1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [......10.1.1.10][52470] -> [.......10.2.2.2][.8554] [MIDSTREAM]
detected: [.....1] [ip4][..tcp] [......10.1.1.10][52470] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
new: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554]
detected: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
[min|max|avg|stddev|variance|entropy]
[IAT.........: 0.000| 0.021| 0.002| 0.006| 34.529| 0.000]
[PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
[IATS........: 35,2,147,185,74,3,21,233,32,2,57,13140,10,5,57,13537,3,20,31,20633,10,29,32,21135,10,3,84,464,2,22,30,0]
[PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,56,62,62,181,181,181,181,198,198,198,198,62,56,62,62]
new: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554]
detected: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
[min|max|avg|stddev|variance|entropy]
[IAT.........: 0.000| 0.021| 0.002| 0.005| 29.923| 0.000]
[PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
[IATS........: 11,6,72,280,3,19,31,588,10,4,95,9323,12,6,70,10052,3,20,30,20464,12,35,38,21234,11,6,415,877,63,5,25,0]
[PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,56,62,62,181,181,181,181,198,198,198,198,62,62,56,62]
new: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554]
detected: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
[min|max|avg|stddev|variance|entropy]
[IAT.........: 0.000| 0.021| 0.002| 0.005| 26.106| 0.000]
[PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
[IATS........: 11,6,298,316,75,4,113,848,111,3,200,4833,13,7,374,6198,62,5,77,20136,13,74,34,21000,11,7,67,946,6,27,79,0]
[PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,62,56,62,181,181,181,181,198,198,198,198,62,56,62,62]
new: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554]
detected: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
[min|max|avg|stddev|variance|entropy]
[IAT.........: 0.000| 0.505| 0.033| 0.124|15344.430| 0.000]
[PKTLEN......: 56.000| 181.000| 92.300| 48.800| 2380.700| 4.800]
[BINS(c->s)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
[IATS........: 13,12,110,1319,2,16,338,505214,14,12,119,504501,5,45,55,1025,12,6,56,113,30,3,36,579,55,2,21,20351,8,26,107,0]
[PKTLENS.....: 68,68,68,68,62,56,62,62,68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,62,56,62,181,181,181,181]
end: [.....1] [ip4][..tcp] [......10.1.1.10][52470] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
new: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554]
detected: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
[min|max|avg|stddev|variance|entropy]
[IAT.........: 0.000| 0.024| 0.002| 0.006| 34.195| 0.000]
[PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
[IATS........: 13,10,107,377,5,25,77,583,10,4,135,10337,14,11,11449,2,754,44,76,20263,13,28,87,23771,10,4,96,3496,1,20,106,0]
[PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,62,56,172,62,62,181,181,181,181,198,198,198,198,62,56,62,62]
end: [.....2] [ip4][..tcp] [......10.1.1.10][52472] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
new: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554]
detected: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
analyse: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
[min|max|avg|stddev|variance|entropy]
[IAT.........: 0.000| 0.021| 0.002| 0.005| 26.978| 0.000]
[PKTLEN......: 56.000| 198.000| 108.600| 58.600| 3438.900| 4.800]
[BINS(c->s)..: 8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1]
[IATS........: 13,12,126,440,5,40,92,581,9,4,94,6644,14,9,113,7455,6,53,93,20043,15,52,57,21029,9,6,97,810,5,21,76,0]
[PKTLENS.....: 68,68,68,68,68,68,68,68,62,62,56,62,172,172,172,172,62,56,62,62,181,181,181,181,198,198,198,198,62,56,62,62]
end: [.....3] [ip4][..tcp] [......10.1.1.10][52474] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
end: [.....4] [ip4][..tcp] [......10.1.1.10][52476] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
end: [.....5] [ip4][..tcp] [......10.1.1.10][52478] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
end: [.....6] [ip4][..tcp] [......10.1.1.10][52480] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
idle: [.....7] [ip4][..tcp] [......10.1.1.10][52482] -> [.......10.2.2.2][.8554] [RTSP][Media][Fun]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: shutdown
|