1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000]
detected: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 120.146| 4.080| 21.203| 449571977.167| 0.400]
[PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0]
[IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.6,0.0,0.0,151.6,0.0,0.0,2891.9,0.0,0.0,0.8,0.0,0.0,3043.1,0.0,0.0,21.2,0.0,0.0,212.0,0.0,0.0,120145.7,0.0]
[PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]
[ENTROPIES...: 4.3,4.3,4.3,4.7,4.7,4.7,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.8,4.8,4.8,5.1,5.1,5.1,4.1,4.1,4.1,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9]
DAEMON-EVENT: [Processed: 39 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000]
detected: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 17.487| 1.644| 4.346| 18887919.796| 2.200]
[PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1]
[IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.5,0.0,0.0,181.2,0.0,0.0,17203.3,0.0,0.0,17487.3,0.0,0.0,4814.1,0.0,0.0,4907.0,0.0,0.0,3276.8,0.0,0.0,3079.9,0.0]
[PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46]
[ENTROPIES...: 4.3,4.3,4.3,4.6,4.6,4.6,4.0,4.0,4.0,4.6,4.6,4.6,4.1,4.1,4.1,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.1,4.1,4.1,4.1,4.1]
DAEMON-EVENT: [Processed: 78 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000]
detected: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
end: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 82.989| 2.758| 14.651| 214640269.197| 0.200]
[PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0]
[IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.5,0.0,0.0,145.0,0.0,0.0,996.9,0.0,0.0,0.8,0.0,0.0,1141.4,0.0,0.0,10.3,0.0,0.0,204.1,0.0,0.0,82989.4,0.0]
[PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]
[ENTROPIES...: 4.2,4.2,4.2,4.7,4.7,4.7,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.8,4.8,4.8,5.1,5.1,5.1,4.2,4.2,4.2,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9]
DAEMON-EVENT: [Processed: 216 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000]
detected: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 75.076| 7.136| 19.839| 393587648.889| 1.900]
[PKTLEN......: 46.000| 63.000| 52.700| 5.900| 34.500| 5.000]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1]
[IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,75028.6,0.0,0.0,75076.4,0.0,0.0,0.5,0.0,0.0,48.2,0.0,0.0,0.6,0.0,0.0,153.0,0.0,0.0,35338.8,0.0,0.0,35569.8,0.0]
[PKTLENS.....: 48,48,48,48,48,48,46,46,46,55,55,55,57,57,57,57,57,57,46,46,46,63,63,63,46,46,46,58,58,58,57,57]
[ENTROPIES...: 4.2,4.2,4.2,4.7,4.7,4.7,4.2,4.2,4.2,4.9,4.9,4.9,4.7,4.7,4.7,4.8,4.8,4.8,4.2,4.2,4.2,4.9,4.9,4.9,4.2,4.2,4.2,4.9,4.9,4.9,4.7,4.7]
DAEMON-EVENT: [Processed: 351 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 3 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000]
detected: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.639| 0.182| 0.626| 391724.270| 1.500]
[PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.100| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0]
[IATS(ms)....: 0.0,0.0,0.1,0.0,0.0,0.3,0.0,0.0,1.3,0.0,0.0,168.6,0.0,0.0,2471.1,0.0,0.0,0.8,0.0,0.0,2639.4,0.0,0.0,99.8,0.0,0.0,232.2,0.0,0.0,15.3,0.0]
[PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,64,64,64,46,46,46,57,57,57,46,46,46,65,65]
[ENTROPIES...: 4.2,4.2,4.2,4.7,4.7,4.7,4.1,4.1,4.1,4.9,4.9,4.9,4.2,4.2,4.2,4.8,4.8,4.8,4.9,4.9,4.9,4.1,4.1,4.1,4.8,4.8,4.8,4.2,4.2,4.2,5.1,5.1]
DAEMON-EVENT: [Processed: 444 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....6] [ip4][..tcp] [.......10.0.0.8][.1159] -> [.......10.0.0.3][20000]
detected: [.....6] [ip4][..tcp] [.......10.0.0.8][.1159] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
idle: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
DAEMON-EVENT: [Processed: 471 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000]
detected: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
idle: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 9.488| 0.797| 2.345| 5497481.069| 1.900]
[PKTLEN......: 46.000| 64.000| 52.800| 7.000| 48.700| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0]
[IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.4,0.0,0.0,192.8,0.0,0.0,9227.0,0.0,0.0,9487.8,0.0,0.0,187.1,0.0,0.0,2636.4,0.0,0.0,2814.1,0.0,0.0,167.8,0.0]
[PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,57,57,57,46,46,46,64,64,64,57,57,57,46,46]
[ENTROPIES...: 4.2,4.2,4.2,4.6,4.6,4.6,4.0,4.0,4.0,4.8,4.8,4.8,4.1,4.1,4.1,4.9,4.9,4.9,4.9,4.9,4.9,4.1,4.1,4.1,4.9,4.9,4.9,4.9,4.9,4.9,4.1,4.1]
DAEMON-EVENT: [Processed: 504 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000]
detected: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.963| 0.497| 1.082| 1171729.023| 2.500]
[PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1]
[IATS(ms)....: 0.0,0.0,0.2,0.0,0.0,0.4,0.0,0.0,1.5,0.0,0.0,125.3,0.0,0.0,3672.1,0.0,0.0,3963.2,0.0,0.0,1744.3,0.0,0.0,1702.4,0.0,0.0,2163.8,0.0,0.0,2038.6,0.0]
[PKTLENS.....: 48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46]
[ENTROPIES...: 4.2,4.2,4.2,4.6,4.6,4.6,4.1,4.1,4.1,4.9,4.9,4.9,4.1,4.1,4.1,4.9,4.9,4.9,4.2,4.2,4.2,5.0,5.0,5.0,4.1,4.1,4.1,4.1,4.1,4.1,4.2,4.2]
idle: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
end: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
idle: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
idle: [.....6] [ip4][..tcp] [.......10.0.0.8][.1159] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
idle: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
DAEMON-EVENT: shutdown
|