1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621]
detected: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable]
new: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [MIDSTREAM]
new: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478]
detected: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [.....4] [ip4][..udp] [...192.168.2.12][53688] -> [..185.60.216.51][.3478]
detected: [.....4] [ip4][..udp] [...192.168.2.12][53688] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [.....5] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.193.48][.3478]
detected: [.....5] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [.....6] [ip4][..udp] [...192.168.2.12][53688] -> [..179.60.192.48][.3478]
detected: [.....6] [ip4][..udp] [...192.168.2.12][53688] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [.....7] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.196.62][.3478]
detected: [.....7] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900]
detected: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
analyse: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.404| 0.182| 0.481|231053.525| 0.000]
[PKTLEN......: 66.000| 1454.000| 282.400| 335.200|112371.900| 4.300]
[BINS(c->s)..: 11,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,1,1,4,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0]
[IATS(ms)....: 51.7,176.8,0.0,439.6,1227.8,0.8,306.1,108.9,2404.5,0.2,0.0,0.3,0.0,0.0,0.3,133.1,0.6,40.7,0.3,7.7,7.9,1.7,1.6,528.8,1.1,0.7,0.7,0.7,2.7,2.6,0.0,0.0]
[PKTLENS.....: 614,66,1454,169,522,522,346,203,239,1454,66,66,78,66,66,66,78,242,242,66,66,242,66,418,66,228,226,220,220,220,220,220]
guessed: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable]
detected: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable]
analyse: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.550| 0.064| 0.136|18373.693| 0.000]
[PKTLEN......: 44.000| 514.000| 345.600| 205.800|42355.100| 4.700]
[BINS(c->s)..: 3,0,0,4,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,4,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0]
[IATS(ms)....: 0.1,13.1,1.1,548.2,0.8,550.1,16.2,0.1,20.3,0.1,23.6,0.6,14.5,1.0,0.1,79.3,29.6,0.1,23.2,0.2,20.0,0.3,24.4,3.5,104.4,150.5,15.9,197.6,75.4,2.5,68.2,0.0]
[PKTLENS.....: 168,168,86,86,168,514,86,514,514,514,514,514,514,48,514,514,44,514,514,514,514,514,514,514,168,86,62,514,62,514,514,62]
new: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
new: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491]
detected: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] [STUN.WhatsAppCall][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
new: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641]
detected: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.979| 0.150| 0.383|146861.081| 0.000]
[PKTLEN......: 86.000| 1160.000| 537.500| 432.000|186635.800| 4.500]
[BINS(c->s)..: 0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1]
[IATS(ms)....: 707.1,619.8,619.1,1979.4,36.3,69.7,132.0,26.4,100.1,1.5,36.5,24.6,0.1,0.2,0.3,0.3,10.7,26.1,102.4,15.1,0.3,0.6,0.5,0.9,0.2,0.8,7.6,0.9,0.1,0.6,131.2,0.0]
[PKTLENS.....: 86,86,86,86,86,86,86,170,86,179,164,144,913,913,913,912,1160,208,157,212,1036,1036,1036,1036,1036,1034,164,934,934,934,1062,224]
new: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500]
detected: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable]
new: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900]
detected: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
new: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900]
detected: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [.....8] [ip4][..udp] [...192.168.2.12][51277] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [.....9] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
idle: [.....7] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
idle: [.....5] [ip4][..udp] [...192.168.2.12][53688] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
idle: [....14] [ip4][..udp] [...192.168.2.12][51458] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [....12] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable]
idle: [.....1] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable]
idle: [.....6] [ip4][..udp] [...192.168.2.12][53688] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
idle: [.....4] [ip4][..udp] [...192.168.2.12][53688] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
idle: [.....3] [ip4][..udp] [...192.168.2.12][53688] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
idle: [....13] [ip4][..udp] [...192.168.2.12][65025] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable]
idle: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] [STUN.WhatsAppCall][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
DAEMON-EVENT: shutdown
|