1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67]
detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
new: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900]
detected: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
new: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353]
detected: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
new: [.....4] [ip4][..udp] [...192.168.1.69][.5353] -> [....224.0.0.251][.5353]
detected: [.....4] [ip4][..udp] [...192.168.1.69][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
new: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353]
detected: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
new: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353]
detected: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable]
new: [.....7] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.75][.5353]
detected: [.....7] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.75][.5353] [MDNS][Network][Acceptable]
new: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53]
detected: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
detection-update: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
new: [.....9] [ip4][..udp] [...192.168.1.77][17500] -> [255.255.255.255][17500]
detected: [.....9] [ip4][..udp] [...192.168.1.77][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable]
new: [....10] [ip4][..udp] [...192.168.1.77][17500] -> [..192.168.1.255][17500]
detected: [....10] [ip4][..udp] [...192.168.1.77][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]
detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
new: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353]
detected: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable]
new: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353]
detected: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] [MDNS][Network][Acceptable]
analyse: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.089| 0.260| 0.238|56779.682| 0.000]
[PKTLEN......: 142.000| 308.000| 198.700| 56.400| 3176.800| 4.900]
[BINS(c->s)..: 0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[IATS(ms)....: 549.4,0.8,252.8,249.2,102.8,152.8,104.9,141.4,2.6,102.2,252.5,506.2,1089.0,524.5,0.5,254.5,249.1,108.9,146.8,101.0,145.2,2.4,102.1,256.0,497.9,504.7,600.2,564.9,0.4,248.3,249.2,0.0]
[PKTLENS.....: 142,233,308,169,153,169,153,211,184,308,153,167,275,142,233,308,169,153,169,153,211,184,308,153,167,211,167,142,233,308,169,153]
analyse: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.089| 0.260| 0.238|56762.626| 0.000]
[PKTLEN......: 162.000| 328.000| 218.700| 56.400| 3176.800| 5.000]
[BINS(c->s)..: 0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[IATS(ms)....: 549.6,0.4,252.7,249.3,102.6,153.3,104.8,140.9,2.6,102.6,252.5,506.2,1088.5,524.6,0.5,254.5,249.4,109.0,147.1,100.8,145.2,1.9,102.6,256.1,498.0,504.7,600.4,564.2,0.4,249.0,248.4,0.0]
[PKTLENS.....: 162,253,328,189,173,189,173,231,204,328,173,187,295,162,253,328,189,173,189,173,231,204,328,173,187,231,187,162,253,328,189,173]
detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
detection-update: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable]
new: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53]
detected: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe]
detection-update: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe]
new: [....14] [ip4][..udp] [...192.168.1.53][57621] -> [..192.168.1.255][57621]
detected: [....14] [ip4][..udp] [...192.168.1.53][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable]
new: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900]
detected: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
new: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53]
detected: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
detection-update: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
new: [....17] [ip4][..udp] [...192.168.1.52][.5353] -> [....224.0.0.251][.5353]
detected: [....17] [ip4][..udp] [...192.168.1.52][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
new: [....18] [ip6][..udp] [...............fe80::4dc:edec:5b0c:a661][.5353] -> [...............................ff02::fb][.5353]
detected: [....18] [ip6][..udp] [...............fe80::4dc:edec:5b0c:a661][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable]
new: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521]
detected: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521] [Telegram][Chat][Acceptable]
new: [....20] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.12.5][..523]
detected: [....20] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.12.5][..523] [Telegram][Chat][Acceptable]
new: [....21] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.16.1][..527]
detected: [....21] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.16.1][..527] [Telegram][Chat][Acceptable]
new: [....22] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.12.1][..536]
detected: [....22] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.12.1][..536] [Telegram][Chat][Acceptable]
new: [....23] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.8][..538]
detected: [....23] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.8][..538] [Telegram][Chat][Acceptable]
new: [....24] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.16.4][..538]
detected: [....24] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.16.4][..538] [Telegram][Chat][Acceptable]
new: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480]
new: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723]
detected: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] [OpenVPN][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521] [Telegram][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.501| 0.118| 0.112|12556.351| 0.000]
[PKTLEN......: 74.000| 234.000| 158.000| 57.300| 3288.000| 4.900]
[BINS(c->s)..: 0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,4,4,0,8,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,1,0,1,1,1,1,1,1,0,1]
[IATS(ms)....: 33.7,303.8,500.9,195.8,135.7,308.4,212.1,0.7,38.9,154.1,154.5,74.5,133.7,63.7,29.9,38.6,63.9,177.4,37.8,26.0,43.6,64.2,189.8,58.8,4.5,63.5,64.5,43.0,64.5,315.9,64.4,0.0]
[PKTLENS.....: 82,106,138,82,106,138,138,74,138,90,82,106,234,138,234,138,234,218,138,138,218,234,218,82,106,218,218,202,218,218,138,234]
new: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53]
detected: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable]
detection-update: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable]
RISK: Suspicious DNS Traffic
analyse: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.042| 1.999| 0.261| 0.473|223426.380| 0.000]
[PKTLEN......: 90.000| 282.000| 205.500| 54.500| 2971.800| 4.900]
[BINS(c->s)..: 0,1,2,0,0,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,3,0,0,5,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,0,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
[IATS(ms)....: 176.6,505.7,492.8,1175.3,327.6,331.9,1681.3,64.2,63.5,64.3,42.3,63.9,1998.8,63.8,58.3,64.1,69.6,64.4,57.8,43.1,58.1,62.2,58.1,63.8,58.2,64.2,58.2,62.0,69.6,66.6,57.7,0.0]
[PKTLENS.....: 122,122,122,90,106,90,106,234,266,282,266,266,250,218,234,234,234,218,202,234,218,218,218,234,218,218,218,218,234,218,234,234]
not-detected: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] [Unknown][Unrated]
new: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
new: [....29] [ip4][..udp] [...192.168.1.43][..138] -> [..192.168.1.255][..138]
detected: [....29] [ip4][..udp] [...192.168.1.43][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous]
RISK: Unsafe Protocol
new: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137]
detected: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable]
new: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53]
detected: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe]
detection-update: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe]
new: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53]
detected: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
detection-update: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
RISK: Suspicious DNS Traffic
new: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53]
detected: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe]
detection-update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
new: [....34] [ip4][..udp] [...192.168.1.77][61974] -> [..216.58.205.68][..443]
detected: [....34] [ip4][..udp] [...192.168.1.77][61974] -> [..216.58.205.68][..443] [QUIC.Google][Web][Acceptable]
new: [....35] [ip4][..udp] [...192.168.1.77][50822] -> [..216.58.205.68][..443]
detected: [....35] [ip4][..udp] [...192.168.1.77][50822] -> [..216.58.205.68][..443] [QUIC.Google][Web][Acceptable]
new: [....36] [ip4][..udp] [...192.168.1.77][57621] -> [..192.168.1.255][57621]
detected: [....36] [ip4][..udp] [...192.168.1.77][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable]
new: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529]
detected: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] [Telegram][Chat][Acceptable]
new: [....38] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.1][..529]
detected: [....38] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.1][..529] [Telegram][Chat][Acceptable]
new: [....39] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.3][..530]
detected: [....39] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.3][..530] [Telegram][Chat][Acceptable]
new: [....40] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.1][..533]
detected: [....40] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.1][..533] [Telegram][Chat][Acceptable]
new: [....41] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.5][..537]
detected: [....41] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.5][..537] [Telegram][Chat][Acceptable]
new: [....42] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.3][..537]
detected: [....42] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.3][..537] [Telegram][Chat][Acceptable]
detection-update: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe]
new: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900]
detected: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
analyse: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] [Telegram][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.008| 0.505| 0.099| 0.138|18965.475| 0.000]
[PKTLEN......: 74.000| 234.000| 158.000| 55.400| 3064.000| 4.900]
[BINS(c->s)..: 0,5,0,4,0,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1]
[IATS(ms)....: 38.7,504.7,472.2,31.4,48.8,83.1,90.1,75.5,57.5,58.0,58.1,58.1,52.0,386.6,9.5,8.5,27.3,36.0,21.7,40.2,58.1,58.0,58.2,57.9,70.0,57.9,58.0,8.2,436.3,11.3,25.6,0.0]
[PKTLENS.....: 82,106,82,138,106,138,138,74,218,218,218,234,218,82,138,138,218,106,138,218,90,218,218,202,218,202,218,218,82,138,138,106]
new: [....44] [ip4][..udp] [...192.168.1.77][28150] -> [..87.11.205.195][59772]
analyse: [....40] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.1][..533] [Telegram][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.007| 0.505| 0.113| 0.151|22855.887| 0.000]
[PKTLEN......: 74.000| 218.000| 157.000| 54.200| 2943.000| 4.900]
[BINS(c->s)..: 0,5,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,4,5,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,1]
[IATS(ms)....: 34.1,504.9,476.9,26.3,48.6,90.1,359.3,474.9,22.9,54.0,44.1,48.8,32.7,70.5,63.7,63.7,64.6,42.0,447.9,51.4,12.5,7.1,54.2,56.0,36.2,28.9,63.9,41.9,63.9,64.6,64.6,0.0]
[PKTLENS.....: 82,106,82,138,106,138,74,82,138,106,138,90,138,218,218,202,218,218,218,82,138,218,106,138,218,138,218,218,202,218,202,218]
new: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900]
detected: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
update: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
update: [.....9] [ip4][..udp] [...192.168.1.77][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable]
update: [....10] [ip4][..udp] [...192.168.1.77][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]
update: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
update: [.....7] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.75][.5353] [MDNS][Network][Acceptable]
update: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
update: [.....4] [ip4][..udp] [...192.168.1.69][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
update: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
update: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
update: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable]
new: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900]
detected: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
new: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53]
detected: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Cloud][Acceptable]
new: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53]
detected: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
detection-update: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
detection-update: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Cloud][Acceptable]
idle: [....32] [ip4][..udp] [...192.168.1.77][.5812] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
RISK: Suspicious DNS Traffic
idle: [....16] [ip4][..udp] [...192.168.1.77][61120] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
idle: [....28] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
idle: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
idle: [.....9] [ip4][..udp] [...192.168.1.77][17500] -> [255.255.255.255][17500] [Dropbox][Cloud][Acceptable]
idle: [....19] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.7][..521] [Telegram][Chat][Acceptable]
idle: [....20] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.12.5][..523] [Telegram][Chat][Acceptable]
idle: [....21] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.16.1][..527] [Telegram][Chat][Acceptable]
idle: [....22] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.12.1][..536] [Telegram][Chat][Acceptable]
idle: [....24] [ip4][..udp] [...192.168.1.77][23174] -> [....91.108.16.4][..538] [Telegram][Chat][Acceptable]
idle: [....23] [ip4][..udp] [...192.168.1.77][23174] -> [.....91.108.8.8][..538] [Telegram][Chat][Acceptable]
idle: [....27] [ip4][..udp] [...192.168.1.77][47127] -> [....192.168.1.1][...53] [DNS.GoogleServices][Web][Acceptable]
RISK: Suspicious DNS Traffic
idle: [....18] [ip6][..udp] [...............fe80::4dc:edec:5b0c:a661][.5353] -> [...............................ff02::fb][.5353]
idle: [....10] [ip4][..udp] [...192.168.1.77][17500] -> [..192.168.1.255][17500] [Dropbox][Cloud][Acceptable]
idle: [....15] [ip4][..udp] [...192.168.1.75][57916] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [.....8] [ip4][..udp] [...192.168.1.77][61631] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
idle: [....30] [ip4][..udp] [...192.168.1.77][..137] -> [..192.168.1.255][..137] [NetBIOS][System][Acceptable]
idle: [....29] [ip4][..udp] [...192.168.1.43][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][System][Dangerous]
RISK: Unsafe Protocol
idle: [....48] [ip4][..udp] [...192.168.1.77][49533] -> [....192.168.1.1][...53] [DNS][Network][Acceptable]
idle: [....12] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.53][.5353] [MDNS][Network][Acceptable]
idle: [.....7] [ip4][..udp] [...192.168.1.77][.5353] -> [...192.168.1.75][.5353] [MDNS][Network][Acceptable]
idle: [.....5] [ip4][..udp] [...192.168.1.75][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
idle: [.....4] [ip4][..udp] [...192.168.1.69][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
idle: [....17] [ip4][..udp] [...192.168.1.52][.5353] -> [....224.0.0.251][.5353]
idle: [.....3] [ip4][..udp] [...192.168.1.53][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
not-detected: [....44] [ip4][..udp] [...192.168.1.77][28150] -> [..87.11.205.195][59772] [Unknown][Unrated]
idle: [....44] [ip4][..udp] [...192.168.1.77][28150] -> [..87.11.205.195][59772]
idle: [....36] [ip4][..udp] [...192.168.1.77][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable]
idle: [....14] [ip4][..udp] [...192.168.1.53][57621] -> [..192.168.1.255][57621] [Spotify][Music][Acceptable]
idle: [....43] [ip4][..udp] [...192.168.1.77][52127] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [....26] [ip4][..udp] [...192.168.1.77][23174] -> [..87.11.205.195][60723] [OpenVPN][VPN][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....35] [ip4][..udp] [...192.168.1.77][50822] -> [..216.58.205.68][..443] [QUIC.Google][Web][Acceptable]
idle: [....31] [ip4][..udp] [...192.168.1.77][49764] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe]
idle: [.....2] [ip4][..udp] [...192.168.1.53][54306] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [....46] [ip4][..udp] [...192.168.1.53][56384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [....38] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.1][..529] [Telegram][Chat][Acceptable]
idle: [....37] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.8][..529] [Telegram][Chat][Acceptable]
idle: [....39] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.3][..530] [Telegram][Chat][Acceptable]
idle: [....40] [ip4][..udp] [...192.168.1.77][28150] -> [.....91.108.8.1][..533] [Telegram][Chat][Acceptable]
idle: [....42] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.16.3][..537] [Telegram][Chat][Acceptable]
idle: [....41] [ip4][..udp] [...192.168.1.77][28150] -> [....91.108.12.5][..537] [Telegram][Chat][Acceptable]
idle: [....13] [ip4][..udp] [...192.168.1.77][52118] -> [....192.168.1.1][...53] [DNS.Microsoft][Cloud][Safe]
idle: [....11] [ip6][..udp] [..............fe80::18a0:a412:8935:c01b][.5353] -> [...............................ff02::fb][.5353]
idle: [....45] [ip4][..udp] [...192.168.1.53][50698] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [....47] [ip4][..udp] [...192.168.1.77][58615] -> [....192.168.1.1][...53] [DNS.Dropbox][Cloud][Acceptable]
idle: [....33] [ip4][..udp] [...192.168.1.77][54595] -> [....192.168.1.1][...53] [DNS.ntop][Network][Safe]
idle: [....25] [ip4][..udp] [...192.168.1.77][23174] -> [...192.168.1.52][31480] [Unknown][Unrated]
idle: [....34] [ip4][..udp] [...192.168.1.77][61974] -> [..216.58.205.68][..443] [QUIC.Google][Web][Acceptable]
idle: [.....6] [ip6][..udp] [................fe80::4ba:91a:7817:e318][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable]
DAEMON-EVENT: shutdown
|