1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
new: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53]
detected: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] [DNS][Network][Acceptable]
new: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443]
new: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443]
new: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443]
new: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443]
new: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443]
detection-update: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] [DNS][Network][Acceptable]
detected: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun]
detection-update: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun]
detected: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
RISK: TLS (probably) Not Carrying HTTPS
detected: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
detected: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
detected: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
analyse: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.052| 0.012| 0.020| 399.390| 0.000]
[PKTLEN......: 66.000| 1506.000| 427.300| 522.500|272968.600| 4.100]
[BINS(c->s)..: 10,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,1]
[IATS(ms)....: 44.2,46.0,0.1,45.6,0.8,0.2,0.3,0.2,47.8,0.0,0.1,46.0,44.7,7.8,1.7,0.1,0.4,0.1,52.3,0.0,1.1,0.0,42.6,0.1,0.7,0.5,0.1,0.9,0.1,0.4,0.0,0.0]
[PKTLENS.....: 78,74,66,583,66,1506,1506,1282,1506,66,66,66,673,66,146,112,109,101,207,337,337,66,136,66,66,66,66,97,1112,1112,1506,427]
detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
detection-update: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
detection-update: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
detection-update: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
new: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [MIDSTREAM]
detected: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [TLS.Apple][Web][Safe]
new: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [MIDSTREAM]
detected: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [TLS][Web][Safe]
new: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443]
new: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443]
new: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53]
detected: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Chat][Fun]
new: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443]
new: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443]
new: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443]
detection-update: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Chat][Fun]
new: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1]
detected: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Network][Acceptable]
detected: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun]
detection-update: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun]
detected: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
RISK: TLS (probably) Not Carrying HTTPS
detected: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
detected: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
detected: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
analyse: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.101| 0.015| 0.025| 625.062| 0.000]
[PKTLEN......: 66.000| 1506.000| 445.700| 520.400|270842.400| 4.100]
[BINS(c->s)..: 9,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1]
[IATS(ms)....: 34.9,37.7,0.1,37.4,0.8,0.2,0.3,0.2,37.0,0.2,34.8,100.7,83.3,17.6,1.1,2.5,0.1,0.4,0.1,36.0,0.0,31.6,0.5,2.4,0.0,0.5,2.2,1.1,0.2,0.2,0.0,0.0]
[PKTLENS.....: 78,74,66,583,66,1506,1506,1282,1506,66,66,673,66,673,78,146,112,109,101,207,337,337,66,66,66,136,66,66,1112,1112,1506,427]
detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
detection-update: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
detection-update: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
detection-update: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
new: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443]
detected: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
detection-update: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
analyse: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.115| 0.033| 0.050| 2490.513| 0.000]
[PKTLEN......: 66.000| 1506.000| 533.200| 606.200|367455.800| 4.100]
[BINS(c->s)..: 4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
[BINS(s->c)..: 7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1]
[IATS(ms)....: 108.9,110.6,0.1,110.4,2.1,0.0,112.4,5.0,114.9,0.0,109.6,1.9,0.0,0.0,0.1,0.8,0.1,0.2,0.1,111.4,0.2,108.4,1.8,0.6,1.7,0.2,0.2,0.3,0.1,109.4,1.5,0.0]
[PKTLENS.....: 78,74,66,583,66,1506,1104,66,192,117,135,66,119,116,108,312,1506,1506,1506,378,66,104,848,66,66,1506,1506,1506,1506,151,66,66]
new: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [MIDSTREAM]
detected: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016] [TLS][Web][Safe]
new: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443]
detected: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun]
detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun]
detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun]
analyse: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.043| 0.012| 0.016| 257.340| 0.000]
[PKTLEN......: 66.000| 1506.000| 512.200| 608.000|369644.200| 4.100]
[BINS(c->s)..: 5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
[BINS(s->c)..: 7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1]
[IATS(ms)....: 32.9,39.8,0.1,40.0,2.7,0.0,39.4,7.8,43.4,0.4,0.0,34.7,0.1,7.5,0.5,0.0,0.1,0.4,5.9,0.1,0.4,42.2,0.0,0.5,26.8,7.6,10.7,0.1,0.3,0.3,26.1,0.0]
[PKTLENS.....: 78,74,66,583,66,1506,1009,66,192,66,117,135,66,66,119,116,108,257,104,1506,1506,1506,66,104,66,685,66,1506,1506,1506,1506,66]
detection-update: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun]
idle: [.....1] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
end: [.....8] [ip4][..tcp] [...192.168.2.17][56996] -> [.17.248.146.144][..443] [TLS.Apple][Web][Safe]
idle: [....16] [ip4][.icmp] [...192.168.2.17] -> [....192.168.2.1] [ICMP][Network][Acceptable]
end: [....18] [ip4][..tcp] [....23.57.24.16][..443] -> [...192.168.2.17][57016]
end: [.....4] [ip4][..tcp] [...192.168.2.17][57018] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun]
end: [....11] [ip4][..tcp] [...192.168.2.17][57022] -> [....23.57.24.16][..443] [TLS.AppleiTunes][Streaming][Fun]
end: [.....5] [ip4][..tcp] [...192.168.2.17][57019] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
end: [.....6] [ip4][..tcp] [...192.168.2.17][57020] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
end: [.....7] [ip4][..tcp] [...192.168.2.17][57021] -> [.34.225.240.173][..443] [TLS.Signal][Chat][Fun]
idle: [....13] [ip4][..tcp] [...192.168.2.17][57023] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
idle: [....14] [ip4][..tcp] [...192.168.2.17][57024] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
idle: [....15] [ip4][..tcp] [...192.168.2.17][57025] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
idle: [....17] [ip4][..tcp] [...192.168.2.17][57026] -> [....35.169.3.40][..443] [TLS.Signal][Chat][Fun]
end: [.....9] [ip4][..tcp] [...192.168.2.17][57017] -> [...2.18.232.118][..443] [TLS][Web][Safe]
end: [.....3] [ip4][..tcp] [...192.168.2.17][49226] -> [.34.225.240.173][..443]
idle: [....10] [ip4][..tcp] [...192.168.2.17][49227] -> [....35.169.3.40][..443]
idle: [....19] [ip4][..tcp] [...192.168.2.17][57027] -> [...13.35.253.42][..443] [TLS.Signal][Chat][Fun]
idle: [....12] [ip4][..udp] [...192.168.2.17][56263] -> [....192.168.2.1][...53] [DNS.Signal][Chat][Fun]
idle: [.....2] [ip4][..udp] [...192.168.2.17][60793] -> [....192.168.2.1][...53] [DNS][Network][Acceptable]
DAEMON-EVENT: shutdown
|