DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] detected: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] analyse: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 120.146| 4.080| 21.203| 449571977.167| 0.400] [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0] [IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.6,0.0,0.0,151.6,0.0,0.0,2891.9,0.0,0.0,0.8,0.0,0.0,3043.1,0.0,0.0,21.2,0.0,0.0,212.0,0.0,0.0,120145.7,0.0] [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64] [ENTROPIES...: 4.3,4.3,4.3,4.7,4.7,4.7,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.8,4.8,4.8,5.1,5.1,5.1,4.1,4.1,4.1,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9] DAEMON-EVENT: [Processed: 39 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] detected: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] analyse: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 17.487| 1.644| 4.346| 18887919.796| 2.200] [PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1] [IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.5,0.0,0.0,181.2,0.0,0.0,17203.3,0.0,0.0,17487.3,0.0,0.0,4814.1,0.0,0.0,4907.0,0.0,0.0,3276.8,0.0,0.0,3079.9,0.0] [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.3,4.3,4.3,4.6,4.6,4.6,4.0,4.0,4.0,4.6,4.6,4.6,4.1,4.1,4.1,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1] DAEMON-EVENT: [Processed: 78 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] detected: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] end: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] analyse: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 82.989| 2.758| 14.651| 214640269.197| 0.200] [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0] [IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.5,0.0,0.0,145.0,0.0,0.0,996.9,0.0,0.0,0.8,0.0,0.0,1141.4,0.0,0.0,10.3,0.0,0.0,204.1,0.0,0.0,82989.4,0.0] [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64] [ENTROPIES...: 4.2,4.2,4.2,4.7,4.7,4.7,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.8,4.8,4.8,5.1,5.1,5.1,4.2,4.2,4.2,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9] DAEMON-EVENT: [Processed: 216 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] detected: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] analyse: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 75.076| 7.136| 19.839| 393587648.889| 1.900] [PKTLEN......: 46.000| 63.000| 52.700| 5.900| 34.500| 5.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1] [IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,75028.6,0.0,0.0,75076.4,0.0,0.0,0.5,0.0,0.0,48.2,0.0,0.0,0.6,0.0,0.0,153.0,0.0,0.0,35338.8,0.0,0.0,35569.8,0.0] [PKTLENS.....: 48,48,48,48,48,48,46,46,46,55,55,55,57,57,57,57,57,57,46,46,46,63,63,63,46,46,46,58,58,58,57,57] [ENTROPIES...: 4.2,4.2,4.2,4.7,4.7,4.7,4.2,4.2,4.2,4.9,4.9,4.9,4.7,4.7,4.7,4.8,4.8,4.8,4.2,4.2,4.2,4.9,4.9,4.9,4.2,4.2,4.2,4.9,4.9,4.9,4.7,4.7] DAEMON-EVENT: [Processed: 351 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 3 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] detected: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] analyse: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 2.639| 0.182| 0.626| 391724.270| 1.500] [PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.100| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0] [IATS(ms)....: 0.0,0.0,0.1,0.0,0.0,0.3,0.0,0.0,1.3,0.0,0.0,168.6,0.0,0.0,2471.1,0.0,0.0,0.8,0.0,0.0,2639.4,0.0,0.0,99.8,0.0,0.0,232.2,0.0,0.0,15.3,0.0] [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,64,64,64,46,46,46,57,57,57,46,46,46,65,65] [ENTROPIES...: 4.2,4.2,4.2,4.7,4.7,4.7,4.1,4.1,4.1,4.9,4.9,4.9,4.2,4.2,4.2,4.8,4.8,4.8,4.9,4.9,4.9,4.1,4.1,4.1,4.8,4.8,4.8,4.2,4.2,4.2,5.1,5.1] DAEMON-EVENT: [Processed: 444 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....6] [ip4][..tcp] [.......10.0.0.8][.1159] -> [.......10.0.0.3][20000] detected: [.....6] [ip4][..tcp] [.......10.0.0.8][.1159] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] idle: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] DAEMON-EVENT: [Processed: 471 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] detected: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] idle: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] analyse: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 9.488| 0.797| 2.345| 5497481.069| 1.900] [PKTLEN......: 46.000| 64.000| 52.800| 7.000| 48.700| 5.000] [BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0] [IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.4,0.0,0.0,192.8,0.0,0.0,9227.0,0.0,0.0,9487.8,0.0,0.0,187.1,0.0,0.0,2636.4,0.0,0.0,2814.1,0.0,0.0,167.8,0.0] [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,57,57,57,46,46,46,64,64,64,57,57,57,46,46] [ENTROPIES...: 4.2,4.2,4.2,4.6,4.6,4.6,4.0,4.0,4.0,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9,4.9,4.9,4.9,4.9,4.1,4.1,4.1,4.9,4.9,4.9,4.9,4.9,4.9,4.1,4.1] DAEMON-EVENT: [Processed: 504 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] detected: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] analyse: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 3.963| 0.497| 1.082| 1171729.023| 2.500] [PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000] [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1] [IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.5,0.0,0.0,125.3,0.0,0.0,3672.1,0.0,0.0,3963.2,0.0,0.0,1744.3,0.0,0.0,1702.4,0.0,0.0,2163.8,0.0,0.0,2038.6,0.0] [PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.2,4.2,4.2,4.6,4.6,4.6,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.9,4.9,4.9,4.2,4.2,4.2,5.0,5.0,5.0,4.1,4.1,4.1,4.1,4.1,4.1,4.2,4.2] idle: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] end: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] idle: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] idle: [.....6] [ip4][..tcp] [.......10.0.0.8][.1159] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] idle: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable] DAEMON-EVENT: shutdown