scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-10-31 02:07:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed broken "not-detected" event/packet capture in captured example.

Browse Source 
* aligned it with influxd example

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2024-01-28 18:11:34 +01:00
parent a007a907da
commit 7368f222db
36 changed files with 2617 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
examples/c-captured/c-captured.c
View File

@@ -63,11 +63,12 @@ struct global_user_data
struct flow_user_data
{
uint8_t detection_finished;
uint8_t guessed;
uint8_t detected;
uint8_t risky;
uint8_t midstream;
uint8_t new_seen : 1;
uint8_t detection_finished : 1;
uint8_t guessed : 1;
uint8_t detected : 1;
uint8_t risky : 1;
uint8_t midstream : 1;
nDPIsrvd_ull flow_datalink;
nDPIsrvd_ull flow_max_packets;
nDPIsrvd_ull flow_tot_l4_payload_len;
@@ -523,7 +524,7 @@ static int packet_write_pcap_file(struct global_user_data const * const global_u
decode_base64(pd, pd_elt_dmp, NULL);
}
#ifdef VERBOSE
printf("packets dumped to %s\n", pcap_filename);
printf("packets dumped to %s\n", filename);
#endif
pcap_dump_close(pd);
pcap_close(p);
@@ -876,6 +877,8 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "new") != 0)
{
flow_user->new_seen = 1;
perror_ull(TOKEN_VALUE_TO_ULL(sock, TOKEN_GET_SZ(sock, "flow_datalink"), &flow_user->flow_datalink),
"flow_datalink");
perror_ull(TOKEN_VALUE_TO_ULL(sock, TOKEN_GET_SZ(sock, "flow_max_packets"), &flow_user->flow_max_packets),
@@ -887,14 +890,9 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
return CALLBACK_OK;
}
else if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "end") != 0)
else if (flow_user->new_seen == 0)
{
struct nDPIsrvd_json_token const * const ndpi_proto = TOKEN_GET_SZ(sock, "ndpi", "proto");
if (ndpi_proto != NULL)
{
flow_user->detected = 1;
}
return CALLBACK_OK;
}
else if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "guessed") != 0)
{
@@ -903,19 +901,16 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
else if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "not-detected") != 0)
{
flow_user->detected = 0;
flow_user->detection_finished = 1;
}
else if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "detected") != 0 ||
TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "detection-update") != 0 ||
TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "update") != 0)
TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "detection-update"))
{
struct nDPIsrvd_json_token const * const flow_risk = TOKEN_GET_SZ(sock, "ndpi", "flow_risk");
struct nDPIsrvd_json_token const * current = NULL;
int next_child_index = -1;
if (TOKEN_VALUE_EQUALS_SZ(sock, flow_event_name, "update") == 0)
{
flow_user->detected = 1;
}
flow_user->detected = 1;
if (flow_risk != NULL)
{
@@ -926,7 +921,6 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
if (str_value_to_ull(TOKEN_GET_KEY(sock, current, NULL), &numeric_risk_value) == CONVERSION_OK &&
numeric_risk_value < NDPI_MAX_RISK && has_ndpi_risk(&process_risky, numeric_risk_value) != 0)
{
flow_user->detected = 1;
flow_user->risky = 1;
}
}
@@ -938,6 +932,11 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
(flow_user->detected == 0 && process_undetected != 0) || (flow_user->risky != 0 && process_risky != 0) ||
(flow_user->midstream != 0 && process_midstream != 0)))
{
if (flow_user->guessed != 0 && flow_user->detected != 0)
{
log_event(sock, flow, "BUG: guessed and detected at the same time");
}
if (logging_mode != 0)
{
if (flow_user->guessed != 0)
@@ -954,7 +953,7 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
{
if (capture_mode != 0)
{
logger(0, "Flow %llu: No packets captured.", flow->id_as_ull);
log_event(sock, flow, "No packets captured");
}
}
else if (capture_mode != 0)
@@ -965,15 +964,16 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
char pcap_filename[PATH_MAX];
if (flow_generate_pcap_filename(flow_user, pcap_filename, sizeof(pcap_filename)) == NULL)
{
logger(1, "%s", "Internal error. Could not generate PCAP filename, exit ..");
log_event(sock, flow, "Internal error. Could not generate PCAP filename, exit ..");
return CALLBACK_ERROR;
}
#ifdef VERBOSE
printf("Flow %llu saved to %s\n", flow->id_as_ull, pcap_filename);
#endif
errno = 0;
if (flow_write_pcap_file(flow_user, pcap_filename) != 0)
{
logger(1, "Could not dump packet data to pcap file %s", pcap_filename);
logger(1, "Could not dump packet data to pcap file %s: %s", pcap_filename, strerror(errno));
return CALLBACK_OK;
}
}
@@ -1318,12 +1318,12 @@ int main(int argc, char ** argv)
init_logging("nDPIsrvd-captured");
ndpisrvd_socket = nDPIsrvd_socket_init(sizeof(struct global_user_data),
0,
0,
sizeof(struct flow_user_data),
captured_json_callback,
NULL,
captured_flow_cleanup_callback);
0,
0,
sizeof(struct flow_user_data),
captured_json_callback,
NULL,
captured_flow_cleanup_callback);
if (ndpisrvd_socket == NULL)
{
fprintf(stderr, "%s: nDPIsrvd socket memory allocation failed!\n", argv[0]);

2
test/results/flow-captured/caches_cfg/teams.pcap.out
View File

@@ -13,6 +13,8 @@ Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443
Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443
Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434
Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434
Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016

14
test/results/flow-captured/default/1kxun.pcap.out
View File

@@ -10,18 +10,32 @@ Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678
Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138
Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
Flow 45 risky: tcp 192.168.5.16:53623 -> 192.168.115.75:443
Flow 87 risky: tcp 192.168.5.16:53625 -> 192.168.115.75:443
Flow 107 risky: tcp 192.168.5.16:53626 -> 192.168.115.75:443
Flow 117 risky: tcp 192.168.5.16:53629 -> 192.168.115.75:443
Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678
Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678
Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678
Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678
Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
Flow 86 not-detected: udp 59.120.208.212:32768 -> 255.255.255.255:1947
Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80
Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80
Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80

2
test/results/flow-captured/default/6in6tunnel.pcap.out
View File

@@ -0,0 +1,2 @@
Flow 1 not-detected: 41 2001:4f8:4:7:2e0:81ff:fe52:ffff -> 2001:4f8:4:7:2e0:81ff:fe52:9a6b
Flow 2 not-detected: 41 feed::beef -> feed::cafe

3
test/results/flow-captured/default/anyconnect-vpn.pcap.out
View File

@@ -15,5 +15,8 @@ Flow 44 risky: tcp 10.0.0.227:56886 -> 17.57.144.116:5223
Flow 44 midstream: tcp 10.0.0.227:56886 -> 17.57.144.116:5223
Flow 15 risky: tcp 10.0.0.227:56919 -> 8.37.102.91:443
Flow 38 risky: tcp 10.0.0.227:56929 -> 8.37.102.91:443
Flow 40 not-detected: tcp 10.0.0.227:56866 -> 10.0.0.151:8060
Flow 40 midstream: tcp 10.0.0.227:56866 -> 10.0.0.151:8060
Flow 62 risky: tcp 10.0.0.227:56954 -> 10.0.0.149:8008
Flow 63 risky: tcp 10.0.0.227:56955 -> 10.0.0.151:8060
Flow 60 not-detected: udp 10.0.0.227:52595 -> 10.0.0.1:192

3
test/results/flow-captured/default/custom_rules_ipv6.pcapng.out
View File

@@ -0,0 +1,3 @@
Flow 1 not-detected: udp 3ffe:507::1:200:86ff:fe05:80da:21554 -> 3ffe:501:4819::42:5333
Flow 4 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12718 -> ff02::1:26993
Flow 5 not-detected: udp fe80::76ac:b9ff:fe6c:c124:12717 -> ff02::1:64315

2
test/results/flow-captured/default/custom_rules_same-ip_multiple_ports.pcapng.out
View File

@@ -0,0 +1,2 @@
Flow 3 not-detected: tcp 192.168.1.245:58288 -> 3.3.3.3:446
Flow 2 not-detected: tcp 192.168.1.245:59682 -> 3.3.3.3:444

1
test/results/flow-captured/default/ftp.pcap.out
View File

@@ -1,2 +1,3 @@
Flow 1 risky: tcp 192.168.1.212:50694 -> 90.130.70.73:21
Flow 3 not-detected: tcp 192.168.1.212:50696 -> 90.130.70.73:24523
Flow 2 risky: tcp 192.168.1.212:50695 -> 90.130.70.73:25685

44
test/results/flow-captured/default/fuzz-2006-06-26-2594.pcap.out
View File

@@ -1,25 +1,69 @@
Flow 17 risky: udp 192.168.1.2:138 -> 192.168.1.251:138
Flow 22 risky: udp 192.168.1.2:2719 -> 192.168.1.1:53
Flow 41 not-detected: tcp 192.168.1.2:2721 -> 147.234.1.253:58999
Flow 41 midstream: tcp 192.168.1.2:2721 -> 147.234.1.253:58999
Flow 9 not-detected: udp 192.168.1.2:2597 -> 192.168.1.1:29440
Flow 5 not-detected: udp 192.168.1.2:2712 -> 192.168.1.1:49973
Flow 15 not-detected: udp 192.168.1.1:9587 -> 192.168.1.2:156
Flow 47 not-detected: udp 192.168.1.2:2724 -> 192.168.1.1:9587
Flow 55 not-detected: udp 192.168.1.2:43690 -> 192.170.170.170:43690
Flow 91 risky: udp 192.168.1.2:5060 -> 200.68.120.81:5060
Flow 97 risky: udp 192.168.1.1:53 -> 192.168.1.2:2751
Flow 100 risky: udp 192.168.1.2:4901 -> 200.68.120.81:29440
Flow 78 not-detected: udp 192.168.1.2:2730 -> 192.168.1.1:43690
Flow 111 risky: udp 192.168.1.2:2757 -> 192.168.1.1:53
Flow 82 not-detected: udp 192.168.1.170:43690 -> 170.170.170.170:43690
Flow 122 risky: udp 192.168.1.1:53 -> 192.168.1.2:2763
Flow 123 risky: udp 192.168.1.2:2764 -> 192.168.1.1:53
Flow 126 risky: udp 192.168.1.1:53 -> 192.168.1.2:2765
Flow 141 risky: udp 192.168.1.2:138 -> 192.168.1.255:138
Flow 124 not-detected: udp 192.168.1.2:43690 -> 170.170.170.170:43690
Flow 147 risky: udp 192.168.1.2:2775 -> 192.168.1.1:53
Flow 58 not-detected: 120 192.168.1.2 -> 212.242.33.35
Flow 133 not-detected: udp 94.168.1.2:2768 -> 192.168.1.1:4
Flow 135 not-detected: udp 192.168.1.1:117 -> 192.168.1.2:2769
Flow 177 risky: udp 192.168.1.1:53 -> 240.168.1.2:2792
Flow 162 not-detected: udp 212.242.33.35:9587 -> 192.168.1.2:196
Flow 85 not-detected: 240 192.168.1.2 -> 192.168.1.1
Flow 173 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690
Flow 107 not-detected: 118 192.168.1.2 -> 200.68.120.81
Flow 180 risky: udp 192.168.1.41:138 -> 192.168.1.255:138
Flow 190 risky: udp 192.168.1.2:2793 -> 192.168.1.1:53
Flow 193 risky: udp 192.168.1.2:2794 -> 192.168.1.1:53
Flow 192 risky: udp 192.168.1.2:2795 -> 192.168.1.1:53
Flow 197 risky: udp 192.168.1.2:2797 -> 192.168.1.1:53
Flow 186 not-detected: udp 192.168.1.2:43690 -> 192.168.170.170:43690
Flow 204 risky: udp 192.168.1.2:2801 -> 192.168.1.1:53
Flow 136 not-detected: 127 192.168.1.2 -> 192.168.1.1
Flow 214 risky: udp 192.168.1.1:53 -> 192.168.1.2:2807
Flow 195 not-detected: udp 192.168.170.170:43690 -> 170.170.170.170:43690
Flow 149 not-detected: 0 192.168.1.2 -> 192.168.1.255
Flow 203 not-detected: udp 192.168.1.2:2800 -> 192.168.1.1:21
Flow 230 risky: udp 192.168.1.2:2815 -> 192.168.1.1:53
Flow 157 not-detected: 19 192.168.1.2 -> 192.168.1.1
Flow 117 not-detected: 37 192.168.1.1 -> 192.168.1.2
Flow 211 not-detected: udp 192.168.1.2:2805 -> 192.168.1.1:51
Flow 215 not-detected: udp 192.168.1.2:2808 -> 192.168.1.1:38709
Flow 166 not-detected: 0 192.168.1.1 -> 192.168.1.2
Flow 243 risky: udp 192.168.1.2:138 -> 192.168.1.255:138
Flow 244 risky: udp 192.168.1.2:2826 -> 192.168.1.1:53
Flow 33 not-detected: tcp 147.234.1.253:1045 -> 192.168.1.2:2720
Flow 33 midstream: tcp 147.234.1.253:1045 -> 192.168.1.2:2720
Flow 29 not-detected: tcp 147.234.1.170:43690 -> 170.170.170.170:43690
Flow 205 not-detected: 0 192.168.1.2 -> 212.242.33.35
Flow 249 risky: udp 192.168.1.1:53 -> 192.168.1.2:2572
Flow 42 not-detected: tcp 147.234.1.253:58999 -> 192.232.1.2:2721
Flow 42 midstream: tcp 147.234.1.253:58999 -> 192.232.1.2:2721
Flow 39 not-detected: tcp 192.168.1.6:2721 -> 147.234.1.253:58999
Flow 254 risky: udp 192.168.1.2:2830 -> 192.168.1.1:53
Flow 40 not-detected: tcp 37.115.0.253:58999 -> 192.168.1.2:2721
Flow 37 not-detected: 170 170.170.170.170 -> 170.170.170.170
Flow 30 not-detected: tcp 147.234.1.249:2069 -> 192.168.1.2:2720
Flow 30 midstream: tcp 147.234.1.249:2069 -> 192.168.1.2:2720
Flow 32 midstream: tcp 147.234.1.253:21 -> 192.168.1.2:2732
Flow 237 not-detected: udp 81.168.1.2:30000 -> 212.242.33.36:40392
Flow 28 not-detected: tcp 147.234.1.253:120 -> 192.168.1.2:2720
Flow 28 midstream: tcp 147.234.1.253:120 -> 192.168.1.2:2720
Flow 233 not-detected: udp 192.168.1.3:30000 -> 212.242.33.36:40392
Flow 236 not-detected: udp 192.168.1.2:30000 -> 214.242.33.36:40392
Flow 234 not-detected: udp 192.168.1.2:30000 -> 37.115.0.36:40392

5
test/results/flow-captured/default/fuzz-2006-09-29-28586.pcap.out
View File

@@ -1,6 +1,11 @@
Flow 34 risky: tcp 172.20.3.13:53136 -> 172.20.3.5:80
Flow 34 midstream: tcp 172.20.3.13:53136 -> 172.20.3.5:80
Flow 39 not-detected: 115 172.20.3.13 -> 172.20.3.5
Flow 24 not-detected: tcp 170.170.170.170:43690 -> 170.170.170.170:43690
Flow 11 risky: tcp 172.20.3.5:2602 -> 172.20.3.13:80
Flow 11 midstream: tcp 172.20.3.5:2602 -> 172.20.3.13:80
Flow 3 not-detected: tcp 172.20.3.13:81 -> 172.20.3.5:2601
Flow 3 midstream: tcp 172.20.3.13:81 -> 172.20.3.5:2601
Flow 18 risky: tcp 172.20.3.5:2604 -> 172.20.3.13:80
Flow 27 risky: tcp 172.20.3.5:2606 -> 172.20.3.13:80
Flow 10 not-detected: 170 170.170.170.170 -> 170.170.170.170

19
test/results/flow-captured/default/fuzz-2020-02-16-11740.pcap.out
View File

@@ -0,0 +1,19 @@
Flow 4 not-detected: udp 10.12.64.30:29200 -> 198.226.25.53:1796
Flow 6 not-detected: udp 198.226.25.53:30764 -> 10.12.64.30:12344
Flow 10 not-detected: udp 198.226.25.53:309 -> 10.12.64.30:12339
Flow 7 not-detected: udp 198.226.170.170:43690 -> 170.170.170.170:43690
Flow 13 not-detected: udp 198.162.25.53:1810 -> 10.12.64.30:29200
Flow 11 not-detected: udp 170.170.170.170:43690 -> 170.170.170.170:43690
Flow 25 not-detected: udp 198.226.25.53:1895 -> 10.12.64.30:29200
Flow 17 not-detected: 88 198.226.25.53 -> 10.12.64.30
Flow 18 not-detected: 254 10.12.64.30 -> 198.226.25.53
Flow 23 not-detected: 85 198.226.25.62 -> 10.12.64.30
Flow 43 not-detected: udp 198.226.25.53:1965 -> 10.12.64.30:29200
Flow 47 not-detected: udp 198.226.25.53:43690 -> 10.12.170.170:43690
Flow 44 not-detected: 0 10.12.64.30 -> 198.226.25.53
Flow 64 not-detected: udp 198.226.25.53:3860 -> 14.12.64.30:29200
Flow 68 not-detected: udp 198.226.25.53:43028 -> 10.12.64.30:29200
Flow 40 not-detected: 170 170.170.170.170 -> 170.170.170.170
Flow 74 not-detected: udp 198.226.25.53:1814 -> 10.12.64.30:29200
Flow 75 not-detected: udp 57.12.64.30:29200 -> 198.226.25.53:28948
Flow 79 not-detected: 37 198.226.25.53 -> 10.12.64.30

399
test/results/flow-captured/default/gnutella.pcap.out
View File

@@ -187,9 +187,13 @@ Flow 77 risky: tcp 10.0.2.15:50236 -> 93.29.135.209:6346
Flow 73 risky: tcp 10.0.2.15:50232 -> 182.155.242.225:15068
Flow 67 risky: tcp 10.0.2.15:50226 -> 116.241.162.162:15677
Flow 119 risky: tcp 10.0.2.15:50250 -> 27.94.154.53:6346
Flow 42 not-detected: tcp 10.0.2.15:50202 -> 61.238.173.128:57648
Flow 36 risky: tcp 10.0.2.15:50197 -> 118.168.15.71:3931
Flow 121 risky: tcp 10.0.2.15:50252 -> 123.202.31.113:19768
Flow 63 not-detected: tcp 10.0.2.15:50222 -> 119.14.143.237:6523
Flow 61 not-detected: tcp 10.0.2.15:50220 -> 36.233.196.226:3820
Flow 43 risky: tcp 10.0.2.15:50203 -> 61.222.160.99:18994
Flow 69 not-detected: tcp 10.0.2.15:50228 -> 111.241.31.96:14384
Flow 122 risky: tcp 10.0.2.15:50253 -> 103.232.107.100:43508
Flow 38 risky: tcp 10.0.2.15:50199 -> 47.147.52.21:36728
Flow 51 risky: tcp 10.0.2.15:50211 -> 14.199.10.60:23458
@@ -204,14 +208,17 @@ Flow 289 risky: tcp 10.0.2.15:50313 -> 96.65.68.194:35481
Flow 223 risky: tcp 10.0.2.15:50269 -> 218.103.139.2:3186
Flow 148 risky: tcp 10.0.2.15:50261 -> 156.57.42.2:33476
Flow 280 risky: tcp 10.0.2.15:50304 -> 85.168.34.105:39908
Flow 143 not-detected: tcp 10.0.2.15:50256 -> 36.233.201.161:2886
Flow 285 risky: tcp 10.0.2.15:50309 -> 60.241.48.194:21301
Flow 283 risky: tcp 10.0.2.15:50307 -> 176.99.176.20:6346
Flow 149 risky: tcp 10.0.2.15:50262 -> 80.61.221.246:30577
Flow 295 risky: tcp 10.0.2.15:50319 -> 185.187.74.173:53489
Flow 298 risky: tcp 10.0.2.15:50322 -> 164.132.10.25:55302
Flow 237 not-detected: tcp 10.0.2.15:50283 -> 51.68.153.214:35004
Flow 269 risky: tcp 10.0.2.15:50293 -> 97.83.183.148:8890
Flow 296 risky: tcp 10.0.2.15:50320 -> 194.163.180.126:10825
Flow 284 risky: tcp 10.0.2.15:50308 -> 193.37.255.130:61616
Flow 153 not-detected: tcp 10.0.2.15:50266 -> 219.70.175.103:4315
Flow 37 risky: tcp 10.0.2.15:50198 -> 86.129.196.84:9915
Flow 287 risky: tcp 10.0.2.15:50311 -> 149.28.163.175:49956
Flow 291 risky: tcp 10.0.2.15:50315 -> 45.31.152.112:26851
@@ -241,6 +248,11 @@ Flow 364 risky: udp 10.0.2.15:28681 -> 194.163.180.126:10825
Flow 367 risky: udp 10.0.2.15:28681 -> 149.28.163.175:49956
Flow 267 risky: tcp 10.0.2.15:50291 -> 200.7.155.210:28365
Flow 345 risky: tcp 10.0.2.15:50330 -> 69.118.162.229:46906
Flow 220 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:9239
Flow 31 not-detected: tcp 10.0.2.15:50193 -> 89.75.52.19:46010
Flow 28 not-detected: tcp 10.0.2.15:50190 -> 80.140.63.147:29545
Flow 30 not-detected: tcp 10.0.2.15:50192 -> 45.65.87.24:16201
Flow 29 not-detected: tcp 10.0.2.15:50191 -> 207.38.163.228:6778
Flow 371 risky: udp 10.0.2.15:28681 -> 109.131.202.24:44748
Flow 370 risky: udp 10.0.2.15:28681 -> 91.172.56.198:11984
Flow 374 risky: udp 10.0.2.15:28681 -> 62.35.190.5:18604
@@ -302,6 +314,8 @@ Flow 489 risky: udp 10.0.2.15:28681 -> 108.44.45.25:6346
Flow 487 risky: udp 10.0.2.15:28681 -> 24.78.134.188:49046
Flow 491 risky: udp 10.0.2.15:28681 -> 36.233.42.210:5512
Flow 492 risky: udp 10.0.2.15:28681 -> 172.94.41.71:6346
Flow 90 not-detected: tcp 10.0.2.15:50245 -> 73.62.225.181:46843
Flow 300 not-detected: udp 10.0.2.15:28681 -> 104.238.172.250:23548
Flow 509 risky: udp 10.0.2.15:28681 -> 92.142.109.190:41370
Flow 511 risky: udp 10.0.2.15:28681 -> 68.47.223.27:6346
Flow 496 risky: udp 10.0.2.15:28681 -> 218.173.230.98:19004
@@ -328,21 +342,318 @@ Flow 519 risky: udp 10.0.2.15:28681 -> 219.70.48.23:8070
Flow 510 risky: udp 10.0.2.15:28681 -> 79.94.85.113:6346
Flow 497 risky: udp 10.0.2.15:28681 -> 84.100.76.123:39628
Flow 515 risky: udp 10.0.2.15:28681 -> 220.137.106.173:11625
Flow 301 not-detected: udp 10.0.2.15:28681 -> 188.61.52.183:11852
Flow 243 not-detected: udp 10.0.2.15:28681 -> 104.156.226.72:53258
Flow 242 not-detected: udp 10.0.2.15:28681 -> 75.133.101.93:52367
Flow 750 risky: udp 10.0.2.15:28681 -> 67.193.8.52:38584
Flow 752 risky: udp 10.0.2.15:28681 -> 78.231.73.14:6346
Flow 748 risky: udp 10.0.2.15:28681 -> 92.8.59.80:35192
Flow 751 risky: udp 10.0.2.15:28681 -> 142.115.218.152:5900
Flow 749 risky: udp 10.0.2.15:28681 -> 78.159.27.22:17563
Flow 753 risky: udp 10.0.2.15:28681 -> 165.84.140.96:14400
Flow 369 not-detected: udp 10.0.2.15:28681 -> 89.187.171.240:6346
Flow 755 risky: udp 10.0.2.15:28681 -> 83.134.107.32:38836
Flow 756 risky: udp 10.0.2.15:28681 -> 41.100.68.255:12838
Flow 398 not-detected: udp 10.0.2.15:28681 -> 62.102.148.166:31332
Flow 392 not-detected: udp 10.0.2.15:28681 -> 42.0.69.215:12608
Flow 304 not-detected: udp 10.0.2.15:28681 -> 193.32.126.214:59596
Flow 389 not-detected: udp 10.0.2.15:28681 -> 94.215.183.71:31310
Flow 385 not-detected: udp 10.0.2.15:28681 -> 66.223.143.31:47978
Flow 399 not-detected: udp 10.0.2.15:28681 -> 175.39.219.223:31728
Flow 303 not-detected: udp 10.0.2.15:28681 -> 142.132.165.13:30566
Flow 395 not-detected: udp 10.0.2.15:28681 -> 191.114.88.39:18751
Flow 387 not-detected: udp 10.0.2.15:28681 -> 220.135.8.7:1219
Flow 390 not-detected: udp 10.0.2.15:28681 -> 144.134.132.206:16401
Flow 391 not-detected: udp 10.0.2.15:28681 -> 161.81.38.67:9539
Flow 397 not-detected: udp 10.0.2.15:28681 -> 80.7.252.192:24634
Flow 396 not-detected: udp 10.0.2.15:28681 -> 112.119.59.24:28755
Flow 483 not-detected: udp 10.0.2.2:1026 -> 10.0.2.15:28681
Flow 759 risky: udp 10.0.2.15:28681 -> 104.238.172.250:23548
Flow 757 risky: udp 10.0.2.15:28681 -> 104.156.226.72:53258
Flow 577 not-detected: udp 10.0.2.15:28681 -> 59.148.100.237:23459
Flow 586 not-detected: udp 10.0.2.15:28681 -> 221.124.66.33:13060
Flow 618 not-detected: udp 10.0.2.15:28681 -> 1.172.184.48:13281
Flow 377 not-detected: udp 10.0.2.15:28681 -> 180.200.236.13:12082
Flow 526 not-detected: udp 10.0.2.15:28681 -> 36.234.197.93:1483
Flow 669 not-detected: udp 10.0.2.15:28681 -> 218.164.200.235:2846
Flow 609 not-detected: udp 10.0.2.15:28681 -> 116.241.162.162:59016
Flow 690 not-detected: udp 10.0.2.15:28681 -> 61.18.212.223:50637
Flow 441 not-detected: udp 10.0.2.15:28681 -> 36.237.199.108:56040
Flow 700 not-detected: udp 10.0.2.15:28681 -> 91.206.27.26:6578
Flow 450 not-detected: udp 10.0.2.15:28681 -> 113.252.206.254:23458
Flow 592 not-detected: udp 10.0.2.15:28681 -> 1.36.249.91:7190
Flow 701 not-detected: udp 10.0.2.15:28681 -> 119.237.190.184:64163
Flow 479 not-detected: udp 10.0.2.15:28681 -> 123.205.13.148:51896
Flow 603 not-detected: udp 10.0.2.15:28681 -> 1.36.249.91:64577
Flow 394 not-detected: udp 10.0.2.15:28681 -> 165.84.134.136:21407
Flow 740 not-detected: udp 10.0.2.15:28681 -> 36.237.25.47:21293
Flow 646 not-detected: udp 10.0.2.15:28681 -> 36.237.10.152:21293
Flow 621 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3227
Flow 733 not-detected: udp 10.0.2.15:28681 -> 99.199.148.6:4338
Flow 597 not-detected: udp 10.0.2.15:28681 -> 36.236.203.37:52274
Flow 675 not-detected: udp 10.0.2.15:28681 -> 123.205.118.77:62191
Flow 738 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3256
Flow 628 not-detected: udp 10.0.2.15:28681 -> 45.65.87.24:16201
Flow 616 not-detected: udp 10.0.2.15:28681 -> 220.208.167.152:30628
Flow 596 not-detected: udp 10.0.2.15:28681 -> 61.18.212.223:58954
Flow 474 not-detected: udp 10.0.2.15:28681 -> 80.61.221.246:45880
Flow 713 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:51379
Flow 593 not-detected: udp 10.0.2.15:28681 -> 124.218.26.16:9747
Flow 571 not-detected: udp 10.0.2.15:28681 -> 114.40.163.123:55341
Flow 524 not-detected: udp 10.0.2.15:28681 -> 80.193.171.146:65362
Flow 642 not-detected: udp 10.0.2.15:28681 -> 220.39.142.122:6346
Flow 477 not-detected: udp 10.0.2.15:28681 -> 94.54.66.82:45640
Flow 444 not-detected: udp 10.0.2.15:28681 -> 122.117.100.78:9010
Flow 572 not-detected: udp 10.0.2.15:28681 -> 86.153.21.93:36696
Flow 478 not-detected: udp 10.0.2.15:28681 -> 36.235.85.44:64914
Flow 449 not-detected: udp 10.0.2.15:28681 -> 61.238.173.128:8826
Flow 649 not-detected: udp 10.0.2.15:28681 -> 122.117.100.78:56128
Flow 461 not-detected: udp 10.0.2.15:28681 -> 69.27.193.124:50555
Flow 520 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3339
Flow 335 not-detected: udp 10.0.2.15:28681 -> 14.200.255.229:37058
Flow 635 not-detected: udp 10.0.2.15:28681 -> 219.70.48.23:2556
Flow 636 not-detected: udp 10.0.2.15:28681 -> 80.193.171.146:53143
Flow 637 not-detected: udp 10.0.2.15:28681 -> 36.233.194.73:1995
Flow 676 not-detected: udp 10.0.2.15:28681 -> 1.64.208.110:55550
Flow 722 not-detected: udp 10.0.2.15:28681 -> 213.32.245.121:12333
Flow 578 not-detected: udp 10.0.2.15:28681 -> 77.205.243.44:46006
Flow 737 not-detected: udp 10.0.2.15:28681 -> 174.115.127.251:23897
Flow 584 not-detected: udp 10.0.2.15:28681 -> 80.193.171.146:18360
Flow 472 not-detected: udp 10.0.2.15:28681 -> 94.54.66.82:45744
Flow 471 not-detected: udp 10.0.2.15:28681 -> 80.7.252.192:43457
Flow 744 not-detected: udp 10.0.2.15:28681 -> 164.132.10.25:48250
Flow 707 not-detected: udp 10.0.2.15:28681 -> 183.179.14.31:64871
Flow 476 not-detected: udp 10.0.2.15:28681 -> 98.18.172.208:63172
Flow 381 not-detected: udp 10.0.2.15:28681 -> 77.58.211.52:3806
Flow 683 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:54459
Flow 386 not-detected: udp 10.0.2.15:28681 -> 85.172.10.90:40162
Flow 619 not-detected: udp 10.0.2.15:28681 -> 1.163.14.246:1630
Flow 691 not-detected: udp 10.0.2.15:28681 -> 61.93.150.146:62507
Flow 620 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:53516
Flow 667 not-detected: udp 10.0.2.15:28681 -> 223.18.211.177:18085
Flow 720 not-detected: udp 10.0.2.15:28681 -> 76.26.178.132:10053
Flow 443 not-detected: udp 10.0.2.15:28681 -> 183.179.14.31:54754
Flow 697 not-detected: udp 10.0.2.15:28681 -> 14.199.10.60:53906
Flow 622 not-detected: udp 10.0.2.15:28681 -> 36.234.18.166:61319
Flow 714 not-detected: udp 10.0.2.15:28681 -> 76.174.174.69:21358
Flow 614 not-detected: udp 10.0.2.15:28681 -> 123.205.118.77:60482
Flow 746 not-detected: udp 10.0.2.15:28681 -> 123.205.126.102:5193
Flow 606 not-detected: udp 10.0.2.15:28681 -> 149.28.163.175:42288
Flow 739 not-detected: udp 10.0.2.15:28681 -> 104.156.226.72:19814
Flow 587 not-detected: udp 10.0.2.15:28681 -> 94.134.154.158:54130
Flow 550 not-detected: udp 10.0.2.15:28681 -> 220.238.145.82:33527
Flow 688 not-detected: udp 10.0.2.15:28681 -> 114.36.234.196:11629
Flow 670 not-detected: udp 10.0.2.15:28681 -> 36.236.203.37:52669
Flow 598 not-detected: udp 10.0.2.15:28681 -> 1.172.184.48:1512
Flow 685 not-detected: udp 10.0.2.15:28681 -> 111.241.31.96:8349
Flow 721 not-detected: udp 10.0.2.15:28681 -> 123.203.72.224:9897
Flow 631 not-detected: udp 10.0.2.15:28681 -> 36.231.59.187:62234
Flow 591 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:53707
Flow 594 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7375
Flow 613 not-detected: udp 10.0.2.15:28681 -> 119.247.152.218:51920
Flow 617 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7380
Flow 582 not-detected: udp 10.0.2.15:28681 -> 223.16.83.5:10624
Flow 568 not-detected: udp 10.0.2.15:28681 -> 123.205.118.77:56562
Flow 446 not-detected: udp 10.0.2.15:28681 -> 61.70.199.107:60475
Flow 470 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:46790
Flow 623 not-detected: udp 10.0.2.15:28681 -> 210.209.249.84:24751
Flow 629 not-detected: udp 10.0.2.15:28681 -> 14.200.255.229:45710
Flow 692 not-detected: udp 10.0.2.15:28681 -> 76.110.153.177:40022
Flow 604 not-detected: udp 10.0.2.15:28681 -> 123.202.31.113:53291
Flow 718 not-detected: udp 10.0.2.15:28681 -> 218.102.208.175:9167
Flow 447 not-detected: udp 10.0.2.15:28681 -> 14.199.10.60:23458
Flow 451 not-detected: udp 10.0.2.15:28681 -> 218.35.66.21:22234
Flow 600 not-detected: udp 10.0.2.15:28681 -> 1.64.156.63:60092
Flow 645 not-detected: udp 10.0.2.15:28681 -> 59.104.173.5:49803
Flow 661 not-detected: udp 10.0.2.15:28681 -> 24.127.1.235:37814
Flow 626 not-detected: udp 10.0.2.15:28681 -> 59.104.173.5:49815
Flow 384 not-detected: udp 10.0.2.15:28681 -> 75.64.6.175:4743
Flow 378 not-detected: udp 10.0.2.15:28681 -> 118.241.204.61:43366
Flow 703 not-detected: udp 10.0.2.15:28681 -> 114.40.67.191:14971
Flow 656 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:54914
Flow 727 not-detected: udp 10.0.2.15:28681 -> 101.136.187.253:10914
Flow 456 not-detected: udp 10.0.2.15:28681 -> 89.241.112.255:14766
Flow 521 not-detected: udp 10.0.2.15:28681 -> 113.255.250.32:23458
Flow 375 not-detected: udp 10.0.2.15:28681 -> 73.182.136.42:27873
Flow 455 not-detected: udp 10.0.2.15:28681 -> 58.153.206.183:16919
Flow 453 not-detected: udp 10.0.2.15:28681 -> 74.127.26.138:3083
Flow 704 not-detected: udp 10.0.2.15:28681 -> 123.192.83.59:33513
Flow 641 not-detected: udp 10.0.2.15:28681 -> 36.233.199.103:2625
Flow 460 not-detected: udp 10.0.2.15:28681 -> 210.194.116.78:8342
Flow 717 not-detected: udp 10.0.2.15:28681 -> 79.191.58.38:48157
Flow 742 not-detected: udp 10.0.2.15:28681 -> 194.163.180.126:36780
Flow 454 not-detected: udp 10.0.2.15:28681 -> 223.16.121.156:23183
Flow 674 not-detected: udp 10.0.2.15:28681 -> 219.70.1.236:9369
Flow 672 not-detected: udp 10.0.2.15:28681 -> 223.16.83.5:4765
Flow 681 not-detected: udp 10.0.2.15:28681 -> 61.220.41.241:53072
Flow 640 not-detected: udp 10.0.2.15:28681 -> 1.36.249.91:65430
Flow 682 not-detected: udp 10.0.2.15:28681 -> 203.220.198.244:50896
Flow 679 not-detected: udp 10.0.2.15:28681 -> 113.252.83.132:57131
Flow 694 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:6514
Flow 469 not-detected: udp 10.0.2.15:28681 -> 87.123.54.234:47184
Flow 665 not-detected: udp 10.0.2.15:28681 -> 82.36.106.134:3927
Flow 660 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:6527
Flow 615 not-detected: udp 10.0.2.15:28681 -> 74.195.236.249:18557
Flow 716 not-detected: udp 10.0.2.15:28681 -> 98.249.190.8:25198
Flow 731 not-detected: udp 10.0.2.15:28681 -> 50.58.238.163:6564
Flow 388 not-detected: udp 10.0.2.15:28681 -> 121.7.145.36:33905
Flow 735 not-detected: udp 10.0.2.15:28681 -> 45.31.152.112:52420
Flow 747 not-detected: udp 10.0.2.15:28681 -> 50.58.238.163:6599
Flow 634 not-detected: udp 10.0.2.15:28681 -> 24.179.18.242:47329
Flow 527 not-detected: udp 10.0.2.15:28681 -> 42.72.149.140:37848
Flow 643 not-detected: udp 10.0.2.15:28681 -> 31.20.248.147:30706
Flow 711 not-detected: udp 10.0.2.15:28681 -> 220.129.86.65:49723
Flow 563 not-detected: udp 10.0.2.15:28681 -> 112.105.52.2:6831
Flow 639 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:7849
Flow 729 not-detected: udp 10.0.2.15:28681 -> 114.47.227.91:54463
Flow 732 not-detected: udp 10.0.2.15:28681 -> 85.168.34.105:39908
Flow 633 not-detected: udp 10.0.2.15:28681 -> 68.174.18.115:50679
Flow 607 not-detected: udp 10.0.2.15:28681 -> 111.241.31.96:4814
Flow 705 not-detected: udp 10.0.2.15:28681 -> 124.218.26.16:8658
Flow 698 not-detected: udp 10.0.2.15:28681 -> 70.81.219.111:19210
Flow 595 not-detected: udp 10.0.2.15:28681 -> 175.182.21.156:13732
Flow 723 not-detected: udp 10.0.2.15:28681 -> 175.39.219.223:13482
Flow 376 not-detected: udp 10.0.2.15:28681 -> 156.57.42.2:33476
Flow 673 not-detected: udp 10.0.2.15:28681 -> 125.59.215.249:14571
Flow 611 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:59384
Flow 724 not-detected: udp 10.0.2.15:28681 -> 1.65.217.224:9070
Flow 666 not-detected: udp 10.0.2.15:28681 -> 159.196.95.223:2003
Flow 644 not-detected: udp 10.0.2.15:28681 -> 173.22.22.94:34245
Flow 648 not-detected: udp 10.0.2.15:28681 -> 180.218.135.222:4548
Flow 579 not-detected: udp 10.0.2.15:28681 -> 223.16.170.108:23458
Flow 677 not-detected: udp 10.0.2.15:28681 -> 223.16.83.5:9128
Flow 706 not-detected: udp 10.0.2.15:28681 -> 218.164.200.235:1968
Flow 654 not-detected: udp 10.0.2.15:28681 -> 84.118.116.198:44616
Flow 725 not-detected: udp 10.0.2.15:28681 -> 219.91.30.216:61635
Flow 302 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:53489
Flow 668 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:64731
Flow 741 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:4364
Flow 696 not-detected: udp 10.0.2.15:28681 -> 188.165.203.190:55050
Flow 585 not-detected: udp 10.0.2.15:28681 -> 51.68.153.214:35004
Flow 686 not-detected: udp 10.0.2.15:28681 -> 119.14.143.237:13965
Flow 662 not-detected: udp 10.0.2.15:28681 -> 96.59.117.166:33192
Flow 602 not-detected: udp 10.0.2.15:28681 -> 123.203.72.224:53658
Flow 589 not-detected: udp 10.0.2.15:28681 -> 113.255.250.32:52647
Flow 653 not-detected: udp 10.0.2.15:28681 -> 82.12.1.136:6348
Flow 458 not-detected: udp 10.0.2.15:28681 -> 118.165.228.167:12201
Flow 525 not-detected: udp 10.0.2.15:28681 -> 113.255.250.32:52660
Flow 610 not-detected: udp 10.0.2.15:28681 -> 61.10.174.159:4841
Flow 734 not-detected: udp 10.0.2.15:28681 -> 113.252.91.201:4297
Flow 627 not-detected: udp 10.0.2.15:28681 -> 73.62.225.181:46843
Flow 380 not-detected: udp 10.0.2.15:28681 -> 83.86.49.195:12019
Flow 702 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10728
Flow 650 not-detected: udp 10.0.2.15:28681 -> 114.47.227.91:58856
Flow 581 not-detected: udp 10.0.2.15:28681 -> 58.115.108.10:4641
Flow 612 not-detected: udp 10.0.2.15:28681 -> 106.104.88.139:7423
Flow 583 not-detected: udp 10.0.2.15:28681 -> 87.75.180.80:35361
Flow 671 not-detected: udp 10.0.2.15:28681 -> 180.218.135.222:49867
Flow 574 not-detected: udp 10.0.2.15:28681 -> 223.17.132.18:23458
Flow 678 not-detected: udp 10.0.2.15:28681 -> 150.116.225.105:51438
Flow 715 not-detected: udp 10.0.2.15:28681 -> 219.71.72.88:58808
Flow 659 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10791
Flow 457 not-detected: udp 10.0.2.15:28681 -> 119.247.240.113:13867
Flow 564 not-detected: udp 10.0.2.15:28681 -> 61.222.160.99:53144
Flow 647 not-detected: udp 10.0.2.15:28681 -> 61.18.212.223:58290
Flow 699 not-detected: udp 10.0.2.15:28681 -> 77.222.213.44:26536
Flow 651 not-detected: udp 10.0.2.15:28681 -> 1.64.156.63:65023
Flow 658 not-detected: udp 10.0.2.15:28681 -> 119.14.143.237:8075
Flow 712 not-detected: udp 10.0.2.15:28681 -> 185.187.74.173:59978
Flow 657 not-detected: udp 10.0.2.15:28681 -> 61.222.160.99:53195
Flow 576 not-detected: udp 10.0.2.15:28681 -> 104.238.172.250:42925
Flow 570 not-detected: udp 10.0.2.15:28681 -> 97.83.183.148:8890
Flow 680 not-detected: udp 10.0.2.15:28681 -> 61.227.198.100:6910
Flow 566 not-detected: udp 10.0.2.15:28681 -> 58.176.62.40:52755
Flow 599 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:59875
Flow 601 not-detected: udp 10.0.2.15:28681 -> 113.255.200.161:65274
Flow 638 not-detected: udp 10.0.2.15:28681 -> 182.155.242.225:15068
Flow 463 not-detected: udp 10.0.2.15:28681 -> 200.7.155.210:28365
Flow 726 not-detected: udp 10.0.2.15:28681 -> 1.171.82.65:50072
Flow 452 not-detected: udp 10.0.2.15:28681 -> 68.227.193.37:27481
Flow 608 not-detected: udp 10.0.2.15:28681 -> 1.163.14.246:23461
Flow 736 not-detected: udp 10.0.2.15:28681 -> 118.166.252.163:14391
Flow 448 not-detected: udp 10.0.2.15:28681 -> 116.241.162.162:15677
Flow 549 not-detected: udp 10.0.2.15:28681 -> 84.211.151.48:11105
Flow 459 not-detected: udp 10.0.2.15:28681 -> 100.89.84.59:11603
Flow 625 not-detected: udp 10.0.2.15:28681 -> 113.252.206.254:49737
Flow 580 not-detected: udp 10.0.2.15:28681 -> 76.119.55.28:20347
Flow 624 not-detected: udp 10.0.2.15:28681 -> 61.238.173.128:57492
Flow 567 not-detected: udp 10.0.2.15:28681 -> 58.176.62.40:52889
Flow 684 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:54436
Flow 743 not-detected: udp 10.0.2.15:28681 -> 27.94.154.53:6346
Flow 730 not-detected: udp 10.0.2.15:28681 -> 124.217.188.105:62849
Flow 710 not-detected: udp 10.0.2.15:28681 -> 113.254.140.225:63637
Flow 709 not-detected: udp 10.0.2.15:28681 -> 223.16.121.156:3624
Flow 687 not-detected: udp 10.0.2.15:28681 -> 66.30.221.181:53454
Flow 445 not-detected: udp 10.0.2.15:28681 -> 118.165.153.100:4509
Flow 652 not-detected: udp 10.0.2.15:28681 -> 94.139.21.182:50110
Flow 569 not-detected: udp 10.0.2.15:28681 -> 73.89.249.8:50649
Flow 393 not-detected: udp 10.0.2.15:28681 -> 58.115.158.103:5110
Flow 464 not-detected: udp 10.0.2.15:28681 -> 101.128.66.8:34512
Flow 522 not-detected: udp 10.0.2.15:28681 -> 119.247.152.218:51153
Flow 480 not-detected: udp 10.0.2.15:28681 -> 112.119.74.26:65498
Flow 382 not-detected: udp 10.0.2.15:28681 -> 76.175.11.126:40958
Flow 590 not-detected: udp 10.0.2.15:28681 -> 95.10.205.67:48380
Flow 605 not-detected: udp 10.0.2.15:28681 -> 180.149.125.139:6578
Flow 689 not-detected: udp 10.0.2.15:28681 -> 1.65.217.224:3688
Flow 664 not-detected: udp 10.0.2.15:28681 -> 1.172.183.237:4983
Flow 708 not-detected: udp 10.0.2.15:28681 -> 124.244.68.65:51967
Flow 655 not-detected: udp 10.0.2.15:28681 -> 119.237.116.22:2566
Flow 728 not-detected: udp 10.0.2.15:28681 -> 112.10.134.44:19739
Flow 548 not-detected: udp 10.0.2.15:28681 -> 74.50.147.205:17735
Flow 632 not-detected: udp 10.0.2.15:28681 -> 188.149.2.44:20964
Flow 475 not-detected: udp 10.0.2.15:28681 -> 188.61.52.183:63978
Flow 473 not-detected: udp 10.0.2.15:28681 -> 142.132.165.13:33564
Flow 575 not-detected: udp 10.0.2.15:28681 -> 123.202.31.113:19768
Flow 588 not-detected: udp 10.0.2.15:28681 -> 219.70.175.103:4315
Flow 379 not-detected: udp 10.0.2.15:28681 -> 80.140.63.147:29545
Flow 719 not-detected: udp 10.0.2.15:28681 -> 219.85.11.85:10722
Flow 442 not-detected: udp 10.0.2.15:28681 -> 89.204.130.55:29545
Flow 630 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:3931
Flow 565 not-detected: udp 10.0.2.15:28681 -> 114.45.40.28:2656
Flow 523 not-detected: udp 10.0.2.15:28681 -> 1.162.138.200:24018
Flow 693 not-detected: udp 10.0.2.15:28681 -> 98.215.130.156:12405
Flow 760 risky: udp 10.0.2.15:138 -> 10.0.2.255:138
Flow 764 risky: udp 10.0.2.15:28681 -> 208.92.106.151:32476
Flow 762 risky: udp 10.0.2.15:28681 -> 86.75.43.182:43502
Flow 763 risky: udp 10.0.2.15:28681 -> 85.170.209.214:46210
Flow 761 risky: udp 10.0.2.15:28681 -> 195.132.75.56:56009
Flow 544 not-detected: udp 10.0.2.15:28681 -> 111.184.29.35:30582
Flow 533 not-detected: udp 10.0.2.15:28681 -> 36.229.185.60:6898
Flow 553 not-detected: udp 10.0.2.15:28681 -> 182.155.128.228:3259
Flow 546 not-detected: udp 10.0.2.15:28681 -> 38.142.119.234:49867
Flow 531 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:51497
Flow 534 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:54436
Flow 562 not-detected: udp 10.0.2.15:28681 -> 112.119.242.110:59879
Flow 542 not-detected: udp 10.0.2.15:28681 -> 218.103.139.2:51675
Flow 551 not-detected: udp 10.0.2.15:28681 -> 92.24.129.230:14766
Flow 555 not-detected: udp 10.0.2.15:28681 -> 124.218.26.16:20387
Flow 538 not-detected: udp 10.0.2.15:28681 -> 124.218.41.253:14339
Flow 536 not-detected: udp 10.0.2.15:28681 -> 118.167.222.160:56121
Flow 558 not-detected: udp 10.0.2.15:28681 -> 112.105.52.2:6466
Flow 556 not-detected: udp 10.0.2.15:28681 -> 59.104.173.5:49787
Flow 560 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:53883
Flow 559 not-detected: udp 10.0.2.15:28681 -> 113.252.86.162:55080
Flow 529 not-detected: udp 10.0.2.15:28681 -> 116.241.162.162:57929
Flow 539 not-detected: udp 10.0.2.15:28681 -> 119.14.143.237:7510
Flow 545 not-detected: udp 10.0.2.15:28681 -> 116.49.159.77:55915
Flow 663 not-detected: udp 10.0.2.15:28681 -> 50.58.238.163:6594
Flow 554 not-detected: udp 10.0.2.15:28681 -> 123.203.72.224:55577
Flow 528 not-detected: udp 10.0.2.15:28681 -> 118.168.15.71:58442
Flow 537 not-detected: udp 10.0.2.15:28681 -> 218.164.200.235:2034
Flow 535 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10655
Flow 532 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:10677
Flow 695 not-detected: udp 10.0.2.15:28681 -> 76.189.72.230:8161
Flow 552 not-detected: udp 10.0.2.15:28681 -> 218.250.6.59:60012
Flow 543 not-detected: udp 10.0.2.15:28681 -> 114.39.159.60:56896
Flow 557 not-detected: udp 10.0.2.15:28681 -> 61.222.160.99:53163
Flow 561 not-detected: udp 10.0.2.15:28681 -> 61.238.173.128:57466
Flow 541 not-detected: udp 10.0.2.15:28681 -> 114.27.24.95:11141
Flow 547 not-detected: udp 10.0.2.15:28681 -> 213.229.111.224:43316
Flow 530 not-detected: udp 10.0.2.15:28681 -> 118.167.248.220:59304
Flow 540 not-detected: udp 10.0.2.15:28681 -> 36.236.203.37:52131
Flow 754 not-detected: udp 10.0.2.15:28681 -> 84.125.218.84:17561
Flow 573 not-detected: udp 10.0.2.15:28681 -> 71.239.173.18:23327
Flow 383 not-detected: udp 10.0.2.15:28681 -> 84.71.243.60:34498
Flow 787 risky: udp 10.0.2.15:28681 -> 220.133.122.217:23458
Flow 793 risky: udp 10.0.2.15:28681 -> 123.205.126.102:5193
Flow 792 risky: udp 10.0.2.15:28681 -> 36.239.213.146:21750
@@ -352,7 +663,95 @@ Flow 789 risky: udp 10.0.2.15:28681 -> 42.98.115.128:23458
Flow 790 risky: udp 10.0.2.15:28681 -> 218.164.39.233:20855
Flow 785 risky: udp 10.0.2.15:28681 -> 176.134.139.39:6346
Flow 791 risky: udp 10.0.2.15:28681 -> 219.85.11.85:10722
Flow 52 not-detected: tcp 10.0.2.15:50212 -> 95.17.124.40:6776
Flow 777 not-detected: udp 10.0.2.15:28681 -> 124.244.211.43:23459
Flow 245 not-detected: tcp 10.0.2.15:50289 -> 74.195.236.249:18557
Flow 776 not-detected: udp 10.0.2.15:28681 -> 219.85.10.83:8797
Flow 227 not-detected: tcp 10.0.2.15:50273 -> 24.179.18.242:47329
Flow 767 not-detected: udp 10.0.2.15:28681 -> 45.65.87.24:16201
Flow 72 not-detected: tcp 10.0.2.15:50231 -> 76.68.138.207:45079
Flow 228 not-detected: tcp 10.0.2.15:50274 -> 68.174.18.115:50679
Flow 778 not-detected: udp 10.0.2.15:28681 -> 122.117.100.78:9010
Flow 773 not-detected: udp 10.0.2.15:28681 -> 86.153.21.93:36696
Flow 779 not-detected: udp 10.0.2.15:28681 -> 1.65.217.224:18381
Flow 768 not-detected: udp 10.0.2.15:28681 -> 14.200.255.229:37058
Flow 765 not-detected: udp 10.0.2.15:28681 -> 213.229.111.224:4876
Flow 75 not-detected: tcp 10.0.2.15:50234 -> 66.189.28.17:16269
Flow 240 not-detected: tcp 10.0.2.15:50286 -> 84.118.116.198:44616
Flow 74 not-detected: tcp 10.0.2.15:50233 -> 1.163.14.246:12854
Flow 152 not-detected: tcp 10.0.2.15:50265 -> 113.255.250.32:52647
Flow 796 risky: udp 10.0.2.15:28681 -> 41.249.63.200:22582
Flow 233 not-detected: tcp 10.0.2.15:50279 -> 113.252.91.201:4297
Flow 123 not-detected: tcp 10.0.2.15:50254 -> 24.78.134.188:49046
Flow 333 risky: tcp 10.0.2.15:50327 -> 69.118.162.229:46906
Flow 64 not-detected: tcp 10.0.2.15:50223 -> 118.167.248.220:63108
Flow 59 not-detected: tcp 10.0.2.15:50218 -> 90.103.247.94:59045
Flow 49 not-detected: tcp 10.0.2.15:50209 -> 113.252.206.254:49587
Flow 65 not-detected: tcp 10.0.2.15:50224 -> 78.125.63.97:6346
Flow 68 not-detected: tcp 10.0.2.15:50227 -> 111.246.157.94:51175
Flow 56 not-detected: tcp 10.0.2.15:50215 -> 124.244.64.237:4704
Flow 71 not-detected: tcp 10.0.2.15:50230 -> 73.3.103.37:17296
Flow 244 not-detected: tcp 10.0.2.15:50288 -> 76.119.55.28:20347
Flow 47 not-detected: tcp 10.0.2.15:50207 -> 90.78.171.204:6346
Flow 281 not-detected: tcp 10.0.2.15:50305 -> 94.54.66.82:63637
Flow 48 not-detected: tcp 10.0.2.15:50208 -> 119.237.116.22:8683
Flow 266 not-detected: tcp 10.0.2.15:50290 -> 73.89.249.8:50649
Flow 78 not-detected: tcp 10.0.2.15:50237 -> 88.123.202.175:37910
Flow 151 not-detected: tcp 10.0.2.15:50264 -> 95.10.205.67:48380
Flow 89 not-detected: tcp 10.0.2.15:50244 -> 188.61.52.183:63978
Flow 92 not-detected: tcp 10.0.2.15:50247 -> 66.30.221.181:51560
Flow 784 not-detected: udp 10.0.2.15:28681 -> 23.19.141.110:6346
Flow 774 not-detected: udp 10.0.2.15:28681 -> 50.58.238.149:6599
Flow 268 not-detected: tcp 10.0.2.15:50292 -> 95.10.205.67:11603
Flow 84 not-detected: tcp 10.0.2.15:50243 -> 176.138.129.252:27962
Flow 142 not-detected: tcp 10.0.2.15:50255 -> 36.236.203.37:52165
Flow 241 not-detected: tcp 10.0.2.15:50287 -> 98.215.130.156:12405
Flow 236 not-detected: tcp 10.0.2.15:50282 -> 221.124.66.33:13060
Flow 226 not-detected: tcp 10.0.2.15:50272 -> 1.172.184.48:13298
Flow 225 not-detected: tcp 10.0.2.15:50271 -> 218.164.198.27:60202
Flow 224 not-detected: tcp 10.0.2.15:50270 -> 114.27.24.95:11427
Flow 145 not-detected: tcp 10.0.2.15:50258 -> 122.100.216.210:7097
Flow 147 not-detected: tcp 10.0.2.15:50260 -> 113.255.200.161:51394
Flow 81 not-detected: tcp 10.0.2.15:50240 -> 36.237.10.152:21293
Flow 57 not-detected: tcp 10.0.2.15:50216 -> 182.155.128.228:3256
Flow 44 not-detected: tcp 10.0.2.15:50204 -> 124.218.26.16:9728
Flow 771 not-detected: udp 10.0.2.15:28681 -> 202.27.193.6:6346
Flow 234 not-detected: tcp 10.0.2.15:50280 -> 99.199.148.6:4338
Flow 229 not-detected: tcp 10.0.2.15:50275 -> 122.117.100.78:9010
Flow 781 not-detected: udp 10.0.2.15:28681 -> 112.105.52.2:23458
Flow 782 not-detected: udp 10.0.2.15:28681 -> 65.182.231.232:7890
Flow 39 not-detected: tcp 10.0.2.15:50200 -> 176.128.217.128:45194
Flow 769 not-detected: udp 10.0.2.15:28681 -> 123.110.61.169:11973
Flow 53 not-detected: tcp 10.0.2.15:50213 -> 85.117.153.7:50138
Flow 82 not-detected: tcp 10.0.2.15:50241 -> 98.18.172.208:63172
Flow 297 not-detected: tcp 10.0.2.15:50321 -> 213.229.111.224:4876
Flow 775 not-detected: udp 10.0.2.15:28681 -> 223.17.132.18:23458
Flow 79 not-detected: tcp 10.0.2.15:50238 -> 124.218.41.253:59144
Flow 230 not-detected: tcp 10.0.2.15:50276 -> 96.246.156.126:56070
Flow 70 not-detected: tcp 10.0.2.15:50229 -> 1.36.249.91:64920
Flow 795 risky: udp 10.0.2.15:28681 -> 213.120.26.86:29946
Flow 33 not-detected: tcp 10.0.2.15:50195 -> 162.157.143.201:29762
Flow 91 not-detected: tcp 10.0.2.15:50246 -> 80.7.252.192:45685
Flow 50 not-detected: tcp 10.0.2.15:50210 -> 36.234.18.166:61404
Flow 45 not-detected: tcp 10.0.2.15:50205 -> 114.46.139.171:52120
Flow 772 not-detected: udp 10.0.2.15:28681 -> 73.192.231.237:9676
Flow 770 not-detected: udp 10.0.2.15:28681 -> 97.83.183.148:8890
Flow 235 not-detected: tcp 10.0.2.15:50281 -> 94.134.154.158:54130
Flow 60 not-detected: tcp 10.0.2.15:50219 -> 193.121.165.12:55376
Flow 334 risky: tcp 10.0.2.15:50328 -> 189.147.72.83:26108
Flow 80 not-detected: tcp 10.0.2.15:50239 -> 112.105.52.2:6384
Flow 232 not-detected: tcp 10.0.2.15:50278 -> 36.231.59.187:62234
Flow 766 not-detected: udp 10.0.2.15:28681 -> 76.119.55.28:20347
Flow 120 not-detected: tcp 10.0.2.15:50251 -> 24.127.1.235:37814
Flow 144 not-detected: tcp 10.0.2.15:50257 -> 219.70.48.23:3054
Flow 286 not-detected: tcp 10.0.2.15:50310 -> 76.110.153.177:40022
Flow 40 not-detected: tcp 10.0.2.15:50201 -> 78.122.93.185:6346
Flow 58 not-detected: tcp 10.0.2.15:50217 -> 113.252.86.162:54958
Flow 32 not-detected: tcp 10.0.2.15:50194 -> 92.152.66.153:43771
Flow 83 not-detected: tcp 10.0.2.15:50242 -> 109.210.203.131:6346
Flow 66 not-detected: tcp 10.0.2.15:50225 -> 109.210.81.147:24800
Flow 150 not-detected: tcp 10.0.2.15:50263 -> 73.182.136.42:27873
Flow 62 not-detected: tcp 10.0.2.15:50221 -> 59.104.173.5:49956
Flow 780 not-detected: udp 10.0.2.15:28681 -> 68.66.94.132:17735
Flow 55 not-detected: tcp 10.0.2.15:50214 -> 80.193.171.146:53808
Flow 231 not-detected: tcp 10.0.2.15:50277 -> 82.181.251.218:36368

1
test/results/flow-captured/default/gtp_false_positive.pcapng.out
View File

@@ -0,0 +1 @@
Flow 1 not-detected: udp 24.1.33.66:29255 -> 62.56.122.232:3386

1
test/results/flow-captured/default/instagram.pcap.out
View File

@@ -5,3 +5,4 @@ Flow 26 midstream: tcp 192.168.0.103:58052 -> 82.85.26.162:80
Flow 30 midstream: tcp 192.168.0.103:58690 -> 46.33.70.159:443
Flow 1 risky: tcp 192.168.0.103:56382 -> 173.252.107.4:443
Flow 2 midstream: tcp 192.168.0.103:33936 -> 31.13.93.52:443
Flow 11 not-detected: udp 192.168.0.1:520 -> 192.168.0.255:520

42
test/results/flow-captured/default/ip_fragmented_garbage.pcap.out
View File

@@ -0,0 +1,42 @@
Flow 4 not-detected: tcp 10.0.0.2:16417 -> 10.128.0.2:16419
Flow 8 not-detected: tcp 10.0.0.2:9508 -> 10.128.0.2:8995
Flow 20 not-detected: tcp 10.0.0.2:9508 -> 10.128.0.2:8998
Flow 7 not-detected: tcp 10.0.0.2:10790 -> 10.128.0.2:24101
Flow 1 not-detected: tcp 10.0.0.2:24102 -> 10.128.0.2:10792
Flow 2 not-detected: tcp 10.0.0.2:18730 -> 10.128.0.2:20304
Flow 2 midstream: tcp 10.0.0.2:18730 -> 10.128.0.2:20304
Flow 24 not-detected: tcp 10.0.0.2:24136 -> 10.128.0.2:16967
Flow 24 midstream: tcp 10.0.0.2:24136 -> 10.128.0.2:16967
Flow 27 not-detected: tcp 10.0.0.2:17751 -> 10.128.0.2:9024
Flow 10 not-detected: tcp 10.0.0.2:14387 -> 10.128.0.2:14646
Flow 10 midstream: tcp 10.0.0.2:14387 -> 10.128.0.2:14646
Flow 16 not-detected: tcp 10.0.0.2:16199 -> 10.128.0.2:21055
Flow 23 not-detected: tcp 10.0.0.2:18762 -> 10.128.0.2:18503
Flow 11 not-detected: tcp 10.0.0.2:18248 -> 10.128.0.2:19019
Flow 11 midstream: tcp 10.0.0.2:18248 -> 10.128.0.2:19019
Flow 13 not-detected: tcp 10.0.0.2:16243 -> 10.128.0.2:21055
Flow 28 not-detected: tcp 10.0.0.2:27502 -> 10.128.0.2:30307
Flow 6 not-detected: tcp 10.0.0.2:24101 -> 10.128.0.2:9251
Flow 3 not-detected: tcp 10.0.0.2:9253 -> 10.128.0.2:24102
Flow 26 not-detected: tcp 10.0.0.2:9251 -> 10.128.0.2:9770
Flow 25 not-detected: tcp 10.0.0.2:29799 -> 10.128.0.2:26228
Flow 5 not-detected: tcp 10.0.0.2:21029 -> 10.128.0.2:22878
Flow 5 midstream: tcp 10.0.0.2:21029 -> 10.128.0.2:22878
Flow 29 not-detected: tcp 10.0.0.2:10792 -> 10.128.0.2:10790
Flow 15 not-detected: tcp 10.0.0.2:2612 -> 10.128.0.2:12849
Flow 15 midstream: tcp 10.0.0.2:2612 -> 10.128.0.2:12849
Flow 12 not-detected: tcp 10.0.0.2:13105 -> 10.128.0.2:14648
Flow 12 midstream: tcp 10.0.0.2:13105 -> 10.128.0.2:14648
Flow 21 not-detected: tcp 10.0.0.2:13362 -> 10.128.0.2:12596
Flow 21 midstream: tcp 10.0.0.2:13362 -> 10.128.0.2:12596
Flow 17 not-detected: tcp 10.0.0.2:19273 -> 10.128.0.2:19016
Flow 17 midstream: tcp 10.0.0.2:19273 -> 10.128.0.2:19016
Flow 18 not-detected: tcp 10.0.0.2:9566 -> 10.128.0.2:18498
Flow 18 midstream: tcp 10.0.0.2:9566 -> 10.128.0.2:18498
Flow 19 not-detected: tcp 10.0.0.2:11892 -> 10.128.0.2:26470
Flow 14 not-detected: tcp 10.0.0.2:17458 -> 10.128.0.2:10790
Flow 14 midstream: tcp 10.0.0.2:17458 -> 10.128.0.2:10790
Flow 9 not-detected: tcp 10.0.0.2:13617 -> 10.128.0.2:10536
Flow 9 midstream: tcp 10.0.0.2:13617 -> 10.128.0.2:10536
Flow 22 not-detected: tcp 10.0.0.2:18258 -> 10.128.0.2:16199
Flow 22 midstream: tcp 10.0.0.2:18258 -> 10.128.0.2:16199

4
test/results/flow-captured/default/kerberos.pcap.out
View File

@@ -1,3 +1,7 @@
Flow 11 not-detected: tcp 172.16.8.201:49165 -> 172.16.8.8:49155
Flow 11 midstream: tcp 172.16.8.201:49165 -> 172.16.8.8:49155
Flow 26 not-detected: tcp 172.16.8.201:49185 -> 172.16.8.8:49155
Flow 26 midstream: tcp 172.16.8.201:49185 -> 172.16.8.8:49155
Flow 1 midstream: tcp 172.16.8.201:49157 -> 172.16.8.8:88
Flow 4 midstream: tcp 172.16.8.201:49160 -> 172.16.8.8:88
Flow 8 midstream: tcp 172.16.8.201:49166 -> 172.16.8.8:88

2
test/results/flow-captured/default/kontiki.pcap.out
View File

@@ -1,2 +1,4 @@
Flow 3 risky: udp 10.25.32.59:19948 -> 64.200.148.86:8888
Flow 1 not-detected: udp 10.25.32.59:19948 -> 255.255.255.255:19948
Flow 2 not-detected: udp 10.25.32.59:19948 -> 64.200.148.82:1948
Flow 5 risky: udp 10.25.32.59:19948 -> 64.200.148.88:80

2
test/results/flow-captured/default/log4j-webapp-exploit.pcap.out
View File

@@ -1,5 +1,7 @@
Flow 5 risky: tcp 172.16.238.10:57742 -> 172.16.238.11:1389
Flow 1 risky: tcp 172.16.238.1:1984 -> 172.16.238.10:8080
Flow 4 not-detected: tcp 172.16.238.10:55408 -> 10.10.10.31:9001
Flow 7 not-detected: tcp 172.16.238.10:55498 -> 10.10.10.31:9001
Flow 3 risky: tcp 172.16.238.10:48444 -> 172.16.238.11:80
Flow 6 risky: tcp 172.16.238.10:48534 -> 172.16.238.11:80
Flow 2 risky: tcp 172.16.238.10:57650 -> 172.16.238.11:1389

1
test/results/flow-captured/default/nest_log_sink.pcap.out
View File

@@ -1,3 +1,4 @@
Flow 1 guessed: tcp 192.168.242.15:63340 -> 35.174.82.237:11095
Flow 1 not-detected: tcp 192.168.242.15:63340 -> 35.174.82.237:11095
Flow 1 midstream: tcp 192.168.242.15:63340 -> 35.174.82.237:11095
Flow 10 risky: udp 192.168.242.15:52849 -> 192.168.242.1:53

1
test/results/flow-captured/default/ossfuzz_seed_fake_traces_4.pcapng.out
View File

@@ -0,0 +1 @@
Flow 1 not-detected: udp 127.0.0.1:100 -> 127.0.0.1:200

29
test/results/flow-captured/default/pps.pcap.out
View File

@@ -1,10 +1,17 @@
Flow 22 not-detected: udp 192.168.115.8:22793 -> 222.26.193.119:7133
Flow 54 risky: tcp 192.168.115.8:50486 -> 77.234.40.96:80
Flow 54 midstream: tcp 192.168.115.8:50486 -> 77.234.40.96:80
Flow 25 not-detected: udp 192.168.115.8:22793 -> 115.157.62.243:29006
Flow 13 not-detected: udp 192.168.115.8:22793 -> 111.250.102.66:1107
Flow 64 risky: tcp 192.168.5.15:65127 -> 68.233.253.133:80
Flow 64 midstream: tcp 192.168.5.15:65127 -> 68.233.253.133:80
Flow 78 risky: tcp 192.168.5.15:65128 -> 68.233.253.133:80
Flow 78 midstream: tcp 192.168.5.15:65128 -> 68.233.253.133:80
Flow 24 not-detected: udp 192.168.115.8:22793 -> 222.26.74.190:1037
Flow 26 not-detected: udp 192.168.115.8:22793 -> 210.44.232.243:21044
Flow 27 not-detected: udp 192.168.115.8:22793 -> 1.169.136.116:17951
Flow 39 midstream: tcp 192.168.115.8:50466 -> 203.66.182.24:80
Flow 33 not-detected: udp 192.168.115.8:22793 -> 220.130.154.23:35941
Flow 57 midstream: tcp 192.168.115.8:50488 -> 223.26.106.20:80
Flow 60 risky: tcp 192.168.115.8:50491 -> 223.26.106.66:80
Flow 60 midstream: tcp 192.168.115.8:50491 -> 223.26.106.66:80
@@ -16,12 +23,14 @@ Flow 85 risky: tcp 192.168.115.8:50507 -> 223.26.106.19:80
Flow 85 midstream: tcp 192.168.115.8:50507 -> 223.26.106.19:80
Flow 88 risky: tcp 192.168.115.8:50508 -> 223.26.106.19:80
Flow 88 midstream: tcp 192.168.115.8:50508 -> 223.26.106.19:80
Flow 32 not-detected: udp 192.168.115.8:22793 -> 114.47.91.129:22576
Flow 37 risky: tcp 192.168.115.8:50463 -> 101.227.200.11:80
Flow 37 midstream: tcp 192.168.115.8:50463 -> 101.227.200.11:80
Flow 47 risky: tcp 192.168.115.8:50476 -> 101.227.32.39:80
Flow 47 midstream: tcp 192.168.115.8:50476 -> 101.227.32.39:80
Flow 67 risky: tcp 192.168.115.8:50496 -> 101.227.200.11:80
Flow 67 midstream: tcp 192.168.115.8:50496 -> 101.227.200.11:80
Flow 6 not-detected: udp 192.168.115.8:22793 -> 111.249.53.196:32443
Flow 90 risky: tcp 192.168.115.8:50766 -> 223.26.106.20:80
Flow 90 midstream: tcp 192.168.115.8:50766 -> 223.26.106.20:80
Flow 91 risky: tcp 192.168.115.8:50767 -> 223.26.106.20:80
@@ -30,12 +39,16 @@ Flow 93 risky: tcp 192.168.115.8:50768 -> 223.26.106.19:80
Flow 93 midstream: tcp 192.168.115.8:50768 -> 223.26.106.19:80
Flow 102 midstream: tcp 192.168.115.8:50778 -> 223.26.106.20:80
Flow 105 midstream: tcp 192.168.115.8:50780 -> 223.26.106.20:80
Flow 3 not-detected: udp 192.168.115.8:22793 -> 114.42.0.158:7716
Flow 12 not-detected: udp 192.168.115.8:22793 -> 210.44.171.1:29702
Flow 58 risky: tcp 192.168.115.8:50489 -> 119.188.13.188:80
Flow 58 midstream: tcp 192.168.115.8:50489 -> 119.188.13.188:80
Flow 59 risky: tcp 192.168.115.8:50490 -> 119.188.13.188:80
Flow 59 midstream: tcp 192.168.115.8:50490 -> 119.188.13.188:80
Flow 94 risky: tcp 192.168.115.8:50769 -> 101.227.200.11:80
Flow 94 midstream: tcp 192.168.115.8:50769 -> 101.227.200.11:80
Flow 4 not-detected: udp 192.168.115.8:22793 -> 222.197.138.12:6956
Flow 2 not-detected: udp 118.171.15.56:5544 -> 192.168.115.8:22793
Flow 40 risky: tcp 192.168.115.8:50467 -> 202.108.14.219:80
Flow 40 midstream: tcp 192.168.115.8:50467 -> 202.108.14.219:80
Flow 41 risky: tcp 192.168.115.8:50469 -> 202.108.14.219:80
@@ -68,15 +81,23 @@ Flow 76 risky: tcp 192.168.115.8:50502 -> 202.108.14.236:80
Flow 76 midstream: tcp 192.168.115.8:50502 -> 202.108.14.236:80
Flow 79 risky: tcp 192.168.115.8:50503 -> 202.108.14.219:80
Flow 79 midstream: tcp 192.168.115.8:50503 -> 202.108.14.219:80
Flow 23 not-detected: udp 192.168.115.8:22793 -> 114.37.142.173:1074
Flow 7 not-detected: udp 192.168.115.8:22793 -> 219.228.107.156:1250
Flow 16 not-detected: udp 192.168.115.8:22793 -> 36.233.39.81:18590
Flow 38 midstream: tcp 192.168.115.8:50464 -> 123.125.112.49:80
Flow 68 midstream: tcp 192.168.115.8:50497 -> 123.125.112.49:80
Flow 50 midstream: tcp 192.168.115.8:50482 -> 140.205.243.64:80
Flow 18 not-detected: udp 192.168.115.8:22793 -> 61.227.170.88:20227
Flow 20 not-detected: udp 192.168.115.8:22793 -> 121.248.133.93:12757
Flow 95 risky: tcp 192.168.115.8:50771 -> 202.108.14.236:80
Flow 95 midstream: tcp 192.168.115.8:50771 -> 202.108.14.236:80
Flow 19 not-detected: udp 192.168.115.8:22793 -> 202.112.31.89:29072
Flow 97 risky: tcp 192.168.115.8:50773 -> 202.108.14.221:80
Flow 97 midstream: tcp 192.168.115.8:50773 -> 202.108.14.221:80
Flow 99 risky: tcp 192.168.115.8:50774 -> 202.108.14.219:80
Flow 99 midstream: tcp 192.168.115.8:50774 -> 202.108.14.219:80
Flow 28 not-detected: udp 192.168.115.8:22793 -> 114.41.144.153:10492
Flow 14 not-detected: udp 192.168.115.8:22793 -> 61.223.204.67:11102
Flow 71 risky: tcp 192.168.115.8:50498 -> 36.110.220.15:80
Flow 71 midstream: tcp 192.168.115.8:50498 -> 36.110.220.15:80
Flow 61 risky: tcp 192.168.115.8:50492 -> 111.206.13.3:80
@@ -86,6 +107,10 @@ Flow 72 midstream: tcp 192.168.115.8:50499 -> 111.206.22.76:80
Flow 89 midstream: tcp 192.168.115.8:50509 -> 106.38.219.107:80
Flow 96 midstream: tcp 192.168.115.8:50772 -> 123.125.111.70:80
Flow 98 midstream: tcp 192.168.115.8:50775 -> 123.125.111.70:80
Flow 8 not-detected: udp 183.228.182.44:13913 -> 192.168.115.8:22793
Flow 21 not-detected: udp 192.168.115.8:22793 -> 1.175.128.104:5185
Flow 31 not-detected: udp 192.168.115.8:22793 -> 210.47.12.20:33738
Flow 30 not-detected: udp 192.168.115.8:22793 -> 210.47.12.19:33738
Flow 92 risky: tcp 192.168.115.8:50765 -> 36.110.220.15:80
Flow 92 midstream: tcp 192.168.115.8:50765 -> 36.110.220.15:80
Flow 100 risky: tcp 192.168.115.8:50776 -> 111.206.22.77:80
@@ -94,4 +119,8 @@ Flow 101 risky: tcp 192.168.115.8:50777 -> 111.206.22.77:80
Flow 101 midstream: tcp 192.168.115.8:50777 -> 111.206.22.77:80
Flow 104 risky: tcp 192.168.115.8:50779 -> 111.206.22.77:80
Flow 104 midstream: tcp 192.168.115.8:50779 -> 111.206.22.77:80
Flow 17 not-detected: udp 192.168.115.8:22793 -> 111.117.101.81:10162
Flow 1 not-detected: udp 1.173.5.226:22636 -> 192.168.115.8:22793
Flow 5 not-detected: udp 192.168.115.8:22793 -> 202.198.7.89:16039
Flow 73 midstream: tcp 192.168.115.8:50500 -> 23.41.133.163:80
Flow 15 not-detected: udp 192.168.115.8:22793 -> 36.237.154.69:4316

2
test/results/flow-captured/default/reasm_crash_anon.pcapng.out
View File

@@ -0,0 +1,2 @@
Flow 1 not-detected: tcp 192.168.145.147:51218 -> 10.209.8.148:21999
Flow 1 midstream: tcp 192.168.145.147:51218 -> 10.209.8.148:21999

1
test/results/flow-captured/default/shadowsocks.pcap.out
View File

@@ -0,0 +1 @@
Flow 2 not-detected: tcp 127.0.0.1:44276 -> 127.0.0.1:8388

59
test/results/flow-captured/default/skype.pcap.out
View File

@@ -25,7 +25,66 @@ Flow 263 risky: udp 192.168.1.34:56387 -> 192.168.1.1:53
Flow 264 risky: udp 192.168.1.34:52714 -> 192.168.1.1:53
Flow 262 risky: udp 192.168.1.34:52742 -> 192.168.1.1:53
Flow 268 risky: udp 192.168.1.34:65037 -> 192.168.1.1:53
Flow 9 not-detected: tcp 192.168.1.34:50026 -> 65.55.223.33:40002
Flow 50 not-detected: tcp 192.168.1.34:50033 -> 157.55.56.170:40015
Flow 51 not-detected: tcp 192.168.1.34:50034 -> 157.55.130.140:40033
Flow 221 not-detected: tcp 192.168.1.34:50098 -> 65.55.223.15:40026
Flow 101 not-detected: tcp 192.168.1.34:50046 -> 157.55.130.150:40011
Flow 134 not-detected: tcp 192.168.1.34:50054 -> 157.55.130.153:40005
Flow 113 not-detected: tcp 192.168.1.34:50049 -> 157.55.130.166:40021
Flow 87 not-detected: tcp 192.168.1.34:50044 -> 157.55.130.167:40031
Flow 194 not-detected: tcp 192.168.1.34:50074 -> 157.55.130.173:40003
Flow 133 not-detected: tcp 192.168.1.34:50053 -> 157.55.56.146:40030
Flow 177 not-detected: tcp 192.168.1.34:50070 -> 157.55.130.170:40018
Flow 196 not-detected: tcp 192.168.1.34:50076 -> 157.55.235.156:40014
Flow 168 not-detected: tcp 192.168.1.34:50067 -> 157.55.56.160:40027
Flow 200 not-detected: tcp 192.168.1.34:50077 -> 157.55.130.176:40022
Flow 217 not-detected: tcp 192.168.1.34:50092 -> 157.55.130.155:40020
Flow 57 not-detected: tcp 192.168.1.34:50035 -> 213.199.179.175:40021
Flow 220 not-detected: tcp 192.168.1.34:50097 -> 157.55.235.176:40022
Flow 288 not-detected: tcp 192.168.1.34:50143 -> 78.202.226.115:29059
Flow 289 not-detected: tcp 192.168.1.34:50144 -> 78.202.226.115:29059
Flow 195 not-detected: tcp 192.168.1.34:50075 -> 213.199.179.142:40003
Flow 49 not-detected: tcp 192.168.1.34:50032 -> 157.56.52.44:40032
Flow 227 not-detected: tcp 192.168.1.34:50108 -> 157.56.52.28:40009
Flow 266 not-detected: tcp 192.168.1.34:50130 -> 212.161.8.36:13392
Flow 269 risky: tcp 192.168.1.34:50131 -> 212.161.8.36:13392
Flow 243 not-detected: tcp 192.168.1.34:50112 -> 76.167.161.6:20274
Flow 280 not-detected: tcp 192.168.1.34:50135 -> 76.167.161.6:20274
Flow 232 not-detected: tcp 192.168.1.34:50109 -> 91.190.216.125:12350
Flow 233 not-detected: tcp 192.168.1.34:50110 -> 91.190.216.125:12350
Flow 285 not-detected: tcp 192.168.1.34:50140 -> 76.167.161.6:20274
Flow 256 not-detected: tcp 192.168.1.34:50125 -> 91.190.218.125:12350
Flow 257 not-detected: tcp 192.168.1.34:50126 -> 91.190.216.23:12350
Flow 261 not-detected: tcp 192.168.1.34:50129 -> 91.190.218.125:12350
Flow 23 midstream: tcp 108.160.170.46:443 -> 192.168.1.34:49445
Flow 244 not-detected: tcp 192.168.1.34:50113 -> 71.238.7.203:18767
Flow 253 not-detected: tcp 192.168.1.34:50123 -> 80.14.46.121:4415
Flow 248 not-detected: tcp 192.168.1.34:50117 -> 71.238.7.203:18767
Flow 258 not-detected: tcp 192.168.1.34:50127 -> 80.14.46.121:4415
Flow 286 not-detected: tcp 192.168.1.34:50141 -> 80.14.46.121:4415
Flow 287 not-detected: tcp 192.168.1.34:50142 -> 80.14.46.121:4415
Flow 281 not-detected: tcp 192.168.1.34:50136 -> 71.238.7.203:18767
Flow 283 not-detected: tcp 192.168.1.34:50138 -> 71.238.7.203:18767
Flow 247 not-detected: tcp 192.168.1.34:50116 -> 81.83.77.141:17639
Flow 246 not-detected: tcp 192.168.1.34:50115 -> 86.31.35.30:59621
Flow 251 not-detected: tcp 192.168.1.34:50121 -> 81.83.77.141:17639
Flow 250 not-detected: tcp 192.168.1.34:50119 -> 86.31.35.30:59621
Flow 222 not-detected: tcp 192.168.1.34:50099 -> 64.4.23.166:40022
Flow 213 not-detected: tcp 192.168.1.34:50088 -> 157.55.235.146:33033
Flow 255 risky: tcp 17.143.160.22:5223 -> 192.168.1.34:49447
Flow 255 midstream: tcp 17.143.160.22:5223 -> 192.168.1.34:49447
Flow 277 not-detected: tcp 192.168.1.34:50134 -> 157.56.53.47:12350
Flow 291 not-detected: tcp 192.168.1.34:50145 -> 157.56.53.51:12350
Flow 245 not-detected: tcp 192.168.1.34:50114 -> 5.248.186.221:31010
Flow 249 not-detected: tcp 192.168.1.34:50118 -> 5.248.186.221:31010
Flow 282 not-detected: tcp 192.168.1.34:50137 -> 5.248.186.221:31010
Flow 284 not-detected: tcp 192.168.1.34:50139 -> 5.248.186.221:31010
Flow 144 not-detected: tcp 192.168.1.34:50059 -> 111.221.74.38:40015
Flow 135 not-detected: tcp 192.168.1.34:50055 -> 111.221.74.47:40030
Flow 211 not-detected: tcp 192.168.1.34:50086 -> 111.221.77.142:40023
Flow 219 not-detected: tcp 192.168.1.34:50096 -> 111.221.74.46:40027
Flow 270 not-detected: tcp 192.168.1.34:50132 -> 149.13.32.15:13392
Flow 252 not-detected: tcp 192.168.1.34:50122 -> 81.133.19.185:44431
Flow 254 not-detected: tcp 192.168.1.34:50124 -> 81.133.19.185:44431
Flow 161 not-detected: tcp 192.168.1.34:50065 -> 65.55.223.12:40031

44
test/results/flow-captured/default/skype_no_unknown.pcap.out
View File

@@ -18,10 +18,54 @@ Flow 26 risky: udp 192.168.1.34:138 -> 192.168.1.255:138
Flow 27 risky: udp 192.168.1.1:138 -> 192.168.1.34:138
Flow 29 risky: udp 192.168.1.92:138 -> 192.168.1.255:138
Flow 166 risky: udp 192.168.1.34:61095 -> 192.168.1.1:53
Flow 235 not-detected: tcp 192.168.1.34:51289 -> 71.238.7.203:18767
Flow 240 not-detected: tcp 192.168.1.34:51292 -> 71.238.7.203:18767
Flow 155 risky: udp 192.168.1.34:63342 -> 192.168.1.1:53
Flow 258 not-detected: tcp 192.168.1.34:51311 -> 93.79.224.176:14506
Flow 261 not-detected: tcp 192.168.1.34:51314 -> 93.79.224.176:14506
Flow 239 not-detected: tcp 192.168.1.34:51291 -> 81.83.77.141:17639
Flow 242 not-detected: tcp 192.168.1.34:51294 -> 81.83.77.141:17639
Flow 247 not-detected: tcp 192.168.1.34:51298 -> 82.224.110.241:38895
Flow 250 not-detected: tcp 192.168.1.34:51301 -> 82.224.110.241:38895
Flow 121 not-detected: tcp 192.168.1.34:51251 -> 64.4.23.166:40029
Flow 209 not-detected: tcp 192.168.1.34:51278 -> 64.4.23.159:40009
Flow 236 not-detected: tcp 192.168.1.34:51290 -> 5.248.186.221:31010
Flow 241 not-detected: tcp 192.168.1.34:51293 -> 5.248.186.221:31010
Flow 61 not-detected: tcp 192.168.1.34:51236 -> 111.221.74.45:40008
Flow 147 not-detected: tcp 192.168.1.34:51256 -> 111.221.77.142:40013
Flow 109 not-detected: tcp 192.168.1.34:51248 -> 111.221.77.175:40030
Flow 210 not-detected: tcp 192.168.1.34:51279 -> 111.221.74.48:40008
Flow 170 not-detected: tcp 192.168.1.34:51267 -> 111.221.74.18:40025
Flow 253 not-detected: tcp 192.168.1.34:51305 -> 149.13.32.15:13392
Flow 255 risky: tcp 192.168.1.34:51307 -> 149.13.32.15:13392
Flow 257 not-detected: tcp 192.168.1.34:51309 -> 149.13.32.15:13392
Flow 259 risky: tcp 192.168.1.34:51312 -> 149.13.32.15:13392
Flow 263 not-detected: tcp 192.168.1.34:51316 -> 149.13.32.15:13392
Flow 167 risky: udp 192.168.1.34:55866 -> 192.168.1.1:53
Flow 60 not-detected: tcp 192.168.1.34:51235 -> 65.55.223.45:40009
Flow 59 not-detected: tcp 192.168.1.34:51234 -> 157.55.235.147:40001
Flow 156 risky: udp 192.168.1.34:64258 -> 192.168.1.1:53
Flow 67 not-detected: tcp 192.168.1.34:51237 -> 157.55.130.176:40022
Flow 146 not-detected: tcp 192.168.1.34:51255 -> 157.55.130.142:40005
Flow 148 not-detected: tcp 192.168.1.34:51257 -> 157.55.235.170:40032
Flow 207 not-detected: tcp 192.168.1.34:51276 -> 157.55.235.146:40021
Flow 186 not-detected: tcp 192.168.1.34:51272 -> 157.55.235.152:40029
Flow 208 not-detected: tcp 192.168.1.34:51277 -> 157.55.235.156:40026
Flow 149 not-detected: tcp 192.168.1.34:51258 -> 213.199.179.176:40021
Flow 199 risky: udp 192.168.1.34:64364 -> 192.168.1.1:53
Flow 178 not-detected: tcp 192.168.1.34:51269 -> 213.199.179.175:40029
Flow 198 risky: udp 192.168.1.34:60413 -> 192.168.1.1:53
Flow 10 not-detected: tcp 192.168.1.34:51229 -> 157.56.52.28:40009
Flow 97 not-detected: tcp 192.168.1.34:51246 -> 157.56.52.44:40020
Flow 252 not-detected: tcp 192.168.1.34:51303 -> 80.121.84.93:62381
Flow 254 not-detected: tcp 192.168.1.34:51306 -> 80.121.84.93:62381
Flow 260 not-detected: tcp 192.168.1.34:51313 -> 212.161.8.36:13392
Flow 265 not-detected: tcp 192.168.1.34:51318 -> 212.161.8.36:13392
Flow 267 not-detected: tcp 192.168.1.34:51319 -> 212.161.8.36:13392
Flow 234 not-detected: tcp 192.168.1.34:51288 -> 76.167.161.6:20274
Flow 249 not-detected: tcp 192.168.1.34:51300 -> 76.167.161.6:20274
Flow 227 not-detected: tcp 192.168.1.34:51284 -> 91.190.218.125:12350
Flow 228 not-detected: tcp 192.168.1.34:51285 -> 91.190.218.125:12350
Flow 245 not-detected: tcp 192.168.1.34:51296 -> 91.190.216.125:12350
Flow 246 not-detected: tcp 192.168.1.34:51297 -> 91.190.216.24:12350
Flow 248 not-detected: tcp 192.168.1.34:51299 -> 91.190.216.125:12350

1870
test/results/flow-captured/default/synscan.pcap.out
View File

File diff suppressed because it is too large Load Diff

2
test/results/flow-captured/default/syslog.pcap.out
View File

@@ -1 +1,3 @@
Flow 6 not-detected: 41 216.66.80.30 -> 193.24.227.12
Flow 5 not-detected: 41 193.24.227.10 -> 216.66.86.114
Flow 15 risky: tcp 10.186.117.194:49948 -> 169.46.82.162:52173

6
test/results/flow-captured/default/tcp_scan.pcapng.out
View File

@@ -0,0 +1,6 @@
Flow 6 not-detected: tcp 192.168.1.178:57916 -> 192.168.1.2:3391
Flow 6 midstream: tcp 192.168.1.178:57916 -> 192.168.1.2:3391
Flow 5 not-detected: tcp 192.168.1.178:62971 -> 192.168.1.2:3390
Flow 5 midstream: tcp 192.168.1.178:62971 -> 192.168.1.2:3390
Flow 7 not-detected: tcp 192.168.1.178:63243 -> 192.168.1.2:3392
Flow 7 midstream: tcp 192.168.1.178:63243 -> 192.168.1.2:3392

2
test/results/flow-captured/default/teams.pcap.out
View File

@@ -13,6 +13,8 @@ Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443
Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443
Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434
Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434
Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016

2
test/results/flow-captured/default/telegram.pcap.out
View File

@@ -1,5 +1,7 @@
Flow 32 risky: udp 192.168.1.77:5812 -> 192.168.1.1:53
Flow 27 risky: udp 192.168.1.77:47127 -> 192.168.1.1:53
Flow 29 risky: udp 192.168.1.43:138 -> 192.168.1.255:138
Flow 44 not-detected: udp 192.168.1.77:28150 -> 87.11.205.195:59772
Flow 26 risky: udp 192.168.1.77:23174 -> 87.11.205.195:60723
Flow 33 risky: udp 192.168.1.77:54595 -> 192.168.1.1:53
Flow 25 not-detected: udp 192.168.1.77:23174 -> 192.168.1.52:31480

2
test/results/flow-captured/default/tls_certificate_too_long.pcap.out
View File

@@ -7,3 +7,5 @@ Flow 19 risky: tcp 192.168.1.121:53913 -> 2.22.33.235:80
Flow 23 risky: udp 192.168.1.121:51998 -> 8.8.8.8:53
Flow 3 risky: udp 192.168.1.121:52251 -> 8.8.8.8:53
Flow 20 midstream: tcp 192.168.1.121:53905 -> 140.82.113.26:443
Flow 2 not-detected: tcp 192.168.1.121:52721 -> 192.168.1.139:55367
Flow 2 midstream: tcp 192.168.1.121:52721 -> 192.168.1.139:55367

1
test/results/flow-captured/default/tls_false_positives.pcapng.out
View File

@@ -0,0 +1 @@
Flow 1 not-detected: tcp 10.10.10.1:1445 -> 192.168.0.1:20979

2
test/results/flow-captured/default/wa_voice.pcap.out
View File

@@ -1,4 +1,6 @@
Flow 23 risky: udp 91.252.56.51:32704 -> 192.168.2.12:56328
Flow 3 midstream: tcp 192.168.2.12:49354 -> 17.242.60.84:5223
Flow 25 not-detected: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
Flow 25 midstream: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
Flow 9 midstream: tcp 17.171.47.85:443 -> 192.168.2.12:50502
Flow 24 risky: udp 192.168.2.12:56328 -> 1.60.78.64:64282

2
test/results/flow-captured/default/waze.pcap.out
View File

@@ -4,3 +4,5 @@ Flow 6 risky: tcp 10.8.0.1:36102 -> 46.51.173.182:443
Flow 5 risky: tcp 10.8.0.1:36100 -> 46.51.173.182:443
Flow 19 risky: tcp 10.8.0.1:36312 -> 176.34.186.180:443
Flow 7 risky: tcp 10.8.0.1:36585 -> 173.194.118.48:443
Flow 1 not-detected: tcp 10.16.37.157:42256 -> 174.37.231.81:5222
Flow 1 midstream: tcp 10.16.37.157:42256 -> 174.37.231.81:5222

14
test/results/flow-captured/enable_payload_stat/1kxun.pcap.out
View File

@@ -10,18 +10,32 @@ Flow 34 risky: udp 192.168.3.95:54888 -> 224.0.0.252:5355
Flow 39 risky: udp 192.168.115.8:54420 -> 8.8.8.8:53
Flow 26 risky: udp 192.168.115.8:60724 -> 8.8.8.8:53
Flow 33 risky: udp fe80::e98f:bae2:19f7:6b0f:54888 -> ff02::1:3:5355
Flow 77 not-detected: udp 192.168.2.186:32768 -> 255.255.255.255:1947
Flow 66 not-detected: udp 2001:b020:6::c2a0:bbff:fe73:eb57:62976 -> ff02::1:62976
Flow 23 not-detected: udp 2001:b030:214:100:c2a0:bbff:fe73:eb47:62976 -> ff02::1:62976
Flow 97 risky: udp fe80::e98f:bae2:19f7:6b0f:51451 -> ff02::1:3:5355
Flow 94 not-detected: udp 192.168.119.2:43786 -> 255.255.255.255:5678
Flow 70 risky: udp 192.168.5.45:138 -> 192.168.255.255:138
Flow 38 risky: tcp 192.168.115.8:49607 -> 218.244.135.170:9099
Flow 42 not-detected: udp 192.168.10.110:60480 -> 255.255.255.255:62976
Flow 56 not-detected: udp 59.120.208.218:50151 -> 255.255.255.255:1947
Flow 59 risky: tcp 192.168.5.16:53624 -> 68.233.253.133:80
Flow 36 risky: tcp 192.168.115.8:49605 -> 106.185.35.110:80
Flow 45 risky: tcp 192.168.5.16:53623 -> 192.168.115.75:443
Flow 87 risky: tcp 192.168.5.16:53625 -> 192.168.115.75:443
Flow 107 risky: tcp 192.168.5.16:53626 -> 192.168.115.75:443
Flow 117 risky: tcp 192.168.5.16:53629 -> 192.168.115.75:443
Flow 65 not-detected: udp 192.168.140.140:62976 -> 255.255.255.255:62976
Flow 71 not-detected: udp 192.168.10.7:62976 -> 255.255.255.255:62976
Flow 22 not-detected: udp 192.168.125.30:62976 -> 255.255.255.255:62976
Flow 88 not-detected: udp 192.168.119.1:56861 -> 255.255.255.255:5678
Flow 79 not-detected: udp 192.168.0.100:50925 -> 255.255.255.255:5678
Flow 46 risky: tcp 192.168.115.8:49612 -> 183.131.48.145:80
Flow 49 risky: tcp 192.168.115.8:49613 -> 183.131.48.144:80
Flow 89 not-detected: udp fe80::4e5e:cff:feea:365:5678 -> ff02::1:5678
Flow 60 not-detected: udp fe80::4e5e:cff:fe9a:ec54:5678 -> ff02::1:5678
Flow 98 risky: udp 192.168.3.95:51451 -> 224.0.0.252:5355
Flow 86 not-detected: udp 59.120.208.212:32768 -> 255.255.255.255:1947
Flow 142 midstream: tcp 192.168.2.126:46170 -> 172.105.121.82:80
Flow 146 midstream: tcp 192.168.2.126:45380 -> 161.117.13.29:80
Flow 160 midstream: tcp 192.168.2.126:49380 -> 14.136.136.108:80

2
test/results/flow-captured/enable_stun_monitoring_with_subproto/wa_voice.pcap.out
View File

@@ -1,4 +1,6 @@
Flow 23 risky: udp 91.252.56.51:32704 -> 192.168.2.12:56328
Flow 3 midstream: tcp 192.168.2.12:49354 -> 17.242.60.84:5223
Flow 25 not-detected: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
Flow 25 midstream: tcp 192.168.2.12:49352 -> 169.254.162.244:49159
Flow 9 midstream: tcp 17.171.47.85:443 -> 192.168.2.12:50502
Flow 24 risky: udp 192.168.2.12:56328 -> 1.60.78.64:64282