DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] detected: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic new: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] detected: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Unknown][Network][Acceptable][cisco-capwap-controller] ERROR-EVENT: Unknown packet type [1/16] ERROR-EVENT: Unknown packet type [2/16] ERROR-EVENT: Unknown packet type [3/16] ERROR-EVENT: Unknown packet type [4/16] ERROR-EVENT: Unknown packet type [5/16] ERROR-EVENT: Unknown packet type [6/16] new: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] detected: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Unknown][Network][Acceptable] new: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] detected: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Unknown][Network][Acceptable] analyse: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 10.093| 0.703| 2.456| 6029719.372| 1.600] [PKTLEN......: 92.000| 1485.000| 498.200| 485.400| 235625.000| 4.400] [BINS(c->s)..: 0,0,5,3,0,0,0,0,0,1,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0] [BINS(s->c)..: 0,0,1,6,1,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0] [DIRECTIONS..: 0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,1,0] [IATS(ms)....: 0.8,9998.4,10093.4,96.4,2.6,0.0,0.1,182.4,0.0,0.0,0.0,0.1,314.1,135.3,2.7,0.2,111.8,0.0,157.3,0.0,325.7,280.1,0.0,39.5,0.0,39.5,0.3,2.1,1.0,0.5,0.5] [PKTLENS.....: 142,142,101,92,133,576,576,346,576,576,165,315,406,123,1485,1485,1485,1437,1021,1437,461,141,109,125,141,125,109,877,141,109,125,861] [ENTROPIES...: 3.9,3.9,4.8,4.6,5.4,6.6,6.9,6.4,6.9,6.8,6.4,7.1,7.1,5.5,7.9,7.9,7.9,7.9,7.8,7.8,7.5,6.3,5.8,6.0,6.3,6.0,5.8,7.8,6.3,5.8,6.1,7.7] new: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] detected: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Unknown][Network][Acceptable] ERROR-EVENT: Unknown packet type [1/16] analyse: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Unknown][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.500| 4.000| 1.016| 0.875| 765810.835| 4.600] [PKTLEN......: 108.000| 311.000| 181.400| 58.400| 3415.700| 4.900] [BINS(c->s)..: 0,0,6,7,2,9,2,5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [IATS(ms)....: 500.0,500.0,499.9,3000.0,500.0,500.0,500.0,500.0,499.9,500.0,500.0,500.0,500.0,1000.0,1000.0,500.0,2999.8,1000.0,1000.0,500.0,1999.8,500.0,500.0,1000.0,500.0,1500.0,499.9,2000.0,1000.0,1000.0,3999.8] [PKTLENS.....: 108,195,282,137,224,137,108,195,311,137,108,108,137,282,137,195,195,282,137,195,108,253,166,195,195,195,253,137,108,195,224,166] [ENTROPIES...: 4.3,4.8,5.2,4.7,4.9,4.8,4.4,5.0,5.1,4.6,4.4,4.4,4.8,5.0,4.6,4.9,4.9,5.0,4.6,4.9,4.4,4.9,4.8,5.1,4.9,4.8,5.0,4.7,4.3,4.9,4.9,4.7] update: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Unknown][Network][Acceptable] update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Unknown][Network][Acceptable] update: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable] update: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Unknown][Network][Acceptable] update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Unknown][Network][Acceptable] ERROR-EVENT: Unknown packet type [1/16] update: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Unknown][Network][Acceptable] update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Unknown][Network][Acceptable] update: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable] update: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Unknown][Network][Acceptable] update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Unknown][Network][Acceptable] ERROR-EVENT: Unknown packet type [1/16] idle: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Unknown][Network][Acceptable] idle: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Unknown][Network][Acceptable] update: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Unknown][Network][Acceptable] update: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable] update: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Unknown][Network][Acceptable] idle: [.....3] [ip4][..udp] [..192.168.10.10][12380] -> [255.255.255.255][.5246] [CAPWAP][Unknown][Network][Acceptable] idle: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable] idle: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown