1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..192.30.252.91][..443] -> [..192.168.1.100][.3213] [MIDSTREAM]
detected: [.....1] [ip4][..tcp] [..192.30.252.91][..443] -> [..192.168.1.100][.3213] [TLS][Github][Web][Safe]
new: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53]
detected: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][91.252.30.192.in-addr.arpa]
detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][100.1.168.192.in-addr.arpa]
RISK: Unidirectional Traffic
detection-update: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][100.1.168.192.in-addr.arpa]
RISK: Minor Issues
new: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] [MIDSTREAM]
new: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53]
detected: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][254.1.168.192.in-addr.arpa]
detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][26.186.239.80.in-addr.arpa]
RISK: Unidirectional Traffic
detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][254.1.168.192.in-addr.arpa]
RISK: Error Code
detection-update: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][26.186.239.80.in-addr.arpa]
RISK: Error Code
new: [.....5] [ip4][..tcp] [..80.239.186.40][..443] -> [..192.168.1.100][.3478] [MIDSTREAM]
new: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568]
new: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53]
detected: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][40.186.239.80.in-addr.arpa]
detection-update: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][40.186.239.80.in-addr.arpa]
new: [.....8] [ip4][..tcp] [..192.168.1.100][.3052] -> [.216.58.212.110][..443] [MIDSTREAM]
new: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53]
detected: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][22.40.194.173.in-addr.arpa]
detection-update: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][110.212.58.216.in-addr.arpa]
RISK: Unidirectional Traffic
detection-update: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][110.212.58.216.in-addr.arpa]
new: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119] [MIDSTREAM]
new: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228] [MIDSTREAM]
ERROR-EVENT: Unknown packet type [1/16]
new: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900]
detected: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
new: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80]
detected: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com]
new: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53]
detected: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][llnw.blizzard.com]
RISK: Susp DGA Domain name
detection-update: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][llnw.blizzard.com]
RISK: Susp DGA Domain name, Unidirectional Traffic
detection-update: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][llnw.blizzard.com]
RISK: Susp DGA Domain name, Risky Domain Name
new: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80]
detected: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Web][Acceptable][llnw.blizzard.com]
RISK: Susp DGA Domain name
detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com]
RISK: Susp DGA Domain name, Binary File/Data Transfer (Attempt)
analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.072| 0.012| 0.024| 562.008| 2.800]
[PKTLEN......: 40.000| 1500.000| 685.500| 719.000| 516967.300| 4.100]
[BINS(c->s)..: 15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 58.1,58.1,0.1,58.2,14.3,72.4,0.1,0.1,0.2,0.2,0.1,0.2,0.2,0.2,0.2,0.2,0.1,0.1,0.2,0.2,56.8,56.9,0.2,0.2,0.2,0.2,0.2,0.1,0.1,0.1,0.2]
[PKTLENS.....: 52,52,40,227,46,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500]
[ENTROPIES...: 4.6,4.9,4.7,5.8,4.5,5.3,4.7,5.1,4.6,5.2,4.7,5.1,4.7,5.1,4.6,5.2,4.6,5.2,4.6,5.1,4.7,5.2,4.7,5.1,4.7,5.1,4.7,5.2,4.7,5.2,4.7,5.1]
new: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80]
detected: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun][us.scan.worldofwarcraft.com]
RISK: HTTP Susp User-Agent
detection-update: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun][us.scan.worldofwarcraft.com]
RISK: HTTP Susp User-Agent, HTTP Obsolete Server
new: [....17] [ip4][..tcp] [..192.168.1.100][.3492] -> [...2.228.46.104][..443] [MIDSTREAM]
new: [....18] [ip4][..tcp] [..192.168.1.100][.3489] -> [...2.228.46.104][..443] [MIDSTREAM]
new: [....19] [ip4][..tcp] [..192.168.1.100][.3490] -> [...2.228.46.104][..443] [MIDSTREAM]
new: [....20] [ip4][..tcp] [..192.168.1.100][.3491] -> [...2.228.46.104][..443] [MIDSTREAM]
new: [....21] [ip4][..tcp] [..192.168.1.100][.3482] -> [...2.228.46.114][..443] [MIDSTREAM]
new: [....22] [ip4][..tcp] [..192.168.1.100][.3480] -> [...2.228.46.114][..443] [MIDSTREAM]
new: [....23] [ip4][..tcp] [..192.168.1.100][.3481] -> [...2.228.46.114][..443] [MIDSTREAM]
new: [....24] [ip4][..tcp] [..192.168.1.100][.3479] -> [...2.228.46.114][..443] [MIDSTREAM]
new: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443] [MIDSTREAM]
new: [....26] [ip4][..tcp] [..192.168.1.100][.3484] -> [173.194.113.224][..443] [MIDSTREAM]
detected: [....21] [ip4][..tcp] [..192.168.1.100][.3482] -> [...2.228.46.114][..443] [TLS][Unknown][Web][Safe]
detected: [....24] [ip4][..tcp] [..192.168.1.100][.3479] -> [...2.228.46.114][..443] [TLS][Unknown][Web][Safe]
detected: [....23] [ip4][..tcp] [..192.168.1.100][.3481] -> [...2.228.46.114][..443] [TLS][Unknown][Web][Safe]
detected: [....17] [ip4][..tcp] [..192.168.1.100][.3492] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
detected: [....19] [ip4][..tcp] [..192.168.1.100][.3490] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
detected: [....20] [ip4][..tcp] [..192.168.1.100][.3491] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
detected: [....22] [ip4][..tcp] [..192.168.1.100][.3480] -> [...2.228.46.114][..443] [TLS][Unknown][Web][Safe]
detected: [....18] [ip4][..tcp] [..192.168.1.100][.3489] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
new: [....27] [ip4][....2] [..192.168.1.107] -> [.....224.0.0.22]
detected: [....27] [ip4][....2] [..192.168.1.107] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
new: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53]
detected: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][nydus.battle.net]
detection-update: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][nydus.battle.net]
RISK: Unidirectional Traffic
detection-update: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][nydus.battle.net]
new: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80]
detected: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
new: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80]
detected: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
new: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119]
new: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80]
detected: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
new: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80]
detected: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun]
detected: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
analyse: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.166| 0.038| 0.053| 2837.592| 3.600]
[PKTLEN......: 40.000| 783.000| 102.400| 136.000| 18494.500| 4.300]
[BINS(c->s)..: 23,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[IATS(ms)....: 52.5,52.6,94.6,145.7,24.3,95.1,95.9,166.3,70.9,49.6,160.3,31.2,128.6,15.2,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0]
[PKTLENS.....: 52,46,40,142,46,783,40,220,303,40,235,46,108,42,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63]
[ENTROPIES...: 4.5,4.6,4.7,5.4,4.5,7.8,5.0,7.1,7.2,4.9,6.2,4.7,5.0,4.8,5.6,5.5,5.6,5.6,5.6,5.7,5.5,5.5,5.5,5.7,5.7,5.7,5.5,5.6,5.6,5.7,5.6,5.6]
new: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119]
new: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119]
new: [....36] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.212][.1119]
new: [....37] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.166][.1119]
new: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80]
detected: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
new: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80]
detected: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
new: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80]
new: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80]
detected: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
detected: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
new: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80]
new: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80]
detected: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable][eu.battle.net]
detected: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable][eu.battle.net]
new: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53]
detected: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][bnetcmsus-a.akamaihd.net]
detection-update: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][bnetcmsus-a.akamaihd.net]
RISK: Unidirectional Traffic
detection-update: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][bnetcmsus-a.akamaihd.net]
new: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80]
new: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80]
new: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80]
new: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80]
new: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80]
detected: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
new: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80]
new: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80]
detected: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
detected: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
detected: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
detected: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
new: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80]
detected: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
detected: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
analyse: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.034| 0.007| 0.013| 169.003| 2.900]
[PKTLEN......: 40.000| 1500.000| 866.800| 718.400| 516058.300| 4.300]
[BINS(c->s)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0]
[IATS(ms)....: 32.5,32.5,1.6,34.3,1.1,0.1,33.9,0.2,0.1,0.3,0.1,0.3,0.4,0.2,0.1,0.3,0.1,0.1,0.2,0.1,0.6,0.7,0.1,0.1,0.2,0.1,0.1,0.3,32.9,0.3,33.2]
[PKTLENS.....: 52,52,40,189,46,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40]
[ENTROPIES...: 4.5,4.8,4.7,5.8,4.5,5.9,7.7,4.7,7.8,7.8,4.7,7.8,7.7,4.7,7.7,7.8,4.7,7.8,7.8,4.7,7.8,7.8,4.7,7.7,7.8,4.7,7.8,7.7,4.7,7.8,7.8,4.7]
idle: [....45] [ip4][..tcp] [..192.168.1.100][.3527] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
idle: [....46] [ip4][..tcp] [..192.168.1.100][.3528] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
idle: [....47] [ip4][..tcp] [..192.168.1.100][.3529] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
idle: [....48] [ip4][..tcp] [..192.168.1.100][.3530] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
idle: [....49] [ip4][..tcp] [..192.168.1.100][.3531] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][bnetcmsus-a.akamaihd.net]
idle: [....50] [ip4][..tcp] [..192.168.1.100][.3532] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable]
idle: [....51] [ip4][..tcp] [..192.168.1.100][.3533] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable]
guessed: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80] [HTTP][Unknown][Web][Acceptable][]
RISK: Unidirectional Traffic
idle: [....52] [ip4][..tcp] [..192.168.1.100][.3534] -> [...2.228.46.112][...80]
end: [....24] [ip4][..tcp] [..192.168.1.100][.3479] -> [...2.228.46.114][..443] [TLS][Unknown][Web][Safe]
end: [....22] [ip4][..tcp] [..192.168.1.100][.3480] -> [...2.228.46.114][..443] [TLS][Unknown][Web][Safe]
end: [....23] [ip4][..tcp] [..192.168.1.100][.3481] -> [...2.228.46.114][..443] [TLS][Unknown][Web][Safe]
end: [....21] [ip4][..tcp] [..192.168.1.100][.3482] -> [...2.228.46.114][..443] [TLS][Unknown][Web][Safe]
end: [....18] [ip4][..tcp] [..192.168.1.100][.3489] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
end: [....19] [ip4][..tcp] [..192.168.1.100][.3490] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
end: [....20] [ip4][..tcp] [..192.168.1.100][.3491] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
end: [....17] [ip4][..tcp] [..192.168.1.100][.3492] -> [...2.228.46.104][..443] [TLS][Unknown][Web][Safe]
idle: [....28] [ip4][..udp] [..192.168.1.100][53145] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][nydus.battle.net]
end: [....29] [ip4][..tcp] [..192.168.1.100][.3515] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
end: [....30] [ip4][..tcp] [..192.168.1.100][.3516] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
end: [....32] [ip4][..tcp] [..192.168.1.100][.3518] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
end: [....33] [ip4][..tcp] [..192.168.1.100][.3519] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
end: [....38] [ip4][..tcp] [..192.168.1.100][.3521] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
end: [....39] [ip4][..tcp] [..192.168.1.100][.3522] -> [..80.239.186.21][...80] [HTTP][Unknown][Web][Acceptable][eu.launcher.battle.net]
end: [....40] [ip4][..tcp] [..192.168.1.100][.3523] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
end: [....41] [ip4][..tcp] [..192.168.1.100][.3524] -> [..80.239.186.26][...80] [HTTP][Unknown][Web][Acceptable][nydus.battle.net]
end: [....42] [ip4][..tcp] [..192.168.1.100][.3525] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable][eu.battle.net]
end: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable][eu.battle.net]
guessed: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] [Starcraft][Unknown][Game][Fun]
idle: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119]
guessed: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] [TLS][Unknown][Web][Safe]
RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt
end: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476]
guessed: [.....5] [ip4][..tcp] [..80.239.186.40][..443] -> [..192.168.1.100][.3478] [TLS][Unknown][Web][Safe]
RISK: Unidirectional Traffic, TCP Connection Issues, Probing Attempt
end: [.....5] [ip4][..tcp] [..80.239.186.40][..443] -> [..192.168.1.100][.3478]
idle: [....27] [ip4][....2] [..192.168.1.107] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable]
guessed: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119] [Starcraft][Unknown][Game][Fun]
end: [....10] [ip4][..tcp] [..192.168.1.100][.3427] -> [.80.239.208.193][.1119]
idle: [....44] [ip4][..udp] [..192.168.1.100][55468] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][bnetcmsus-a.akamaihd.net]
end: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com]
RISK: Susp DGA Domain name, Binary File/Data Transfer (Attempt)
guessed: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228] [Google][Google][Web][Acceptable]
idle: [....11] [ip4][..tcp] [..192.168.1.100][.2759] -> [.64.233.184.188][.5228]
idle: [....31] [ip4][..tcp] [..192.168.1.100][.3517] -> [213.248.127.130][.1119] [Starcraft][Unknown][Game][Fun]
idle: [.....2] [ip4][..udp] [..192.168.1.100][58818] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][100.1.168.192.in-addr.arpa]
RISK: Minor Issues
idle: [.....4] [ip4][..udp] [..192.168.1.100][58831] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][26.186.239.80.in-addr.arpa]
RISK: Error Code
idle: [.....7] [ip4][..udp] [..192.168.1.100][58844] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][40.186.239.80.in-addr.arpa]
idle: [.....9] [ip4][..udp] [..192.168.1.100][58851] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][110.212.58.216.in-addr.arpa]
end: [....16] [ip4][..tcp] [..192.168.1.100][.3512] -> [..12.129.222.54][...80] [HTTP.WorldOfWarcraft][Unknown][Game][Fun][us.scan.worldofwarcraft.com]
RISK: HTTP Susp User-Agent, HTTP Obsolete Server
idle: [....14] [ip4][..udp] [..192.168.1.100][60026] -> [..192.168.1.254][...53] [DNS][Unknown][Network][Acceptable][llnw.blizzard.com]
RISK: Susp DGA Domain name, Risky Domain Name
guessed: [....37] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.166][.1119] [Starcraft][Unknown][Game][Fun]
idle: [....37] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.166][.1119]
guessed: [....36] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.212][.1119] [Starcraft][Unknown][Game][Fun]
idle: [....36] [ip4][..udp] [..192.168.1.100][.6113] -> [213.248.127.212][.1119]
guessed: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] [QUIC][Google][Web][Acceptable]
RISK: Susp Entropy
idle: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568]
idle: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250]
idle: [.....1] [ip4][..tcp] [..192.30.252.91][..443] -> [..192.168.1.100][.3213] [TLS][Github][Web][Safe]
guessed: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443] [TLS][Unknown][Web][Safe]
end: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443]
guessed: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119] [Starcraft][Unknown][Game][Fun]
idle: [....35] [ip4][..udp] [..192.168.1.100][53146] -> [..62.115.246.51][.1119]
guessed: [.....8] [ip4][..tcp] [..192.168.1.100][.3052] -> [.216.58.212.110][..443] [TLS][Google][Web][Safe]
idle: [.....8] [ip4][..tcp] [..192.168.1.100][.3052] -> [.216.58.212.110][..443]
end: [....13] [ip4][..tcp] [..192.168.1.100][.3506] -> [173.194.113.224][...80] [HTTP.Google][Google][Advertisement][Acceptable][www.google-analytics.com]
guessed: [....26] [ip4][..tcp] [..192.168.1.100][.3484] -> [173.194.113.224][..443] [TLS][Google][Web][Safe]
end: [....26] [ip4][..tcp] [..192.168.1.100][.3484] -> [173.194.113.224][..443]
DAEMON-EVENT: shutdown
|