1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621]
detected: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
new: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53]
detected: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e12.whatsapp.net]
detection-update: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e12.whatsapp.net]
new: [.....3] [ip4][..tcp] [....192.168.2.4][49206] -> [...158.85.58.15][.5222]
detected: [.....3] [ip4][..tcp] [....192.168.2.4][49206] -> [...158.85.58.15][.5222] [WhatsApp][Unknown][Chat][Acceptable]
new: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [MIDSTREAM]
detected: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS][Apple][Web][Safe]
analyse: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS][Apple][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.031| 0.229| 0.711| 505750.847| 2.000]
[PKTLEN......: 40.000| 1480.000| 515.600| 518.700| 269058.200| 4.200]
[BINS(c->s)..: 4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0]
[BINS(s->c)..: 9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0]
[IATS(ms)....: 0.3,0.1,156.1,6.0,20.6,0.0,205.0,0.2,59.6,0.4,0.1,237.8,6.4,13.7,0.0,246.4,0.2,2803.2,0.7,0.1,0.2,0.2,0.1,3030.6,5.8,14.0,0.0,0.0,10.3,10.4,268.2]
[PKTLENS.....: 1480,517,596,40,40,986,386,40,40,1480,524,596,40,40,988,386,40,40,1480,517,596,1480,1240,1240,40,40,988,386,40,40,40,113]
[ENTROPIES...: 7.8,7.6,7.7,4.9,4.8,7.8,7.3,4.8,4.9,7.9,7.6,7.6,4.8,4.9,7.8,7.4,4.9,4.9,7.9,7.6,7.7,7.9,7.8,7.9,4.9,4.9,7.8,7.4,4.8,4.8,4.8,6.4]
new: [.....5] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500]
detected: [.....5] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [.....6] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [.....6] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac]
new: [.....7] [ip4][..udp] [....192.168.2.4][.5353] -> [....224.0.0.251][.5353]
detected: [.....7] [ip4][..udp] [....192.168.2.4][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_raop._tcp.local]
new: [.....8] [ip6][..udp] [...............fe80::189c:c31b:1298:224][.5353] -> [...............................ff02::fb][.5353]
detected: [.....8] [ip6][..udp] [...............fe80::189c:c31b:1298:224][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_raop._tcp.local]
new: [.....9] [ip4][..tcp] [..17.110.229.14][.5223] -> [....192.168.2.4][49193] [MIDSTREAM]
detected: [.....9] [ip4][..tcp] [..17.110.229.14][.5223] -> [....192.168.2.4][49193] [TLS][Apple][Web][Safe]
RISK: Known Proto on Non Std Port
detection-update: [.....9] [ip4][..tcp] [..17.110.229.14][.5223] -> [....192.168.2.4][49193] [TLS][Apple][Web][Safe]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [.....6] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac]
idle: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
idle: [.....4] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS][Apple][Web][Safe]
idle: [.....2] [ip4][..udp] [....192.168.2.4][61697] -> [....192.168.2.1][...53] [DNS][Unknown][Network][Acceptable][e12.whatsapp.net]
idle: [.....8] [ip6][..udp] [...............fe80::189c:c31b:1298:224][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
end: [.....3] [ip4][..tcp] [....192.168.2.4][49206] -> [...158.85.58.15][.5222] [WhatsApp][Unknown][Chat][Acceptable]
idle: [.....7] [ip4][..udp] [....192.168.2.4][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [.....5] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
end: [.....9] [ip4][..tcp] [..17.110.229.14][.5223] -> [....192.168.2.4][49193] [TLS][Apple][Web][Safe]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
DAEMON-EVENT: shutdown
|