1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443]
detected: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][mmg-fna.whatsapp.net]
detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][mmg-fna.whatsapp.net]
detection-update: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][mmg-fna.whatsapp.net]
analyse: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 24.640| 0.846| 4.345| 18880535.724| 0.500]
[PKTLEN......: 52.000| 1450.000| 329.100| 491.800| 241822.200| 3.800]
[BINS(c->s)..: 9,4,0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0]
[BINS(s->c)..: 5,1,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,0,0]
[IATS(ms)....: 90.0,91.9,3.0,95.6,1.4,1.2,0.0,95.9,1.0,78.9,282.8,460.9,0.0,97.9,0.0,4.0,7.0,1.0,0.0,0.0,115.1,0.0,1.2,0.0,102.9,1.0,41.1,24639.8,5.0,6.0,3.0]
[PKTLENS.....: 64,60,52,295,52,1450,1450,464,52,52,52,178,310,133,52,52,105,102,94,235,90,52,90,52,162,52,52,52,275,1450,1450,1450]
[ENTROPIES...: 4.4,5.2,5.0,5.6,5.2,6.9,7.3,7.4,5.1,5.1,4.9,6.3,7.1,6.4,5.0,5.0,5.6,5.7,5.4,6.9,5.4,5.2,5.9,5.2,6.6,5.0,5.1,5.2,7.0,7.9,7.8,7.9]
new: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443]
detected: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][mmg-fna.whatsapp.net]
detection-update: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][mmg-fna.whatsapp.net]
analyse: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.108| 0.019| 0.031| 953.946| 3.300]
[PKTLEN......: 52.000| 1450.000| 485.400| 599.200| 359069.100| 4.000]
[BINS(c->s)..: 6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1]
[IATS(ms)....: 56.7,61.0,1.0,66.0,0.1,65.0,1.0,5.0,0.0,1.0,0.0,59.9,51.0,0.0,7.3,0.0,4.1,0.1,11.0,0.0,86.4,107.5,0.0,1.4,0.9,1.4,1.2,1.2,1.0,1.2,1.2]
[PKTLENS.....: 64,60,52,569,52,198,52,103,105,102,94,276,133,52,90,52,90,52,94,52,52,52,1450,220,1450,1268,1450,1450,1450,1450,1450,1450]
[ENTROPIES...: 4.5,5.2,5.1,6.5,5.3,6.5,5.1,5.5,5.8,5.7,5.5,7.1,6.5,5.1,5.5,5.2,6.1,5.3,6.0,5.1,5.1,5.3,7.9,7.1,7.9,7.9,7.9,7.9,7.9,7.9,7.9,7.9]
end: [.....1] [ip4][..tcp] [...192.168.2.29][49674] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
idle: [.....2] [ip4][..tcp] [...192.168.2.29][49698] -> [..185.60.216.53][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
DAEMON-EVENT: shutdown
|