test/results/flow-info/default/ipp.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

     DAEMON-EVENT: init
     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....1] [ip4][..tcp] [....10.10.10.49][55341] -> [...10.10.10.251][..631]
         detected: [.....1] [ip4][..tcp] [....10.10.10.49][55341] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable][10.10.10.251]
                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
              new: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631]
         detected: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable][10.10.10.251]
                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
          analyse: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable]
                                        min|      max|      avg|   stddev|       variance| entropy
                   [IAT.........:     0.000|    0.009|    0.004|    0.004|         12.440|   4.200]
                   [PKTLEN......:    52.000| 2948.000|  883.700|  882.800|     779357.900|   4.200]
                   [BINS(c->s)..: 3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,1,1,1,0,1,0,9]
                   [BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,0,1,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1]
                   [IATS(ms)....: 0.7,0.7,0.1,0.0,3.6,1.6,5.1,0.1,0.0,5.8,5.7,0.0,3.7,3.6,0.0,7.3,7.3,0.0,8.8,8.8,0.0,9.1,9.1,0.0,7.2,7.2,0.0,7.6,7.6,0.0,7.2]
                   [PKTLENS.....: 60,60,52,196,200,52,77,52,2948,1500,52,2948,1572,52,1428,1596,52,1404,1620,52,1380,1644,52,1356,1668,52,1332,1692,52,1308,1716,52]
                   [ENTROPIES...: 4.4,4.7,4.6,5.5,5.4,4.7,5.2,4.6,4.1,4.0,4.7,3.7,3.5,4.7,3.5,3.5,4.6,4.1,4.5,4.7,4.3,4.2,4.7,4.2,4.7,4.7,4.7,4.3,4.7,4.2,4.1,4.6]
              new: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631]
         detected: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable][10.10.10.251]
                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
              end: [.....1] [ip4][..tcp] [....10.10.10.49][55341] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable]
                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
              end: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable]
                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
              end: [.....3] [ip4][..tcp] [....10.10.10.49][55343] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable]
                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
     DAEMON-EVENT: shutdown