1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
|
DAEMON-EVENT: init
DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [...10.16.37.157][42256] -> [..174.37.231.81][.5222] [MIDSTREAM]
new: [.....2] [ip4][..udp] [.......10.8.0.1][46214] -> [..200.89.75.198][..123]
detected: [.....2] [ip4][..udp] [.......10.8.0.1][46214] -> [..200.89.75.198][..123] [NTP][System][Acceptable]
new: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80]
detected: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Web][Acceptable]
new: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80]
new: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443]
new: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443]
detected: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detection-update: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
new: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443]
detected: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detected: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS.Google][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detected: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS.Google][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
new: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80]
detected: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detection-update: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Download][Acceptable]
RISK: Binary App Transfer
new: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80]
new: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80]
detected: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detection-update: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detected: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detection-update: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
new: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443]
new: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443]
new: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443]
new: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443]
new: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80]
detected: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detected: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detected: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detected: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detected: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detection-update: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
new: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80]
detected: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detection-update: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
new: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80]
detected: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
detection-update: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
analyse: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 3.681| 0.340| 0.885|782653.260| 0.000]
[PKTLEN......: 54.000|11833.000| 1966.700| 3090.500|9551439.000| 3.500]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
[IATS(ms)....: 3.7,3.9,21.8,22.4,3678.0,3680.6,286.1,284.3,338.9,393.5,330.3,329.4,54.6,2.0,179.3,179.5,2.6,51.2,50.7,3.1,28.5,76.3,51.1,51.3,122.7,73.5,10.2,59.1,52.6,58.3,56.5,0.0]
[PKTLENS.....: 74,54,54,317,54,1422,54,2790,54,5526,54,8262,54,2687,54,1422,54,1422,54,9630,54,2790,54,5526,54,5526,54,2790,54,11833,54,54]
analyse: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.659| 0.289| 0.505|255075.107| 0.000]
[PKTLEN......: 54.000| 5515.000| 567.800| 1270.800|1615041.000| 3.100]
[BINS(c->s)..: 5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1]
[IATS(ms)....: 1.2,10.9,357.2,367.1,474.4,475.3,8.1,9.0,265.9,317.7,52.0,0.9,0.6,0.3,0.3,1430.1,1483.3,119.5,172.8,51.4,51.9,1.4,0.9,0.5,0.4,0.3,0.4,1601.9,1658.8,0.2,57.1,0.0]
[PKTLENS.....: 74,54,54,236,54,3201,54,380,54,288,203,54,590,54,115,54,5515,54,203,54,590,54,590,54,590,54,115,54,4411,54,203,54]
detection-update: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
new: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443]
detected: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
new: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443]
detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detected: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
new: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443]
detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detected: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
new: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443]
detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detected: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
new: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80] [MIDSTREAM]
new: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] [MIDSTREAM]
new: [....24] [ip4][..tcp] [...10.16.37.157][41823] -> [...200.160.4.49][...80] [MIDSTREAM]
new: [....25] [ip4][..tcp] [.......10.8.0.1][45169] -> [..200.160.4.198][...80] [MIDSTREAM]
new: [....26] [ip4][..tcp] [...10.16.37.157][52953] -> [...200.160.4.49][...80] [MIDSTREAM]
new: [....27] [ip4][..tcp] [...10.16.37.157][52746] -> [...200.160.4.49][...80] [MIDSTREAM]
new: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80] [MIDSTREAM]
new: [....29] [ip4][..tcp] [.......10.8.0.1][43089] -> [..200.160.4.198][..443] [MIDSTREAM]
new: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [MIDSTREAM]
analyse: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.416| 0.170| 0.135|18249.146| 0.000]
[PKTLEN......: 54.000|21942.000| 1838.800| 4660.800|21723254.000| 2.600]
[BINS(c->s)..: 12,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,1]
[IATS(ms)....: 1.3,1.6,226.9,227.5,336.5,387.2,51.3,1.2,297.2,297.8,252.5,309.4,358.7,415.9,0.8,0.5,0.5,0.6,254.3,305.5,51.8,52.5,211.3,161.3,248.0,249.1,81.3,79.5,208.7,209.7,0.6,0.0]
[PKTLENS.....: 74,54,54,236,54,1422,54,2177,54,188,54,288,54,203,54,590,54,77,54,1422,54,12366,54,5526,54,21942,54,11359,54,54,54,54]
analyse: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.449| 0.192| 0.280|78147.936| 0.000]
[PKTLEN......: 54.000|11186.000| 1394.300| 2994.000|8963944.000| 3.000]
[BINS(c->s)..: 12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0]
[IATS(ms)....: 2.4,2.8,291.8,292.5,279.8,332.4,52.7,50.7,425.1,475.7,259.9,310.7,0.7,51.4,0.6,0.7,0.5,0.3,293.9,546.0,252.8,1.5,20.2,21.2,56.9,56.8,156.2,205.9,52.7,4.2,1449.2,0.0]
[PKTLENS.....: 74,54,54,236,54,1066,54,2533,54,188,54,288,54,590,54,403,54,91,54,10174,54,8150,54,1066,54,11186,54,1066,54,6590,54,54]
detection-update: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
analyse: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 5.891| 1.026| 1.779|3164212.036| 0.000]
[PKTLEN......: 54.000| 3660.000| 366.100| 731.900|535720.000| 3.500]
[BINS(c->s)..: 10,0,0,0,1,2,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1]
[IATS(ms)....: 9.1,9.5,461.2,462.1,319.2,370.8,51.5,0.6,58.7,59.3,267.3,318.5,5838.7,5890.9,1.9,3.1,232.7,285.9,1892.6,1892.4,50.9,52.2,293.0,345.1,0.6,0.4,1258.6,1310.0,5014.8,5014.5,51.5,0.0]
[PKTLENS.....: 74,54,54,236,54,1066,54,2189,54,380,54,288,54,235,54,555,54,107,54,1066,54,3660,54,203,54,315,54,331,54,91,54,54]
new: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443]
detected: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
new: [....32] [ip4][..tcp] [.......10.8.0.1][50828] -> [108.168.176.228][..443]
detected: [....32] [ip4][..tcp] [.......10.8.0.1][50828] -> [108.168.176.228][..443] [WhatsApp][Chat][Acceptable]
new: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443]
detected: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.AmazonAWS][Cloud][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
detection-update: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
guessed: [....26] [ip4][..tcp] [...10.16.37.157][52953] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable]
end: [....26] [ip4][..tcp] [...10.16.37.157][52953] -> [...200.160.4.49][...80]
end: [.....4] [ip4][..tcp] [.......10.8.0.1][45529] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
end: [.....8] [ip4][..tcp] [.......10.8.0.1][45536] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
end: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
end: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
end: [....15] [ip4][..tcp] [.......10.8.0.1][45546] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
end: [....16] [ip4][..tcp] [.......10.8.0.1][45552] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
end: [....17] [ip4][..tcp] [.......10.8.0.1][45554] -> [.54.230.227.172][...80] [HTTP.Waze][Web][Acceptable]
idle: [....32] [ip4][..tcp] [.......10.8.0.1][50828] -> [108.168.176.228][..443] [WhatsApp][Chat][Acceptable]
guessed: [....25] [ip4][..tcp] [.......10.8.0.1][45169] -> [..200.160.4.198][...80] [HTTP][Web][Acceptable]
end: [....25] [ip4][..tcp] [.......10.8.0.1][45169] -> [..200.160.4.198][...80]
end: [.....5] [ip4][..tcp] [.......10.8.0.1][36100] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
end: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
end: [....31] [ip4][..tcp] [.......10.8.0.1][36134] -> [..46.51.173.182][..443]
end: [....33] [ip4][..tcp] [.......10.8.0.1][36137] -> [..46.51.173.182][..443]
end: [....19] [ip4][..tcp] [.......10.8.0.1][36312] -> [.176.34.186.180][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
end: [....20] [ip4][..tcp] [.......10.8.0.1][36314] -> [.176.34.186.180][..443]
end: [....21] [ip4][..tcp] [.......10.8.0.1][36316] -> [.176.34.186.180][..443]
guessed: [....29] [ip4][..tcp] [.......10.8.0.1][43089] -> [..200.160.4.198][..443] [TLS][Web][Safe]
end: [....29] [ip4][..tcp] [.......10.8.0.1][43089] -> [..200.160.4.198][..443]
end: [....14] [ip4][..tcp] [.......10.8.0.1][39010] -> [..52.17.114.219][..443]
idle: [.....7] [ip4][..tcp] [.......10.8.0.1][36585] -> [.173.194.118.48][..443] [TLS.Google][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
end: [....18] [ip4][..tcp] [.......10.8.0.1][39021] -> [..52.17.114.219][..443] [TLS.Waze][Web][Acceptable]
RISK: Obsolete TLS (v1.1 or older)
end: [....11] [ip4][..tcp] [.......10.8.0.1][51049] -> [.176.34.103.105][..443]
end: [....12] [ip4][..tcp] [.......10.8.0.1][51050] -> [.176.34.103.105][..443]
end: [....13] [ip4][..tcp] [.......10.8.0.1][51051] -> [.176.34.103.105][..443]
guessed: [....24] [ip4][..tcp] [...10.16.37.157][41823] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable]
end: [....24] [ip4][..tcp] [...10.16.37.157][41823] -> [...200.160.4.49][...80]
guessed: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80] [HTTP][Web][Acceptable]
end: [....22] [ip4][..tcp] [...10.16.37.157][43991] -> [...200.160.4.31][...80]
guessed: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable]
end: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80]
end: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Download][Acceptable]
RISK: Binary App Transfer
guessed: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable]
end: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80]
guessed: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [TLS][Web][Safe]
end: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443]
idle: [.....2] [ip4][..udp] [.......10.8.0.1][46214] -> [..200.89.75.198][..123] [NTP][System][Acceptable]
guessed: [....27] [ip4][..tcp] [...10.16.37.157][52746] -> [...200.160.4.49][...80] [HTTP][Web][Acceptable]
end: [....27] [ip4][..tcp] [...10.16.37.157][52746] -> [...200.160.4.49][...80]
not-detected: [.....1] [ip4][..tcp] [...10.16.37.157][42256] -> [..174.37.231.81][.5222] [Unknown][Unrated]
end: [.....1] [ip4][..tcp] [...10.16.37.157][42256] -> [..174.37.231.81][.5222]
DAEMON-EVENT: shutdown
|