1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868]
detected: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port
detection-update: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port
detection-update: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.057| 0.386| 0.141| 0.077| 5894.261| 4.800]
[PKTLEN......: 72.000| 640.000| 135.700| 113.000| 12766.000| 4.700]
[BINS(c->s)..: 12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 57.0,57.5,79.9,80.4,89.2,138.8,253.3,182.4,385.9,91.3,93.1,94.6,191.3,165.0,76.9,108.8,123.7,109.4,199.4,91.0,94.0,69.4,74.3,78.6,142.6,139.5,141.5,314.1,235.6,200.5,202.4]
[PKTLENS.....: 80,80,72,87,87,348,228,72,84,92,84,236,220,72,84,212,212,72,100,116,72,84,212,84,84,84,84,640,72,100,72,116]
[ENTROPIES...: 3.4,4.0,3.8,4.4,4.3,6.7,6.2,3.8,4.1,4.5,4.2,6.6,6.5,3.8,4.1,6.4,6.4,3.8,4.6,5.1,3.8,4.1,6.4,4.0,4.1,4.1,4.1,7.6,3.8,4.7,3.8,5.1]
DAEMON-EVENT: [Processed: 62 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0]
new: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22]
detected: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: SSH Obsolete Cli Vers/Cipher
detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: SSH Obsolete Cli Vers/Cipher
detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher
detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher
detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher
end: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 84 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0]
ERROR-EVENT: Unknown packet type [1/16]
idle: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher
DAEMON-EVENT: shutdown
|