1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500]
detected: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353]
detected: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
new: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478]
detected: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
RISK: Unidirectional Traffic
new: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478]
detected: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
RISK: Unidirectional Traffic
new: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156]
detected: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
RISK: Unidirectional Traffic
update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
new: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036]
update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
new: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757]
analyse: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.089| 0.026| 0.021| 430.173| 4.500]
[PKTLEN......: 113.000| 1277.000| 673.700| 485.600| 235788.400| 4.500]
[BINS(c->s)..: 0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,1,0,0,0,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,1,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0]
[IATS(ms)....: 8.4,10.2,12.0,0.1,14.3,5.0,17.5,37.3,28.4,52.5,29.0,88.6,0.2,71.3,10.8,22.4,0.1,28.5,48.7,32.5,39.0,13.4,0.2,30.2,24.5,22.8,31.8,53.4,31.8,40.1,10.0]
[PKTLENS.....: 113,113,113,113,113,113,113,113,113,113,113,1246,1056,1056,1246,800,1245,119,1245,800,800,1245,800,799,118,831,1245,1277,1043,1043,1257,1043]
[ENTROPIES...: 4.9,4.8,4.8,4.9,4.9,4.8,4.8,4.9,4.8,4.8,4.8,7.8,0.5,0.5,7.8,7.7,7.8,5.8,7.8,7.7,7.7,7.8,7.7,7.7,5.8,7.7,7.8,7.8,7.8,7.8,7.8,7.8]
update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036]
update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757]
update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
update: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....5] [ip4][.icmp] [.206.247.87.213] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
update: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036]
update: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757]
update: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
update: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
update: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
idle: [.....2] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
guessed: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036] [Zoom][Unknown][Video][Acceptable]
RISK: Unidirectional Traffic
idle: [.....6] [ip4][..udp] [.192.168.12.156][38453] -> [..192.168.1.226][41036]
guessed: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757] [Zoom][Unknown][Video][Acceptable]
idle: [.....7] [ip4][..udp] [.192.168.12.156][39065] -> [..192.168.1.226][46757]
idle: [.....4] [ip4][..udp] [.192.168.12.156][38453] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
idle: [.....3] [ip4][..udp] [.192.168.12.156][39065] -> [.206.247.87.213][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
new: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478]
detected: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
RISK: Unidirectional Traffic
new: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478]
detected: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable][]
RISK: Unidirectional Traffic
new: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156]
detected: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
RISK: Unidirectional Traffic
new: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353]
detected: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local]
update: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.031| 0.974| 1.005| 1010541.658| 3.900]
[PKTLEN......: 100.000| 100.000| 100.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[IATS(ms)....: 0.0,2023.3,0.0,2021.5,0.0,2008.4,0.0,2013.5,0.0,1994.8,0.0,2022.5,0.0,1990.7,0.1,2022.2,0.0,2022.0,0.1,1995.4,0.0,2020.2,0.0,2002.2,3.1,1996.9,3.1,2014.1,0.0,2030.9,0.0]
[PKTLENS.....: 100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100]
[ENTROPIES...: 5.4,5.3,5.2,5.3,5.4,5.3,5.4,5.3,5.4,5.3,5.3,5.4,5.3,5.3,5.3,5.4,5.3,5.4,5.3,5.3,5.3,5.3,5.3,5.3,5.4,5.3,5.3,5.4,5.4,5.3,5.4,5.3]
new: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312]
new: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586]
update: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
analyse: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.052| 0.013| 0.016| 253.890| 4.000]
[PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[IATS(ms)....: 0.2,27.3,11.2,7.7,6.8,1.5,0.1,13.3,6.9,1.7,40.5,0.2,15.5,0.6,33.3,0.2,50.8,0.4,5.9,5.7,52.3,0.4,7.2,2.3,22.7,0.2,31.0,0.2,40.9,0.2,22.6]
[PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112]
[ENTROPIES...: 5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0]
analyse: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.055| 0.027| 0.014| 209.331| 4.700]
[PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[IATS(ms)....: 23.8,0.3,29.8,1.6,40.5,0.5,22.7,46.4,8.7,38.1,43.6,20.5,19.3,34.0,24.4,41.5,21.1,25.0,31.1,47.2,23.8,22.9,54.8,6.0,45.0,14.9,26.8,31.6,48.3,23.8,18.7]
[PKTLENS.....: 112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112]
[ENTROPIES...: 4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9,4.9]
idle: [....10] [ip4][.icmp] [.206.247.10.253] -> [.192.168.12.156] [ICMP][Zoom][Network][Acceptable]
guessed: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586] [Zoom][Unknown][Video][Acceptable]
RISK: Unidirectional Traffic
idle: [....13] [ip4][..udp] [.192.168.12.156][49579] -> [...10.78.14.178][49586]
idle: [.....1] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
idle: [.....9] [ip4][..udp] [.192.168.12.156][42208] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
guessed: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312] [Zoom][Unknown][Video][Acceptable]
RISK: Unidirectional Traffic
idle: [....12] [ip4][..udp] [.192.168.12.156][42208] -> [...10.78.14.178][47312]
idle: [.....8] [ip4][..udp] [.192.168.12.156][49579] -> [.206.247.10.253][.3478] [STUN.Zoom][Zoom][Video][Acceptable]
DAEMON-EVENT: shutdown
|