1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53]
detected: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable]
detection-update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable]
new: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53]
detected: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable]
detection-update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable]
new: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [MIDSTREAM]
detected: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Cloud][Acceptable]
new: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621]
detected: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable]
new: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222]
detected: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable]
analyse: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.304| 0.044| 0.076| 5836.115| 0.000]
[PKTLEN......: 66.000| 1454.000| 309.400| 467.500|218553.500| 3.900]
[BINS(c->s)..: 11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1]
[IATS(ms)....: 40.7,137.0,170.4,304.1,130.2,0.1,31.0,5.3,0.0,0.4,0.0,0.2,0.0,1.2,210.1,0.3,0.0,0.0,0.2,0.0,0.3,41.4,129.9,0.1,0.0,0.0,0.0,1.0,24.3,131.9,0.0]
[PKTLENS.....: 78,74,66,322,66,123,117,151,1454,106,1454,169,1454,178,1454,66,66,66,66,66,66,66,1059,98,112,133,96,125,66,352,66,66]
new: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53]
detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable]
detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable]
new: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443]
detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable]
detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable]
analyse: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.163| 0.021| 0.048| 2262.349| 0.000]
[PKTLEN......: 66.000| 1454.000| 357.600| 489.700|239839.300| 4.000]
[BINS(c->s)..: 10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0]
[IATS(ms)....: 19.7,127.7,2.8,126.3,2.9,0.0,0.0,21.0,0.2,145.2,0.0,0.0,0.0,0.0,0.0,163.3,0.0,0.0,0.2,0.0,0.0,17.5,0.3,0.0,0.0,2.4,0.3,0.1,0.4,0.6]
[PKTLENS.....: 78,74,66,583,66,1454,1454,349,66,66,130,112,109,101,402,325,66,237,140,97,66,114,498,66,66,66,66,1454,66,1454,1454,97]
new: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500]
detected: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable]
new: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [MIDSTREAM]
detected: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS.Apple][Web][Safe]
new: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900]
detected: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
new: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900]
detected: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
new: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353]
detected: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
new: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353]
detected: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable]
new: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478]
detected: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478]
detected: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478]
detected: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478]
detected: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478]
detected: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
new: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900]
detected: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
new: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53]
detected: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable]
detection-update: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable]
new: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443]
detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable]
detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable]
analyse: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.129| 0.020| 0.031| 949.768| 0.000]
[PKTLEN......: 66.000| 1454.000| 388.400| 526.300|277041.400| 4.000]
[BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1]
[IATS(ms)....: 37.2,39.0,11.1,51.5,1.0,0.1,0.0,42.8,0.1,34.6,3.8,0.4,0.2,0.3,76.2,0.0,34.9,0.4,0.3,3.6,0.0,2.9,1.3,3.4,77.4,53.7,129.1,1.4,0.0,0.2,0.1]
[PKTLENS.....: 78,74,66,583,66,1454,1454,347,66,66,130,112,109,101,258,237,140,66,66,97,66,97,66,101,66,66,516,66,1454,1454,1454,1454]
new: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
detected: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
new: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328]
detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 12.196| 1.588| 3.050|9304956.469| 0.000]
[PKTLEN......: 44.000| 320.000| 124.000| 87.200| 7598.900| 4.700]
[BINS(c->s)..: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1]
[IATS(ms)....: 0.1,13.4,0.1,12194.2,12196.2,104.4,0.1,105.1,0.0,108.6,104.6,3043.3,3048.9,3100.9,3096.0,3015.3,3016.6,2001.9,2.2,107.1,164.0,190.1,88.5,28.8,198.6,134.0,3008.1,91.0,35.6,0.3,36.5]
[PKTLENS.....: 168,168,86,86,48,44,168,168,86,86,48,44,48,44,48,44,48,44,88,68,246,275,254,164,320,248,316,48,44,168,168,86]
new: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282]
detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.204| 0.182| 0.229|52393.320| 0.000]
[PKTLEN......: 68.000| 315.000| 158.900| 51.700| 2672.500| 4.900]
[BINS(c->s)..: 1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1]
[IATS(ms)....: 578.2,623.6,1203.7,72.5,167.2,11.6,115.7,158.4,0.0,172.8,173.6,169.8,156.2,136.6,155.3,179.8,99.3,157.4,38.3,163.4,181.3,166.6,142.4,3.0,26.0,115.3,6.1,171.8,106.3,56.2,143.4]
[PKTLENS.....: 86,86,86,86,86,86,213,274,164,175,315,151,173,173,147,163,150,164,186,178,169,173,178,184,164,68,164,164,170,164,153,193]
detection-update: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Network][Acceptable]
detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Network][Acceptable]
new: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [MIDSTREAM]
update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable]
update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable]
update: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable]
update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable]
new: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900]
detected: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
new: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900]
detected: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
new: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51]
detected: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Network][Acceptable]
idle: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Cloud][Acceptable]
not-detected: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [Unknown][Unrated]
idle: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159]
end: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][Chat][Acceptable]
idle: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Network][Acceptable]
idle: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Download][Acceptable]
idle: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353]
idle: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Cloud][Acceptable]
idle: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Web][Acceptable]
end: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS.Apple][Web][Safe]
idle: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
idle: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
idle: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353]
idle: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Music][Acceptable]
idle: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][Download][Acceptable]
idle: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][System][Acceptable]
idle: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Network][Acceptable]
idle: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable]
idle: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][Chat][Acceptable]
idle: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
idle: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Chat][Acceptable]
idle: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
idle: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][VoIP][Acceptable]
DAEMON-EVENT: shutdown
|