1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443]
detected: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable]
analyse: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.198| 0.584| 0.964|929164.558| 0.000]
[PKTLEN......: 61.000| 1392.000| 323.100| 382.900|146578.800| 4.200]
[BINS(c->s)..: 0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0]
[BINS(s->c)..: 4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0]
[IATS(ms)....: 46.0,60.1,14.8,65.4,2.5,93.4,168.1,168.1,622.7,681.3,0.0,58.0,3119.1,3197.6,0.0,0.0,54.1,25.5,1951.1,28.6,2034.7,28.3,0.0,0.0,56.9,470.8,496.4,2190.2,2289.8,44.7,126.0,0.0]
[PKTLENS.....: 1392,478,1392,79,74,725,82,725,79,214,508,70,82,194,170,69,101,82,79,255,163,77,71,240,61,88,215,79,1190,77,758,469]
DAEMON-EVENT: [Processed: 413 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..udp] [.......10.0.0.4][40134] -> [.......10.0.0.3][.6121]
detected: [.....2] [ip4][..udp] [.......10.0.0.4][40134] -> [.......10.0.0.3][.6121] [QUIC][Web][Acceptable]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn
idle: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable]
DAEMON-EVENT: [Processed: 419 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....3] [ip4][..udp] [..192.168.1.105][45669] -> [...172.217.16.4][..443]
detected: [.....3] [ip4][..udp] [..192.168.1.105][45669] -> [...172.217.16.4][..443] [QUIC.Google][Web][Acceptable]
new: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443]
new: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443]
detected: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443] [QUIC.YouTube][Media][Fun]
new: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443]
detected: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443] [QUIC.YouTube][Media][Fun]
new: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443]
detected: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] [QUIC.Google][Web][Acceptable]
new: [.....8] [ip4][..udp] [..192.168.1.105][55934] -> [.216.58.201.238][..443]
detected: [.....8] [ip4][..udp] [..192.168.1.105][55934] -> [.216.58.201.238][..443] [QUIC.YouTube][Media][Fun]
new: [.....9] [ip4][..udp] [..192.168.1.105][53817] -> [.216.58.210.225][..443]
detected: [.....9] [ip4][..udp] [..192.168.1.105][53817] -> [.216.58.210.225][..443] [QUIC.YouTube][Media][Fun]
idle: [.....2] [ip4][..udp] [.......10.0.0.4][40134] -> [.......10.0.0.3][.6121] [QUIC][Web][Acceptable]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn
DAEMON-EVENT: [Processed: 449 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 7 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443]
detected: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun]
analyse: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.829| 0.062| 0.199|39440.069| 0.000]
[PKTLEN......: 75.000| 1392.000| 871.800| 620.800|385421.500| 4.500]
[BINS(c->s)..: 0,8,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
[BINS(s->c)..: 0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,0,1,1,1,0,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,1,1]
[IATS(ms)....: 0.6,35.4,0.0,40.5,0.1,24.0,26.0,16.8,0.1,0.5,35.5,51.7,0.4,0.0,26.6,25.6,828.6,0.0,803.2,0.6,0.4,0.2,0.8,0.2,0.4,0.2,0.3,0.2,0.5,0.3,0.2,0.0]
[PKTLENS.....: 1392,387,1392,1392,1392,383,79,82,1392,75,75,85,1392,1392,1188,82,79,1392,1392,82,1392,1392,1392,82,1392,82,1392,1392,1392,82,1392,1392]
idle: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] [QUIC.Google][Web][Acceptable]
guessed: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443] [Google][Web][Acceptable]
idle: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443]
idle: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443] [QUIC.YouTube][Media][Fun]
idle: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443] [QUIC.YouTube][Media][Fun]
idle: [.....3] [ip4][..udp] [..192.168.1.105][45669] -> [...172.217.16.4][..443] [QUIC.Google][Web][Acceptable]
idle: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun]
idle: [.....9] [ip4][..udp] [..192.168.1.105][53817] -> [.216.58.210.225][..443] [QUIC.YouTube][Media][Fun]
idle: [.....8] [ip4][..udp] [..192.168.1.105][55934] -> [.216.58.201.238][..443] [QUIC.YouTube][Media][Fun]
DAEMON-EVENT: shutdown
|