1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500]
detected: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500]
detected: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900]
[PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800]
[BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 1.8,103.9,104.0,109.0,108.5,105.4,105.9,113.8,113.7,106.8,107.1,109.4,109.0,108.9,116.0,117.8,112.3,110.6,110.8,109.9,107.9,108.0,108.0,113.1,114.0,110.8,110.4,107.4,111.2,109.5,105.1]
[PKTLENS.....: 124,47,123,46,122,45,129,52,125,48,122,45,124,47,124,47,126,49,123,46,124,47,123,46,123,46,123,46,129,52,122,45]
[ENTROPIES...: 5.5,5.0,5.5,5.1,5.5,5.0,5.7,5.2,5.6,5.1,5.5,5.0,5.6,5.0,5.5,5.0,5.6,5.1,5.5,5.0,5.5,5.0,5.5,5.0,5.5,5.1,5.5,5.1,5.7,5.3,5.6,5.0]
new: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500]
detected: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900]
[PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900]
[BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 2.4,112.9,114.3,107.8,108.1,108.0,108.0,109.5,111.4,119.1,118.3,117.0,117.0,127.7,125.1,114.0,113.0,120.2,120.9,111.5,111.3,105.6,107.8,113.8,112.0,122.6,125.5,113.0,110.0,123.5,125.7]
[PKTLENS.....: 123,46,127,50,126,49,128,51,123,46,125,48,126,49,125,48,123,46,124,47,128,51,126,49,123,46,123,46,123,46,127,50]
[ENTROPIES...: 5.5,5.0,5.6,5.1,5.6,5.0,5.7,5.2,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.1,5.5,5.1,5.6,5.1,5.6,5.1,5.5,4.9,5.5,5.1,5.5,5.0,5.5,5.1,5.7,5.2]
new: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500]
detected: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900]
[PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900]
[BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 1.3,105.0,107.1,122.6,124.6,114.9,120.4,119.7,111.5,123.9,123.0,105.4,109.4,122.9,120.1,118.0,119.4,130.1,131.4,131.3,129.0,120.1,121.3,112.3,114.8,128.9,125.5,128.0,127.0,125.1,128.5]
[PKTLENS.....: 125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49]
[ENTROPIES...: 5.5,5.1,5.6,5.2,5.6,5.0,5.6,5.1,5.7,5.1,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.2,5.6,5.0,5.7,5.2,5.6,5.1,5.6,5.1,5.6,5.2,5.6,5.1,5.6,5.0]
analyse: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900]
[PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900]
[BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 5.1,140.5,139.4,127.3,129.3,138.0,134.5,137.7,141.2,137.9,138.6,132.6,133.3,132.1,136.8,172.3,164.6,137.8,136.7,122.3,121.6,117.1,118.7,128.8,133.2,115.5,110.1,123.6,124.5,106.7,105.6]
[PKTLENS.....: 127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51]
[ENTROPIES...: 5.6,5.1,5.6,5.1,5.5,5.1,5.5,5.1,5.6,5.1,5.5,5.1,5.5,5.0,5.6,5.2,5.6,5.1,5.7,5.3,5.6,5.1,5.6,5.1,5.5,5.1,5.6,5.2,5.5,5.0,5.6,5.2]
DAEMON-EVENT: [Processed: 800 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53]
detected: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client.dropbox.com]
detection-update: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client.dropbox.com]
RISK: Unidirectional Traffic
detection-update: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client.dropbox.com]
new: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53]
detected: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client-cf.dropbox.com]
detection-update: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client-cf.dropbox.com]
RISK: Unidirectional Traffic
new: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53]
detected: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][d.dropbox.com]
detection-update: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][d.dropbox.com]
RISK: Unidirectional Traffic
detection-update: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client-cf.dropbox.com]
detection-update: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][d.dropbox.com]
idle: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53]
detected: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
RISK: Unidirectional Traffic
detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
RISK: Unidirectional Traffic
detection-update: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
new: [.....9] [ip4][..udp] [..192.168.1.105][17500] -> [255.255.255.255][17500]
detected: [.....9] [ip4][..udp] [..192.168.1.105][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....10] [ip4][..udp] [..192.168.1.105][17500] -> [..192.168.1.255][17500]
detected: [....10] [ip4][..udp] [..192.168.1.105][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53]
detected: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][notify.dropbox.com]
detection-update: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][notify.dropbox.com]
RISK: Unidirectional Traffic
detection-update: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][notify.dropbox.com]
DAEMON-EVENT: [Processed: 836 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 7 / 11|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 0]
new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500]
detected: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....13] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500]
detected: [....13] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....6] [ip4][..udp] [..192.168.1.105][49112] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client-cf.dropbox.com]
idle: [.....7] [ip4][..udp] [..192.168.1.105][50789] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][d.dropbox.com]
idle: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][client.dropbox.com]
idle: [.....9] [ip4][..udp] [..192.168.1.105][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [....11] [ip4][..udp] [..192.168.1.105][33189] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][notify.dropbox.com]
idle: [....10] [ip4][..udp] [..192.168.1.105][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....8] [ip4][..udp] [..192.168.1.105][36173] -> [..192.168.1.254][...53] [DNS.Dropbox][Unknown][Network][Acceptable][log.getdropbox.com]
update: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
update: [....13] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....14] [ip4][..udp] [...192.168.1.64][17500] -> [255.255.255.255][17500]
detected: [....14] [ip4][..udp] [...192.168.1.64][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [....15] [ip4][..udp] [...192.168.1.64][17500] -> [..192.168.1.255][17500]
detected: [....15] [ip4][..udp] [...192.168.1.64][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
update: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
update: [....13] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [....14] [ip4][..udp] [...192.168.1.64][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [....15] [ip4][..udp] [...192.168.1.64][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [....13] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
DAEMON-EVENT: shutdown
|