1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61043] -> [....................2001:620:8:35d9::10][.5683]
detected: [.....1] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61043] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
new: [.....2] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61044] -> [....................2001:620:8:35d9::10][.5683]
detected: [.....2] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61044] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
new: [.....3] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61045] -> [....................2001:620:8:35d9::10][.5683]
detected: [.....3] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61045] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
new: [.....4] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61046] -> [....................2001:620:8:35d9::10][.5683]
detected: [.....4] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61046] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
new: [.....5] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61047] -> [....................2001:620:8:35d9::10][.5683]
detected: [.....5] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61047] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
DAEMON-EVENT: [Processed: 5 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 5 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....6] [ip6][..udp] [................................bbbb::1][33499] -> [................................bbbb::3][.5683]
detected: [.....6] [ip6][..udp] [................................bbbb::1][33499] -> [................................bbbb::3][.5683] [COAP][RPC][Safe]
idle: [.....1] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61043] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
idle: [.....2] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61044] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
idle: [.....3] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61045] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
idle: [.....4] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61046] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
idle: [.....5] [ip6][..udp] [..2001:da8:215:1171:a10b:cb48:8f83:57f6][61047] -> [....................2001:620:8:35d9::10][.5683] [COAP][RPC][Safe]
new: [.....7] [ip6][..udp] [................................bbbb::1][50250] -> [................................bbbb::3][.5683]
detected: [.....7] [ip6][..udp] [................................bbbb::1][50250] -> [................................bbbb::3][.5683] [COAP][RPC][Safe]
new: [.....8] [ip6][..udp] [................................bbbb::1][46819] -> [................................bbbb::3][.5683]
detected: [.....8] [ip6][..udp] [................................bbbb::1][46819] -> [................................bbbb::3][.5683] [COAP][RPC][Safe]
idle: [.....6] [ip6][..udp] [................................bbbb::1][33499] -> [................................bbbb::3][.5683] [COAP][RPC][Safe]
update: [.....7] [ip6][..udp] [................................bbbb::1][50250] -> [................................bbbb::3][.5683] [COAP][RPC][Safe]
update: [.....8] [ip6][..udp] [................................bbbb::1][46819] -> [................................bbbb::3][.5683] [COAP][RPC][Safe]
DAEMON-EVENT: [Processed: 19 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 2]
new: [.....9] [ip4][..tcp] [...192.168.56.1][53522] -> [.192.168.56.101][17501] [MIDSTREAM]
detected: [.....9] [ip4][..tcp] [...192.168.56.1][53522] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable]
RISK: Known Proto on Non Std Port
idle: [.....7] [ip6][..udp] [................................bbbb::1][50250] -> [................................bbbb::3][.5683] [COAP][RPC][Safe]
idle: [.....8] [ip6][..udp] [................................bbbb::1][46819] -> [................................bbbb::3][.5683] [COAP][RPC][Safe]
new: [....10] [ip4][..tcp] [...192.168.56.1][53523] -> [.192.168.56.101][17501] [MIDSTREAM]
detected: [....10] [ip4][..tcp] [...192.168.56.1][53523] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable]
RISK: Known Proto on Non Std Port
new: [....11] [ip4][..tcp] [...192.168.56.1][53528] -> [.192.168.56.101][17501]
detected: [....11] [ip4][..tcp] [...192.168.56.1][53528] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable]
RISK: Known Proto on Non Std Port
new: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500]
detected: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
new: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MIDSTREAM]
detected: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][RPC][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....11] [ip4][..tcp] [...192.168.56.1][53528] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.439| 0.304| 1.061|1125807.423| 0.000]
[PKTLEN......: 54.000| 140.000| 76.300| 30.100| 907.000| 4.900]
[BINS(c->s)..: 11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1]
[IATS(ms)....: 0.1,0.2,4.6,4.9,1.0,9.3,9.1,2.8,3.5,0.5,2.4,21.8,23.4,198.7,4438.9,4242.4,38.5,37.9,0.5,2.3,62.5,65.0,1.2,38.7,37.8,0.5,2.8,66.7,69.7,1.1,39.4]
[PKTLENS.....: 66,66,60,73,54,58,114,58,69,59,138,60,114,58,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54]
analyse: [.....9] [ip4][..tcp] [...192.168.56.1][53522] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 27.506| 1.802| 6.725|45219399.598| 0.000]
[PKTLEN......: 54.000| 140.000| 77.400| 32.800| 1072.600| 4.900]
[BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]
[IATS(ms)....: 0.7,199.1,27505.9,27310.4,42.7,40.0,0.1,0.5,60.4,61.2,1.6,38.9,37.7,0.6,2.9,66.3,69.5,1.2,39.6,39.1,1.0,2.4,62.7,65.3,1.8,40.5,38.7,0.2,6.2,66.7,73.1]
[PKTLENS.....: 60,56,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60]
analyse: [....10] [ip4][..tcp] [...192.168.56.1][53523] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 13.151| 0.876| 3.198|10225378.656| 0.000]
[PKTLEN......: 54.000| 140.000| 77.400| 32.800| 1072.600| 4.900]
[BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]
[IATS(ms)....: 0.4,199.9,13150.8,12952.3,38.6,38.0,0.5,2.1,62.6,65.0,1.0,38.8,38.1,0.5,2.6,66.8,69.6,1.2,39.5,39.1,1.0,2.4,62.9,65.5,0.8,40.2,39.5,0.2,5.6,67.5,73.2]
[PKTLENS.....: 60,56,60,140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60]
analyse: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][RPC][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.074| 0.031| 0.027| 714.536| 0.000]
[PKTLEN......: 54.000| 140.000| 79.000| 33.200| 1105.200| 4.900]
[BINS(c->s)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1]
[IATS(ms)....: 2.0,38.6,37.1,0.5,2.4,62.3,64.9,0.8,38.7,38.1,0.5,2.3,67.3,69.7,0.7,39.4,39.5,0.9,2.3,63.2,65.6,1.6,40.3,38.7,0.2,6.1,67.2,73.5,2.5,42.4,39.9]
[PKTLENS.....: 140,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114,54,58,140,60,60,54,114]
new: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500]
detected: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
analyse: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 0.000]
[PKTLEN......: 59.000| 143.000| 99.600| 38.600| 1486.700| 4.900]
[BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 1.8,103.9,104.0,109.0,108.5,105.4,105.9,113.8,113.7,106.8,107.1,109.4,109.0,108.9,116.0,117.8,112.3,110.6,110.8,109.9,107.9,108.0,108.0,113.1,114.0,110.8,110.4,107.4,111.2,109.5,105.1]
[PKTLENS.....: 138,61,137,60,136,59,143,66,139,62,136,59,138,61,138,61,140,63,137,60,138,61,137,60,137,60,137,60,143,66,136,59]
new: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500]
detected: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
analyse: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 0.000]
[PKTLEN......: 60.000| 142.000| 100.500| 38.500| 1485.600| 4.900]
[BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 2.4,112.9,114.3,107.8,108.1,108.0,108.0,109.5,111.4,119.1,118.3,117.0,117.0,127.7,125.1,114.0,113.0,120.2,120.9,111.5,111.3,105.6,107.8,113.8,112.0,122.6,125.5,113.0,110.0,123.5,125.7]
[PKTLENS.....: 137,60,141,64,140,63,142,65,137,60,139,62,140,63,139,62,137,60,138,61,142,65,140,63,137,60,137,60,137,60,141,64]
new: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500]
detected: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
analyse: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 0.000]
[PKTLEN......: 60.000| 143.000| 101.200| 38.500| 1485.300| 4.900]
[BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 1.3,105.0,107.1,122.6,124.6,114.9,120.4,119.7,111.5,123.9,123.0,105.4,109.4,122.9,120.1,118.0,119.4,130.1,131.4,131.3,129.0,120.1,121.3,112.3,114.8,128.9,125.5,128.0,127.0,125.1,128.5]
[PKTLENS.....: 139,62,143,66,139,62,140,63,140,63,137,60,137,60,137,60,142,65,140,63,141,64,139,62,139,62,142,65,141,64,140,63]
analyse: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 0.000]
[PKTLEN......: 59.000| 143.000| 101.100| 38.600| 1487.100| 4.900]
[BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 5.1,140.5,139.4,127.3,129.3,138.0,134.5,137.7,141.2,137.9,138.6,132.6,133.3,132.1,136.8,172.3,164.6,137.8,136.7,122.3,121.6,117.1,118.7,128.8,133.2,115.5,110.1,123.6,124.5,106.7,105.6]
[PKTLENS.....: 141,64,142,65,137,60,137,60,140,63,137,60,136,59,141,64,139,62,143,66,140,63,138,61,139,62,143,66,138,61,142,65]
idle: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
idle: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
idle: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
idle: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
idle: [.....9] [ip4][..tcp] [...192.168.56.1][53522] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....10] [ip4][..tcp] [...192.168.56.1][53523] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][RPC][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....11] [ip4][..tcp] [...192.168.56.1][53528] -> [.192.168.56.101][17501] [MQTT][RPC][Acceptable]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: shutdown
|