1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443]
detected: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Zoom][Video][Acceptable][zoomsjccv154mmr.sjc.zoom.us]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Zoom][Video][Acceptable][zoomsjccv154mmr.sjc.zoom.us]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443] [TLS.Zoom][Zoom][Video][Acceptable][zoomsjccv154mmr.sjc.zoom.us]
RISK: TLS (probably) Not Carrying HTTPS
new: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801]
detected: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
analyse: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.167| 0.025| 0.040| 1639.456| 3.600]
[PKTLEN......: 46.000| 1064.000| 704.700| 464.600| 215864.300| 4.600]
[BINS(c->s)..: 0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
[IATS(ms)....: 101.4,166.6,0.0,73.0,12.3,100.4,0.0,101.8,73.0,11.9,4.9,10.9,10.5,10.1,0.2,9.2,10.4,10.3,11.4,0.0,0.3,9.4,8.6,5.4,4.9,0.1,10.8,10.0,10.5,9.4,0.2]
[PKTLENS.....: 151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064]
[ENTROPIES...: 5.8,5.8,4.9,4.2,5.4,5.6,4.8,4.3,5.6,4.7,4.7,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,0.6,4.8,0.6,0.6,0.6,0.6,0.6,0.6,0.6]
new: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801]
new: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801]
detected: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
detected: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
analyse: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.176| 0.043| 0.049| 2389.122| 4.100]
[PKTLEN......: 46.000| 189.000| 129.000| 35.800| 1279.800| 4.900]
[BINS(c->s)..: 0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1]
[IATS(ms)....: 98.5,176.4,0.1,85.5,9.5,94.8,0.0,99.9,94.2,12.3,1.9,12.4,20.6,17.0,20.1,168.4,18.0,3.6,10.9,10.3,19.4,32.1,20.9,115.3,0.0,17.8,18.7,20.1,20.2,21.5,85.5]
[PKTLENS.....: 151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116]
[ENTROPIES...: 5.8,5.8,4.9,4.4,5.6,5.6,4.8,4.4,5.5,4.7,4.7,6.0,6.0,5.9,5.8,5.7,5.1,4.7,5.8,4.7,5.7,5.7,5.6,5.6,6.0,6.2,5.3,5.7,5.7,5.7,5.7,5.2]
analyse: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.188| 0.047| 0.043| 1844.784| 4.300]
[PKTLEN......: 46.000| 171.000| 91.100| 44.600| 1993.400| 4.800]
[BINS(c->s)..: 7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0]
[IATS(ms)....: 102.1,187.6,0.0,105.6,0.1,93.5,0.0,87.6,70.7,0.1,106.0,0.0,21.5,32.8,59.0,0.0,48.4,5.5,49.5,50.2,0.0,0.0,55.2,45.7,56.3,52.4,0.0,59.8,52.1,47.7,58.6]
[PKTLENS.....: 153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55]
[ENTROPIES...: 5.8,5.9,4.8,4.3,5.5,5.5,4.8,4.4,5.6,5.5,5.6,4.4,4.5,3.6,3.9,5.5,3.6,3.9,4.5,3.7,4.5,4.5,3.9,3.7,4.0,3.7,4.5,3.9,3.7,3.9,3.9,3.7]
new: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154]
detected: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154] [ICMP][Zoom][Network][Acceptable]
RISK: Unidirectional Traffic
idle: [.....4] [ip4][..udp] [..192.168.1.178][57953] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
idle: [.....1] [ip4][..tcp] [..192.168.1.178][50076] -> [.144.195.73.154][..443]
idle: [.....3] [ip4][..udp] [..192.168.1.178][58117] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
idle: [.....2] [ip4][..udp] [..192.168.1.178][60653] -> [.144.195.73.154][.8801] [SRTP.Zoom][Zoom][Video][Acceptable]
idle: [.....5] [ip4][.icmp] [..192.168.1.178] -> [.144.195.73.154] [ICMP][Zoom][Network][Acceptable]
RISK: Unidirectional Traffic
DAEMON-EVENT: shutdown
|