1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.131.114.168.27][59244] -> [.185.83.218.112][55655]
new: [.....2] [ip4][..tcp] [.131.114.168.27][49290] -> [.185.83.218.112][55656]
detected: [.....1] [ip4][..tcp] [.131.114.168.27][59244] -> [.185.83.218.112][55655] [TINC][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
detected: [.....2] [ip4][..tcp] [.131.114.168.27][49290] -> [.185.83.218.112][55656] [TINC][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
new: [.....3] [ip4][..udp] [.131.114.168.27][55655] -> [.185.83.218.112][55655]
detected: [.....3] [ip4][..udp] [.131.114.168.27][55655] -> [.185.83.218.112][55655] [TINC][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
new: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656]
detected: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656] [TINC][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....3] [ip4][..udp] [.131.114.168.27][55655] -> [.185.83.218.112][55655] [TINC][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.070| 0.172| 0.377| 142420.984| 2.500]
[PKTLEN......: 176.000| 1496.000| 1135.200| 450.400| 202833.500| 4.900]
[BINS(c->s)..: 0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,2,6,0,0]
[BINS(s->c)..: 0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,6,0,0]
[DIRECTIONS..: 0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,0,0]
[IATS(ms)....: 0.2,27.5,0.0,0.0,27.5,0.2,0.1,0.2,0.2,0.1,15.4,0.0,41.8,0.0,0.0,1058.0,0.3,0.3,1003.7,0.1,1.8,0.2,45.3,0.1,0.0,1024.1,0.1,1069.5,0.1,1001.4,0.3]
[PKTLENS.....: 672,720,224,1472,768,216,1256,176,1296,1464,760,672,720,1264,176,1296,1344,1464,1360,1472,1488,1472,1480,1344,1472,1360,1488,1488,1488,1480,1496,1480]
[ENTROPIES...: 7.7,7.7,7.1,7.8,7.8,6.9,7.9,6.8,7.9,7.8,7.7,7.7,7.7,7.9,6.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.8,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9]
analyse: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656] [TINC][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.412| 0.291| 0.559| 312123.949| 2.900]
[PKTLEN......: 104.000| 1480.000| 1011.000| 450.300| 202783.000| 4.800]
[BINS(c->s)..: 0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,2,1,0,0,1,0,0]
[BINS(s->c)..: 0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,2,2,2,0,0,2,3,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,0]
[IATS(ms)....: 0.1,0.0,0.6,0.5,0.2,0.1,1049.1,0.0,0.0,1048.0,0.1,0.2,0.1,0.1,0.1,44.1,0.0,0.0,1044.7,0.3,1022.0,20.6,1001.5,0.3,0.2,363.6,1001.2,0.1,0.1,2412.5,0.0]
[PKTLENS.....: 752,1472,944,720,1256,1472,944,1056,656,320,1048,176,1296,512,656,320,176,1296,512,1464,1360,1360,1360,1472,1336,1304,104,1480,1464,1328,1376,1360]
[ENTROPIES...: 7.7,7.9,7.8,7.7,7.9,7.9,7.8,7.8,7.7,7.3,7.8,6.7,7.8,7.6,7.7,7.2,7.0,7.9,7.6,7.9,7.9,7.9,7.8,7.8,7.9,7.8,6.2,7.9,7.9,7.9,7.9,7.9]
end: [.....2] [ip4][..tcp] [.131.114.168.27][49290] -> [.185.83.218.112][55656] [TINC][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
idle: [.....3] [ip4][..udp] [.131.114.168.27][55655] -> [.185.83.218.112][55655] [TINC][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
idle: [.....4] [ip4][..udp] [.185.83.218.112][55656] -> [.131.114.168.27][55656] [TINC][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
end: [.....1] [ip4][..tcp] [.131.114.168.27][59244] -> [.185.83.218.112][55655] [TINC][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: shutdown
|