1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302]
detected: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN][Google][Network][Acceptable][]
RISK: Known Proto on Non Std Port
new: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302]
detected: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN][Google][Network][Acceptable][]
RISK: Known Proto on Non Std Port
new: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305]
detected: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleCall][Google][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
new: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305]
detected: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleCall][Google][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
detection-update: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
detection-update: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
analyse: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.164| 0.015| 0.039| 1549.851| 2.400]
[PKTLEN......: 65.000| 1231.000| 290.000| 203.200| 41279.000| 4.700]
[BINS(c->s)..: 0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1]
[IATS(ms)....: 27.7,164.3,5.3,154.4,6.7,36.4,35.4,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,27.3,18.9,0.0,0.0,0.0,0.0,0.0,0.0,0.0]
[PKTLENS.....: 152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288]
[ENTROPIES...: 5.9,5.7,5.9,5.0,5.7,7.3,6.8,7.4,4.6,7.1,7.1,7.2,7.1,7.0,7.0,7.1,7.1,7.0,7.1,7.1,7.1,7.1,5.7,5.7,7.0,7.1,7.0,6.4,7.2,7.1,7.1,7.1]
new: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478]
detected: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable][]
detection-update: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable]
new: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478]
detected: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable][]
analyse: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.000| 0.179| 0.232| 53990.769| 4.000]
[PKTLEN......: 68.000| 565.000| 110.700| 85.700| 7337.900| 4.800]
[BINS(c->s)..: 0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0]
[IATS(ms)....: 28.7,31.6,20.7,57.3,57.1,114.9,326.7,7.6,0.3,359.3,399.5,20.9,399.5,20.8,60.3,761.6,238.3,310.5,33.1,16.7,106.5,1.4,298.5,11.7,401.0,18.9,1000.0,80.4,40.3,278.6,42.3]
[PKTLENS.....: 152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91]
[ENTROPIES...: 6.0,5.6,6.0,5.7,6.0,5.7,7.6,6.0,5.5,5.6,5.5,5.7,5.7,5.9,5.5,6.0,5.6,5.3,5.8,6.1,5.6,5.7,5.8,5.8,5.5,5.9,5.6,5.3,5.9,5.6,6.3,6.0]
detection-update: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleCall][Google][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
detection-update: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleCall][Google][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.030| 8.438| 2.374| 2.514| 6318722.646| 4.300]
[PKTLEN......: 92.000| 152.000| 118.200| 26.300| 690.900| 5.000]
[BINS(c->s)..: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 30.2,90.8,78.2,1745.7,1745.6,749.7,749.8,2799.7,2799.8,3108.6,3108.4,997.5,997.5,1610.3,1610.3,582.5,582.8,6554.8,6554.5,8437.5,8437.6,882.4,882.5,6551.7,6551.4,792.4,792.6,993.0,993.0,897.1,896.9]
[PKTLENS.....: 152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92]
[ENTROPIES...: 6.0,5.6,6.1,5.6,6.0,5.5,6.0,5.6,6.1,5.7,5.9,5.8,6.1,5.6,6.0,5.6,6.1,5.6,6.0,5.6,6.0,5.6,6.0,5.6,6.1,5.6,6.0,5.7,6.0,5.7,6.0,5.7]
update: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleCall][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
update: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable]
update: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleCall][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
update: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
update: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable]
update: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleCall][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: [Processed: 214 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 6 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 5|updates: 6]
new: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305]
detected: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305] [STUN.GoogleCall][Google][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
detection-update: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
detection-update: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
analyse: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.082| 0.009| 0.020| 398.613| 2.800]
[PKTLEN......: 85.000| 1251.000| 300.000| 206.900| 42788.400| 4.700]
[BINS(c->s)..: 0,0,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,4,1,0,0,0,0,18,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1]
[IATS(ms)....: 26.9,81.6,0.7,74.4,3.0,28.0,16.5,24.8,0.3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,11.5,16.0,2.8,0.0,0.0,0.0,0.0,0.0,0.0]
[PKTLENS.....: 172,124,168,205,124,1251,594,168,618,85,308,308,308,308,308,308,308,308,308,308,308,308,129,129,124,308,308,308,308,165,308,308]
[ENTROPIES...: 6.0,5.7,5.8,5.0,5.9,7.3,6.7,5.9,7.4,4.7,7.0,7.1,7.1,7.1,7.0,7.0,7.1,7.1,7.0,7.1,7.0,7.1,5.7,5.7,5.7,7.1,7.1,7.0,7.0,6.1,7.0,7.0]
idle: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleCall][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [.....7] [ip6][..udp] [..2001:b07:a3d:c112:48a1:1094:1227:281e][45572] -> [...................2001:4860:4864:6::81][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
idle: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable]
idle: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleCall][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
idle: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [DTLS.GoogleCall][Google][VoIP][Acceptable]
idle: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleCall][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: shutdown
|