1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137]
detected: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][xstream_hy]
new: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137]
detected: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][ozi]
new: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138]
detected: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][nvr9]
RISK: Unsafe Protocol
new: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [MIDSTREAM]
analyse: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.014| 0.750| 0.325| 0.215| 46083.158| 4.600]
[PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[IATS(ms)....: 471.3,14.0,264.7,470.8,80.2,113.8,555.8,80.0,113.3,146.8,489.8,113.3,146.4,750.0,33.7,749.5,308.6,441.4,307.6,628.9,121.0,628.9,471.0,279.0,470.7,458.5,291.5,334.2,123.8,93.1,532.9]
[PKTLENS.....: 78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78]
[ENTROPIES...: 4.1,4.1,4.2,4.1,4.1,4.1,4.1,4.1,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.1,4.1,4.2,4.1,4.2,4.1,4.2,4.1,4.2,4.1,4.2,4.2,4.2,4.1,4.2,4.2,4.2]
new: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137]
detected: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*]
RISK: Unidirectional Traffic
new: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137]
detected: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][muli]
new: [.....7] [ip4][..udp] [.....10.0.4.165][..137] -> [.....10.0.5.255][..137]
detected: [.....7] [ip4][..udp] [.....10.0.4.165][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][gunnar]
new: [.....8] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.4.165][..137]
detected: [.....8] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.4.165][..137] [NetBIOS][Unknown][System][Acceptable][gunnar]
RISK: Unidirectional Traffic
new: [.....9] [ip4][..udp] [......10.0.4.66][..137] -> [.....10.0.5.255][..137]
detected: [.....9] [ip4][..udp] [......10.0.4.66][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][guru]
new: [....10] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.5.255][..137]
detected: [....10] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][guru]
new: [....11] [ip4][..udp] [.......10.0.5.1][..137] -> [......10.0.4.24][..137]
detected: [....11] [ip4][..udp] [.......10.0.5.1][..137] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][guru]
RISK: Unidirectional Traffic
new: [....12] [ip4][..udp] [......10.0.5.93][..138] -> [.....10.0.5.255][..138]
detected: [....12] [ip4][..udp] [......10.0.5.93][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][bowie]
RISK: Unsafe Protocol
new: [....13] [ip4][..udp] [.....10.0.5.233][..137] -> [......10.0.4.24][..137]
detected: [....13] [ip4][..udp] [.....10.0.5.233][..137] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*]
RISK: Unidirectional Traffic
new: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137]
detected: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][guru]
analyse: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.749| 1.516| 0.995| 0.356| 126784.610| 4.900]
[PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[IATS(ms)....: 749.4,750.1,1510.9,749.4,750.1,1512.1,749.1,750.1,1513.7,749.6,750.2,1509.2,749.9,750.1,1511.1,749.1,750.1,1516.0,749.2,750.1,1508.0,749.3,750.1,1513.5,749.8,750.0,1513.1,749.2,750.1,1506.9,749.4]
[PKTLENS.....: 78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78]
[ENTROPIES...: 3.9,3.9,3.9,3.9,3.8,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.8,3.9]
new: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137]
detected: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable][*]
RISK: Unidirectional Traffic
update: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
update: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
update: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous]
RISK: Unsafe Protocol
idle: [.....8] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.4.165][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [.....7] [ip4][..udp] [.....10.0.4.165][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [....11] [ip4][..udp] [.......10.0.5.1][..137] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [....13] [ip4][..udp] [.....10.0.5.233][..137] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [....10] [ip4][..udp] [......10.0.4.24][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [.....9] [ip4][..udp] [......10.0.4.66][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [....12] [ip4][..udp] [......10.0.5.93][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous]
RISK: Unsafe Protocol
idle: [.....3] [ip4][..udp] [.......10.0.5.9][..138] -> [.....10.0.5.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous]
RISK: Unsafe Protocol
idle: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][Unknown][System][Acceptable]
guessed: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [NetBIOS][Unknown][System][Acceptable][]
idle: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398]
DAEMON-EVENT: shutdown
|