test/results/flow-info/openvpn.pcap.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

     DAEMON-EVENT: init
     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] 
         detected: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
          analyse: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][VPN][Acceptable]
                                        min|      max|      avg|   stddev| variance|  entropy
                   [IAT.........:     0.000|    0.998|    0.088|    0.234|54526.591|    0.000]
                   [PKTLEN......:    66.000|  371.000|  154.300|   75.300| 5671.500|    4.800]
                   [BINS(c->s)..: 6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1]
                   [IATS(ms)....: 54.9,55.0,945.3,997.7,0.5,52.9,0.2,76.4,76.2,41.0,2.7,0.1,43.9,0.1,0.2,0.3,40.5,40.5,41.0,41.0,0.1,0.1,0.3,41.0,41.0,40.3,40.3,0.5,0.1,0.6,40.1]
                   [PKTLENS.....: 74,74,66,110,66,122,66,118,66,371,66,222,210,118,210,210,66,210,222,210,118,210,210,66,210,222,210,118,210,210,66,210]
     DAEMON-EVENT: [Processed: 95 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] 
         detected: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
          analyse: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable]
                                        min|      max|      avg|   stddev| variance|  entropy
                   [IAT.........:     0.000|    0.196|    0.045|    0.060| 3547.546|    0.000]
                   [PKTLEN......:    84.000|  345.000|  140.400|   58.600| 3436.100|    4.900]
                   [BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
                   [IATS(ms)....: 195.2,195.8,0.8,177.2,176.2,0.5,0.5,0.5,0.4,0.5,0.5,98.5,98.6,29.6,29.6,19.8,19.8,0.4,0.5,50.1,50.0,29.9,30.0,20.3,20.2,9.5,9.5,38.3,38.3,31.9,31.9]
                   [PKTLENS.....: 84,96,92,345,196,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92]
             idle: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
     DAEMON-EVENT: [Processed: 178 pkts][ZLib][compressions: 0|diff: 0 / 0]
     DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
              new: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] 
         detected: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
          analyse: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable]
                                        min|      max|      avg|   stddev| variance|  entropy
                   [IAT.........:     0.000|    2.242|    0.188|    0.537|288658.031|    0.000]
                   [PKTLEN......:    84.000|  345.000|  137.300|   58.900| 3466.400|    4.900]
                   [BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [BINS(s->c)..: 0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                   [DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
                   [IATS(ms)....: 2195.9,2242.5,46.7,0.1,203.1,15.1,218.1,0.6,0.6,0.5,0.5,3.5,3.5,185.2,185.2,0.4,0.4,39.5,39.5,9.4,9.4,82.3,82.3,3.8,3.8,34.2,34.2,15.7,15.7,74.3,74.3]
                   [PKTLENS.....: 84,84,96,92,345,92,196,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92,184,92]
             idle: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
             idle: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][VPN][Acceptable]
                   RISK: Known Proto on Non Std Port
     DAEMON-EVENT: shutdown