1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..192.168.1.227][49813] -> [.109.70.240.130][...80]
detected: [.....1] [ip4][..tcp] [..192.168.1.227][49813] -> [.109.70.240.130][...80] [HTTP][Unknown][Web][Acceptable][ocsp07.actalis.it]
DAEMON-EVENT: [Processed: 23 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80]
detected: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Google][Network][Safe][ocsp.pki.goog]
end: [.....1] [ip4][..tcp] [..192.168.1.227][49813] -> [.109.70.240.130][...80] [HTTP.OCSP][Unknown][Web][Safe]
new: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80]
detected: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe][r3.o.lencr.org]
analyse: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Google][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.243| 7.287| 4.408| 19431782.613| 4.500]
[PKTLEN......: 104.000| 806.000| 173.000| 189.100| 35745.500| 4.500]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0]
[IATS(ms)....: 3.4,7.0,0.0,7.4,103.0,109.3,10007.8,10013.0,10151.7,10152.0,10240.5,10240.6,10243.1,10242.9,10236.1,10235.9,10239.9,10240.5,10239.9,10239.5,5617.7,5617.9,102.9,109.3,10148.8,10155.0,10236.1,10236.1,10239.8,10239.7,10240.0]
[PKTLENS.....: 112,112,104,498,104,806,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,498,104,806,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.9,4.3,4.0,6.2,4.4,7.1,4.5,4.4,4.3,4.3,4.4,4.4,4.3,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,6.2,4.4,7.0,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4]
analyse: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.244| 7.440| 4.399| 19348030.751| 4.500]
[PKTLEN......: 104.000| 993.000| 184.200| 228.700| 52281.300| 4.400]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
[IATS(ms)....: 12.0,16.1,0.3,19.6,157.1,176.9,7779.8,7796.1,1.3,16.6,10045.9,10060.7,10239.9,10239.7,10239.8,10240.0,10244.0,10243.9,10239.9,10240.0,10236.0,10236.1,10243.9,10244.0,10236.0,10235.9,10240.0,10239.8,10240.0,10240.0,10239.9]
[PKTLENS.....: 112,112,104,490,104,993,104,490,104,993,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.9,4.2,4.1,6.3,4.3,7.0,4.4,6.3,4.4,7.0,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.3,4.4,4.3,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.3]
new: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80]
detected: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe][geant.ocsp.sectigo.com]
new: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80]
detected: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.usertrust.com]
end: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe]
end: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Google][Network][Safe]
DAEMON-EVENT: [Processed: 157 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80]
detected: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Edgecast][Network][Safe][ocsp.digicert.com]
end: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe]
end: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe]
analyse: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Edgecast][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.240| 6.308| 4.932| 24328020.165| 4.300]
[PKTLEN......: 104.000| 903.000| 215.700| 247.800| 61420.800| 4.300]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0]
[IATS(ms)....: 3.1,7.5,2.6,10.4,0.3,8.0,10198.6,10205.6,10239.9,10239.7,10240.0,10239.8,10240.1,10240.2,10239.7,10239.9,594.5,595.4,7.8,0.3,7.9,7.3,10142.0,10148.6,10239.9,10240.0,10239.9,10239.9,10240.0,10239.9,10239.9]
[PKTLENS.....: 112,112,104,491,104,903,104,104,104,104,104,104,104,104,104,104,104,491,903,104,491,903,104,104,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.9,4.3,4.0,6.3,4.3,7.0,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.3,6.3,7.0,4.4,6.3,7.0,4.3,4.4,4.3,4.3,4.3,4.4,4.3,4.4,4.3,4.4]
DAEMON-EVENT: [Processed: 207 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80]
detected: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AmazonAWS][Network][Safe][ocsp.sca1b.amazontrust.com]
new: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80]
detected: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.globalsign.com]
end: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Edgecast][Network][Safe]
analyse: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.241| 7.345| 4.533| 20543650.660| 4.500]
[PKTLEN......: 104.000| 1448.000| 179.500| 263.000| 69147.600| 4.200]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
[IATS(ms)....: 3.4,7.4,0.9,8.1,0.6,0.0,9.1,0.0,10126.9,10134.8,10240.4,10240.5,10239.2,10239.6,10239.9,10239.7,10239.9,10239.5,10239.9,10240.2,10239.9,10240.1,10240.6,10240.2,10239.6,10239.4,10239.5,10240.0,10240.0,10240.0,2594.9]
[PKTLENS.....: 112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.8,4.2,4.1,6.2,4.4,6.9,7.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4]
analyse: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AmazonAWS][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.241| 7.462| 4.365| 19049033.499| 4.600]
[PKTLEN......: 104.000| 1110.000| 148.300| 185.900| 34567.000| 4.500]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
[IATS(ms)....: 12.0,16.5,0.4,17.1,110.0,126.6,9996.4,10012.4,10239.9,10239.8,10239.9,10240.2,10239.9,10239.6,10240.0,10240.0,10239.9,10240.1,10239.9,10239.7,10239.9,10240.0,10240.6,10240.6,10239.8,10239.8,10239.3,10239.5,3107.0,3107.9,16.9]
[PKTLENS.....: 112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.9,4.3,4.0,6.3,4.3,7.0,4.4,4.4,4.3,4.4,4.3,4.4,4.3,4.4,4.3,4.3,4.3,4.4,4.3,4.4,4.3,4.4,4.3,4.3,4.3,4.3,4.3,4.4,4.3,4.3,4.3,4.4]
DAEMON-EVENT: [Processed: 274 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 2 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80]
detected: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp09.actalis.it]
end: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Unknown][Network][Safe]
end: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AmazonAWS][Network][Safe]
new: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80]
detected: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.entrust.net]
end: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Unknown][Network][Safe]
analyse: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.241| 3.776| 4.797| 23012529.144| 3.600]
[PKTLEN......: 104.000| 1552.000| 324.200| 431.700| 186386.900| 4.100]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0]
[IATS(ms)....: 12.2,16.6,0.5,17.8,3.4,0.0,21.7,0.0,1169.7,1186.8,9.8,0.0,24.7,0.0,1031.5,1046.7,2.5,0.0,19.0,0.0,10158.4,10174.4,10240.2,10240.5,10240.7,10240.4,10239.9,10239.9,10238.7,10240.1,10241.2]
[PKTLENS.....: 112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.9,4.2,4.0,6.3,4.3,7.0,7.2,4.4,4.4,6.3,4.3,7.0,7.2,4.3,4.3,6.2,4.4,7.0,7.2,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4]
end: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe]
DAEMON-EVENT: shutdown
|