1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443]
detected: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.tunnelbear.com]
new: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443]
new: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443]
new: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443]
detected: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
new: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443]
detected: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detected: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.tunnelbear.com]
detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
new: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443]
detected: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][mobile-collector.newrelic.com]
detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][mobile-collector.newrelic.com]
analyse: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.266| 0.037| 0.060| 3626.297| 3.500]
[PKTLEN......: 40.000| 3697.000| 426.000| 812.300| 659832.900| 3.500]
[BINS(c->s)..: 7,1,1,1,0,0,0,0,1,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1]
[IATS(ms)....: 4.8,10.8,0.0,6.0,71.1,71.7,62.5,63.1,0.2,0.1,0.1,0.1,2.3,2.2,58.3,58.8,0.5,0.2,0.2,0.1,0.2,0.1,0.6,0.8,214.5,265.9,52.4,51.4,53.8,54.6,51.8]
[PKTLENS.....: 60,40,40,557,40,3697,40,133,40,576,40,576,40,305,40,376,361,40,576,40,150,40,40,78,40,1632,40,691,40,352,40,2871]
[ENTROPIES...: 4.5,4.5,4.6,6.1,4.5,7.2,4.5,5.9,4.5,7.4,4.5,7.6,4.6,7.4,4.5,7.1,7.4,4.5,7.6,4.5,6.5,4.5,4.6,5.3,4.5,7.9,4.6,7.6,4.6,7.1,4.6,7.9]
new: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443]
new: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443]
detected: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
analyse: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.234| 0.036| 0.055| 3015.001| 3.600]
[PKTLEN......: 40.000| 789.000| 149.700| 198.300| 39337.400| 4.100]
[BINS(c->s)..: 9,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0]
[IATS(ms)....: 3.4,3.9,2.0,2.9,57.3,108.0,0.8,51.4,0.3,0.1,0.1,0.1,0.1,0.1,50.9,51.9,1.0,50.4,50.8,196.8,233.7,37.7,51.5,50.9,51.1,0.1,51.0,0.5,0.2,0.4,1.0]
[PKTLENS.....: 60,40,40,557,40,196,40,91,40,576,40,576,40,303,40,118,363,40,78,40,789,40,213,40,78,40,71,40,40,40,40,40]
[ENTROPIES...: 4.5,4.6,4.6,6.1,4.5,6.1,4.7,5.4,4.5,7.4,4.6,7.6,4.5,7.2,4.5,5.9,7.4,4.6,5.3,4.6,7.7,4.7,6.8,4.7,5.3,4.6,5.1,4.5,4.5,4.4,4.5,4.5]
new: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [MIDSTREAM]
detected: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
RISK: Unidirectional Traffic
new: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [MIDSTREAM]
new: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443]
detected: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Facebook][Chat][Acceptable][mqtt-mini.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Facebook][Chat][Acceptable][mqtt-mini.facebook.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443]
detected: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS][AmazonAWS][Web][Safe][capi.grammarly.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS][AmazonAWS][Web][Safe][capi.grammarly.com]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS][AmazonAWS][Web][Safe][capi.grammarly.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228]
detected: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Google][Web][Acceptable][mtalk.google.com]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
end: [.....2] [ip4][..tcp] [.......10.8.0.1][45104] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [.....3] [ip4][..tcp] [.......10.8.0.1][45106] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [.....4] [ip4][..tcp] [.......10.8.0.1][45108] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [.....5] [ip4][..tcp] [.......10.8.0.1][45114] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [.....7] [ip4][..tcp] [.......10.8.0.1][45124] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [.....8] [ip4][..tcp] [.......10.8.0.1][45126] -> [..104.17.115.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Google][Web][Acceptable][mtalk.google.com]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
new: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443]
detected: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
new: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443]
new: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443]
detected: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
new: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443]
new: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443]
detected: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.tunnelbear.com]
new: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443]
detected: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detected: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detected: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
new: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443]
detected: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][mobile-collector.newrelic.com]
detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.tunnelbear.com]
detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][mobile-collector.newrelic.com]
analyse: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.340| 0.040| 0.084| 7024.527| 3.000]
[PKTLEN......: 40.000| 2940.000| 240.400| 516.400| 266681.900| 3.500]
[BINS(c->s)..: 3,3,1,2,0,0,0,0,0,0,2,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,0,1,0,1,1]
[IATS(ms)....: 4.1,5.3,2.0,3.4,237.7,240.1,0.0,2.4,9.3,9.4,0.2,0.1,1.4,1.5,0.1,0.1,0.1,0.1,100.5,152.6,52.3,7.0,20.6,16.0,10.0,8.0,0.8,1.3,7.0,6.2,340.4]
[PKTLENS.....: 60,40,40,557,40,196,40,91,40,93,40,126,40,576,40,576,40,165,40,109,78,40,78,361,40,576,40,148,40,363,40,2940]
[ENTROPIES...: 4.5,4.5,4.5,6.1,4.6,6.0,4.6,5.4,4.6,5.5,4.6,5.9,4.5,7.6,4.5,7.6,4.6,6.8,4.5,5.9,5.3,4.6,5.3,7.2,4.6,7.6,4.6,6.5,4.6,7.3,4.5,7.9]
new: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443]
detected: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable][api.polargrizzly.com]
idle: [....13] [ip4][..tcp] [.......10.8.0.1][47046] -> [.74.125.200.188][.5228] [TLS.GoogleServices][Google][Web][Acceptable]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
idle: [....15] [ip4][..tcp] [.......10.8.0.1][50904] -> [.104.17.154.236][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
idle: [.....6] [ip4][..tcp] [.......10.8.0.1][47496] -> [162.247.243.188][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads]
idle: [....11] [ip4][..tcp] [.......10.8.0.1][60224] -> [...157.240.7.32][..443] [TLS.Messenger][Facebook][Chat][Acceptable]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....20] [ip4][..tcp] [.......10.8.0.1][48222] -> [162.247.243.188][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads]
guessed: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][]
end: [....10] [ip4][..tcp] [..10.158.132.91][51120] -> [........8.8.8.8][...53]
idle: [....12] [ip4][..tcp] [.......10.8.0.1][47594] -> [..99.83.135.170][..443] [TLS][AmazonAWS][Web][Safe]
RISK: TLS (probably) Not Carrying HTTPS
end: [.....9] [ip4][..tcp] [..10.158.132.91][38398] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
RISK: Unidirectional Traffic
idle: [.....1] [ip4][..tcp] [.......10.8.0.1][50178] -> [.104.17.154.236][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [....14] [ip4][..tcp] [.......10.8.0.1][33830] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [....16] [ip4][..tcp] [.......10.8.0.1][33838] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [....17] [ip4][..tcp] [.......10.8.0.1][33842] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [....18] [ip4][..tcp] [.......10.8.0.1][33846] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
end: [....19] [ip4][..tcp] [.......10.8.0.1][33848] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
idle: [....21] [ip4][..tcp] [.......10.8.0.1][33858] -> [..104.17.114.40][..443] [TLS.TunnelBear][Cloudflare][VPN][Acceptable]
DAEMON-EVENT: shutdown
|