1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610]
detected: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable]
analyse: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.602| 0.105| 0.182| 33194.353| 3.400]
[PKTLEN......: 58.000| 900.000| 171.300| 234.500| 54984.500| 4.100]
[BINS(c->s)..: 1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0]
[IATS(ms)....: 500.2,544.7,533.1,602.1,13.5,0.2,64.9,0.1,263.1,290.4,5.4,20.0,10.5,19.5,59.0,10.0,9.9,21.0,21.0,9.1,0.0,8.0,22.0,2.9,7.1,6.9,42.1,58.1,10.4,99.3,10.4]
[PKTLENS.....: 900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]
[ENTROPIES...: 7.8,7.8,6.6,7.6,5.2,7.4,6.7,6.8,7.4,5.1,5.1,5.3,5.1,5.2,5.3,5.2,5.2,5.3,5.3,5.3,5.2,5.3,5.3,5.3,5.3,5.2,4.1,4.5,5.4,5.3,5.2,5.2]
DAEMON-EVENT: [Processed: 50 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..tcp] [...10.200.3.125][57841] -> [.147.92.165.194][..443] [MIDSTREAM]
detected: [.....2] [ip4][..tcp] [...10.200.3.125][57841] -> [.147.92.165.194][..443] [TLS][Line][Web][Safe]
new: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443]
detected: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable][uts-front.line-apps.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable][uts-front.line-apps.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable][uts-front.line-apps.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....2] [ip4][..tcp] [...10.200.3.125][57841] -> [.147.92.165.194][..443] [TLS][Line][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.007| 2.533| 0.220| 0.601| 361429.959| 2.800]
[PKTLEN......: 40.000| 374.000| 118.100| 90.900| 8262.100| 4.600]
[BINS(c->s)..: 1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0]
[IATS(ms)....: 74.6,74.7,34.4,71.2,134.8,63.6,34.3,34.4,78.2,122.6,44.3,34.3,34.3,68.3,109.3,41.2,34.5,34.3,6.9,46.8,64.5,59.0,90.2,2533.1,2477.5,34.5,34.2,78.8,154.7,69.6,35.1]
[PKTLENS.....: 100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]
[ENTROPIES...: 5.9,4.7,6.3,4.7,6.6,6.0,4.7,6.6,4.7,7.4,6.0,4.7,6.5,4.7,6.4,5.9,4.7,6.7,4.7,7.0,5.9,6.3,6.0,4.7,6.0,4.7,7.3,4.7,7.1,4.8,7.4,5.9]
analyse: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 7.306| 0.634| 1.725| 2976235.913| 2.700]
[PKTLEN......: 40.000| 1500.000| 272.500| 367.300| 134881.600| 4.100]
[BINS(c->s)..: 6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]
[IATS(ms)....: 237.3,237.6,1.0,239.7,1.4,0.0,0.0,239.9,3.7,241.4,238.7,278.5,277.4,237.5,0.0,0.0,237.6,7029.5,7306.4,276.8,237.6,0.7,0.0,238.3,524.4,801.6,277.2,237.7,0.0,0.0,237.7]
[PKTLENS.....: 52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40]
[ENTROPIES...: 4.5,4.9,4.8,4.8,4.5,7.2,7.5,7.4,4.8,6.2,7.2,7.3,4.5,7.6,4.5,7.0,5.7,4.8,7.4,4.4,7.6,4.6,7.0,5.8,4.6,7.3,4.5,7.6,4.5,7.0,5.7,4.7]
idle: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable]
new: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070]
detected: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
analyse: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.225| 0.016| 0.051| 2613.605| 1.500]
[PKTLEN......: 59.000| 881.000| 540.400| 131.000| 17170.000| 4.900]
[BINS(c->s)..: 1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1]
[IATS(ms)....: 175.7,225.0,0.1,0.0,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.1,84.3,0.0,0.0,0.0,0.0,0.0,0.0,0.2,0.0,0.0,0.0,0.0]
[PKTLENS.....: 881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570]
[ENTROPIES...: 7.8,7.2,7.6,7.6,7.6,7.7,7.7,7.6,7.5,7.6,7.6,7.6,7.6,7.6,7.7,7.6,7.6,7.7,5.3,6.7,7.5,7.6,7.7,7.6,7.6,7.6,7.7,7.6,7.6,7.7,7.7,7.6]
new: [.....5] [ip4][..udp] [...10.200.3.125][51170] -> [..147.92.169.90][29070]
detected: [.....5] [ip4][..udp] [...10.200.3.125][51170] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
update: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
idle: [.....2] [ip4][..tcp] [...10.200.3.125][57841] -> [.147.92.165.194][..443] [TLS][Line][Web][Safe]
end: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
idle: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
idle: [.....5] [ip4][..udp] [...10.200.3.125][51170] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
DAEMON-EVENT: shutdown
|