DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [........8.8.8.8][..853] -> [..192.168.1.159][55856] [MIDSTREAM] new: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] new: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] detected: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detected: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS new: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] detected: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 0.447| 0.072| 0.122| 14825.912| 3.500] [PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100] [BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0] [IATS(ms)....: 12.8,14.6,0.3,14.8,16.2,1.1,0.1,31.1,1.0,0.5,12.5,28.6,36.9,41.2,19.2,12.5,6.2,5.0,24.3,307.1,326.2,13.8,74.3,386.7,447.4,5.0,23.8,155.7,173.7,5.0,23.2] [PKTLENS.....: 60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,211,551,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52] [ENTROPIES...: 4.3,5.0,5.0,5.4,5.0,7.1,7.5,7.1,5.1,5.0,5.1,6.1,7.1,6.7,5.0,6.8,7.6,4.9,7.6,5.1,6.8,5.1,7.5,5.1,6.8,5.0,7.6,5.1,6.8,5.0,7.6,5.1] new: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] detected: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Google][Network][Acceptable] RISK: Susp Entropy new: [.....6] [ip4][..tcp] [........8.8.4.4][..853] -> [..192.168.1.159][47968] [MIDSTREAM] update: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Google][Network][Acceptable] RISK: Susp Entropy new: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] detected: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 1.254| 0.185| 0.342| 116761.002| 3.200] [PKTLEN......: 52.000| 569.000| 198.200| 197.900| 39161.300| 4.400] [BINS(c->s)..: 8,1,0,0,6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,1] [IATS(ms)....: 12.7,14.1,0.9,14.9,0.1,14.2,1.1,19.6,19.1,13.8,1.3,58.4,651.3,715.0,3.8,23.3,1234.1,1253.7,12.5,32.7,484.0,503.7,3.8,30.8,265.4,292.4,20.3,12.6,11.8,7.4,12.6] [PKTLENS.....: 60,60,52,569,52,199,52,103,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,211,551,52,52,551] [ENTROPIES...: 4.2,4.9,4.8,6.2,4.7,6.1,4.8,5.5,4.8,6.8,4.7,7.5,4.8,6.8,4.8,7.5,4.8,6.7,4.9,7.6,4.9,6.7,4.8,7.6,4.9,6.8,4.9,6.8,7.6,4.9,4.9,7.6] update: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Google][Network][Acceptable] RISK: Susp Entropy idle: [.....5] [ip4][.icmp] [..192.168.1.159] -> [........8.8.8.8] [ICMP][Google][Network][Acceptable] RISK: Susp Entropy guessed: [.....1] [ip4][..tcp] [........8.8.8.8][..853] -> [..192.168.1.159][55856] [DoH_DoT][Google][Network][Acceptable] end: [.....1] [ip4][..tcp] [........8.8.8.8][..853] -> [..192.168.1.159][55856] end: [.....3] [ip4][..tcp] [..192.168.1.159][56024] -> [........8.8.8.8][..853] [TLS.DoH_DoT][Google][Network][Acceptable] RISK: TLS (probably) Not Carrying HTTPS end: [.....2] [ip4][..tcp] [..192.168.1.159][48044] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable] RISK: TLS (probably) Not Carrying HTTPS guessed: [.....6] [ip4][..tcp] [........8.8.4.4][..853] -> [..192.168.1.159][47968] [DoH_DoT][Google][Network][Acceptable] end: [.....6] [ip4][..tcp] [........8.8.4.4][..853] -> [..192.168.1.159][47968] end: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS new: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] detected: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS analyse: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] min| max| avg| stddev| variance| entropy [IAT.........: < 0.001| 5.704| 0.390| 1.388| 1925240.193| 1.500] [PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100] [BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0] [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1] [IATS(ms)....: 14.4,41.9,9.2,49.9,17.6,0.1,0.1,32.5,0.5,0.1,15.4,30.8,15.7,19.9,22.6,85.5,5640.7,5703.8,20.5,7.6,6.2,13.7,17.6,31.1,85.4,103.7,33.2,18.8,6.3,16.2,17.6] [PKTLENS.....: 60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,551,52,211,52,211,551,52,52,551,52,211,52,211,551,52,52,551] [ENTROPIES...: 4.3,5.0,4.9,5.4,4.8,7.0,7.5,7.1,4.9,5.0,4.9,5.9,7.0,6.8,4.9,7.5,5.0,6.8,4.9,6.7,7.6,5.0,4.8,7.6,4.8,6.8,4.6,6.8,7.5,5.0,4.9,7.5] end: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS idle: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google] RISK: TLS (probably) Not Carrying HTTPS DAEMON-EVENT: shutdown