test/results/flow-info/default/mining.pcapng.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

     DAEMON-EVENT: init
     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999]
         detected: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] [Mining][Unknown][Mining][Unsafe]
                   RISK: Unsafe Protocol
          analyse: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] [Mining][Unknown][Mining][Unsafe]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|     9.791|     1.953|     3.005|      9028300.177|    3.500]
                   [PKTLEN......:     40.000|   283.000|   131.100|   104.000|        10823.600|    4.600]
                   [BINS(c->s)..: 11,0,4,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 5,1,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,1,0,1,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0]
                   [IATS(ms)....: 18.4,18.5,27.7,27.7,25.8,11.4,0.0,37.2,8.3,48.3,236.6,209.3,12.6,9755.4,9791.3,235.5,2439.8,2440.1,7323.7,7588.5,64.9,25.7,10.3,234.7,3831.8,3833.1,885.3,890.1,5008.7,5252.5,238.4]
                   [PKTLENS.....: 52,46,40,46,214,46,79,283,40,121,283,40,283,40,121,283,40,283,40,188,46,121,46,283,40,283,40,283,40,121,283,40]
                   [ENTROPIES...: 4.4,4.2,4.7,4.4,5.6,4.6,5.4,5.2,4.6,5.3,5.2,4.7,5.2,4.7,5.3,5.2,4.7,5.1,4.7,4.6,4.7,5.4,4.7,5.2,4.7,5.2,4.8,5.2,4.7,5.3,5.1,4.8]
     DAEMON-EVENT: [Processed: 209 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050]
         detected: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe]
                   RISK: Unsafe Protocol
              end: [.....1] [ip4][..tcp] [.147.229.13.222][49307] -> [...185.71.66.39][.9999] [Mining][Unknown][Mining][Unsafe]
                   RISK: Unsafe Protocol
          analyse: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|    50.191|     6.014|    12.034|    144808530.149|    3.200]
                   [PKTLEN......:     52.000|   355.000|   142.600|    98.900|         9779.100|    4.700]
                   [BINS(c->s)..: 9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1]
                   [IATS(ms)....: 82.7,82.7,0.2,82.6,1.5,84.0,12149.8,12261.6,111.7,2618.8,2732.4,113.5,6931.2,7044.0,112.8,7848.9,7848.9,48786.2,308.4,320.0,608.0,50191.4,0.1,0.0,41.7,210.6,4833.2,4833.2,8034.7,8116.9,41.4]
                   [PKTLENS.....: 60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115]
                   [ENTROPIES...: 4.8,5.3,5.2,6.2,5.2,5.3,5.1,5.5,5.5,5.1,5.5,5.5,5.2,5.6,5.5,5.1,5.3,4.9,5.4,5.4,5.5,5.4,5.1,5.2,5.2,5.5,5.0,5.3,5.2,5.5,5.2,5.6]
              new: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333]
         detected: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe]
                   RISK: Unsafe Protocol
              new: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333]
         detected: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
                   RISK: Unsafe Protocol
          analyse: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|    71.693|     7.500|    18.614|    346464978.993|    2.400]
                   [PKTLEN......:     52.000|  1500.000|   358.800|   549.100|       301531.900|    3.700]
                   [BINS(c->s)..: 8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0]
                   [BINS(s->c)..: 10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1]
                   [IATS(ms)....: 80.3,80.3,0.1,83.2,0.0,83.1,0.1,81.0,0.0,80.9,0.3,118.0,882.3,1042.5,71569.6,0.2,71693.1,0.0,0.7,81.6,32242.2,0.2,32323.4,1.5,82.5,7433.0,7432.9,3511.8,0.2,3592.7,1.0]
                   [PKTLENS.....: 60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]
                   [ENTROPIES...: 4.7,5.3,5.1,5.8,5.3,5.7,5.3,6.1,5.7,5.9,5.1,5.8,5.3,5.0,5.2,4.5,4.3,5.3,5.3,5.7,5.2,4.5,4.3,5.4,5.7,5.2,4.9,5.2,4.5,4.3,5.4,5.7]
     DAEMON-EVENT: [Processed: 450 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 3 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
          analyse: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|   170.525|    32.857|    51.784|   2681624034.542|    3.400]
                   [PKTLEN......:     40.000|  1484.000|   223.600|   347.600|       120860.400|    3.900]
                   [BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0]
                   [BINS(s->c)..: 4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1]
                   [IATS(ms)....: 308.1,308.2,0.2,308.1,0.0,308.0,0.7,308.7,0.0,308.0,0.1,346.7,653.9,1043.1,114411.2,114368.8,308.6,308.5,36863.2,36863.2,20419.9,20419.9,170525.4,170525.4,113243.5,113243.5,35871.3,35871.3,15564.6,0.2,15873.5]
                   [PKTLENS.....: 60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]
                   [ENTROPIES...: 4.8,4.9,4.8,5.7,4.5,5.4,4.8,5.9,5.4,5.7,4.8,5.5,4.5,4.8,4.8,4.8,4.8,4.7,4.8,4.8,4.8,4.8,4.9,4.8,4.9,4.7,4.9,4.7,4.8,4.5,4.2,4.5]
             idle: [.....3] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe]
                   RISK: Unsafe Protocol
             idle: [.....2] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe]
                   RISK: Unsafe Protocol
             idle: [.....4] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
                   RISK: Unsafe Protocol
     DAEMON-EVENT: shutdown