1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [143.225.229.181][35287] -> [....74.208.5.28][..110]
detected: [.....1] [ip4][..tcp] [143.225.229.181][35287] -> [....74.208.5.28][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol, Clear-Text Credentials
DAEMON-EVENT: [Processed: 31 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..tcp] [....192.168.0.4][26272] -> [.212.227.15.166][..110]
detected: [.....2] [ip4][..tcp] [....192.168.0.4][26272] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
end: [.....1] [ip4][..tcp] [143.225.229.181][35287] -> [....74.208.5.28][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol, Clear-Text Credentials
new: [.....3] [ip4][..tcp] [....192.168.0.4][26284] -> [.212.227.15.166][..110]
detected: [.....3] [ip4][..tcp] [....192.168.0.4][26284] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
new: [.....4] [ip4][..tcp] [....192.168.0.4][26304] -> [.212.227.15.166][..110]
detected: [.....4] [ip4][..tcp] [....192.168.0.4][26304] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
new: [.....5] [ip4][..tcp] [....192.168.0.4][26308] -> [.212.227.15.166][..110]
detected: [.....5] [ip4][..tcp] [....192.168.0.4][26308] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
new: [.....6] [ip4][..tcp] [....192.168.0.4][26383] -> [.212.227.15.166][..110]
detected: [.....6] [ip4][..tcp] [....192.168.0.4][26383] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
analyse: [.....6] [ip4][..tcp] [....192.168.0.4][26383] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.112| 0.063| 0.038| 1429.214| 4.600]
[PKTLEN......: 40.000| 1500.000| 324.900| 545.200| 297234.100| 3.500]
[BINS(c->s)..: 13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1]
[IATS(ms)....: 48.7,48.8,52.1,85.3,79.8,1.2,96.8,99.7,95.0,92.4,96.8,111.5,96.8,82.4,96.0,95.0,97.0,96.0,95.2,98.0,2.0,51.0,3.2,0.1,3.2,44.7,56.5,59.7,2.4,50.3,0.1]
[PKTLENS.....: 52,52,40,97,46,58,66,46,131,52,58,106,131,46,58,46,72,46,132,48,58,1500,40,1500,1500,40,1229,48,58,1500,40,1500]
[ENTROPIES...: 4.4,4.9,4.8,5.7,5.0,5.4,5.2,4.9,5.5,5.0,5.2,5.8,5.4,4.9,5.1,4.8,5.1,4.9,5.7,5.0,5.3,6.0,4.8,5.3,5.3,4.8,5.4,5.0,5.3,5.6,4.7,5.8]
end: [.....2] [ip4][..tcp] [....192.168.0.4][26272] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
end: [.....3] [ip4][..tcp] [....192.168.0.4][26284] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
end: [.....4] [ip4][..tcp] [....192.168.0.4][26304] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
end: [.....5] [ip4][..tcp] [....192.168.0.4][26308] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
end: [.....6] [ip4][..tcp] [....192.168.0.4][26383] -> [.212.227.15.166][..110] [POP3][Unknown][Email][Unsafe]
RISK: Unsafe Protocol
DAEMON-EVENT: shutdown
|