test/results/flow-info/ftp.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

     DAEMON-EVENT: init
     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] 
         detected: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Download][Unsafe]
                   RISK: Unsafe Protocol
          analyse: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Download][Unsafe]
                   [min|max|avg|stddev|variance|entropy]
                   [IAT.........:     0.000|    0.090|    0.019|    0.021|  426.190|    0.000]
                   [PKTLEN......:    66.000|  307.000|   85.900|   42.700| 1824.000|    4.900]
                   [BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 8,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1]
                   [IATS........: 27412,27520,29008,29012,526,27660,315,27401,217,69061,21193,90047,306,27070,21,26780,133,26972,64,26857,6,275,27478,27261,90,29,651,27147,26517,90,26761,0]
                   [PKTLENS.....: 78,74,66,86,66,82,66,100,66,79,66,89,66,71,66,100,66,72,81,131,66,66,77,110,66,307,66,96,88,66,71,100]
              new: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] 
         detected: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] [FTP_DATA][Download][Acceptable]
                   RISK: Known Proto on Non Std Port
              new: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] 
          analyse: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] 
                   [min|max|avg|stddev|variance|entropy]
                   [IAT.........:     0.000|    0.030|    0.006|    0.011|  123.407|    0.000]
                   [PKTLEN......:    66.000| 1506.000|  832.000|  717.500|514855.000|    4.300]
                   [BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
                   [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,1,1,0,1,0,1,1]
                   [IATS........: 28770,28814,29579,29566,281,284,597,608,340,458,790,363,375,64,327,2,379,43,300,27513,27767,195,211,1702,115,4,1805,1866,1903,218,1796,0]
                   [PKTLENS.....: 78,74,66,1506,78,1506,66,1506,66,1506,1506,66,1506,66,1506,1506,1506,66,66,1506,1506,66,1506,66,1506,1506,66,66,1506,66,1506,1506]
     not-detected: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] [Unknown][Unrated]
              end: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523] [Unknown][Unrated]
              end: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Download][Unsafe]
                   RISK: Unsafe Protocol
              end: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] [FTP_DATA][Download][Acceptable]
                   RISK: Known Proto on Non Std Port
     DAEMON-EVENT: shutdown