1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443]
detected: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable]
analyse: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable]
[min|max|avg|stddev|variance|entropy]
[IAT.........: 0.000| 3.198| 0.584| 0.964|929164.558| 0.000]
[PKTLEN......: 61.000| 1392.000| 323.100| 382.900|146578.800| 4.200]
[BINS(c->s)..: 0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0]
[BINS(s->c)..: 4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0]
[IATS........: 46000,60057,14787,65380,2487,93393,168067,168088,622738,681338,42,58036,3119141,3197585,40,12,54064,25544,1951118,28580,2034695,28303,25,7,56884,470823,496378,2190158,2289756,44685,126004,0]
[PKTLENS.....: 1392,478,1392,79,74,725,82,725,79,214,508,70,82,194,170,69,101,82,79,255,163,77,71,240,61,88,215,79,1190,77,758,469]
DAEMON-EVENT: [Processed: 413 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....2] [ip4][..udp] [.......10.0.0.4][40134] -> [.......10.0.0.3][.6121]
detected: [.....2] [ip4][..udp] [.......10.0.0.4][40134] -> [.......10.0.0.3][.6121] [QUIC][Web][Acceptable]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn
idle: [.....1] [ip4][..udp] [..192.168.1.109][57833] -> [.216.58.212.101][..443] [QUIC.GMail][Email][Acceptable]
DAEMON-EVENT: [Processed: 419 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....3] [ip4][..udp] [..192.168.1.105][45669] -> [...172.217.16.4][..443]
detected: [.....3] [ip4][..udp] [..192.168.1.105][45669] -> [...172.217.16.4][..443] [QUIC.Google][Web][Acceptable]
new: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443]
new: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443]
detected: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443] [QUIC.YouTube][Media][Fun]
new: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443]
detected: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443] [QUIC.YouTube][Media][Fun]
new: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443]
detected: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] [QUIC.Google][Web][Acceptable]
new: [.....8] [ip4][..udp] [..192.168.1.105][55934] -> [.216.58.201.238][..443]
detected: [.....8] [ip4][..udp] [..192.168.1.105][55934] -> [.216.58.201.238][..443] [QUIC.YouTube][Media][Fun]
new: [.....9] [ip4][..udp] [..192.168.1.105][53817] -> [.216.58.210.225][..443]
detected: [.....9] [ip4][..udp] [..192.168.1.105][53817] -> [.216.58.210.225][..443] [QUIC.YouTube][Media][Fun]
idle: [.....2] [ip4][..udp] [.......10.0.0.4][40134] -> [.......10.0.0.3][.6121] [QUIC][Web][Acceptable]
RISK: Known Proto on Non Std Port, Missing SNI TLS Extn
DAEMON-EVENT: [Processed: 449 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 7 / 9|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443]
detected: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun]
analyse: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun]
[min|max|avg|stddev|variance|entropy]
[IAT.........: 0.000| 0.829| 0.062| 0.199|39440.069| 0.000]
[PKTLEN......: 75.000| 1392.000| 871.800| 620.800|385421.500| 4.500]
[BINS(c->s)..: 0,8,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
[BINS(s->c)..: 0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,0,1,1,1,0,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,1,1]
[IATS........: 565,35358,43,40485,132,24017,25957,16828,62,532,35459,51659,446,11,26638,25576,828641,25,803246,620,371,204,811,210,360,238,291,204,540,286,244,0]
[PKTLENS.....: 1392,387,1392,1392,1392,383,79,82,1392,75,75,85,1392,1392,1188,82,79,1392,1392,82,1392,1392,1392,82,1392,82,1392,1392,1392,82,1392,1392]
idle: [.....7] [ip4][..udp] [..192.168.1.105][40030] -> [.216.58.201.227][..443] [QUIC.Google][Web][Acceptable]
guessed: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443] [Google][Web][Acceptable]
idle: [.....4] [ip4][..udp] [..192.168.1.105][40461] -> [...172.217.16.3][..443]
idle: [.....6] [ip4][..udp] [..192.168.1.105][48445] -> [.216.58.214.110][..443] [QUIC.YouTube][Media][Fun]
idle: [.....5] [ip4][..udp] [..192.168.1.105][34438] -> [.216.58.210.238][..443] [QUIC.YouTube][Media][Fun]
idle: [.....3] [ip4][..udp] [..192.168.1.105][45669] -> [...172.217.16.4][..443] [QUIC.Google][Web][Acceptable]
idle: [....10] [ip4][..udp] [..192.168.1.109][35236] -> [.216.58.210.206][..443] [QUIC.YouTube][Media][Fun]
idle: [.....9] [ip4][..udp] [..192.168.1.105][53817] -> [.216.58.210.225][..443] [QUIC.YouTube][Media][Fun]
idle: [.....8] [ip4][..udp] [..192.168.1.105][55934] -> [.216.58.201.238][..443] [QUIC.YouTube][Media][Fun]
DAEMON-EVENT: shutdown
|