Acceptable] guessed: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Unknown][Web][Safe] idle: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] DAEMON-EVENT: shutdown