aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info/default/openvpn.pcap.out
blob: 2bac743173169907cc2e514527de32446be14dbc (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

     DAEMON-EVENT: init
              new: [.....1] [ip4][..udp] [..192.168.75.18][60201] -> [.166.161.181.18][..443]
              new: [.....2] [ip4][..udp] [.69.197.143.179][..443] -> [......10.0.2.15][60201]
         detected: [.....2] [ip4][..udp] [.69.197.143.179][..443] -> [......10.0.2.15][60201] [OpenVPN][Unknown][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
         detected: [.....1] [ip4][..udp] [..192.168.75.18][60201] -> [.166.161.181.18][..443] [OpenVPN][Unknown][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
     DAEMON-EVENT: [Processed: 21 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....3] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194]
         detected: [.....3] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] [OpenVPN][Unknown][VPN][Acceptable]
          analyse: [.....3] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] [OpenVPN][Unknown][VPN][Acceptable]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|     1.014|     0.075|     0.247|        61045.854|    1.800]
                   [PKTLEN......:     52.000|   400.000|   115.400|    89.500|         8001.300|    4.700]
                   [BINS(c->s)..: 14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0]
                   [IATS(ms)....: 0.2,0.4,1013.4,1014.5,3.6,5.5,3.3,44.9,41.0,0.5,0.3,40.4,40.4,1.0,18.1,17.8,0.4,0.3,37.1,37.3,0.3,0.3,0.3,0.2,0.3,0.3,0.2,0.3,0.2,0.2,0.2]
                   [PKTLENS.....: 60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76]
                   [ENTROPIES...: 4.6,5.1,5.0,5.2,5.1,5.2,5.0,5.4,5.1,5.3,5.0,5.3,4.9,5.3,5.0,5.8,5.0,5.4,5.3,5.0,6.4,5.3,6.6,5.4,6.7,5.4,6.0,5.3,5.8,5.4,6.9,5.3]
             idle: [.....2] [ip4][..udp] [.69.197.143.179][..443] -> [......10.0.2.15][60201] [OpenVPN][Unknown][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
             idle: [.....1] [ip4][..udp] [..192.168.75.18][60201] -> [.166.161.181.18][..443] [OpenVPN][Unknown][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
     DAEMON-EVENT: [Processed: 216 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443]
         detected: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][DigitalOcean][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
          analyse: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][DigitalOcean][VPN][Acceptable]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|     0.998|     0.088|     0.234|        54526.591|    2.700]
                   [PKTLEN......:     52.000|   357.000|   140.300|    75.300|         5671.500|    4.800]
                   [BINS(c->s)..: 6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1]
                   [IATS(ms)....: 54.9,55.0,945.3,997.7,0.5,52.9,0.2,76.4,76.2,41.0,2.7,0.1,43.9,0.1,0.2,0.3,40.5,40.5,41.0,41.0,0.1,0.1,0.3,41.0,41.0,40.3,40.3,0.5,0.1,0.6,40.1]
                   [PKTLENS.....: 60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196]
                   [ENTROPIES...: 4.6,5.1,4.9,5.5,5.1,5.6,4.9,5.8,5.1,5.7,5.1,6.0,6.1,5.7,6.5,6.7,5.0,6.6,6.2,6.4,5.7,6.7,6.7,4.8,6.1,6.1,6.4,5.8,6.6,6.8,5.0,6.4]
             idle: [.....3] [ip4][..tcp] [.10.181.235.122][39772] -> [...10.251.71.30][.1194] [OpenVPN][Unknown][VPN][Acceptable]
     DAEMON-EVENT: [Processed: 311 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680]
         detected: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
          analyse: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|     0.196|     0.045|     0.060|         3547.546|    3.900]
                   [PKTLEN......:     70.000|   331.000|   126.400|    58.600|         3436.100|    4.900]
                   [BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
                   [IATS(ms)....: 195.2,195.8,0.8,177.2,176.2,0.5,0.5,0.5,0.4,0.5,0.5,98.5,98.6,29.6,29.6,19.8,19.8,0.4,0.5,50.1,50.0,29.9,30.0,20.3,20.2,9.5,9.5,38.3,38.3,31.9,31.9]
                   [PKTLENS.....: 70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]
                   [ENTROPIES...: 5.3,5.5,5.7,5.6,5.9,5.6,6.0,5.7,6.6,5.7,6.7,5.7,6.6,5.7,6.4,5.7,6.6,5.6,6.6,5.7,6.0,5.6,6.4,5.7,6.6,5.6,6.6,5.6,6.3,5.7,6.5,5.7]
             idle: [.....4] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][DigitalOcean][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
     DAEMON-EVENT: [Processed: 394 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680]
         detected: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
          analyse: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|     2.242|     0.188|     0.537|       288658.031|    2.400]
                   [PKTLEN......:     70.000|   331.000|   123.300|    58.900|         3466.400|    4.900]
                   [BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
                   [IATS(ms)....: 2195.9,2242.5,46.7,0.1,203.1,15.1,218.1,0.6,0.6,0.5,0.5,3.5,3.5,185.2,185.2,0.4,0.4,39.5,39.5,9.4,9.4,82.3,82.3,3.8,3.8,34.2,34.2,15.7,15.7,74.3,74.3]
                   [PKTLENS.....: 70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]
                   [ENTROPIES...: 5.2,5.3,5.4,5.5,5.6,5.5,5.8,5.6,6.1,5.5,6.6,5.5,6.7,5.6,6.6,5.5,6.4,5.6,6.7,5.5,6.5,5.6,6.0,5.6,6.3,5.6,6.6,5.6,6.6,5.5,6.4,5.6]
             idle: [.....5] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
     DAEMON-EVENT: [Processed: 514 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194]
         detected: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable]
          analyse: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|     2.241|     0.219|     0.513|       263196.672|    2.800]
                   [PKTLEN......:     46.000|  1228.000|   227.900|   364.900|       133184.400|    3.900]
                   [BINS(c->s)..: 5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1]
                   [IATS(ms)....: 216.1,332.2,5.8,3.4,337.9,58.0,0.1,0.1,0.1,307.1,10.0,20.5,1960.2,1.5,0.6,2241.1,1.7,0.7,299.0,1.5,2.3,0.2,300.0,2.0,1.3,0.7,338.5,1.2,1.5,0.3,340.9]
                   [PKTLENS.....: 46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]
                   [ENTROPIES...: 4.7,4.8,5.0,5.3,4.5,5.1,7.4,6.7,7.7,7.6,5.0,5.1,5.1,5.4,5.5,5.6,5.1,5.1,5.1,5.7,5.7,5.9,5.8,5.1,5.2,5.1,5.1,6.5,6.6,5.9,6.1,5.1]
             idle: [.....6] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][DigitalOcean][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
     DAEMON-EVENT: [Processed: 614 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....8] [ip4][..tcp] [......127.0.0.1][36138] -> [......127.0.0.1][..443]
         detected: [.....8] [ip4][..tcp] [......127.0.0.1][36138] -> [......127.0.0.1][..443] [OpenVPN][Unknown][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
          analyse: [.....8] [ip4][..tcp] [......127.0.0.1][36138] -> [......127.0.0.1][..443] [OpenVPN][Unknown][VPN][Acceptable]
                                         min|       max|       avg|    stddev|         variance|  entropy
                   [IAT.........: <    0.001|     0.222|     0.027|     0.055|         2999.563|    3.100]
                   [PKTLEN......:     40.000|  1500.000|   296.700|   446.100|       199012.800|    3.800]
                   [BINS(c->s)..: 7,1,4,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0]
                   [BINS(s->c)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,0]
                   [IATS(ms)....: 22.2,22.3,1.2,1.5,24.4,24.6,0.4,0.6,0.2,0.1,221.4,221.5,0.8,1.0,0.1,0.1,0.2,0.2,52.3,56.4,4.2,2.7,0.1,2.8,0.1,0.1,0.0,22.2,65.6,62.0,18.8]
                   [PKTLENS.....: 60,46,40,96,46,108,40,104,46,395,46,1166,40,104,1426,40,46,104,46,976,104,46,1166,1500,46,767,46,46,104,40,613,40]
                   [ENTROPIES...: 4.4,4.4,4.3,5.8,3.9,5.9,4.4,5.9,4.0,7.4,3.9,7.8,4.3,5.8,7.8,4.3,4.0,5.9,4.0,7.8,5.9,4.0,7.8,7.9,4.0,7.8,4.0,3.9,5.7,4.2,7.6,4.3]
             idle: [.....7] [ip4][..udp] [...3.111.166.78][51146] -> [..85.134.13.165][.1194] [OpenVPN][AmazonAWS][VPN][Acceptable]
     DAEMON-EVENT: [Processed: 660 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....9] [ip4][..udp] [.192.168.12.156][41133] -> [.107.161.86.131][..443]
         detected: [.....9] [ip4][..udp] [.192.168.12.156][41133] -> [.107.161.86.131][..443] [OpenVPN][Unknown][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port, Susp Entropy
              end: [.....8] [ip4][..tcp] [......127.0.0.1][36138] -> [......127.0.0.1][..443] [OpenVPN][Unknown][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
     DAEMON-EVENT: [Processed: 691 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [....10] [ip4][..udp] [.192.168.12.156][37383] -> [.217.138.197.43][.1234]
         detected: [....10] [ip4][..udp] [.192.168.12.156][37383] -> [.217.138.197.43][.1234] [OpenVPN.NordVPN][NordVPN][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
             idle: [....10] [ip4][..udp] [.192.168.12.156][37383] -> [.217.138.197.43][.1234] [OpenVPN.NordVPN][NordVPN][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
             idle: [.....9] [ip4][..udp] [.192.168.12.156][41133] -> [.107.161.86.131][..443] [OpenVPN][Unknown][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port, Susp Entropy
     DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.