test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

     DAEMON-EVENT: init
     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
          analyse: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........:      0.000|    28.648|     1.860|     7.030|     49424738.812|    1.100]
                   [PKTLEN......:     42.000|  2960.000|   308.700|   576.000|       331721.900|    3.600]
                   [BINS(c->s)..: 6,2,1,2,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 7,3,1,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]
                   [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,1,0,0,0,1,1,1]
                   [IATS(ms)....: 50.3,51.1,0.6,51.7,0.1,0.0,0.1,51.3,1.4,0.0,1.9,0.5,0.2,0.2,0.0,51.7,0.0,0.0,0.1,50.1,0.4,8.1,0.0,8.1,85.1,28647.7,0.0,0.1,28613.9,0.0,0.0]
                   [PKTLENS.....: 52,52,42,557,46,153,1500,2960,42,378,49,42,166,145,502,550,160,91,118,46,42,78,439,78,42,46,113,86,1125,46,46,86]
                   [ENTROPIES...: 4.7,4.8,4.7,5.8,4.4,5.8,7.2,7.3,4.7,7.4,4.8,4.7,6.2,6.3,7.6,7.6,6.6,5.4,6.1,4.4,4.7,5.4,7.5,5.4,4.7,4.5,6.0,5.6,7.8,4.4,4.5,5.5]
          guessed: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443] [TLS][AmazonAWS][Web][Safe]
                   RISK: Susp Entropy
     DAEMON-EVENT: [Processed: 63 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 1|detection-updates: 0|updates: 0]
              new: [.....2] [ip4][..tcp] [194.226.199.226][34101] -> [..8.247.226.126][...80]
              end: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443] [TLS][AmazonAWS][Web][Safe]
                   RISK: Susp Entropy
              new: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
          analyse: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........:      0.000|     0.030|     0.007|     0.011|          122.098|    3.500]
                   [PKTLEN......:     42.000|  2864.000|   672.800|  1000.300|      1000640.100|    3.700]
                   [BINS(c->s)..: 11,1,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 3,1,1,0,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,6]
                   [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,1,1,1,1,0,1,1,0,0,1,0,1,0,1,0]
                   [IATS(ms)....: 24.1,24.4,0.4,25.0,2.4,0.0,0.0,27.4,0.3,4.7,29.9,0.0,24.6,1.2,0.0,0.1,26.5,0.0,0.3,0.0,25.6,0.9,0.5,1.6,0.3,1.0,1.0,1.3,1.2,1.0,1.3]
                   [PKTLENS.....: 52,52,42,258,46,2088,2088,462,42,42,133,318,109,42,217,361,78,46,78,364,1452,42,1452,2864,42,42,2864,42,2864,42,2864,42]
                   [ENTROPIES...: 4.6,5.0,4.7,5.7,4.5,7.4,7.6,7.4,4.7,4.7,5.8,7.0,5.8,4.7,6.9,7.4,5.3,4.5,5.2,7.3,7.9,4.6,7.9,7.9,4.7,4.8,7.9,4.8,7.9,4.8,7.9,4.6]
          guessed: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443] [TLS][GoogleCloud][Web][Safe]
                   RISK: Susp Entropy
          guessed: [.....2] [ip4][..tcp] [194.226.199.226][34101] -> [..8.247.226.126][...80] [HTTP][Unknown][Web][Acceptable][]
              end: [.....2] [ip4][..tcp] [194.226.199.226][34101] -> [..8.247.226.126][...80]
     DAEMON-EVENT: [Processed: 160 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 3|detection-updates: 0|updates: 0]
              new: [.....4] [ip4][..tcp] [..194.226.199.9][49756] -> [..92.223.106.21][..443]
              new: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443]
              end: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443] [TLS][GoogleCloud][Web][Safe]
                   RISK: Susp Entropy
          analyse: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........:      0.000|     5.456|     0.293|     1.017|      1033283.961|    1.700]
                   [PKTLEN......:     42.000|  2883.000|   385.900|   734.400|       539373.900|    3.400]
                   [BINS(c->s)..: 14,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 6,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2]
                   [DIRECTIONS..: 0,0,1,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0]
                   [IATS(ms)....: 0.0,10.5,0.0,1548.8,0.0,1559.9,0.0,2.5,0.0,14.1,0.0,4.4,0.0,0.1,0.0,17.1,0.0,0.0,0.0,4.7,0.0,18.5,0.0,216.2,0.0,213.8,0.0,10.4,0.0,5455.6,0.0]
                   [PKTLENS.....: 52,52,46,46,46,46,42,42,609,609,46,46,1450,1450,2883,2883,42,42,42,42,166,166,298,298,42,42,298,298,42,42,71,71]
                   [ENTROPIES...: 4.5,4.5,4.8,4.8,4.8,4.8,4.8,4.8,7.1,7.1,4.6,4.6,7.2,7.2,7.5,7.5,4.7,4.7,4.7,4.7,6.3,6.3,7.1,7.1,4.8,4.8,7.1,7.1,4.7,4.7,5.2,5.2]
          guessed: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443] [TLS][Unknown][Web][Safe]
              new: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443]
          analyse: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|     2.635|     0.323|     0.688|       472790.598|    2.800]
                   [PKTLEN......:     42.000|  2960.000|   481.700|   697.200|       486142.700|    3.800]
                   [BINS(c->s)..: 8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
                   [BINS(s->c)..: 9,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,1]
                   [DIRECTIONS..: 0,1,1,0,0,0,1,1,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0]
                   [IATS(ms)....: 9.8,15.3,2065.2,1.8,0.1,2048.2,2.0,1.8,0.8,0.0,2.2,39.4,217.2,216.0,433.2,854.7,2634.8,0.8,114.8,2.4,133.5,0.3,1201.5,0.2,0.0,0.0,0.2,0.1,15.7,0.4,0.9]
                   [PKTLENS.....: 52,52,52,52,42,561,52,52,46,2960,1216,1500,52,46,1500,1500,1500,52,52,42,42,120,138,46,311,327,46,101,71,1500,658,673]
                   [ENTROPIES...: 4.8,5.0,5.0,4.8,4.6,6.8,5.0,5.0,4.6,7.9,7.8,7.9,4.8,5.1,7.9,7.9,7.9,4.9,4.8,4.7,4.8,6.3,6.6,4.6,7.3,7.3,4.6,6.2,5.8,7.9,7.6,7.7]
          guessed: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443] [TLS][Unknown][Web][Safe]
                   RISK: Susp Entropy
          guessed: [.....4] [ip4][..tcp] [..194.226.199.9][49756] -> [..92.223.106.21][..443] [TLS][Unknown][Web][Safe]
                   RISK: Susp Entropy
              end: [.....4] [ip4][..tcp] [..194.226.199.9][49756] -> [..92.223.106.21][..443]
             idle: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443] [TLS][Unknown][Web][Safe]
                   RISK: Susp Entropy
              end: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443] [TLS][Unknown][Web][Safe]
     DAEMON-EVENT: shutdown