1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53]
detected: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][auth.kakao.com]
new: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53]
detected: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][ac-talk.kakao.com]
new: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53]
detected: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][katalk.kakao.com]
detection-update: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][ac-talk.kakao.com]
detection-update: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][auth.kakao.com]
detection-update: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][katalk.kakao.com]
new: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53]
detected: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][booking.loco.kakao.com]
new: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53]
detected: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-m.talk.kakao.com]
new: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53]
detected: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][item.kakao.com]
detection-update: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][item.kakao.com]
detection-update: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-m.talk.kakao.com]
detection-update: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][booking.loco.kakao.com]
new: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53]
detected: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-p.talk.kakao.com]
new: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53]
detected: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-v.talk.kakao.com]
new: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53]
detected: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-c.talk.kakao.com]
detection-update: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-p.talk.kakao.com]
detection-update: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-v.talk.kakao.com]
detection-update: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-c.talk.kakao.com]
new: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53]
detected: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-a.talk.kakao.com]
new: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53]
detected: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-gp.talk.kakao.com]
new: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53]
detected: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][dn-l.talk.kakao.com]
detection-update: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-a.talk.kakao.com]
detection-update: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][dn-l.talk.kakao.com]
detection-update: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-gp.talk.kakao.com]
new: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080]
new: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] [MIDSTREAM]
new: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443]
detected: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
new: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] [MIDSTREAM]
new: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53]
detected: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
new: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53]
detected: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
detection-update: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
detection-update: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
new: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1]
detected: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Unknown][Network][Acceptable]
new: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443]
detected: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS][Unknown][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS][Unknown][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
detection-update: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS.KakaoTalk][Unknown][Chat][Acceptable][]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
new: [....21] [ip4][..tcp] [...10.24.82.188][37553] -> [....31.13.68.84][...80]
new: [....22] [ip4][..tcp] [....31.13.68.73][..443] -> [...10.24.82.188][47007] [MIDSTREAM]
detected: [....22] [ip4][..tcp] [....31.13.68.73][..443] -> [...10.24.82.188][47007] [TLS][Facebook][Web][Safe]
detected: [....21] [ip4][..tcp] [...10.24.82.188][37553] -> [....31.13.68.84][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
new: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53]
detected: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][api.facebook.com]
detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][api.facebook.com]
new: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443]
detected: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][api.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53]
detected: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
detection-update: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][api.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][api.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
new: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443]
detected: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53]
detected: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][developers.facebook.com]
detection-update: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][developers.facebook.com]
new: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53]
detected: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][2.97.252.173.in-addr.arpa]
new: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443]
detection-update: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][2.97.252.173.in-addr.arpa]
detected: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][developers.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][developers.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][developers.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [MIDSTREAM]
detected: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe]
RISK: Known Proto on Non Std Port
analyse: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.174| 0.038| 0.043| 1891.518| 4.000]
[PKTLEN......: 40.000| 1320.000| 256.100| 386.900| 149674.200| 3.800]
[BINS(c->s)..: 10,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,3,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1]
[IATS(ms)....: 37.0,40.3,0.3,47.7,4.0,72.1,0.7,124.0,0.2,15.9,0.7,16.6,0.2,12.2,67.2,36.0,15.8,0.7,105.9,38.1,60.4,4.5,0.1,3.9,174.3,67.7,16.8,17.0,108.5,0.7,81.1]
[PKTLENS.....: 60,44,40,605,44,40,1320,158,40,40,1320,933,40,40,1037,40,298,97,85,40,40,93,830,87,77,85,40,461,40,40,40,40]
[ENTROPIES...: 4.7,5.2,4.9,6.7,4.6,5.0,6.4,5.9,4.8,4.7,7.0,7.0,4.7,4.7,7.8,4.9,7.0,6.1,6.0,4.8,4.8,6.0,7.7,5.9,5.8,6.0,4.8,7.5,4.8,5.0,4.9,5.0]
new: [....31] [ip4][..tcp] [...10.24.82.188][42332] -> [.210.103.240.15][..443] [MIDSTREAM]
new: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80]
detected: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
new: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443]
detected: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
analyse: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 3.803| 0.501| 0.832| 692202.045| 3.700]
[PKTLEN......: 40.000| 1320.000| 209.000| 352.300| 124085.100| 3.700]
[BINS(c->s)..: 11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0]
[IATS(ms)....: 995.9,1037.9,49.3,6.7,695.5,683.6,56.0,2329.9,2320.4,251.6,299.0,4.5,4.4,4.1,3.7,105.5,239.4,242.2,376.5,82.6,125.8,244.5,287.3,18.1,164.6,239.0,428.1,146.0,274.1,3803.0,24.7]
[PKTLENS.....: 60,60,44,40,224,44,40,44,224,40,1320,40,1320,40,1027,40,162,40,87,40,694,40,69,40,342,40,83,40,180,40,67,116]
[ENTROPIES...: 4.7,4.7,5.0,4.9,5.2,5.1,5.0,4.7,5.2,4.9,6.5,4.7,7.1,4.8,6.7,4.9,6.6,4.9,5.7,4.8,7.7,4.9,5.5,4.9,7.4,5.0,5.9,4.8,6.8,5.0,5.6,6.4]
new: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443]
detected: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][]
RISK: Obsolete TLS (v1.1 or older)
new: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [MIDSTREAM]
new: [....36] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [MIDSTREAM]
detected: [....36] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [TLS][Google][Web][Safe]
RISK: Known Proto on Non Std Port
new: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM]
detected: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS][Google][Web][Safe]
analyse: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 27.031| 1.853| 6.601| 43576507.498| 1.500]
[PKTLEN......: 40.000| 1320.000| 198.800| 348.100| 121165.000| 3.700]
[BINS(c->s)..: 10,0,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,0,1,1]
[IATS(ms)....: 41.7,45.8,2.2,39.5,11.3,448.4,0.2,2.9,498.7,0.2,0.1,36.9,124.2,229.9,322.0,23.0,161.8,229.9,405.3,0.2,57.4,108.2,76.0,156.0,245.1,68.0,69.5,26937.8,56.9,27030.7,8.1]
[PKTLENS.....: 60,44,40,224,44,40,1320,1320,1027,40,40,40,162,40,87,40,562,40,69,40,199,312,40,40,78,40,69,40,67,116,40,40]
[ENTROPIES...: 4.7,5.0,4.9,5.2,4.7,5.0,6.5,7.1,6.7,4.8,4.9,4.9,6.5,4.9,5.9,4.8,7.7,5.0,5.6,4.8,6.9,7.1,5.0,5.0,5.8,4.9,5.5,4.9,5.6,6.3,5.0,5.0]
update: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Unknown][Network][Acceptable]
detection-update: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223]
detected: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe][]
RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older)
idle: [.....5] [ip4][..udp] [...10.24.82.188][12908] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-m.talk.kakao.com]
idle: [....28] [ip4][..udp] [...10.24.82.188][14650] -> [.....10.188.1.1][...53] [DNS][Unknown][Network][Acceptable][2.97.252.173.in-addr.arpa]
end: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....38] [ip4][..tcp] [...10.24.82.188][58964] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe]
RISK: Known Proto on Non Std Port, Obsolete TLS (v1.1 or older)
idle: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS][Google][Web][Safe]
end: [....20] [ip4][..tcp] [...10.24.82.188][37821] -> [.210.103.240.15][..443] [TLS.KakaoTalk][Unknown][Chat][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
idle: [....25] [ip4][..udp] [...10.24.82.188][19582] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][graph.facebook.com]
idle: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
idle: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
guessed: [....31] [ip4][..tcp] [...10.24.82.188][42332] -> [.210.103.240.15][..443] [TLS][Unknown][Web][Safe]
end: [....31] [ip4][..tcp] [...10.24.82.188][42332] -> [.210.103.240.15][..443]
idle: [.....9] [ip4][..udp] [...10.24.82.188][56820] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-c.talk.kakao.com]
idle: [....23] [ip4][..udp] [...10.24.82.188][24596] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][api.facebook.com]
idle: [.....3] [ip4][..udp] [...10.24.82.188][57816] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][katalk.kakao.com]
idle: [....11] [ip4][..udp] [...10.24.82.188][25117] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-gp.talk.kakao.com]
end: [....21] [ip4][..tcp] [...10.24.82.188][37553] -> [....31.13.68.84][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
end: [....32] [ip4][..tcp] [...10.24.82.188][37557] -> [....31.13.68.84][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
idle: [.....6] [ip4][..udp] [...10.24.82.188][58810] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][item.kakao.com]
guessed: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503] [HTTP][Unknown][Web][Acceptable][]
RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt
end: [....16] [ip4][..tcp] [..120.28.26.242][...80] -> [...10.24.82.188][34503]
idle: [....18] [ip4][..udp] [...10.24.82.188][61011] -> [...10.188.191.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
idle: [....17] [ip4][..udp] [...10.24.82.188][61011] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][plus-talk.kakao.com]
idle: [....10] [ip4][..udp] [...10.24.82.188][29029] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-a.talk.kakao.com]
idle: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....19] [ip4][.icmp] [...10.24.82.188] -> [...10.188.191.1] [ICMP][Unknown][Network][Acceptable]
idle: [....24] [ip4][..tcp] [...10.24.82.188][45209] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....29] [ip4][..tcp] [...10.24.82.188][45211] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
end: [....22] [ip4][..tcp] [....31.13.68.73][..443] -> [...10.24.82.188][47007] [TLS][Facebook][Web][Safe]
idle: [.....2] [ip4][..udp] [...10.24.82.188][35603] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][ac-talk.kakao.com]
guessed: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] [HTTP][Google][Web][Acceptable][]
end: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922]
idle: [....27] [ip4][..udp] [...10.24.82.188][.4017] -> [.....10.188.1.1][...53] [DNS.Facebook][Unknown][Network][Fun][developers.facebook.com]
guessed: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Unknown][Web][Safe]
idle: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947]
idle: [.....1] [ip4][..udp] [...10.24.82.188][38448] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][auth.kakao.com]
idle: [.....7] [ip4][..udp] [...10.24.82.188][.5929] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-p.talk.kakao.com]
guessed: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080] [HTTP_Proxy][Unknown][Web][Acceptable][]
RISK: Fully Encrypted Flow
idle: [....13] [ip4][..tcp] [...10.24.82.188][51021] -> [.103.246.57.251][.8080]
idle: [....36] [ip4][..tcp] [...10.24.82.188][34686] -> [.173.194.72.188][.5228] [TLS][Google][Web][Safe]
RISK: Known Proto on Non Std Port
idle: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][up-v.talk.kakao.com]
idle: [.....4] [ip4][..udp] [...10.24.82.188][41909] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][booking.loco.kakao.com]
idle: [....12] [ip4][..udp] [...10.24.82.188][43077] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable][dn-l.talk.kakao.com]
DAEMON-EVENT: shutdown
|