scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-10-31 02:07:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

py-flow-info: Improved analyse result printing.

Browse Source 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2023-11-09 23:18:55 +01:00
parent dcb595e161
commit 8ebaccc27d
182 changed files with 1993 additions and 1980 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
examples/py-flow-info/flow-info.py
View File

@@ -257,6 +257,12 @@ def onFlowCleanup(instance, current_flow, global_user_data):
return True
def limitFloatValue(value, fmt, limit):
if float(value) < float(limit) and float(value) > 0.0:
return '<' + str(fmt).format(limit)
else:
return ' ' + str(fmt).format(value)
def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
stats = global_user_data
stats.update(json_dict, current_flow)
@@ -417,24 +423,31 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
flow_event_name += '{}{:>16}{}'.format(TermColor.WARNING,
json_dict['flow_event_name'], TermColor.END)
if args.print_analyse_results is True:
next_lines = [' {:>9}|{:>9}|{:>9}|{:>9}|{:>15}|{:>8}'.format(
next_lines = [' {:>10}|{:>10}|{:>10}|{:>10}|{:>17}|{:>9}'.format(
'min', 'max', 'avg', 'stddev', 'variance', 'entropy')]
next_lines += ['[IAT.........: {:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}|{:>15.3f}|{:>8.3f}]'.format(
nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['min']),
nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['max']),
nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['avg']),
nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['stddev']),
nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['var']),
json_dict['data_analysis']['iat']['ent']
next_lines += ['[IAT.........: {}|{}|{}|{}|{}|{}]'.format(
limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['min']),
'{:>9.3f}', 0.001),
limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['max']),
'{:>9.3f}', 0.001),
limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['avg']),
'{:>9.3f}', 0.001),
limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['stddev']),
'{:>9.3f}', 0.001),
limitFloatValue(nDPIsrvd.toSeconds(json_dict['data_analysis']['iat']['var']),
'{:>16.3f}', 0.001),
limitFloatValue(json_dict['data_analysis']['iat']['ent'],
'{:>8.3f}', 0.001)
)]
next_lines += ['']
next_lines[-1] += '[PKTLEN......: {:>9.3f}|{:>9.3f}|{:>9.3f}|{:>9.3f}|{:>15.3f}|{:>8.3f}]'.format(
json_dict['data_analysis']['pktlen']['min'],
json_dict['data_analysis']['pktlen']['max'],
json_dict['data_analysis']['pktlen']['avg'],
json_dict['data_analysis']['pktlen']['stddev'],
json_dict['data_analysis']['pktlen']['var'],
json_dict['data_analysis']['pktlen']['ent']
next_lines[-1] += '[PKTLEN......: {}|{}|{}|{}|{}|{}]'.format(
limitFloatValue(json_dict['data_analysis']['pktlen']['min'], '{:>9.3f}', 0.001),
limitFloatValue(json_dict['data_analysis']['pktlen']['max'], '{:>9.3f}', 0.001),
limitFloatValue(json_dict['data_analysis']['pktlen']['avg'], '{:>9.3f}', 0.001),
limitFloatValue(json_dict['data_analysis']['pktlen']['stddev'],
'{:>9.3f}', 0.001),
limitFloatValue(json_dict['data_analysis']['pktlen']['var'], '{:>16.3f}', 0.001),
limitFloatValue(json_dict['data_analysis']['pktlen']['ent'], '{:>8.3f}', 0.001)
)
next_lines += ['']
next_lines[-1] += '[BINS(c->s)..: {}]'.format(','.join([str(n) for n in json_dict['data_analysis']['bins']['c_to_s']]))

96
test/results/flow-info/caches_cfg/teams.pcap.out
View File

@@ -20,9 +20,9 @@
detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.030| 0.006| 0.009| 77.930| 3.700]
[PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700]
[PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900]
[BINS(c->s)..: 10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0]
@@ -37,9 +37,9 @@
detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com]
detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Azure][Collaborative][Acceptable][login.microsoftonline.com]
analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.221| 0.032| 0.054| 2931.592| 3.400]
[PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.221| 0.032| 0.054| 2931.592| 3.400]
[PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400]
[BINS(c->s)..: 5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0]
[BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0]
@@ -55,9 +55,9 @@
detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.050| 0.018| 0.021| 449.200| 3.900]
[PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900]
[PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200]
[BINS(c->s)..: 7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0]
@@ -139,9 +139,9 @@
detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.153| 0.028| 0.040| 1626.047| 3.600]
[PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.153| 0.028| 0.040| 1626.047| 3.600]
[PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300]
[BINS(c->s)..: 5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0]
@@ -156,9 +156,9 @@
detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
RISK: Known Proto on Non Std Port
analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.201| 0.025| 0.047| 2215.159| 3.200]
[PKTLEN......: 40.000| 1492.000| 340.200| 510.300| 260451.700| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.201| 0.025| 0.047| 2215.159| 3.200]
[PKTLEN......: 40.000| 1492.000| 340.200| 510.300| 260451.700| 3.800]
[BINS(c->s)..: 11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1]
@@ -176,9 +176,9 @@
detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.115| 0.021| 0.031| 968.681| 3.500]
[PKTLEN......: 52.000| 1492.000| 377.200| 521.700| 272149.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.115| 0.021| 0.031| 968.681| 3.500]
[PKTLEN......: 52.000| 1492.000| 377.200| 521.700| 272149.200| 3.900]
[BINS(c->s)..: 11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1]
@@ -192,9 +192,9 @@
detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.010| 0.146| 0.490| 239614.050| 1.700]
[PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700]
[PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800]
[BINS(c->s)..: 9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1]
@@ -203,9 +203,9 @@
[ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3]
detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.540| 0.024| 0.095| 8949.939| 1.900]
[PKTLEN......: 40.000| 1492.000| 331.500| 473.500| 224192.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.540| 0.024| 0.095| 8949.939| 1.900]
[PKTLEN......: 40.000| 1492.000| 331.500| 473.500| 224192.200| 3.900]
[BINS(c->s)..: 9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0]
@@ -256,9 +256,9 @@
detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.154| 0.015| 0.036| 1274.324| 2.800]
[PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800]
[PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000]
[BINS(c->s)..: 10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1]
@@ -278,9 +278,9 @@
detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.053| 0.020| 0.022| 492.470| 3.900]
[PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.053| 0.020| 0.022| 492.470| 3.900]
[PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100]
[BINS(c->s)..: 9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0]
[BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0]
@@ -303,9 +303,9 @@
detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.126| 0.019| 0.032| 1006.354| 3.400]
[PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400]
[PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900]
[BINS(c->s)..: 12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[BINS(s->c)..: 2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0]
@@ -317,9 +317,9 @@
detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443]
analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.162| 0.032| 0.044| 1964.919| 3.600]
[PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.162| 0.032| 0.044| 1964.919| 3.600]
[PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200]
[BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
[BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1]
@@ -342,9 +342,9 @@
detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.277| 0.019| 0.049| 2449.644| 2.900]
[PKTLEN......: 52.000| 1492.000| 370.200| 512.100| 262257.700| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.277| 0.019| 0.049| 2449.644| 2.900]
[PKTLEN......: 52.000| 1492.000| 370.200| 512.100| 262257.700| 3.900]
[BINS(c->s)..: 11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1]
@@ -352,9 +352,9 @@
[PKTLENS.....: 64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]
[ENTROPIES...: 4.4,5.3,4.9,5.6,7.1,7.3,5.0,5.0,7.5,4.9,7.6,7.5,4.9,6.3,6.3,7.6,5.6,5.9,5.0,4.9,5.4,5.7,5.0,7.5,5.0,5.2,7.8,6.2,5.2,5.6,5.0,7.8]
analyse: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 8.978| 0.329| 1.582| 2503841.415| 0.800]
[PKTLEN......: 40.000| 1492.000| 339.200| 486.100| 236250.500| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 8.978| 0.329| 1.582| 2503841.415| 0.800]
[PKTLEN......: 40.000| 1492.000| 339.200| 486.100| 236250.500| 3.900]
[BINS(c->s)..: 10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1]
@@ -430,9 +430,9 @@
detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.567| 0.072| 0.275| 75449.426| 1.900]
[PKTLEN......: 40.000| 1492.000| 256.900| 427.000| 182315.300| 3.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.567| 0.072| 0.275| 75449.426| 1.900]
[PKTLEN......: 40.000| 1492.000| 256.900| 427.000| 182315.300| 3.700]
[BINS(c->s)..: 15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1]
@@ -445,9 +445,9 @@
new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6]
detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable]
analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.168| 0.160| 0.366| 133702.353| 2.700]
[PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700]
[PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000]
[BINS(c->s)..: 0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

78
test/results/flow-info/default/1kxun.pcap.out
View File

@@ -82,9 +82,9 @@
detected: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
detected: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
analyse: [....29] [ip4][..tcp] [..192.168.115.8][49601] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.056| 0.011| 0.020| 413.706| 3.100]
[PKTLEN......: 40.000| 1300.000| 821.900| 585.300| 342554.800| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.056| 0.011| 0.020| 413.706| 3.100]
[PKTLEN......: 40.000| 1300.000| 821.900| 585.300| 342554.800| 4.500]
[BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1]
@@ -92,9 +92,9 @@
[PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300]
[ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.2,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.9,7.8]
analyse: [....30] [ip4][..tcp] [..192.168.115.8][49602] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.066| 0.012| 0.024| 579.055| 2.800]
[PKTLEN......: 40.000| 1300.000| 743.100| 600.300| 360321.400| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.066| 0.012| 0.024| 579.055| 2.800]
[PKTLEN......: 40.000| 1300.000| 743.100| 600.300| 360321.400| 4.400]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0]
@@ -102,9 +102,9 @@
[PKTLENS.....: 52,52,52,40,40,399,399,46,359,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40]
[ENTROPIES...: 4.5,4.5,5.0,4.7,4.7,5.8,5.8,4.4,5.6,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8]
analyse: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.067| 0.012| 0.023| 544.113| 2.900]
[PKTLEN......: 40.000| 1300.000| 743.200| 600.200| 360235.600| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.067| 0.012| 0.023| 544.113| 2.900]
[PKTLEN......: 40.000| 1300.000| 743.200| 600.200| 360235.600| 4.400]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1]
@@ -112,9 +112,9 @@
[PKTLENS.....: 52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300]
[ENTROPIES...: 4.5,4.5,5.0,4.8,4.8,5.8,5.8,4.3,5.6,7.5,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,7.8,4.7,4.7,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8]
analyse: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.096| 0.013| 0.026| 693.255| 2.700]
[PKTLEN......: 40.000| 1300.000| 833.000| 555.000| 308021.300| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.096| 0.013| 0.026| 693.255| 2.700]
[PKTLEN......: 40.000| 1300.000| 833.000| 555.000| 308021.300| 4.600]
[BINS(c->s)..: 6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0]
@@ -122,9 +122,9 @@
[PKTLENS.....: 52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409]
[ENTROPIES...: 4.5,4.5,5.0,4.9,4.9,5.8,5.8,4.4,5.7,7.5,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,4.8,4.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.7,5.8,5.8]
analyse: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.142| 0.016| 0.032| 1046.271| 2.800]
[PKTLEN......: 40.000| 1300.000| 822.000| 585.200| 342449.500| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.142| 0.016| 0.032| 1046.271| 2.800]
[PKTLEN......: 40.000| 1300.000| 822.000| 585.200| 342449.500| 4.500]
[BINS(c->s)..: 8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1]
@@ -141,9 +141,9 @@
detected: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun][jp.kankan.1kxun.mobi]
RISK: HTTP Susp User-Agent
analyse: [....37] [ip4][..tcp] [..192.168.115.8][49606] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.147| 0.015| 0.033| 1100.854| 2.600]
[PKTLEN......: 40.000| 1300.000| 693.600| 612.000| 374554.600| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.147| 0.015| 0.033| 1100.854| 2.600]
[PKTLEN......: 40.000| 1300.000| 693.600| 612.000| 374554.600| 4.300]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1]
@@ -182,9 +182,9 @@
RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
new: [....49] [ip4][..tcp] [..192.168.115.8][49613] -> [.183.131.48.144][...80]
analyse: [....41] [ip4][..tcp] [..192.168.115.8][49609] -> [..42.120.51.152][.8080] [HTTP][Alibaba][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.399| 0.070| 0.104| 10878.943| 3.600]
[PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.399| 0.070| 0.104| 10878.943| 3.600]
[PKTLEN......: 40.000| 1300.000| 350.600| 410.300| 168364.100| 4.100]
[BINS(c->s)..: 9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0]
@@ -358,9 +358,9 @@
update: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
update: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable]
analyse: [....31] [ip4][..tcp] [..192.168.115.8][49603] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 45.001| 1.464| 7.949| 63183326.806| 0.100]
[PKTLEN......: 40.000| 1300.000| 781.600| 593.200| 351838.700| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 45.001| 1.464| 7.949| 63183326.806| 0.100]
[PKTLEN......: 40.000| 1300.000| 781.600| 593.200| 351838.700| 4.400]
[BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0]
@@ -626,9 +626,9 @@
new: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [MIDSTREAM]
detected: [...144] [ip4][..tcp] [..192.168.2.126][46212] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com]
analyse: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.895| 0.069| 0.184| 33990.969| 2.200]
[PKTLEN......: 260.000|21652.000| 4534.200| 5608.100| 31450232.000| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.895| 0.069| 0.184| 33990.969| 2.200]
[PKTLEN......: 260.000| 21652.000| 4534.200| 5608.100| 31450232.000| 4.200]
[BINS(c->s)..: 0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1]
@@ -654,9 +654,9 @@
new: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [MIDSTREAM]
detected: [...153] [ip4][..tcp] [..192.168.2.126][41390] -> [....18.64.79.37][...80] [HTTP.Google][AmazonAWS][Web][Acceptable][google.open-js.com]
analyse: [...146] [ip4][..tcp] [..192.168.2.126][45380] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.409| 0.085| 0.132| 17528.007| 3.300]
[PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.409| 0.085| 0.132| 17528.007| 3.300]
[PKTLEN......: 476.000| 8692.000| 2601.900| 2200.300| 4841425.000| 4.600]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12]
[DIRECTIONS..: 0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -682,9 +682,9 @@
new: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [MIDSTREAM]
detected: [...162] [ip4][..tcp] [..192.168.2.126][49396] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun][hkbn.content.1kxun.com]
analyse: [...160] [ip4][..tcp] [..192.168.2.126][49380] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.887| 0.071| 0.171| 29312.068| 2.600]
[PKTLEN......: 337.000|18772.000| 3143.800| 3724.000| 13867894.000| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.887| 0.071| 0.171| 29312.068| 2.600]
[PKTLEN......: 337.000| 18772.000| 3143.800| 3724.000| 13867894.000| 4.300]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1]
@@ -692,9 +692,9 @@
[PKTLENS.....: 566,2932,1492,1492,11572,1492,1492,2932,1492,1492,1492,7252,1492,1492,1492,1492,4372,1492,2932,4239,578,337,1492,8692,18772,1492,2932,1492,1492,5812,1492,1316]
[ENTROPIES...: 5.9,7.9,7.8,7.8,8.0,7.8,7.9,7.9,7.9,7.9,7.8,8.0,7.8,7.8,7.8,7.9,7.9,7.8,7.9,7.9,5.9,5.8,7.8,8.0,8.0,7.9,7.9,7.9,7.9,8.0,7.9,7.9]
analyse: [...158] [ip4][..tcp] [..192.168.2.126][49372] -> [.14.136.136.108][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.900| 0.096| 0.189| 35619.967| 3.000]
[PKTLEN......: 337.000|18772.000| 3651.900| 4182.900| 17496908.000| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.900| 0.096| 0.189| 35619.967| 3.000]
[PKTLEN......: 337.000| 18772.000| 3651.900| 4182.900| 17496908.000| 4.300]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1]
@@ -714,9 +714,9 @@
new: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [MIDSTREAM]
detected: [...168] [ip4][..tcp] [..192.168.2.126][50176] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][mangaweb.1kxun.mobi]
analyse: [...150] [ip4][..tcp] [..192.168.2.126][45416] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 6.045| 1.047| 1.982| 3926937.043| 3.000]
[PKTLEN......: 486.000|14452.000| 2813.500| 2993.900| 8963654.000| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 6.045| 1.047| 1.982| 3926937.043| 3.000]
[PKTLEN......: 486.000| 14452.000| 2813.500| 2993.900| 8963654.000| 4.400]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1]

6
test/results/flow-info/default/443-curl.pcap.out
View File

@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55523] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.784| 0.063| 0.190| 36203.258| 2.200]
[PKTLEN......: 52.000| 1492.000| 397.200| 558.700| 312115.000| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.784| 0.063| 0.190| 36203.258| 2.200]
[PKTLEN......: 52.000| 1492.000| 397.200| 558.700| 312115.000| 3.800]
[BINS(c->s)..: 10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1]

6
test/results/flow-info/default/443-firefox.pcap.out
View File

@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53096] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.656| 0.130| 0.404| 163175.268| 2.000]
[PKTLEN......: 52.000| 1492.000| 518.700| 610.400| 372566.000| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.656| 0.130| 0.404| 163175.268| 2.000]
[PKTLEN......: 52.000| 1492.000| 518.700| 610.400| 372566.000| 4.000]
[BINS(c->s)..: 11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1]

6
test/results/flow-info/default/443-git.pcap.out
View File

@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Github][Collaborative][Acceptable][github.com]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Github][Collaborative][Acceptable][github.com]
analyse: [.....1] [ip4][..tcp] [...192.168.1.13][55744] -> [...140.82.114.4][..443] [TLS.Github][Github][Collaborative][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.144| 0.033| 0.053| 2832.982| 3.200]
[PKTLEN......: 52.000| 1476.000| 337.800| 464.400| 215710.400| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.144| 0.033| 0.053| 2832.982| 3.200]
[PKTLEN......: 52.000| 1476.000| 337.800| 464.400| 215710.400| 4.000]
[BINS(c->s)..: 14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0]

6
test/results/flow-info/default/443-opvn.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194]
detected: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][Unknown][VPN][Acceptable]
analyse: [.....1] [ip4][..tcp] [...192.168.1.84][52973] -> [.192.12.192.103][.1194] [OpenVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.161| 0.158| 0.364| 132701.856| 2.700]
[PKTLEN......: 52.000| 1492.000| 260.300| 407.400| 166005.600| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.161| 0.158| 0.364| 132701.856| 2.700]
[PKTLEN......: 52.000| 1492.000| 260.300| 407.400| 166005.600| 3.800]
[BINS(c->s)..: 7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1]

6
test/results/flow-info/default/443-safari.pcap.out
View File

@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe][www.ntop.org]
analyse: [.....1] [ip4][..tcp] [...192.168.1.13][53031] -> [.178.62.197.130][..443] [TLS.ntop][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.696| 0.070| 0.175| 30530.335| 2.600]
[PKTLEN......: 52.000| 1492.000| 384.700| 559.600| 313139.800| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.696| 0.070| 0.175| 30530.335| 2.600]
[PKTLEN......: 52.000| 1492.000| 384.700| 559.600| 313139.800| 3.800]
[BINS(c->s)..: 11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1]

6
test/results/flow-info/default/6in4tunnel.pcap.out
View File

@@ -3,9 +3,9 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26]
analyse: [.....1] [ip4][...41] [....174.3.73.24] -> [.184.105.255.26]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.005| 0.495| 0.455| 206990.442| 4.200]
[PKTLEN......: 92.000| 1897.000| 236.400| 383.000| 146712.700| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.005| 0.495| 0.455| 206990.442| 4.200]
[PKTLEN......: 92.000| 1897.000| 236.400| 383.000| 146712.700| 4.100]
[BINS(c->s)..: 0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0]

18
test/results/flow-info/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
View File

@@ -10,9 +10,9 @@
new: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060]
detected: [.....4] [ip4][..udp] [138.132.169.101][.5060] -> [192.168.100.219][.5060] [SIP][Unknown][VoIP][Acceptable]
analyse: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.370| 1.692| 2.031| 4125948.903| 3.700]
[PKTLEN......: 73.000| 400.000| 154.800| 98.900| 9786.300| 4.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.370| 1.692| 2.031| 4125948.903| 3.700]
[PKTLEN......: 73.000| 400.000| 154.800| 98.900| 9786.300| 4.700]
[BINS(c->s)..: 0,15,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,0,7,0,0,0,7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1]
@@ -22,9 +22,9 @@
new: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756]
detected: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Unknown][Media][Acceptable]
analyse: [.....5] [ip4][..udp] [...10.35.60.100][15580] -> [.....10.23.1.52][16756] [RTP][Unknown][Media][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.040| 0.020| 0.005| 23.656| 4.900]
[PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.040| 0.020| 0.005| 23.656| 4.900]
[PKTLEN......: 200.000| 200.000| 200.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -33,9 +33,9 @@
[ENTROPIES...: 1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,1.7,2.4,2.4,2.4,2.5,2.4,2.5,2.5,2.5,2.5,2.5,2.4,2.4,2.4,2.4,2.5,2.5,2.5,2.5,2.4,2.4,2.5]
update: [.....1] [ip4][..udp] [....10.35.40.22][.2944] -> [.....10.23.1.42][.2944] [Megaco][Unknown][VoIP][Acceptable]
analyse: [.....3] [ip4][..udp] [....10.35.40.25][.5060] -> [...10.35.40.200][.5060] [SIP][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 27.628| 2.809| 6.896| 47549159.309| 2.500]
[PKTLEN......: 290.000| 909.000| 591.300| 211.900| 44888.200| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 27.628| 2.809| 6.896| 47549159.309| 2.500]
[PKTLEN......: 290.000| 909.000| 591.300| 211.900| 44888.200| 4.900]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,2,4,2,0,0,0,0,0,0,0,0,0,2,0,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,2,0,2,0,0,4,2,0,2,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,1,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,1,1,1,1,0,0,0,0]

18
test/results/flow-info/default/KakaoTalk_chat.pcap.out
View File

@@ -103,9 +103,9 @@
detected: [....30] [ip4][..tcp] [...10.24.82.188][58927] -> [.54.255.253.199][.5223] [TLS][AmazonAWS][Web][Safe]
RISK: Known Proto on Non Std Port
analyse: [....26] [ip4][..tcp] [...10.24.82.188][43581] -> [....31.13.68.70][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.174| 0.038| 0.043| 1891.518| 4.000]
[PKTLEN......: 40.000| 1320.000| 256.100| 386.900| 149674.200| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.174| 0.038| 0.043| 1891.518| 4.000]
[PKTLEN......: 40.000| 1320.000| 256.100| 386.900| 149674.200| 3.800]
[BINS(c->s)..: 10,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,3,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1]
@@ -119,9 +119,9 @@
detected: [....33] [ip4][..tcp] [...10.24.82.188][45213] -> [....31.13.68.84][..443] [TLS][Facebook][Web][Safe][]
RISK: Obsolete TLS (v1.1 or older)
analyse: [....15] [ip4][..tcp] [...10.24.82.188][35503] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 3.803| 0.501| 0.832| 692202.045| 3.700]
[PKTLEN......: 40.000| 1320.000| 209.000| 352.300| 124085.100| 3.700]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 3.803| 0.501| 0.832| 692202.045| 3.700]
[PKTLEN......: 40.000| 1320.000| 209.000| 352.300| 124085.100| 3.700]
[BINS(c->s)..: 11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0]
@@ -148,9 +148,9 @@
new: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM]
detected: [....37] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS][Google][Web][Safe]
analyse: [....34] [ip4][..tcp] [...10.24.82.188][35511] -> [...173.252.97.2][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 27.031| 1.853| 6.601| 43576507.498| 1.500]
[PKTLEN......: 40.000| 1320.000| 198.800| 348.100| 121165.000| 3.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 27.031| 1.853| 6.601| 43576507.498| 1.500]
[PKTLEN......: 40.000| 1320.000| 198.800| 348.100| 121165.000| 3.700]
[BINS(c->s)..: 10,0,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,0,1,1]

24
test/results/flow-info/default/KakaoTalk_talk.pcap.out
View File

@@ -31,9 +31,9 @@
new: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046]
detected: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Unknown][Media][Acceptable]
analyse: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Unknown][Media][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.389| 0.067| 0.073| 5302.569| 4.200]
[PKTLEN......: 83.000| 176.000| 87.200| 16.700| 278.800| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.389| 0.067| 0.073| 5302.569| 4.200]
[PKTLEN......: 83.000| 176.000| 87.200| 16.700| 278.800| 5.000]
[BINS(c->s)..: 0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,9,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1]
@@ -41,9 +41,9 @@
[PKTLENS.....: 84,83,83,83,83,83,83,83,107,83,83,176,99,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83]
[ENTROPIES...: 6.0,5.9,5.8,5.8,5.9,5.8,5.9,5.9,6.2,6.0,5.8,6.7,6.2,5.9,5.9,5.9,5.8,6.0,5.9,5.9,5.9,5.9,6.0,5.9,5.8,6.0,6.0,5.9,6.0,5.9,5.9,6.0]
analyse: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Unknown][Media][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 0.144| 0.063| 0.038| 1440.325| 4.700]
[PKTLEN......: 83.000| 176.000| 90.600| 20.800| 434.500| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 0.144| 0.063| 0.038| 1440.325| 4.700]
[PKTLEN......: 83.000| 176.000| 90.600| 20.800| 434.500| 5.000]
[BINS(c->s)..: 0,13,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,1,0,0,0,1]
@@ -55,9 +55,9 @@
new: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [MIDSTREAM]
new: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [MIDSTREAM]
analyse: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Unknown][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 20.337| 1.801| 4.155| 17264411.673| 2.900]
[PKTLEN......: 52.000| 904.000| 225.500| 230.000| 52885.800| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 20.337| 1.801| 4.155| 17264411.673| 2.900]
[PKTLEN......: 52.000| 904.000| 225.500| 230.000| 52885.800| 4.400]
[BINS(c->s)..: 8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,0,0,1,1,0,0]
@@ -65,9 +65,9 @@
[PKTLENS.....: 60,60,52,194,52,904,52,378,286,798,558,52,766,52,222,350,52,52,222,52,238,52,222,52,350,52,222,222,52,64,238,238]
[ENTROPIES...: 4.7,5.2,5.2,5.3,5.1,7.4,5.1,7.2,7.1,7.7,7.6,5.1,7.7,5.1,7.0,7.3,5.2,5.1,7.0,5.2,7.0,5.1,6.9,5.1,7.3,5.2,6.9,6.9,5.1,5.1,7.1,7.1]
analyse: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Unknown][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 21.237| 2.444| 5.342| 28541506.814| 2.900]
[PKTLEN......: 52.000| 904.000| 251.100| 266.400| 70953.500| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 21.237| 2.444| 5.342| 28541506.814| 2.900]
[PKTLEN......: 52.000| 904.000| 251.100| 266.400| 70953.500| 4.300]
[BINS(c->s)..: 9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,1]

6
test/results/flow-info/default/Oscar.pcap.out
View File

@@ -3,9 +3,9 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443]
analyse: [.....1] [ip4][..tcp] [.....10.30.29.3][63357] -> [.178.237.24.249][..443]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 58.215| 3.883| 14.268| 203566836.875| 1.300]
[PKTLEN......: 40.000| 1400.000| 172.500| 263.300| 69345.600| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 58.215| 3.883| 14.268| 203566836.875| 1.300]
[PKTLEN......: 40.000| 1400.000| 172.500| 263.300| 69345.600| 4.000]
[BINS(c->s)..: 11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0]

114
test/results/flow-info/default/WebattackXSS.pcap.out
View File

@@ -14,9 +14,9 @@
new: [.....7] [ip4][..tcp] [.....172.16.0.1][52220] -> [..192.168.10.50][...80]
new: [.....8] [ip4][..tcp] [.....172.16.0.1][52222] -> [..192.168.10.50][...80]
analyse: [.....5] [ip4][..tcp] [.....172.16.0.1][52200] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.805| 0.259| 0.699| 488344.093| 2.400]
[PKTLEN......: 52.000| 7978.000| 572.000| 1374.100| 1888110.000| 3.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.805| 0.259| 0.699| 488344.093| 2.400]
[PKTLEN......: 52.000| 7978.000| 572.000| 1374.100| 1888110.000| 3.400]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1]
@@ -30,9 +30,9 @@
new: [....11] [ip4][..tcp] [.....172.16.0.1][52318] -> [..192.168.10.50][...80]
new: [....12] [ip4][..tcp] [.....172.16.0.1][52320] -> [..192.168.10.50][...80]
analyse: [.....9] [ip4][..tcp] [.....172.16.0.1][52298] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.856| 0.080| 0.207| 42651.251| 2.700]
[PKTLEN......: 52.000| 4396.000| 613.000| 1050.300| 1103191.500| 3.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.856| 0.080| 0.207| 42651.251| 2.700]
[PKTLEN......: 52.000| 4396.000| 613.000| 1050.300| 1103191.500| 3.700]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0]
@@ -80,9 +80,9 @@
new: [....45] [ip4][..tcp] [.....172.16.0.1][52978] -> [..192.168.10.50][...80]
new: [....46] [ip4][..tcp] [.....172.16.0.1][53004] -> [..192.168.10.50][...80]
analyse: [....41] [ip4][..tcp] [.....172.16.0.1][52910] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.809| 0.610| 0.941| 885441.823| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.809| 0.610| 0.941| 885441.823| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -146,9 +146,9 @@
new: [....83] [ip4][..tcp] [.....172.16.0.1][53678] -> [..192.168.10.50][...80]
new: [....84] [ip4][..tcp] [.....172.16.0.1][53692] -> [..192.168.10.50][...80]
analyse: [....78] [ip4][..tcp] [.....172.16.0.1][53584] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.899| 0.653| 1.186| 1406566.662| 3.500]
[PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.899| 0.653| 1.186| 1406566.662| 3.500]
[PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -271,9 +271,9 @@
end: [....48] [ip4][..tcp] [.....172.16.0.1][53032] -> [..192.168.10.50][...80]
new: [...119] [ip4][..tcp] [.....172.16.0.1][54362] -> [..192.168.10.50][...80]
analyse: [...114] [ip4][..tcp] [.....172.16.0.1][54268] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.827| 0.609| 0.943| 889903.972| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570947.800| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.827| 0.609| 0.943| 889903.972| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570947.800| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -391,9 +391,9 @@
new: [...156] [ip4][..tcp] [.....172.16.0.1][55024] -> [..192.168.10.50][...80]
new: [...157] [ip4][..tcp] [.....172.16.0.1][55038] -> [..192.168.10.50][...80]
analyse: [...152] [ip4][..tcp] [.....172.16.0.1][54956] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.643| 0.568| 0.904| 816455.025| 3.600]
[PKTLEN......: 52.000| 1921.000| 713.700| 750.800| 563712.500| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.643| 0.568| 0.904| 816455.025| 3.600]
[PKTLEN......: 52.000| 1921.000| 713.700| 750.800| 563712.500| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -507,9 +507,9 @@
new: [...194] [ip4][..tcp] [.....172.16.0.1][55700] -> [..192.168.10.50][...80]
new: [...195] [ip4][..tcp] [.....172.16.0.1][55726] -> [..192.168.10.50][...80]
analyse: [...190] [ip4][..tcp] [.....172.16.0.1][55632] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.785| 0.602| 0.936| 875951.489| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.900| 755.900| 571323.500| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.785| 0.602| 0.936| 875951.489| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.900| 755.900| 571323.500| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -640,9 +640,9 @@
guessed: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable][]
end: [...158] [ip4][..tcp] [.....172.16.0.1][55064] -> [..192.168.10.50][...80]
analyse: [...227] [ip4][..tcp] [.....172.16.0.1][56306] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.805| 0.635| 1.170| 1368332.173| 3.400]
[PKTLEN......: 52.000| 1920.000| 695.600| 708.000| 501313.900| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.805| 0.635| 1.170| 1368332.173| 3.400]
[PKTLEN......: 52.000| 1920.000| 695.600| 708.000| 501313.900| 4.200]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,7]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,0,1]
@@ -763,9 +763,9 @@
new: [...270] [ip4][..tcp] [.....172.16.0.1][57076] -> [..192.168.10.50][...80]
new: [...271] [ip4][..tcp] [.....172.16.0.1][57090] -> [..192.168.10.50][...80]
analyse: [...265] [ip4][..tcp] [.....172.16.0.1][56994] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.819| 0.606| 0.944| 891595.915| 3.700]
[PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.819| 0.606| 0.944| 891595.915| 3.700]
[PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -885,9 +885,9 @@
new: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80]
new: [...309] [ip4][..tcp] [.....172.16.0.1][57778] -> [..192.168.10.50][...80]
analyse: [...304] [ip4][..tcp] [.....172.16.0.1][57684] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.536| 0.567| 0.877| 769788.412| 3.700]
[PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.536| 0.567| 0.877| 769788.412| 3.700]
[PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.500| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1021,9 +1021,9 @@
guessed: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable][]
end: [...272] [ip4][..tcp] [.....172.16.0.1][57116] -> [..192.168.10.50][...80]
analyse: [...342] [ip4][..tcp] [.....172.16.0.1][58360] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.810| 0.603| 0.941| 884966.883| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571097.900| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.810| 0.603| 0.941| 884966.883| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571097.900| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1143,9 +1143,9 @@
end: [...308] [ip4][..tcp] [.....172.16.0.1][57752] -> [..192.168.10.50][...80]
new: [...385] [ip4][..tcp] [.....172.16.0.1][59124] -> [..192.168.10.50][...80]
analyse: [...380] [ip4][..tcp] [.....172.16.0.1][59042] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.823| 0.637| 1.173| 1374936.236| 3.400]
[PKTLEN......: 52.000| 1921.000| 695.600| 759.800| 577334.100| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.823| 0.637| 1.173| 1374936.236| 3.400]
[PKTLEN......: 52.000| 1921.000| 695.600| 759.800| 577334.100| 4.100]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0]
@@ -1268,9 +1268,9 @@
new: [...423] [ip4][..tcp] [.....172.16.0.1][59812] -> [..192.168.10.50][...80]
new: [...424] [ip4][..tcp] [.....172.16.0.1][59826] -> [..192.168.10.50][...80]
analyse: [...419] [ip4][..tcp] [.....172.16.0.1][59732] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.767| 0.604| 0.933| 871184.138| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.767| 0.604| 0.933| 871184.138| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.700| 571022.900| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1407,9 +1407,9 @@
end: [...389] [ip4][..tcp] [.....172.16.0.1][59192] -> [..192.168.10.50][...80]
new: [...463] [ip4][..tcp] [.....172.16.0.1][60558] -> [..192.168.10.50][...80]
analyse: [...458] [ip4][..tcp] [.....172.16.0.1][60464] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.582| 0.571| 0.887| 786468.045| 3.700]
[PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.600| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.582| 0.571| 0.887| 786468.045| 3.700]
[PKTLEN......: 52.000| 1920.000| 713.700| 750.900| 563862.600| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1527,9 +1527,9 @@
new: [...500] [ip4][..tcp] [.....172.16.0.1][32988] -> [..192.168.10.50][...80]
new: [...501] [ip4][..tcp] [.....172.16.0.1][33002] -> [..192.168.10.50][...80]
analyse: [...495] [ip4][..tcp] [.....172.16.0.1][32906] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.862| 0.614| 0.953| 908128.223| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570948.000| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.862| 0.614| 0.953| 908128.223| 3.700]
[PKTLEN......: 52.000| 1921.000| 716.800| 755.600| 570948.000| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1651,9 +1651,9 @@
new: [...536] [ip4][..tcp] [.....172.16.0.1][33648] -> [..192.168.10.50][...80]
new: [...537] [ip4][..tcp] [.....172.16.0.1][33674] -> [..192.168.10.50][...80]
analyse: [...532] [ip4][..tcp] [.....172.16.0.1][33580] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.841| 0.651| 1.171| 1372280.717| 3.500]
[PKTLEN......: 52.000| 1921.000| 713.800| 751.000| 564013.300| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.841| 0.651| 1.171| 1372280.717| 3.500]
[PKTLEN......: 52.000| 1921.000| 713.800| 751.000| 564013.300| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -1769,9 +1769,9 @@
new: [...572] [ip4][..tcp] [.....172.16.0.1][34332] -> [..192.168.10.50][...80]
new: [...573] [ip4][..tcp] [.....172.16.0.1][34346] -> [..192.168.10.50][...80]
analyse: [...569] [ip4][..tcp] [.....172.16.0.1][34278] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.588| 0.498| 0.689| 474371.129| 3.700]
[PKTLEN......: 52.000| 1920.000| 704.700| 762.800| 581830.000| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.588| 0.498| 0.689| 474371.129| 3.700]
[PKTLEN......: 52.000| 1920.000| 704.700| 762.800| 581830.000| 4.100]
[BINS(c->s)..: 12,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,1,0]
@@ -1904,9 +1904,9 @@
new: [...611] [ip4][..tcp] [.....172.16.0.1][35034] -> [..192.168.10.50][...80]
new: [...612] [ip4][..tcp] [.....172.16.0.1][35048] -> [..192.168.10.50][...80]
analyse: [...606] [ip4][..tcp] [.....172.16.0.1][34940] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.897| 0.655| 1.187| 1408178.323| 3.500]
[PKTLEN......: 52.000| 1920.000| 713.800| 751.000| 564013.200| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.897| 0.655| 1.187| 1408178.323| 3.500]
[PKTLEN......: 52.000| 1920.000| 713.800| 751.000| 564013.200| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]
@@ -2021,9 +2021,9 @@
new: [...648] [ip4][..tcp] [.....172.16.0.1][35696] -> [..192.168.10.50][...80]
new: [...649] [ip4][..tcp] [.....172.16.0.1][35722] -> [..192.168.10.50][...80]
analyse: [...643] [ip4][..tcp] [.....172.16.0.1][35626] -> [..192.168.10.50][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.954| 0.620| 0.972| 945707.024| 3.700]
[PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.954| 0.620| 0.972| 945707.024| 3.700]
[PKTLEN......: 52.000| 1920.000| 716.700| 755.500| 570797.200| 4.200]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0]

138
test/results/flow-info/default/alexa-app.pcapng.out
View File

@@ -122,9 +122,9 @@
detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
detection-update: [....38] [ip4][..tcp] [..172.16.42.216][54412] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
analyse: [....37] [ip4][..tcp] [..172.16.42.216][54411] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.091| 0.022| 0.031| 964.249| 3.600]
[PKTLEN......: 52.000| 1500.000| 580.300| 637.000| 405792.100| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.091| 0.022| 0.031| 964.249| 3.600]
[PKTLEN......: 52.000| 1500.000| 580.300| 637.000| 405792.100| 4.100]
[BINS(c->s)..: 11,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,1,1,1,1,1,0,0,0]
@@ -138,9 +138,9 @@
detected: [....40] [ip4][..udp] [..172.16.42.216][43350] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
ERROR-EVENT: Unknown packet type [1/16]
analyse: [....28] [ip4][..tcp] [..172.16.42.216][45661] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.016| 0.161| 0.286| 81844.249| 3.400]
[PKTLEN......: 40.000| 1500.000| 366.200| 485.100| 235358.500| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.016| 0.161| 0.286| 81844.249| 3.400]
[PKTLEN......: 40.000| 1500.000| 366.200| 485.100| 235358.500| 3.900]
[BINS(c->s)..: 12,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0]
@@ -185,9 +185,9 @@
detection-update: [....45] [ip4][..tcp] [..172.16.42.216][49589] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
RISK: Error Code
analyse: [....42] [ip4][..tcp] [..172.16.42.216][42130] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.836| 0.167| 0.244| 59552.047| 3.700]
[PKTLEN......: 40.000| 1500.000| 387.000| 534.600| 285800.000| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.836| 0.167| 0.244| 59552.047| 3.700]
[PKTLEN......: 40.000| 1500.000| 387.000| 534.600| 285800.000| 3.900]
[BINS(c->s)..: 10,0,0,1,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,0,0,1,1,0,0,1,0]
@@ -216,9 +216,9 @@
detection-update: [....54] [ip4][..tcp] [..172.16.42.216][54427] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][www.amazon.com]
detection-update: [....55] [ip4][..tcp] [..172.16.42.216][42143] -> [..72.21.206.135][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
analyse: [....52] [ip4][..tcp] [..172.16.42.216][34034] -> [..54.239.24.186][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.352| 0.044| 0.079| 6215.196| 3.500]
[PKTLEN......: 40.000| 1500.000| 643.200| 676.900| 458225.800| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.352| 0.044| 0.079| 6215.196| 3.500]
[PKTLEN......: 40.000| 1500.000| 643.200| 676.900| 458225.800| 4.100]
[BINS(c->s)..: 4,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,11,0,0]
[BINS(s->c)..: 11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,0]
@@ -266,9 +266,9 @@
detection-update: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][api.amazon.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....63] [ip4][..tcp] [..172.16.42.216][54434] -> [..52.85.209.216][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.897| 0.237| 0.560| 313730.662| 2.800]
[PKTLEN......: 52.000| 1500.000| 603.100| 665.400| 442821.700| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.897| 0.237| 0.560| 313730.662| 2.800]
[PKTLEN......: 52.000| 1500.000| 603.100| 665.400| 442821.700| 4.100]
[BINS(c->s)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0]
[BINS(s->c)..: 7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1]
@@ -276,9 +276,9 @@
[PKTLENS.....: 60,60,52,569,52,208,52,103,1500,1500,125,1500,1500,1481,52,52,52,52,1500,1500,1209,1209,1500,1500,1500,52,64,64,64,64,52,52]
[ENTROPIES...: 4.7,5.3,5.0,6.1,5.0,6.6,5.1,5.6,7.9,7.9,6.4,7.9,7.9,7.9,5.0,5.0,5.0,4.9,7.9,7.9,7.8,7.8,7.9,7.9,7.9,4.9,5.0,5.1,5.1,5.1,5.1,5.0]
analyse: [....65] [ip4][..tcp] [..172.16.42.216][41691] -> [..54.239.29.146][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.486| 0.102| 0.138| 19130.661| 3.700]
[PKTLEN......: 40.000| 1500.000| 686.300| 682.000| 465082.800| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.486| 0.102| 0.138| 19130.661| 3.700]
[PKTLEN......: 40.000| 1500.000| 686.300| 682.000| 465082.800| 4.200]
[BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 6,1,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -384,9 +384,9 @@
detected: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][pitangui.amazon.com]
detected: [....93] [ip4][..tcp] [..172.16.42.216][49630] -> [..52.94.232.134][...80] [HTTP.AmazonAlexa][AmazonAWS][VirtAssistant][Acceptable][alexa.amazon.com]
analyse: [....80] [ip4][..tcp] [..172.16.42.216][45703] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.570| 0.289| 0.417| 173871.694| 3.700]
[PKTLEN......: 40.000| 1500.000| 371.100| 516.000| 266233.000| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.570| 0.289| 0.417| 173871.694| 3.700]
[PKTLEN......: 40.000| 1500.000| 371.100| 516.000| 266233.000| 3.900]
[BINS(c->s)..: 8,1,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0]
@@ -411,9 +411,9 @@
new: [....97] [ip4][..tcp] [..172.16.42.216][41821] -> [...54.231.72.88][..443]
detected: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
analyse: [....87] [ip4][..tcp] [..172.16.42.216][45710] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.192| 0.160| 0.282| 79548.359| 3.500]
[PKTLEN......: 40.000| 1500.000| 343.000| 486.700| 236894.100| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.192| 0.160| 0.282| 79548.359| 3.500]
[PKTLEN......: 40.000| 1500.000| 343.000| 486.700| 236894.100| 3.900]
[BINS(c->s)..: 4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[BINS(s->c)..: 10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1]
@@ -423,9 +423,9 @@
detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
detection-update: [....96] [ip4][..tcp] [..172.16.42.216][41820] -> [...54.231.72.88][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable][s3-external-2.amazonaws.com]
analyse: [....89] [ip4][..tcp] [..172.16.42.216][45712] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.080| 0.209| 0.303| 92031.574| 3.700]
[PKTLEN......: 40.000| 1500.000| 360.500| 516.500| 266795.300| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.080| 0.209| 0.303| 92031.574| 3.700]
[PKTLEN......: 40.000| 1500.000| 360.500| 516.500| 266795.300| 3.800]
[BINS(c->s)..: 7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1]
@@ -477,9 +477,9 @@
detection-update: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][skills-store.amazon.com]
RISK: Weak TLS Cipher
analyse: [...107] [ip4][..tcp] [..172.16.42.216][40856] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.326| 0.037| 0.075| 5555.152| 3.000]
[PKTLEN......: 40.000| 1500.000| 545.400| 489.800| 239933.900| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.326| 0.037| 0.075| 5555.152| 3.000]
[PKTLEN......: 40.000| 1500.000| 545.400| 489.800| 239933.900| 4.400]
[BINS(c->s)..: 7,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,1]
@@ -487,9 +487,9 @@
[PKTLENS.....: 60,48,40,251,1500,1275,40,40,366,46,99,1500,270,46,1021,589,589,589,40,40,1500,1500,741,1101,589,589,589,589,589,589,40,589]
[ENTROPIES...: 4.6,5.2,4.8,5.6,7.3,7.3,4.9,4.9,7.3,4.6,6.1,7.9,7.2,4.6,7.8,7.7,7.6,7.6,4.9,4.8,7.9,7.9,7.7,7.8,7.6,7.6,7.7,7.6,7.6,7.6,4.9,7.7]
analyse: [...105] [ip4][..tcp] [..172.16.42.216][40854] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.933| 0.089| 0.198| 39194.591| 3.000]
[PKTLEN......: 40.000| 1500.000| 450.100| 541.500| 293230.800| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.933| 0.089| 0.198| 39194.591| 3.000]
[PKTLEN......: 40.000| 1500.000| 450.100| 541.500| 293230.800| 4.000]
[BINS(c->s)..: 11,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[BINS(s->c)..: 4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0]
@@ -497,9 +497,9 @@
[PKTLENS.....: 60,48,40,251,1500,1275,40,40,366,46,99,40,1500,254,46,1500,1500,46,1021,589,589,589,589,589,1469,77,40,40,40,40,40,40]
[ENTROPIES...: 4.7,5.2,4.8,5.6,7.2,7.3,4.8,4.8,7.3,4.7,6.1,4.9,7.9,7.2,4.5,7.9,7.9,4.7,7.8,7.6,7.7,7.7,7.6,7.6,7.9,5.7,4.8,4.8,4.9,4.8,4.9,4.9]
analyse: [....88] [ip4][..tcp] [..172.16.42.216][45711] -> [..52.94.232.134][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 9.247| 1.357| 2.197| 4827473.510| 3.500]
[PKTLEN......: 40.000| 1500.000| 425.800| 556.200| 309356.400| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 9.247| 1.357| 2.197| 4827473.510| 3.500]
[PKTLEN......: 40.000| 1500.000| 425.800| 556.200| 309356.400| 3.900]
[BINS(c->s)..: 9,1,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1]
@@ -507,9 +507,9 @@
[PKTLENS.....: 60,60,48,48,40,40,279,279,279,125,93,40,40,99,46,1500,1118,1500,1500,1500,46,1118,46,941,40,1500,222,46,845,40,40,46]
[ENTROPIES...: 4.7,4.7,5.2,5.1,4.9,4.9,5.8,5.8,5.8,6.0,5.9,4.7,4.8,6.0,4.6,7.9,7.8,7.9,7.9,7.9,4.6,7.8,4.6,7.8,4.7,7.9,6.9,4.7,7.7,4.9,4.9,4.5]
analyse: [....99] [ip4][..tcp] [..172.16.42.216][44001] -> [..176.32.101.52][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 19.096| 0.770| 3.358| 11273140.961| 1.400]
[PKTLEN......: 40.000| 1500.000| 267.500| 412.900| 170449.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 19.096| 0.770| 3.358| 11273140.961| 1.400]
[PKTLEN......: 40.000| 1500.000| 267.500| 412.900| 170449.200| 3.900]
[BINS(c->s)..: 7,0,1,1,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 8,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,0,0]
@@ -578,9 +578,9 @@
detected: [...121] [ip4][..tcp] [..172.16.42.216][51987] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
detected: [...124] [ip4][..tcp] [..172.16.42.216][51990] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
analyse: [...120] [ip4][..tcp] [..172.16.42.216][51986] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.295| 0.052| 0.098| 9533.209| 3.000]
[PKTLEN......: 52.000| 1500.000| 597.000| 635.800| 404189.900| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.295| 0.052| 0.098| 9533.209| 3.000]
[PKTLEN......: 52.000| 1500.000| 597.000| 635.800| 404189.900| 4.100]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0]
@@ -592,9 +592,9 @@
detection-update: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][skills-store.amazon.com]
RISK: Weak TLS Cipher
analyse: [...125] [ip4][..tcp] [..172.16.42.216][40871] -> [..54.239.29.253][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.107| 0.141| 0.257| 65864.266| 3.200]
[PKTLEN......: 40.000| 1500.000| 430.000| 555.400| 308431.600| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.107| 0.141| 0.257| 65864.266| 3.200]
[PKTLEN......: 40.000| 1500.000| 430.000| 555.400| 308431.600| 4.000]
[BINS(c->s)..: 7,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[BINS(s->c)..: 6,2,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1]
@@ -614,9 +614,9 @@
detected: [...130] [ip4][..tcp] [..172.16.42.216][51996] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
detected: [...131] [ip4][..tcp] [..172.16.42.216][51997] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable][ecx.images-amazon.com]
analyse: [...129] [ip4][..tcp] [..172.16.42.216][51995] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.179| 0.023| 0.044| 1924.322| 3.100]
[PKTLEN......: 52.000| 1500.000| 743.400| 681.300| 464196.800| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.179| 0.023| 0.044| 1924.322| 3.100]
[PKTLEN......: 52.000| 1500.000| 743.400| 681.300| 464196.800| 4.300]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0]
@@ -640,9 +640,9 @@
update: [....19] [ip4][..udp] [..172.16.42.216][.7358] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable]
update: [....17] [ip4][..udp] [..172.16.42.216][19967] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable]
analyse: [...126] [ip4][..tcp] [..172.16.42.216][51992] -> [....52.84.63.56][...80] [HTTP.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.511| 0.042| 0.110| 12114.281| 2.500]
[PKTLEN......: 52.000| 1500.000| 679.600| 671.900| 451493.000| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.511| 0.042| 0.110| 12114.281| 2.500]
[PKTLEN......: 52.000| 1500.000| 679.600| 671.900| 451493.000| 4.200]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1]
@@ -660,9 +660,9 @@
idle: [.....2] [ip6][icmp6] [.....................................::] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable]
idle: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffd3:fbc2] [ICMPV6][Unknown][Network][Acceptable]
analyse: [....16] [ip4][..tcp] [..172.16.42.216][55242] -> [..52.85.209.197][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 120.003| 3.968| 21.185| 448816230.695| 0.300]
[PKTLEN......: 52.000| 1500.000| 436.500| 570.000| 324877.800| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 120.003| 3.968| 21.185| 448816230.695| 0.300]
[PKTLEN......: 52.000| 1500.000| 436.500| 570.000| 324877.800| 3.900]
[BINS(c->s)..: 9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0]
[BINS(s->c)..: 7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1]
@@ -783,9 +783,9 @@
detection-update: [...146] [ip4][..udp] [..172.16.42.216][59908] -> [....172.16.42.1][...53] [DNS.AmazonAlexa][Unknown][Network][Acceptable][alexa.amazon.com]
new: [...147] [ip4][..tcp] [..172.16.42.216][38757] -> [..54.239.28.178][..443]
analyse: [...142] [ip4][..tcp] [..172.16.42.216][50799] -> [..54.239.28.178][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 8.001| 0.664| 1.905| 3629965.115| 2.500]
[PKTLEN......: 40.000| 1500.000| 424.700| 584.700| 341856.600| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 8.001| 0.664| 1.905| 3629965.115| 2.500]
[PKTLEN......: 40.000| 1500.000| 424.700| 584.700| 341856.600| 3.800]
[BINS(c->s)..: 9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0]
@@ -816,9 +816,9 @@
detection-update: [...151] [ip4][..tcp] [..172.16.42.216][49067] -> [..216.58.194.78][..443] [TLS.PlayStore][Google][SoftwareUpdate][Safe][android.clients.google.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [...149] [ip4][..tcp] [..172.16.42.216][41828] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.106| 0.022| 0.031| 964.869| 3.600]
[PKTLEN......: 52.000| 1500.000| 525.800| 600.400| 360465.600| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.106| 0.022| 0.031| 964.869| 3.600]
[PKTLEN......: 52.000| 1500.000| 525.800| 600.400| 360465.600| 4.100]
[BINS(c->s)..: 9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0]
@@ -880,9 +880,9 @@
detection-update: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [...157] [ip4][..tcp] [..172.16.42.216][38483] -> [..52.85.209.143][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.241| 0.031| 0.057| 3274.655| 3.400]
[PKTLEN......: 52.000| 1500.000| 620.400| 578.400| 334504.200| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.241| 0.031| 0.057| 3274.655| 3.400]
[PKTLEN......: 52.000| 1500.000| 620.400| 578.400| 334504.200| 4.300]
[BINS(c->s)..: 6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -892,9 +892,9 @@
new: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53]
detected: [...158] [ip4][..udp] [..172.16.42.216][.2707] -> [....172.16.42.1][...53] [DNS.Amazon][Unknown][Network][Acceptable][fls-na.amazon.com]
analyse: [...155] [ip4][..tcp] [..172.16.42.216][41914] -> [...52.84.62.115][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.264| 0.057| 0.086| 7393.244| 3.600]
[PKTLEN......: 52.000| 1500.000| 532.200| 595.200| 354289.100| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.264| 0.057| 0.086| 7393.244| 3.600]
[PKTLEN......: 52.000| 1500.000| 532.200| 595.200| 354289.100| 4.100]
[BINS(c->s)..: 12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0]
@@ -907,9 +907,9 @@
detected: [...159] [ip4][..tcp] [..172.16.42.216][47605] -> [..72.21.206.121][..443] [TLS.Amazon][AmazonAWS][Web][Acceptable][fls-na.amazon.com]
new: [...160] [ip4][..tcp] [..172.16.42.216][47606] -> [..72.21.206.121][..443]
analyse: [...145] [ip4][..tcp] [..172.16.42.216][44912] -> [...54.239.23.94][..443] [TLS.AmazonAWS][AmazonAWS][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 7.471| 0.614| 1.478| 2183643.136| 2.800]
[PKTLEN......: 40.000| 1500.000| 526.200| 637.500| 406420.100| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 7.471| 0.614| 1.478| 2183643.136| 2.800]
[PKTLEN......: 40.000| 1500.000| 526.200| 637.500| 406420.100| 3.900]
[BINS(c->s)..: 8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1]

6
test/results/flow-info/default/amqp.pcap.out
View File

@@ -8,9 +8,9 @@
detected: [.....3] [ip4][..tcp] [......127.0.0.1][44206] -> [......127.0.1.1][.5672] [AMQP][Unknown][RPC][Acceptable]
detected: [.....2] [ip4][..tcp] [......127.0.1.1][.5672] -> [......127.0.0.1][44204] [AMQP][Unknown][RPC][Acceptable]
analyse: [.....1] [ip4][..tcp] [......127.0.0.1][44205] -> [......127.0.1.1][.5672] [AMQP][Unknown][RPC][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.002| 0.224| 0.537| 287986.745| 2.400]
[PKTLEN......: 52.000| 381.000| 118.000| 99.500| 9895.700| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.002| 0.224| 0.537| 287986.745| 2.400]
[PKTLEN......: 52.000| 381.000| 118.000| 99.500| 9895.700| 4.600]
[BINS(c->s)..: 0,6,0,5,0,0,1,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

6
test/results/flow-info/default/android.pcap.out
View File

@@ -172,9 +172,9 @@
detected: [....60] [ip4][..udp] [...192.168.2.16][39760] -> [....192.168.2.1][...53] [DNS.GoogleServices][Unknown][Network][Acceptable][android.googleapis.com]
detected: [....58] [ip4][..tcp] [...192.168.2.16][43646] -> [..172.217.20.76][..443] [TLS.DataSaver][Google][Web][Fun][proxy.googlezip.net]
analyse: [....42] [ip4][..tcp] [...192.168.2.16][32996] -> [.216.239.38.120][..443] [TLS.Google][Google][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.405| 0.048| 0.104| 10866.215| 3.000]
[PKTLEN......: 52.000| 1470.000| 416.500| 552.700| 305506.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.405| 0.048| 0.104| 10866.215| 3.000]
[PKTLEN......: 52.000| 1470.000| 416.500| 552.700| 305506.200| 3.900]
[BINS(c->s)..: 13,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,5,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,0]

18
test/results/flow-info/default/anyconnect-vpn.pcap.out
View File

@@ -44,9 +44,9 @@
detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][]
RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.072| 0.021| 0.022| 465.190| 4.000]
[PKTLEN......: 52.000| 1500.000| 490.700| 597.200| 356597.600| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.072| 0.021| 0.022| 465.190| 4.000]
[PKTLEN......: 52.000| 1500.000| 490.700| 597.200| 356597.600| 4.000]
[BINS(c->s)..: 11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 6,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,0,0,0]
@@ -119,9 +119,9 @@
detection-update: [....36] [ip4][..udp] [.....10.0.0.227][57017] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable][lp-rkerur-osx.hsd1.ca.comcast.net]
RISK: Error Code
analyse: [....30] [ip4][..tcp] [.....10.0.0.227][56921] -> [....8.37.96.194][.4287] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.385| 0.079| 0.122| 14784.686| 3.700]
[PKTLEN......: 52.000| 1420.000| 285.000| 416.200| 173206.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.385| 0.079| 0.122| 14784.686| 3.700]
[PKTLEN......: 52.000| 1420.000| 285.000| 416.200| 173206.900| 3.900]
[BINS(c->s)..: 9,2,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1]
@@ -137,9 +137,9 @@
detection-update: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][]
RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.138| 0.023| 0.032| 1035.918| 3.600]
[PKTLEN......: 52.000| 1500.000| 517.300| 619.300| 383541.000| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.138| 0.023| 0.032| 1035.918| 3.600]
[PKTLEN......: 52.000| 1500.000| 517.300| 619.300| 383541.000| 4.000]
[BINS(c->s)..: 12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0]

18
test/results/flow-info/default/anydesk.pcapng.out
View File

@@ -12,9 +12,9 @@
detection-update: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][AnyDesk][RemoteAccess][Acceptable][]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing
analyse: [.....2] [ip4][..tcp] [192.168.149.129][43535] -> [..51.83.238.219][...80] [TLS.AnyDesk][AnyDesk][RemoteAccess][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.603| 0.177| 0.394| 155451.113| 2.800]
[PKTLEN......: 40.000| 1500.000| 392.700| 555.200| 308238.000| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.603| 0.177| 0.394| 155451.113| 2.800]
[PKTLEN......: 40.000| 1500.000| 392.700| 555.200| 308238.000| 3.800]
[BINS(c->s)..: 8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1]
@@ -46,9 +46,9 @@
detection-update: [.....6] [ip4][..tcp] [..192.168.1.178][52039] -> [..192.168.1.187][.7070] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable][]
RISK: Known Proto on Non Std Port, Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Desktop/File Sharing
analyse: [.....5] [ip4][..tcp] [..192.168.1.187][54164] -> [..192.168.1.178][.7070] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.022| 0.410| 0.826| 682181.919| 2.900]
[PKTLEN......: 40.000| 3966.000| 306.300| 747.400| 558552.100| 3.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.022| 0.410| 0.826| 682181.919| 2.900]
[PKTLEN......: 40.000| 3966.000| 306.300| 747.400| 558552.100| 3.100]
[BINS(c->s)..: 6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1]
[BINS(s->c)..: 11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0]
@@ -65,9 +65,9 @@
detection-update: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable][]
RISK: Missing SNI TLS Extn, Desktop/File Sharing, Uncommon TLS ALPN
analyse: [.....7] [ip4][..tcp] [..192.168.1.128][48260] -> [195.181.174.176][..443] [TLS.AnyDesk][Unknown][RemoteAccess][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 8.445| 0.583| 2.064| 4258557.067| 1.500]
[PKTLEN......: 52.000| 1500.000| 328.900| 495.500| 245485.500| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 8.445| 0.583| 2.064| 4258557.067| 1.500]
[PKTLEN......: 52.000| 1500.000| 328.900| 495.500| 245485.500| 3.800]
[BINS(c->s)..: 8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1]

6
test/results/flow-info/default/bad-dns-traffic.pcap.out
View File

@@ -22,9 +22,9 @@
detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org]
RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name
analyse: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.063| 4.102| 1.074| 0.689| 474850.951| 4.700]
[PKTLEN......: 81.000| 309.000| 115.200| 50.600| 2560.600| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.063| 4.102| 1.074| 0.689| 474850.951| 4.700]
[PKTLEN......: 81.000| 309.000| 115.200| 50.600| 2560.600| 4.900]
[BINS(c->s)..: 0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1]

6
test/results/flow-info/default/bets.pcapng.out
View File

@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com]
detection-update: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com]
analyse: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.047| 0.011| 0.018| 331.618| 3.200]
[PKTLEN......: 52.000| 1420.000| 286.800| 477.200| 227739.300| 3.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.047| 0.011| 0.018| 331.618| 3.200]
[PKTLEN......: 52.000| 1420.000| 286.800| 477.200| 227739.300| 3.600]
[BINS(c->s)..: 12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1]

24
test/results/flow-info/default/bitcoin.pcap.out
View File

@@ -6,9 +6,9 @@
new: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [MIDSTREAM]
detected: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
analyse: [.....2] [ip4][..tcp] [..192.168.1.142][55328] -> [..69.118.54.122][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 141.657| 9.231| 28.185| 794377756.606| 1.900]
[PKTLEN......: 72.000| 1500.000| 1182.700| 570.200| 325114.200| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 141.657| 9.231| 28.185| 794377756.606| 1.900]
[PKTLEN......: 72.000| 1500.000| 1182.700| 570.200| 325114.200| 4.800]
[BINS(c->s)..: 0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -18,9 +18,9 @@
new: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [MIDSTREAM]
detected: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
analyse: [.....3] [ip4][..tcp] [..192.168.1.142][55348] -> [..74.89.181.229][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 100.111| 6.495| 19.445| 378100231.700| 2.000]
[PKTLEN......: 72.000| 1500.000| 1155.300| 597.200| 356626.800| 4.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 100.111| 6.495| 19.445| 378100231.700| 2.000]
[PKTLEN......: 72.000| 1500.000| 1155.300| 597.200| 356626.800| 4.700]
[BINS(c->s)..: 0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -32,9 +32,9 @@
DAEMON-EVENT: [Processed: 214 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
analyse: [.....4] [ip4][..tcp] [..192.168.1.142][55383] -> [....66.68.83.22][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 134.322| 8.966| 25.482| 649325705.167| 2.200]
[PKTLEN......: 72.000| 1500.000| 1075.600| 630.500| 397582.100| 4.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 134.322| 8.966| 25.482| 649325705.167| 2.200]
[PKTLEN......: 72.000| 1500.000| 1075.600| 630.500| 397582.100| 4.700]
[BINS(c->s)..: 0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
[BINS(s->c)..: 1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -44,9 +44,9 @@
new: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [MIDSTREAM]
detected: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
analyse: [.....5] [ip4][..tcp] [..192.168.1.142][55400] -> [.195.218.16.178][.8333] [BITCOIN][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 41.186| 2.780| 7.976| 63609669.419| 2.200]
[PKTLEN......: 72.000| 1500.000| 1106.500| 621.500| 386298.000| 4.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 41.186| 2.780| 7.976| 63609669.419| 2.200]
[PKTLEN......: 72.000| 1500.000| 1106.500| 621.500| 386298.000| 4.700]
[BINS(c->s)..: 0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0]
[BINS(s->c)..: 1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]
[DIRECTIONS..: 0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]

6
test/results/flow-info/default/bittorrent.pcap.out
View File

@@ -64,9 +64,9 @@
detected: [....21] [ip4][..tcp] [....192.168.1.3][52922] -> [..95.237.193.34][11321] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....17] [ip4][..tcp] [....192.168.1.3][52915] -> [..198.100.146.9][60163] [BitTorrent][Unknown][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.012| 0.920| 0.247| 0.229| 52345.696| 4.400]
[PKTLEN......: 66.000| 1492.000| 722.400| 635.200| 403438.900| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.012| 0.920| 0.247| 0.229| 52345.696| 4.400]
[PKTLEN......: 66.000| 1492.000| 722.400| 635.200| 403438.900| 4.400]
[BINS(c->s)..: 5,1,1,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,0,0]
[DIRECTIONS..: 0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,0,1,1,1,1,0,1,1]

6
test/results/flow-info/default/bittorrent_tcp_miss.pcapng.out
View File

@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [.192.168.122.34][48987] -> [...178.71.206.1][.6881] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..tcp] [.192.168.122.34][48987] -> [...178.71.206.1][.6881] [BitTorrent][Unknown][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.065| 0.014| 0.017| 294.673| 3.800]
[PKTLEN......: 40.000| 1480.000| 782.200| 666.400| 444053.700| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.065| 0.014| 0.017| 294.673| 3.800]
[PKTLEN......: 40.000| 1480.000| 782.200| 666.400| 444053.700| 4.400]
[BINS(c->s)..: 8,0,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,0]

6
test/results/flow-info/default/bittorrent_utp.pcap.out
View File

@@ -9,9 +9,9 @@
detection-update: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..udp] [..82.243.113.43][64969] -> [....192.168.1.5][40959] [BitTorrent][Unknown][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 5.430| 0.412| 1.202| 1445669.503| 2.400]
[PKTLEN......: 48.000| 1500.000| 497.200| 600.800| 360942.700| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 5.430| 0.412| 1.202| 1445669.503| 2.400]
[PKTLEN......: 48.000| 1500.000| 497.200| 600.800| 360942.700| 4.000]
[BINS(c->s)..: 3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0]
[BINS(s->c)..: 11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0]

6
test/results/flow-info/default/bot.pcap.out
View File

@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable][atlanteditorino.it]
RISK: Crawler/Bot
analyse: [.....1] [ip4][..tcp] [...40.77.167.36][64768] -> [...89.31.72.220][...80] [HTTP][Azure][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.114| 0.014| 0.036| 1309.010| 2.200]
[PKTLEN......: 46.000| 1480.000| 1086.500| 631.200| 398369.000| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.114| 0.014| 0.036| 1309.010| 2.200]
[PKTLEN......: 46.000| 1480.000| 1086.500| 631.200| 398369.000| 4.600]
[BINS(c->s)..: 6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1]

12
test/results/flow-info/default/capwap.pcap.out
View File

@@ -17,9 +17,9 @@
detected: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable]
update: [.....1] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12379] [CAPWAP][Unknown][Network][Acceptable]
analyse: [.....4] [ip4][..udp] [...192.168.10.9][.5246] -> [..192.168.10.10][12380] [CAPWAP][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.093| 0.703| 2.456| 6029719.372| 1.600]
[PKTLEN......: 92.000| 1485.000| 498.200| 485.400| 235625.000| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.093| 0.703| 2.456| 6029719.372| 1.600]
[PKTLEN......: 92.000| 1485.000| 498.200| 485.400| 235625.000| 4.400]
[BINS(c->s)..: 0,0,5,3,0,0,0,0,0,1,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0]
[BINS(s->c)..: 0,0,1,6,1,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0]
[DIRECTIONS..: 0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,1,0]
@@ -31,9 +31,9 @@
update: [.....2] [ip4][..udp] [..192.168.10.10][49259] -> [255.255.255.255][...53] [DNS][Unknown][Network][Acceptable]
ERROR-EVENT: Unknown packet type [1/16]
analyse: [.....5] [ip4][..udp] [..192.168.10.10][12380] -> [...192.168.10.9][.5247] [CAPWAP][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.500| 4.000| 1.016| 0.875| 765810.835| 4.600]
[PKTLEN......: 108.000| 311.000| 181.400| 58.400| 3415.700| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.500| 4.000| 1.016| 0.875| 765810.835| 4.600]
[PKTLEN......: 108.000| 311.000| 181.400| 58.400| 3415.700| 4.900]
[BINS(c->s)..: 0,0,6,7,2,9,2,5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

12
test/results/flow-info/default/cassandra.pcap.out
View File

@@ -6,9 +6,9 @@
new: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042]
detected: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable]
analyse: [.....1] [ip4][..tcp] [......127.0.0.1][46536] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 26.002| 1.755| 6.369| 40566842.720| 1.300]
[PKTLEN......: 52.000|25200.000| 1937.600| 5902.900| 34844348.000| 2.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 26.002| 1.755| 6.369| 40566842.720| 1.300]
[PKTLEN......: 52.000| 25200.000| 1937.600| 5902.900| 34844348.000| 2.000]
[BINS(c->s)..: 9,2,3,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,2,2,1,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,0]
@@ -16,9 +16,9 @@
[PKTLENS.....: 60,60,52,61,52,113,52,83,61,110,61,153,168,179,11131,52,105,543,373,366,243,52,21802,25200,52,110,52,126,133,125,130,143]
[ENTROPIES...: 4.4,4.8,4.6,4.4,4.6,5.2,4.6,4.9,4.5,5.2,4.5,5.4,4.9,5.4,3.8,4.6,5.3,5.0,5.2,4.8,4.9,4.7,5.2,4.6,4.7,5.4,4.7,5.4,4.9,5.5,5.1,5.3]
analyse: [.....2] [ip4][..tcp] [......127.0.0.1][46537] -> [......127.0.0.1][.9042] [Cassandra][Unknown][Database][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 25.937| 2.293| 6.507| 42345709.961| 2.000]
[PKTLEN......: 52.000|11498.000| 452.300| 1984.700| 3939065.000| 1.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 25.937| 2.293| 6.507| 42345709.961| 2.000]
[PKTLEN......: 52.000| 11498.000| 452.300| 1984.700| 3939065.000| 1.700]
[BINS(c->s)..: 10,2,4,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0]

6
test/results/flow-info/default/check_mk_new.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556]
detected: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][Unknown][DataTransfer][Acceptable]
analyse: [.....1] [ip4][..tcp] [.192.168.100.22][58998] -> [.192.168.100.50][.6556] [CHECKMK][Unknown][DataTransfer][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.002| 0.001| 0.001| 0.660| 4.300]
[PKTLEN......: 52.000| 554.000| 95.500| 116.800| 13650.400| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.002|< 0.001|< 0.001| 0.660| 4.300]
[PKTLEN......: 52.000| 554.000| 95.500| 116.800| 13650.400| 4.400]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

6
test/results/flow-info/default/citrix.pcap.out
View File

@@ -2,9 +2,9 @@
new: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494]
detected: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Unknown][Network][Acceptable]
analyse: [.....1] [ip4][..tcp] [.......21.0.0.8][45225] -> [.......22.0.0.7][.1494] [Citrix][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.056| 0.005| 0.012| 154.959| 2.600]
[PKTLEN......: 50.000| 387.000| 100.300| 63.600| 4041.600| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.056| 0.005| 0.012| 154.959| 2.600]
[PKTLEN......: 50.000| 387.000| 100.300| 63.600| 4041.600| 4.800]
[BINS(c->s)..: 5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0]

48
test/results/flow-info/default/coap_mqtt.pcap.out
View File

@@ -46,9 +46,9 @@
detected: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][Unknown][RPC][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [....11] [ip4][..tcp] [...192.168.56.1][53528] -> [.192.168.56.101][17501] [MQTT][Unknown][RPC][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.439| 0.304| 1.061| 1125807.423| 1.600]
[PKTLEN......: 40.000| 126.000| 62.300| 30.100| 907.000| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.439| 0.304| 1.061| 1125807.423| 1.600]
[PKTLEN......: 40.000| 126.000| 62.300| 30.100| 907.000| 4.900]
[BINS(c->s)..: 11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1]
@@ -56,9 +56,9 @@
[PKTLENS.....: 52,52,46,59,40,44,100,44,55,45,124,46,100,44,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40]
[ENTROPIES...: 4.5,4.8,4.4,5.1,4.6,4.5,5.5,4.6,5.0,4.7,5.7,4.4,5.5,4.6,4.3,5.6,4.5,4.6,5.5,4.7,4.7,5.6,4.4,4.6,4.6,5.5,4.6,4.6,5.6,4.3,4.6,4.7]
analyse: [.....9] [ip4][..tcp] [...192.168.56.1][53522] -> [.192.168.56.101][17501] [MQTT][Unknown][RPC][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 27.506| 1.802| 6.725| 45219399.598| 1.200]
[PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 27.506| 1.802| 6.725| 45219399.598| 1.200]
[PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800]
[BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]
@@ -66,9 +66,9 @@
[PKTLENS.....: 46,42,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46]
[ENTROPIES...: 4.5,4.6,4.3,5.6,4.7,4.6,5.5,4.6,4.7,5.6,4.4,4.7,4.5,5.6,4.6,4.8,5.6,4.4,4.7,4.6,5.5,4.6,4.7,5.6,4.4,4.7,4.6,5.5,4.7,4.8,5.6,4.4]
analyse: [....10] [ip4][..tcp] [...192.168.56.1][53523] -> [.192.168.56.101][17501] [MQTT][Unknown][RPC][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 13.151| 0.876| 3.198| 10225378.656| 1.400]
[PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 13.151| 0.876| 3.198| 10225378.656| 1.400]
[PKTLEN......: 40.000| 126.000| 63.400| 32.800| 1072.600| 4.800]
[BINS(c->s)..: 10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]
@@ -76,9 +76,9 @@
[PKTLENS.....: 46,42,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46]
[ENTROPIES...: 4.4,4.7,4.3,5.6,4.7,4.6,5.5,4.6,4.7,5.6,4.4,4.7,4.6,5.5,4.7,4.8,5.6,4.4,4.7,4.7,5.5,4.7,4.7,5.6,4.4,4.7,4.7,5.5,4.7,4.8,5.6,4.4]
analyse: [....13] [ip4][..tcp] [.192.168.56.101][17501] -> [...192.168.56.1][53524] [MQTT][Unknown][RPC][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.074| 0.031| 0.027| 714.536| 4.300]
[PKTLEN......: 40.000| 126.000| 65.000| 33.200| 1105.200| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.074| 0.031| 0.027| 714.536| 4.300]
[PKTLEN......: 40.000| 126.000| 65.000| 33.200| 1105.200| 4.800]
[BINS(c->s)..: 13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1]
@@ -88,9 +88,9 @@
new: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500]
detected: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [....12] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900]
[PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900]
[PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800]
[BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -100,9 +100,9 @@
new: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500]
detected: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [....14] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900]
[PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900]
[PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900]
[BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -112,9 +112,9 @@
new: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500]
detected: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [....15] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900]
[PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900]
[PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900]
[BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -122,9 +122,9 @@
[PKTLENS.....: 125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49]
[ENTROPIES...: 5.5,5.1,5.6,5.2,5.6,5.0,5.6,5.1,5.7,5.1,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.2,5.6,5.0,5.7,5.2,5.6,5.1,5.6,5.1,5.6,5.2,5.6,5.1,5.6,5.0]
analyse: [....16] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900]
[PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900]
[PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900]
[BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

6
test/results/flow-info/default/collectd.pcap.out
View File

@@ -34,9 +34,9 @@
update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable]
update: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable]
analyse: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.000| 8.710| 3.352| 11236716.577| 4.800]
[PKTLEN......: 1339.000| 1374.000| 1357.600| 10.800| 116.600| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 10.000| 8.710| 3.352| 11236716.577| 4.800]
[PKTLEN......: 1339.000| 1374.000| 1357.600| 10.800| 116.600| 5.000]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,26,4,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

6
test/results/flow-info/default/custom_categories.pcapng.out
View File

@@ -9,9 +9,9 @@
detection-update: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.057| 0.386| 0.141| 0.077| 5894.261| 4.800]
[PKTLEN......: 72.000| 640.000| 135.700| 113.000| 12766.000| 4.700]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.057| 0.386| 0.141| 0.077| 5894.261| 4.800]
[PKTLEN......: 72.000| 640.000| 135.700| 113.000| 12766.000| 4.700]
[BINS(c->s)..: 12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

42
test/results/flow-info/default/dnp3.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000]
detected: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....1] [ip4][..tcp] [.......10.0.0.8][.2789] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 120.146| 4.080| 21.203| 449571977.167| 0.400]
[PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 120.146| 4.080| 21.203| 449571977.167| 0.400]
[PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0]
@@ -18,9 +18,9 @@
new: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000]
detected: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 17.487| 1.644| 4.346| 18887919.796| 2.200]
[PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 17.487| 1.644| 4.346| 18887919.796| 2.200]
[PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1]
@@ -33,9 +33,9 @@
detected: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
end: [.....2] [ip4][..tcp] [.......10.0.0.8][.2803] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 82.989| 2.758| 14.651| 214640269.197| 0.200]
[PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 82.989| 2.758| 14.651| 214640269.197| 0.200]
[PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.800| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0]
@@ -47,9 +47,9 @@
new: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000]
detected: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....4] [ip4][..tcp] [.......10.0.0.9][.1080] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 75.076| 7.136| 19.839| 393587648.889| 1.900]
[PKTLEN......: 46.000| 63.000| 52.700| 5.900| 34.500| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 75.076| 7.136| 19.839| 393587648.889| 1.900]
[PKTLEN......: 46.000| 63.000| 52.700| 5.900| 34.500| 5.000]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1]
@@ -61,9 +61,9 @@
new: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000]
detected: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....5] [ip4][..tcp] [.......10.0.0.8][.1086] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.639| 0.182| 0.626| 391724.270| 1.500]
[PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.100| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.639| 0.182| 0.626| 391724.270| 1.500]
[PKTLEN......: 46.000| 65.000| 52.200| 6.800| 46.100| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0]
@@ -81,9 +81,9 @@
detected: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
idle: [.....3] [ip4][..tcp] [.......10.0.0.8][.2828] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....7] [ip4][..tcp] [.......10.0.0.8][.1184] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 9.488| 0.797| 2.345| 5497481.069| 1.900]
[PKTLEN......: 46.000| 64.000| 52.800| 7.000| 48.700| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 9.488| 0.797| 2.345| 5497481.069| 1.900]
[PKTLEN......: 46.000| 64.000| 52.800| 7.000| 48.700| 5.000]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0]
@@ -95,9 +95,9 @@
new: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000]
detected: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
analyse: [.....8] [ip4][..tcp] [.......10.0.0.9][.1084] -> [.......10.0.0.3][20000] [DNP3][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.963| 0.497| 1.082| 1171729.023| 2.500]
[PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.963| 0.497| 1.082| 1171729.023| 2.500]
[PKTLEN......: 46.000| 64.000| 50.800| 7.100| 50.000| 5.000]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1]

6
test/results/flow-info/default/dns-tunnel-iodine.pcap.out
View File

@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Unknown][Network][Acceptable][vaaaakardli.pirate.sea]
RISK: Susp DNS Traffic, Minor Issues
analyse: [.....1] [ip4][..udp] [......10.0.2.30][44639] -> [......10.0.2.20][...53] [DNS][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.003| 0.162| 0.368| 135658.824| 2.400]
[PKTLEN......: 68.000| 1462.000| 232.600| 286.600| 82112.700| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.003| 0.162| 0.368| 135658.824| 2.400]
[PKTLEN......: 68.000| 1462.000| 232.600| 286.600| 82112.700| 4.400]
[BINS(c->s)..: 0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0]

6
test/results/flow-info/default/dns2tcp_tunnel.pcap.out
View File

@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][]
RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.088| 0.311| 0.823| 676677.157| 2.200]
[PKTLEN......: 40.000| 1628.000| 193.500| 364.600| 132965.600| 3.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.088| 0.311| 0.823| 676677.157| 2.200]
[PKTLEN......: 40.000| 1628.000| 193.500| 364.600| 132965.600| 3.700]
[BINS(c->s)..: 9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0]

6
test/results/flow-info/default/dns_doh.pcap.out
View File

@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable][mozilla.cloudflare-dns.com]
detection-update: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable][mozilla.cloudflare-dns.com]
analyse: [.....1] [ip4][..tcp] [....172.20.10.4][49877] -> [.104.16.248.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.535| 0.062| 0.130| 16944.855| 3.000]
[PKTLEN......: 40.000| 1340.000| 216.900| 327.300| 107137.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.535| 0.062| 0.130| 16944.855| 3.000]
[PKTLEN......: 40.000| 1340.000| 216.900| 327.300| 107137.200| 3.900]
[BINS(c->s)..: 9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1]

6
test/results/flow-info/default/dns_exfiltration.pcap.out
View File

@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Unknown][Network][Acceptable][e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02]
RISK: Susp DGA Domain name, Risky Domain Name
analyse: [.....1] [ip4][..udp] [.192.168.220.56][56373] -> [192.168.203.167][...53] [DNS][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 1.036| 0.914| 0.282| 79410.348| 4.800]
[PKTLEN......: 87.000| 372.000| 132.400| 59.100| 3497.900| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 1.036| 0.914| 0.282| 79410.348| 4.800]
[PKTLEN......: 87.000| 372.000| 132.400| 59.100| 3497.900| 4.900]
[BINS(c->s)..: 0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

6
test/results/flow-info/default/doh.pcapng.out
View File

@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][]
RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch
analyse: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400]
[PKTLEN......: 46.000| 1500.000| 174.800| 350.900| 123099.200| 3.600]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400]
[PKTLEN......: 46.000| 1500.000| 174.800| 350.900| 123099.200| 3.600]
[BINS(c->s)..: 12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0]

6
test/results/flow-info/default/doq_adguard.pcapng.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784]
detected: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Unknown][Network][Acceptable][dns.adguard.com]
analyse: [.....1] [ip4][..udp] [.192.168.12.169][41070] -> [...94.140.14.14][..784] [QUIC.DoH_DoT][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.885| 0.161| 0.453| 205274.628| 2.400]
[PKTLEN......: 59.000| 1280.000| 442.800| 522.900| 273444.500| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.885| 0.161| 0.453| 205274.628| 2.400]
[PKTLEN......: 59.000| 1280.000| 442.800| 522.900| 273444.500| 4.100]
[BINS(c->s)..: 4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1]

6
test/results/flow-info/default/dos_win98_smb_netbeui.pcap.out
View File

@@ -56,9 +56,9 @@
ERROR-EVENT: Unknown packet type [2/16]
ERROR-EVENT: Unknown packet type [3/16]
analyse: [.....3] [ip4][..udp] [192.168.239.129][..137] -> [192.168.239.255][..137] [NetBIOS][Unknown][System][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 96.434| 4.235| 17.262| 297969697.948| 1.500]
[PKTLEN......: 96.000| 96.000| 96.000| 0.000| 0.000| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 96.434| 4.235| 17.262| 297969697.948| 1.500]
[PKTLEN......: 96.000| 96.000| 96.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

6
test/results/flow-info/default/drda_db2.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000]
detected: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Unknown][Database][Acceptable]
analyse: [.....1] [ip4][..tcp] [..192.168.106.1][.4847] -> [192.168.106.128][50000] [DRDA][Unknown][Database][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 17.986| 1.315| 4.366| 19063346.561| 1.800]
[PKTLEN......: 40.000| 703.000| 183.000| 190.600| 36335.200| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 17.986| 1.315| 4.366| 19063346.561| 1.800]
[PKTLEN......: 40.000| 703.000| 183.000| 190.600| 36335.200| 4.300]
[BINS(c->s)..: 10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0]

24
test/results/flow-info/default/dropbox.pcap.out
View File

@@ -6,9 +6,9 @@
new: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500]
detected: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900]
[PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.118| 0.106| 0.019| 373.406| 4.900]
[PKTLEN......: 45.000| 129.000| 85.600| 38.600| 1486.700| 4.800]
[BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -18,9 +18,9 @@
new: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500]
detected: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900]
[PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.128| 0.112| 0.021| 434.412| 4.900]
[PKTLEN......: 46.000| 128.000| 86.500| 38.500| 1485.600| 4.900]
[BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -30,9 +30,9 @@
new: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500]
detected: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
analyse: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900]
[PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.131| 0.117| 0.022| 500.202| 4.900]
[PKTLEN......: 46.000| 129.000| 87.200| 38.500| 1485.300| 4.900]
[BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -40,9 +40,9 @@
[PKTLENS.....: 125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49]
[ENTROPIES...: 5.5,5.1,5.6,5.2,5.6,5.0,5.6,5.1,5.7,5.1,5.5,5.0,5.5,5.0,5.6,5.1,5.6,5.2,5.6,5.0,5.7,5.2,5.6,5.1,5.6,5.1,5.6,5.2,5.6,5.1,5.6,5.0]
analyse: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Unknown][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900]
[PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 0.172| 0.127| 0.026| 689.813| 4.900]
[PKTLEN......: 45.000| 129.000| 87.100| 38.600| 1487.100| 4.900]
[BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

30
test/results/flow-info/default/emotet.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587]
detected: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable][opmta1mto02nd1]
analyse: [.....1] [ip4][..tcp] [....10.2.25.102][57309] -> [..193.252.22.84][..587] [SMTP][Unknown][Email][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.056| 0.539| 0.774| 599161.176| 3.700]
[PKTLEN......: 40.000| 738.000| 80.800| 121.900| 14849.500| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.056| 0.539| 0.774| 599161.176| 3.700]
[PKTLEN......: 40.000| 738.000| 80.800| 121.900| 14849.500| 4.300]
[BINS(c->s)..: 8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0]
@@ -18,9 +18,9 @@
new: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80]
detected: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable][fkl.co.ke]
analyse: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.204| 0.029| 0.060| 3581.477| 2.700]
[PKTLEN......: 40.000| 1401.000| 820.000| 663.100| 439751.800| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.204| 0.029| 0.060| 3581.477| 2.700]
[PKTLEN......: 40.000| 1401.000| 820.000| 663.100| 439751.800| 4.400]
[BINS(c->s)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0]
@@ -35,9 +35,9 @@
detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable][gandhitoday.org]
RISK: Binary App Transfer
analyse: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.261| 0.031| 0.066| 4320.020| 3.000]
[PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.261| 0.031| 0.066| 4320.020| 3.000]
[PKTLEN......: 46.000| 1428.000| 657.700| 680.400| 462891.900| 4.100]
[BINS(c->s)..: 16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0]
@@ -53,9 +53,9 @@
detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable][filmmogzivota.rs]
RISK: Binary App Transfer, HTTP Susp User-Agent
analyse: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.292| 0.042| 0.080| 6342.811| 2.900]
[PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.292| 0.042| 0.080| 6342.811| 2.900]
[PKTLEN......: 46.000| 1428.000| 878.900| 652.600| 425943.000| 4.500]
[BINS(c->s)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,18,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0]
@@ -70,9 +70,9 @@
detection-update: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700]
[PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.263| 0.113| 0.288| 82863.079| 2.700]
[PKTLEN......: 46.000| 1428.000| 682.000| 663.200| 439900.200| 4.200]
[BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0,1,1]

198
test/results/flow-info/default/ethereum.pcap.out
View File

@@ -42,9 +42,9 @@
new: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303]
detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.063| 0.008| 0.018| 335.828| 2.400]
[PKTLEN......: 46.000| 547.000| 91.200| 114.100| 13011.400| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.063| 0.008| 0.018| 335.828| 2.400]
[PKTLEN......: 46.000| 547.000| 91.200| 114.100| 13011.400| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -54,9 +54,9 @@
new: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303]
detected: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable]
analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.063| 0.009| 0.019| 355.411| 2.700]
[PKTLEN......: 52.000| 598.000| 107.800| 122.800| 15078.800| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.063| 0.009| 0.019| 355.411| 2.700]
[PKTLEN......: 52.000| 598.000| 107.800| 122.800| 15078.800| 4.400]
[BINS(c->s)..: 14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1]
@@ -71,9 +71,9 @@
new: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303]
detected: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.070| 0.011| 0.024| 583.849| 2.400]
[PKTLEN......: 46.000| 564.000| 90.300| 111.300| 12394.700| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.070| 0.011| 0.024| 583.849| 2.400]
[PKTLEN......: 46.000| 564.000| 90.300| 111.300| 12394.700| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -87,9 +87,9 @@
detected: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
analyse: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.073| 0.008| 0.018| 321.083| 2.400]
[PKTLEN......: 46.000| 473.000| 85.000| 93.300| 8701.200| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.073| 0.008| 0.018| 321.083| 2.400]
[PKTLEN......: 46.000| 473.000| 85.000| 93.300| 8701.200| 4.500]
[BINS(c->s)..: 15,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1]
@@ -107,9 +107,9 @@
detected: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
analyse: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.079| 0.012| 0.027| 705.641| 2.400]
[PKTLEN......: 46.000| 531.000| 90.400| 111.100| 12335.600| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.079| 0.012| 0.027| 705.641| 2.400]
[PKTLEN......: 46.000| 531.000| 90.400| 111.100| 12335.600| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -117,9 +117,9 @@
[PKTLENS.....: 64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]
[ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,6.0,5.2,5.1,5.3,5.3,5.6,5.1,5.1,5.1,5.6,5.3,5.1,5.1,5.9,5.2,6.8,5.3,5.6,5.9,5.1,5.2,5.5,5.6,5.1,3.9,3.9]
analyse: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.077| 0.012| 0.026| 688.970| 2.400]
[PKTLEN......: 46.000| 494.000| 87.100| 105.300| 11090.000| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.077| 0.012| 0.026| 688.970| 2.400]
[PKTLEN......: 46.000| 494.000| 87.100| 105.300| 11090.000| 4.400]
[BINS(c->s)..: 13,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1]
@@ -133,9 +133,9 @@
new: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303]
detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.164| 0.023| 0.053| 2778.035| 2.400]
[PKTLEN......: 46.000| 522.000| 89.000| 105.000| 11031.500| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.164| 0.023| 0.053| 2778.035| 2.400]
[PKTLEN......: 46.000| 522.000| 89.000| 105.000| 11031.500| 4.500]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -148,9 +148,9 @@
new: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303]
new: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303]
analyse: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.043| 0.007| 0.014| 203.606| 2.800]
[PKTLEN......: 52.000| 546.000| 106.000| 112.400| 12624.200| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.043| 0.007| 0.014| 203.606| 2.800]
[PKTLEN......: 52.000| 546.000| 106.000| 112.400| 12624.200| 4.500]
[BINS(c->s)..: 13,3,0,2,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1]
@@ -160,9 +160,9 @@
new: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303]
detected: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.158| 0.021| 0.049| 2374.200| 2.400]
[PKTLEN......: 46.000| 483.000| 87.300| 103.800| 10779.300| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.158| 0.021| 0.049| 2374.200| 2.400]
[PKTLEN......: 46.000| 483.000| 87.300| 103.800| 10779.300| 4.400]
[BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
@@ -177,9 +177,9 @@
detected: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
new: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303]
analyse: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.202| 0.031| 0.071| 5088.628| 2.400]
[PKTLEN......: 46.000| 542.000| 91.800| 115.500| 13350.200| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.202| 0.031| 0.071| 5088.628| 2.400]
[PKTLEN......: 46.000| 542.000| 91.800| 115.500| 13350.200| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -188,9 +188,9 @@
[ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.2,5.3,5.2,5.3,5.5,5.2,5.2,5.6,5.2,5.2,5.2,5.7,5.1,6.7,5.1,5.5,5.8,5.0,5.1,5.5,5.4,5.1,5.2,3.7]
detected: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.109| 0.018| 0.040| 1575.808| 2.400]
[PKTLEN......: 46.000| 623.000| 95.600| 130.900| 17130.100| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.109| 0.018| 0.040| 1575.808| 2.400]
[PKTLEN......: 46.000| 623.000| 95.600| 130.900| 17130.100| 4.300]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1]
@@ -200,9 +200,9 @@
new: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303]
new: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303]
analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.049| 0.009| 0.018| 316.609| 2.700]
[PKTLEN......: 52.000| 521.000| 92.900| 97.800| 9570.500| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.049| 0.009| 0.018| 316.609| 2.700]
[PKTLEN......: 52.000| 521.000| 92.900| 97.800| 9570.500| 4.500]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1]
@@ -215,9 +215,9 @@
new: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303]
detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
analyse: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.052| 0.010| 0.019| 354.234| 2.800]
[PKTLEN......: 52.000| 462.000| 93.900| 97.700| 9536.300| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.052| 0.010| 0.019| 354.234| 2.800]
[PKTLEN......: 52.000| 462.000| 93.900| 97.700| 9536.300| 4.500]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1]
@@ -228,9 +228,9 @@
detected: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable]
analyse: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.262| 0.038| 0.087| 7588.779| 2.300]
[PKTLEN......: 46.000| 505.000| 90.200| 109.100| 11904.300| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.262| 0.038| 0.087| 7588.779| 2.300]
[PKTLEN......: 46.000| 505.000| 90.200| 109.100| 11904.300| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -238,9 +238,9 @@
[PKTLENS.....: 64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]
[ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.6,5.8,5.2,5.1,5.1,5.1,5.3,5.6,5.1,5.1,5.7,5.2,5.1,5.1,5.7,5.1,6.9,5.1,5.5,5.8,5.1,5.2,5.5,5.5,5.0,5.2,3.8]
analyse: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.263| 0.038| 0.087| 7624.721| 2.300]
[PKTLEN......: 46.000| 564.000| 92.100| 117.400| 13788.700| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.263| 0.038| 0.087| 7624.721| 2.300]
[PKTLEN......: 46.000| 564.000| 92.100| 117.400| 13788.700| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -251,9 +251,9 @@
new: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303]
new: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303]
analyse: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.037| 0.006| 0.012| 148.778| 2.600]
[PKTLEN......: 46.000| 469.000| 84.100| 91.500| 8376.200| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.037| 0.006| 0.012| 148.778| 2.600]
[PKTLEN......: 46.000| 469.000| 84.100| 91.500| 8376.200| 4.500]
[BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
@@ -261,9 +261,9 @@
[PKTLENS.....: 64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46]
[ENTROPIES...: 4.5,5.4,5.1,7.6,5.3,7.4,5.1,6.0,5.1,5.7,5.2,5.7,5.1,6.0,5.2,6.8,5.3,5.6,5.9,5.2,5.3,5.6,5.6,5.2,5.3,3.7,3.7,3.7,3.7,3.7,3.7,3.7]
analyse: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.116| 0.012| 0.026| 687.065| 2.900]
[PKTLEN......: 52.000| 526.000| 102.300| 108.500| 11769.500| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.116| 0.012| 0.026| 687.065| 2.900]
[PKTLEN......: 52.000| 526.000| 102.300| 108.500| 11769.500| 4.500]
[BINS(c->s)..: 14,4,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,1,1,1,1,1,0,0,1,0,0,0]
@@ -271,9 +271,9 @@
[PKTLENS.....: 64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64]
[ENTROPIES...: 4.4,5.3,5.0,7.6,5.1,7.4,5.1,5.9,5.1,6.8,5.1,5.5,7.2,5.1,5.8,5.1,5.9,5.5,5.2,5.5,5.2,5.2,5.2,5.2,7.1,5.2,5.0,5.7,5.2,5.1,5.2,5.3]
analyse: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.035| 0.006| 0.012| 149.558| 2.500]
[PKTLEN......: 46.000| 583.000| 90.600| 116.900| 13676.100| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.035| 0.006| 0.012| 149.558| 2.500]
[PKTLEN......: 46.000| 583.000| 90.600| 116.900| 13676.100| 4.400]
[BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
@@ -285,9 +285,9 @@
new: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303]
new: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303]
analyse: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.159| 0.026| 0.057| 3248.179| 2.500]
[PKTLEN......: 46.000| 465.000| 87.500| 99.100| 9815.100| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.159| 0.026| 0.057| 3248.179| 2.500]
[PKTLEN......: 46.000| 465.000| 87.500| 99.100| 9815.100| 4.500]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1]
@@ -295,9 +295,9 @@
[PKTLENS.....: 64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46]
[ENTROPIES...: 4.4,5.3,5.1,7.5,5.2,7.5,5.0,5.9,5.2,6.9,5.2,5.5,5.9,5.2,5.0,5.1,5.3,5.6,5.1,5.0,5.6,5.0,5.7,5.1,5.1,5.3,5.5,5.1,5.2,5.1,5.2,3.8]
analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.131| 0.020| 0.046| 2133.935| 2.400]
[PKTLEN......: 46.000| 573.000| 93.000| 122.200| 14931.500| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.131| 0.020| 0.046| 2133.935| 2.400]
[PKTLEN......: 46.000| 573.000| 93.000| 122.200| 14931.500| 4.300]
[BINS(c->s)..: 16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1]
@@ -305,9 +305,9 @@
[PKTLENS.....: 64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46]
[ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.5,5.1,5.9,5.2,5.0,5.0,5.5,5.1,5.6,5.1,5.2,5.0,5.9,5.1,6.8,5.1,5.6,5.7,5.1,5.1,5.4,5.6,5.1,3.9,4.0,4.0,4.0]
analyse: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.057| 0.011| 0.022| 493.706| 2.800]
[PKTLEN......: 52.000| 514.000| 100.400| 109.700| 12030.800| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.057| 0.011| 0.022| 493.706| 2.800]
[PKTLEN......: 52.000| 514.000| 100.400| 109.700| 12030.800| 4.500]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1]
@@ -315,9 +315,9 @@
[PKTLENS.....: 64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52]
[ENTROPIES...: 4.5,5.2,5.1,7.5,5.2,7.5,5.2,5.8,5.1,6.8,5.2,5.0,5.0,5.9,5.1,6.7,5.2,5.5,5.7,5.1,5.9,5.2,6.0,5.5,5.5,5.2,5.9,6.6,5.1,5.1,5.8,5.3]
analyse: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.300| 0.044| 0.100| 10075.352| 2.300]
[PKTLEN......: 46.000| 583.000| 88.300| 106.200| 11275.500| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.300| 0.044| 0.100| 10075.352| 2.300]
[PKTLEN......: 46.000| 583.000| 88.300| 106.200| 11275.500| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -325,9 +325,9 @@
[PKTLENS.....: 64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]
[ENTROPIES...: 4.4,5.3,5.0,7.7,5.1,7.4,5.9,5.0,5.0,5.2,5.0,5.3,5.5,5.0,5.0,5.6,5.2,5.0,5.0,5.8,5.0,6.7,5.2,5.4,5.8,5.0,5.2,5.3,5.4,5.0,3.7,3.7]
analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.308| 0.045| 0.103| 10532.101| 2.400]
[PKTLEN......: 46.000| 523.000| 89.800| 108.100| 11684.800| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.308| 0.045| 0.103| 10532.101| 2.400]
[PKTLEN......: 46.000| 523.000| 89.800| 108.100| 11684.800| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1]
@@ -339,9 +339,9 @@
detected: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.339| 0.050| 0.114| 12910.542| 2.400]
[PKTLEN......: 46.000| 626.000| 92.100| 119.200| 14212.100| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.339| 0.050| 0.114| 12910.542| 2.400]
[PKTLEN......: 46.000| 626.000| 92.100| 119.200| 14212.100| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1]
@@ -354,9 +354,9 @@
detected: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.355| 0.054| 0.122| 14890.530| 2.400]
[PKTLEN......: 46.000| 577.000| 92.400| 118.100| 13953.700| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.355| 0.054| 0.122| 14890.530| 2.400]
[PKTLEN......: 46.000| 577.000| 92.400| 118.100| 13953.700| 4.400]
[BINS(c->s)..: 17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1]
@@ -373,9 +373,9 @@
detected: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.147| 0.028| 0.054| 2939.853| 2.800]
[PKTLEN......: 52.000| 625.000| 100.200| 122.100| 14898.100| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.147| 0.028| 0.054| 2939.853| 2.800]
[PKTLEN......: 52.000| 625.000| 100.200| 122.100| 14898.100| 4.400]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1]
@@ -385,9 +385,9 @@
new: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303]
new: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303]
analyse: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.039| 0.010| 0.016| 256.751| 3.100]
[PKTLEN......: 52.000| 592.000| 107.000| 118.700| 14100.300| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.039| 0.010| 0.016| 256.751| 3.100]
[PKTLEN......: 52.000| 592.000| 107.000| 118.700| 14100.300| 4.400]
[BINS(c->s)..: 17,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0]
@@ -400,9 +400,9 @@
detected: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable]
analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.184| 0.035| 0.071| 5044.452| 2.600]
[PKTLEN......: 52.000| 635.000| 100.100| 121.000| 14650.900| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.184| 0.035| 0.071| 5044.452| 2.600]
[PKTLEN......: 52.000| 635.000| 100.100| 121.000| 14650.900| 4.400]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0]
@@ -412,9 +412,9 @@
detected: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
new: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303]
analyse: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.042| 0.007| 0.015| 228.263| 2.600]
[PKTLEN......: 46.000| 438.000| 84.000| 90.700| 8221.200| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.042| 0.007| 0.015| 228.263| 2.600]
[PKTLEN......: 46.000| 438.000| 84.000| 90.700| 8221.200| 4.500]
[BINS(c->s)..: 14,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1]
@@ -423,9 +423,9 @@
[ENTROPIES...: 4.5,5.4,5.1,7.5,5.1,7.5,5.0,5.9,5.0,5.7,5.0,5.6,5.0,5.7,5.1,6.8,5.2,5.4,5.8,5.1,5.1,5.4,5.5,5.1,5.2,3.7,3.7,3.7,3.7,3.7,3.7,3.7]
new: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303]
analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.194| 0.037| 0.074| 5538.541| 2.700]
[PKTLEN......: 52.000| 524.000| 100.200| 109.000| 11872.900| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.194| 0.037| 0.074| 5538.541| 2.700]
[PKTLEN......: 52.000| 524.000| 100.200| 109.000| 11872.900| 4.500]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0]
@@ -439,9 +439,9 @@
detected: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
detected: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.075| 0.014| 0.028| 803.714| 2.700]
[PKTLEN......: 52.000| 599.000| 105.000| 126.800| 16079.300| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.075| 0.014| 0.028| 803.714| 2.700]
[PKTLEN......: 52.000| 599.000| 105.000| 126.800| 16079.300| 4.400]
[BINS(c->s)..: 15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1]
@@ -450,9 +450,9 @@
[ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.8,5.0,5.0,6.9,5.0,5.5,5.0,5.7,5.1,6.8,5.1,5.5,5.9,5.2,6.1,5.6,5.5,5.2,5.2,5.8,5.0,6.4,5.9,5.0,5.0,5.1]
new: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303]
analyse: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.263| 0.042| 0.096| 9182.918| 2.400]
[PKTLEN......: 46.000| 591.000| 91.400| 121.500| 14755.200| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.263| 0.042| 0.096| 9182.918| 2.400]
[PKTLEN......: 46.000| 591.000| 91.400| 121.500| 14755.200| 4.300]
[BINS(c->s)..: 13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1]
@@ -467,9 +467,9 @@
detected: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable]
detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.286| 0.027| 0.065| 4262.303| 2.600]
[PKTLEN......: 52.000| 619.000| 109.600| 120.400| 14503.600| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.286| 0.027| 0.065| 4262.303| 2.600]
[PKTLEN......: 52.000| 619.000| 109.600| 120.400| 14503.600| 4.500]
[BINS(c->s)..: 16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0]

6
test/results/flow-info/default/exe_download.pcap.out
View File

@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable][144.91.69.195]
RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server
analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.320| 0.062| 0.115| 13236.602| 3.000]
[PKTLEN......: 40.000| 1500.000| 854.500| 668.400| 446708.300| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.320| 0.062| 0.115| 13236.602| 3.000]
[PKTLEN......: 40.000| 1500.000| 854.500| 668.400| 446708.300| 4.400]
[BINS(c->s)..: 10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,2,0,0,8,0,0,7,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,1,1,0]

6
test/results/flow-info/default/exe_download_as_png.pcap.out
View File

@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Unknown][Web][Acceptable][185.98.87.185]
RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server
analyse: [.....1] [ip4][..tcp] [....10.9.25.101][49197] -> [..185.98.87.185][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.613| 0.094| 0.193| 37090.865| 2.700]
[PKTLEN......: 40.000| 1500.000| 855.000| 664.600| 441668.300| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.613| 0.094| 0.193| 37090.865| 2.700]
[PKTLEN......: 40.000| 1500.000| 855.000| 664.600| 441668.300| 4.400]
[BINS(c->s)..: 10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1]

6
test/results/flow-info/default/facebook.pcap.out
View File

@@ -9,9 +9,9 @@
detected: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
detection-update: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com]
analyse: [.....2] [ip4][..tcp] [..192.168.43.18][44614] -> [....31.13.86.36][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.155| 0.037| 0.058| 3352.274| 3.300]
[PKTLEN......: 52.000| 1440.000| 555.100| 613.300| 376153.100| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.155| 0.037| 0.058| 3352.274| 3.300]
[PKTLEN......: 52.000| 1440.000| 555.100| 613.300| 376153.100| 4.100]
[BINS(c->s)..: 10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0]

6
test/results/flow-info/default/fastcgi.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000]
detected: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Unknown][Network][Safe]
analyse: [.....1] [ip4][..tcp] [.......10.0.0.9][38254] -> [......10.0.0.11][.9000] [FastCGI][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.020| 0.130| 0.496| 246254.469| 1.000]
[PKTLEN......: 52.000| 1500.000| 539.200| 672.800| 452637.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.020| 0.130| 0.496| 246254.469| 1.000]
[PKTLEN......: 52.000| 1500.000| 539.200| 672.800| 452637.900| 3.900]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

30
test/results/flow-info/default/fix.pcap.out
View File

@@ -14,9 +14,9 @@
new: [.....6] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47962] [MIDSTREAM]
detected: [.....6] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47962] [FIX][Unknown][RPC][Safe]
analyse: [.....3] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45578] [FIX][Unknown][RPC][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.315| 0.065| 0.068| 4636.039| 4.400]
[PKTLEN......: 40.000| 497.000| 93.100| 87.500| 7658.200| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.315| 0.065| 0.068| 4636.039| 4.400]
[PKTLEN......: 40.000| 497.000| 93.100| 87.500| 7658.200| 4.600]
[BINS(c->s)..: 4,6,1,1,1,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -28,9 +28,9 @@
new: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [MIDSTREAM]
detected: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [FIX][Unknown][RPC][Safe]
analyse: [.....2] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][47968] [FIX][Unknown][RPC][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.300| 0.091| 0.084| 7079.807| 4.200]
[PKTLEN......: 52.000| 139.000| 72.000| 23.600| 558.300| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.300| 0.091| 0.084| 7079.807| 4.200]
[PKTLEN......: 52.000| 139.000| 72.000| 23.600| 558.300| 4.900]
[BINS(c->s)..: 6,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1]
@@ -40,9 +40,9 @@
new: [.....9] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38646] [MIDSTREAM]
detected: [.....9] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][38646] [FIX][Unknown][RPC][Safe]
analyse: [.....1] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][43594] [FIX][Unknown][RPC][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.291| 0.178| 0.113| 12753.578| 4.500]
[PKTLEN......: 52.000| 240.000| 95.700| 52.000| 2700.500| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.291| 0.178| 0.113| 12753.578| 4.500]
[PKTLEN......: 52.000| 240.000| 95.700| 52.000| 2700.500| 4.800]
[BINS(c->s)..: 2,4,3,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1]
@@ -56,9 +56,9 @@
new: [....12] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40928] [MIDSTREAM]
detected: [....12] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40928] [FIX][Unknown][RPC][Safe]
analyse: [.....5] [ip4][..tcp] [..208.245.107.3][.4000] -> [...192.168.0.20][45584] [FIX][Unknown][RPC][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 5.507| 0.699| 1.281| 1640706.605| 3.700]
[PKTLEN......: 40.000| 127.000| 63.600| 21.900| 481.200| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 5.507| 0.699| 1.281| 1640706.605| 3.700]
[PKTLEN......: 40.000| 127.000| 63.600| 21.900| 481.200| 4.900]
[BINS(c->s)..: 2,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1]
@@ -66,9 +66,9 @@
[PKTLENS.....: 75,46,75,46,79,46,127,40,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,79,46,126,40,75,46]
[ENTROPIES...: 4.9,4.4,5.2,4.4,5.2,4.5,6.5,4.7,5.0,4.5,5.2,4.5,5.2,4.5,5.0,4.5,5.1,4.5,5.2,4.5,5.2,4.5,5.2,4.5,5.0,4.5,5.2,4.5,6.4,4.7,5.0,4.5]
analyse: [.....8] [ip4][..tcp] [.....8.17.22.31][.4000] -> [...192.168.0.20][40918] [FIX][Unknown][RPC][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.175| 1.332| 1.132| 1282462.056| 4.400]
[PKTLEN......: 52.000| 137.000| 77.700| 28.500| 811.200| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.175| 1.332| 1.132| 1282462.056| 4.400]
[PKTLEN......: 52.000| 137.000| 77.700| 28.500| 811.200| 4.900]
[BINS(c->s)..: 2,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1]

12
test/results/flow-info/default/fix2.pcap.out
View File

@@ -6,9 +6,9 @@
detected: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][Unknown][RPC][Safe]
detected: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][Unknown][RPC][Safe]
analyse: [.....1] [ip4][..tcp] [.....10.101.0.2][34962] -> [.....10.102.0.2][.1024] [FIX][Unknown][RPC][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.001| 0.000| 0.000| 0.025| 3.100]
[PKTLEN......: 46.000| 160.000| 92.600| 46.700| 2179.900| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000|< 0.001|< 0.001|< 0.001| 0.025| 3.100]
[PKTLEN......: 46.000| 160.000| 92.600| 46.700| 2179.900| 4.800]
[BINS(c->s)..: 7,0,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,1,1,0,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1]
@@ -16,9 +16,9 @@
[PKTLENS.....: 48,48,46,125,48,46,133,130,46,138,130,138,132,46,46,133,46,46,46,138,46,160,143,160,46,46,46,46,143,133,146,138]
[ENTROPIES...: 3.9,4.5,3.8,5.1,4.5,3.8,5.2,5.3,4.0,5.4,5.3,5.4,5.2,4.0,4.0,5.2,3.8,4.0,3.8,5.4,3.8,5.3,5.3,5.3,3.8,4.0,4.0,4.0,5.3,5.2,5.4,5.4]
analyse: [.....2] [ip4][..tcp] [.....10.101.0.2][34963] -> [.....10.102.0.9][.1024] [FIX][Unknown][RPC][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.001| 0.000| 0.000| 0.019| 3.300]
[PKTLEN......: 46.000| 160.000| 92.000| 46.100| 2122.500| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000|< 0.001|< 0.001|< 0.001| 0.019| 3.300]
[PKTLEN......: 46.000| 160.000| 92.000| 46.100| 2122.500| 4.800]
[BINS(c->s)..: 6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0]

6
test/results/flow-info/default/forticlient.pcap.out
View File

@@ -37,9 +37,9 @@
detection-update: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][Unknown][VPN][Safe][82.81.46.13]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS
analyse: [.....5] [ip4][..tcp] [..192.168.1.178][61820] -> [....82.81.46.13][10443] [TLS.FortiClient][Unknown][VPN][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.495| 0.071| 0.112| 12454.003| 3.700]
[PKTLEN......: 52.000| 1492.000| 253.000| 343.000| 117623.000| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.495| 0.071| 0.112| 12454.003| 3.700]
[PKTLEN......: 52.000| 1492.000| 253.000| 343.000| 117623.000| 4.100]
[BINS(c->s)..: 9,4,1,0,1,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,0,0,0,1,0,0,1,1]

6
test/results/flow-info/default/ftp-start-tls.pcap.out
View File

@@ -11,9 +11,9 @@
detection-update: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Unknown][Download][Unsafe]
RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Unsafe Protocol, Missing SNI TLS Extn
analyse: [.....1] [ip4][..tcp] [...10.238.26.36][62092] -> [...10.220.50.76][...21] [FTPS][Unknown][Download][Unsafe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.040| 0.005| 0.010| 91.331| 3.200]
[PKTLEN......: 46.000| 552.000| 160.900| 164.200| 26956.400| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.040| 0.005| 0.010| 91.331| 3.200]
[PKTLEN......: 46.000| 552.000| 160.900| 164.200| 26956.400| 4.400]
[BINS(c->s)..: 4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1]

12
test/results/flow-info/default/ftp.pcap.out
View File

@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Unknown][Download][Unsafe]
RISK: Unsafe Protocol, Clear-Text Credentials
analyse: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Unknown][Download][Unsafe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.090| 0.019| 0.021| 426.190| 4.100]
[PKTLEN......: 52.000| 293.000| 71.900| 42.700| 1824.000| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.090| 0.019| 0.021| 426.190| 4.100]
[PKTLEN......: 52.000| 293.000| 71.900| 42.700| 1824.000| 4.800]
[BINS(c->s)..: 18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1]
@@ -19,9 +19,9 @@
RISK: Known Proto on Non Std Port
new: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523]
analyse: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.030| 0.006| 0.011| 123.407| 3.100]
[PKTLEN......: 52.000| 1492.000| 818.000| 717.500| 514855.000| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.030| 0.006| 0.011| 123.407| 3.100]
[PKTLEN......: 52.000| 1492.000| 818.000| 717.500| 514855.000| 4.300]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,1,1,0,1,0,1,1]

12
test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out
View File

@@ -622,9 +622,9 @@
detection-update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][]
RISK: Malformed Packet, Non-Printable/Invalid Chars Detected
analyse: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.742| 47.495| 20.018| 22.628| 512023754.441| 3.900]
[PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.742| 47.495| 20.018| 22.628| 512023754.441| 3.900]
[PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -1157,9 +1157,9 @@
detected: [...165] [ip4][..udp] [....192.168.1.2][.2788] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa]
new: [...166] [ip4][....0] [....192.168.1.1] -> [....192.168.1.2]
analyse: [....12] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.026| 279.042| 51.474| 59.389| 3527099352.613| 4.200]
[PKTLEN......: 33.000| 1104.000| 367.000| 296.200| 87757.200| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.026| 279.042| 51.474| 59.389| 3527099352.613| 4.200]
[PKTLEN......: 33.000| 1104.000| 367.000| 296.200| 87757.200| 4.400]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,0,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1]

6
test/results/flow-info/default/fuzz-2020-02-16-11740.pcap.out
View File

@@ -73,9 +73,9 @@
ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16]
idle: [.....5] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1813] [Radius][Unknown][Network][Acceptable]
analyse: [.....3] [ip4][..udp] [....10.12.64.30][29200] -> [..198.226.25.53][.1812] [Radius][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.155| 612.411| 61.128| 140.850|19838793242.640| 2.700]
[PKTLEN......: 165.000| 731.000| 492.200| 248.200| 61618.100| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.155| 612.411| 61.128| 140.850| 19838793242.640| 2.700]
[PKTLEN......: 165.000| 731.000| 492.200| 248.200| 61618.100| 4.800]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,4,3,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,1,0,1,0,0]

12
test/results/flow-info/default/geforcenow.pcapng.out
View File

@@ -9,9 +9,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun][80-84-167-206.cloudmatchbeta.nvidiagrid.net]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.047| 0.015| 0.018| 312.463| 3.900]
[PKTLEN......: 52.000| 2948.000| 1089.800| 1283.500| 1647314.500| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.047| 0.015| 0.018| 312.463| 3.900]
[PKTLEN......: 52.000| 2948.000| 1089.800| 1283.500| 1647314.500| 4.000]
[BINS(c->s)..: 10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,10]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,1,1,0,1,1,0,1,0,1,0,1,0,1]
@@ -32,9 +32,9 @@
detection-update: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun]
RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long
analyse: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.690| 0.065| 0.136| 18500.616| 3.200]
[PKTLEN......: 53.000| 689.000| 156.400| 133.900| 17933.500| 4.700]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.690| 0.065| 0.136| 18500.616| 3.200]
[PKTLEN......: 53.000| 689.000| 156.400| 133.900| 17933.500| 4.700]
[BINS(c->s)..: 0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1]

6
test/results/flow-info/default/git.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418]
detected: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Unknown][Collaborative][Safe]
analyse: [.....1] [ip4][..tcp] [...192.168.0.77][47991] -> [...5.153.231.21][.9418] [Git][Unknown][Collaborative][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.100| 0.025| 0.029| 818.762| 3.800]
[PKTLEN......: 52.000| 2932.000| 690.900| 773.900| 598945.800| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.100| 0.025| 0.029| 818.762| 3.800]
[PKTLEN......: 52.000| 2932.000| 690.900| 773.900| 598945.800| 4.100]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1]

36
test/results/flow-info/default/gnutella.pcap.out
View File

@@ -805,9 +805,9 @@
detected: [...327] [ip4][..udp] [......10.0.2.15][28681] -> [...84.28.53.225][44859] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
analyse: [...239] [ip4][..tcp] [......10.0.2.15][50285] -> [..75.133.101.93][52367] [Gnutella][Unknown][Download][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 8.796| 0.767| 2.113| 4465727.373| 2.600]
[PKTLEN......: 40.000| 1500.000| 409.200| 491.700| 241767.600| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 8.796| 0.767| 2.113| 4465727.373| 2.600]
[PKTLEN......: 40.000| 1500.000| 409.200| 491.700| 241767.600| 4.100]
[BINS(c->s)..: 9,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1]
@@ -815,9 +815,9 @@
[PKTLENS.....: 52,44,40,639,40,652,90,40,353,40,182,423,40,68,40,449,40,86,40,1500,1052,40,640,1488,40,1500,628,40,1500,628,40,640]
[ENTROPIES...: 4.6,4.8,4.7,5.8,4.6,5.7,5.6,4.7,7.1,4.6,6.7,7.4,4.7,5.3,4.6,7.4,4.8,5.6,4.6,7.8,7.8,4.7,7.6,7.9,4.7,7.9,7.6,4.7,7.9,7.6,4.7,7.7]
analyse: [...238] [ip4][..tcp] [......10.0.2.15][50284] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 8.218| 0.797| 1.971| 3884024.594| 2.900]
[PKTLEN......: 40.000| 1064.000| 282.600| 381.800| 145784.600| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 8.218| 0.797| 1.971| 3884024.594| 2.900]
[PKTLEN......: 40.000| 1064.000| 282.600| 381.800| 145784.600| 3.900]
[BINS(c->s)..: 12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1]
@@ -825,9 +825,9 @@
[PKTLENS.....: 52,44,40,640,40,668,90,40,353,40,574,40,68,40,442,40,86,40,1064,40,1064,40,1064,40,1064,40,1064,40,55,40,50,40]
[ENTROPIES...: 4.7,4.7,4.6,5.8,4.5,5.7,5.6,4.6,7.2,4.6,7.5,4.7,5.4,4.6,7.3,4.7,5.7,4.6,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.7,4.9,4.6,4.9,4.6]
analyse: [...288] [ip4][..tcp] [......10.0.2.15][50312] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 8.692| 0.666| 2.111| 4456211.546| 1.900]
[PKTLEN......: 40.000| 668.000| 121.800| 170.000| 28912.700| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 8.692| 0.666| 2.111| 4456211.546| 1.900]
[PKTLEN......: 40.000| 668.000| 121.800| 170.000| 28912.700| 4.100]
[BINS(c->s)..: 12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -876,9 +876,9 @@
detected: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
analyse: [...276] [ip4][..tcp] [......10.0.2.15][50300] -> [..188.61.52.183][11852] [Gnutella][Unknown][Download][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 13.802| 1.828| 3.934| 15478358.540| 2.800]
[PKTLEN......: 40.000| 1500.000| 198.900| 294.000| 86413.100| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 13.802| 1.828| 3.934| 15478358.540| 2.800]
[PKTLEN......: 40.000| 1500.000| 198.900| 294.000| 86413.100| 4.000]
[BINS(c->s)..: 8,1,2,1,1,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,1,1,0,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0]
@@ -1175,9 +1175,9 @@
update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
analyse: [....93] [ip4][..tcp] [......10.0.2.15][50248] -> [109.214.154.216][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 22.685| 3.465| 6.256| 39132462.055| 3.300]
[PKTLEN......: 40.000| 1064.000| 138.200| 217.400| 47264.800| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 22.685| 3.465| 6.256| 39132462.055| 3.300]
[PKTLEN......: 40.000| 1064.000| 138.200| 217.400| 47264.800| 4.000]
[BINS(c->s)..: 9,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,2,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,0,1,1,0,0,1,0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1]
@@ -1624,9 +1624,9 @@
update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
analyse: [....94] [ip4][..tcp] [......10.0.2.15][50249] -> [.86.208.180.181][45883] [Gnutella][Unknown][Download][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 55.455| 7.491| 14.262| 203411798.622| 3.200]
[PKTLEN......: 40.000| 1105.000| 156.900| 244.600| 59812.500| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 55.455| 7.491| 14.262| 203411798.622| 3.200]
[PKTLEN......: 40.000| 1105.000| 156.900| 244.600| 59812.500| 4.000]
[BINS(c->s)..: 11,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,0,0,1,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,0,0]

18
test/results/flow-info/default/googledns_android10.pcap.out
View File

@@ -24,9 +24,9 @@
detection-update: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....4] [ip4][..tcp] [..192.168.1.159][48048] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.447| 0.072| 0.122| 14825.912| 3.500]
[PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.447| 0.072| 0.122| 14825.912| 3.500]
[PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100]
[BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0]
@@ -43,9 +43,9 @@
detection-update: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....7] [ip4][..tcp] [..192.168.1.159][48098] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.254| 0.185| 0.342| 116761.002| 3.200]
[PKTLEN......: 52.000| 569.000| 198.200| 197.900| 39161.300| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.254| 0.185| 0.342| 116761.002| 3.200]
[PKTLEN......: 52.000| 569.000| 198.200| 197.900| 39161.300| 4.400]
[BINS(c->s)..: 8,1,0,0,6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,1]
@@ -72,9 +72,9 @@
detection-update: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable][dns.google]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....8] [ip4][..tcp] [..192.168.1.159][48210] -> [........8.8.4.4][..853] [TLS.DoH_DoT][Google][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 5.704| 0.390| 1.388| 1925240.193| 1.500]
[PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 5.704| 0.390| 1.388| 1925240.193| 1.500]
[PKTLEN......: 52.000| 1470.000| 268.200| 356.700| 127227.700| 4.100]
[BINS(c->s)..: 9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1]

24
test/results/flow-info/default/heuristic_tcp_ack_payload.pcap.out
View File

@@ -3,9 +3,9 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
analyse: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 28.648| 1.860| 7.030| 49424738.812| 1.100]
[PKTLEN......: 42.000| 2960.000| 308.700| 576.000| 331721.900| 3.600]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 28.648| 1.860| 7.030| 49424738.812| 1.100]
[PKTLEN......: 42.000| 2960.000| 308.700| 576.000| 331721.900| 3.600]
[BINS(c->s)..: 6,2,1,2,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,3,1,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,1,0,0,0,1,1,1]
@@ -19,9 +19,9 @@
end: [.....1] [ip4][..tcp] [.194.226.199.21][58155] -> [..52.18.127.189][..443]
new: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
analyse: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.030| 0.007| 0.011| 122.098| 3.500]
[PKTLEN......: 42.000| 2864.000| 672.800| 1000.300| 1000640.100| 3.700]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.030| 0.007| 0.011| 122.098| 3.500]
[PKTLEN......: 42.000| 2864.000| 672.800| 1000.300| 1000640.100| 3.700]
[BINS(c->s)..: 11,1,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,1,1,0,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,6]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,1,1,1,1,0,1,1,0,0,1,0,1,0,1,0]
@@ -37,9 +37,9 @@
guessed: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443] [TLS][GoogleCloud][Web][Safe]
end: [.....3] [ip4][..tcp] [.194.226.199.61][27453] -> [...35.241.9.150][..443]
analyse: [.....5] [ip4][..tcp] [194.226.199.103][62580] -> [..217.69.139.59][..443]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 5.456| 0.293| 1.017| 1033283.961| 1.700]
[PKTLEN......: 42.000| 2883.000| 385.900| 734.400| 539373.900| 3.400]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 5.456| 0.293| 1.017| 1033283.961| 1.700]
[PKTLEN......: 42.000| 2883.000| 385.900| 734.400| 539373.900| 3.400]
[BINS(c->s)..: 14,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2]
[DIRECTIONS..: 0,0,1,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0]
@@ -48,9 +48,9 @@
[ENTROPIES...: 4.5,4.5,4.8,4.8,4.8,4.8,4.8,4.8,7.1,7.1,4.6,4.6,7.2,7.2,7.5,7.5,4.7,4.7,4.7,4.7,6.3,6.3,7.1,7.1,4.8,4.8,7.1,7.1,4.7,4.7,5.2,5.2]
new: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443]
analyse: [.....6] [ip4][..tcp] [.194.226.199.61][.6946] -> [....2.22.40.186][..443]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.635| 0.323| 0.688| 472790.598| 2.800]
[PKTLEN......: 42.000| 2960.000| 481.700| 697.200| 486142.700| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.635| 0.323| 0.688| 472790.598| 2.800]
[PKTLEN......: 42.000| 2960.000| 481.700| 697.200| 486142.700| 3.800]
[BINS(c->s)..: 8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 9,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,4,0,1]
[DIRECTIONS..: 0,1,1,0,0,0,1,1,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0]

12
test/results/flow-info/default/hots.pcapng.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [...192.168.0.73][54598] -> [...24.105.56.13][.3724]
detected: [.....1] [ip4][..udp] [...192.168.0.73][54598] -> [...24.105.56.13][.3724] [Heroes_of_the_Storm][Starcraft][Game][Fun]
analyse: [.....1] [ip4][..udp] [...192.168.0.73][54598] -> [...24.105.56.13][.3724] [Heroes_of_the_Storm][Starcraft][Game][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 91.418| 2.995| 16.144| 260622725.939| 0.200]
[PKTLEN......: 48.000| 60.000| 54.900| 5.000| 25.200| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 91.418| 2.995| 16.144| 260622725.939| 0.200]
[PKTLEN......: 48.000| 60.000| 54.900| 5.000| 25.200| 5.000]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -24,9 +24,9 @@
new: [.....3] [ip4][..udp] [...24.105.57.16][.3724] -> [...192.168.0.73][50609]
detected: [.....3] [ip4][..udp] [...24.105.57.16][.3724] -> [...192.168.0.73][50609] [Heroes_of_the_Storm][Starcraft][Game][Fun]
analyse: [.....3] [ip4][..udp] [...24.105.57.16][.3724] -> [...192.168.0.73][50609] [Heroes_of_the_Storm][Starcraft][Game][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.063| 0.033| 0.019| 353.907| 4.700]
[PKTLEN......: 48.000| 150.000| 105.500| 33.500| 1124.400| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.063| 0.033| 0.019| 353.907| 4.700]
[PKTLEN......: 48.000| 150.000| 105.500| 33.500| 1124.400| 4.900]
[BINS(c->s)..: 7,0,16,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

6
test/results/flow-info/default/http_auth.pcap.out
View File

@@ -7,9 +7,9 @@
detection-update: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Unknown][Web][Acceptable][browserspy.dk]
RISK: Clear-Text Credentials, Error Code
analyse: [.....1] [ip4][..tcp] [....192.168.0.4][54337] -> [192.254.189.169][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.862| 0.405| 1.194| 1424465.723| 2.200]
[PKTLEN......: 52.000| 1500.000| 626.900| 665.600| 443042.200| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.862| 0.405| 1.194| 1424465.723| 2.200]
[PKTLEN......: 52.000| 1500.000| 626.900| 665.600| 443042.200| 4.100]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0]

12
test/results/flow-info/default/http_connect.pcap.out
View File

@@ -10,9 +10,9 @@
detected: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Unknown][Web][Safe][apache.org]
detection-update: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Unknown][Web][Safe][apache.org]
analyse: [.....3] [ip4][..tcp] [..192.168.1.146][35968] -> [..151.101.2.132][..443] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.016| 0.003| 0.005| 23.691| 3.400]
[PKTLEN......: 52.000| 1436.000| 549.000| 627.700| 394029.600| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.016| 0.003| 0.005| 23.691| 3.400]
[PKTLEN......: 52.000| 1436.000| 549.000| 627.700| 394029.600| 4.000]
[BINS(c->s)..: 13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -20,9 +20,9 @@
[PKTLENS.....: 60,60,52,569,52,1436,52,1436,52,1436,52,971,52,116,541,52,52,111,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436]
[ENTROPIES...: 4.7,5.1,5.1,5.3,5.1,7.8,5.1,7.9,5.1,7.9,5.1,7.8,5.1,6.1,7.6,5.0,5.0,6.1,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.1,7.9,5.0,7.9,5.1,7.9]
analyse: [.....1] [ip4][..tcp] [..192.168.1.103][.1714] -> [..192.168.1.146][.8080] [HTTP_Connect][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.053| 0.007| 0.013| 164.772| 3.400]
[PKTLEN......: 40.000| 5576.000| 799.000| 1594.600| 2542806.000| 3.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.053| 0.007| 0.013| 164.772| 3.400]
[PKTLEN......: 40.000| 5576.000| 799.000| 1594.600| 2542806.000| 3.200]
[BINS(c->s)..: 7,0,2,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,4]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1]

6
test/results/flow-info/default/http_ipv6.pcap.out
View File

@@ -12,9 +12,9 @@
new: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [MIDSTREAM]
new: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443]
analyse: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Google][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 6.009| 0.604| 1.486| 2208638.173| 2.800]
[PKTLEN......: 77.000| 1398.000| 326.600| 376.200| 141514.900| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 6.009| 0.604| 1.486| 2208638.173| 2.800]
[PKTLEN......: 77.000| 1398.000| 326.600| 376.200| 141514.900| 4.300]
[BINS(c->s)..: 0,9,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0]
[BINS(s->c)..: 2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0]

6
test/results/flow-info/default/http_ua_splitted_in_two_pkts.pcapng.out
View File

@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [254.125.135.128][21359] -> [..66.152.103.45][...80] [HTTP][Unknown][Web][Acceptable][]
detection-update: [.....1] [ip4][..tcp] [254.125.135.128][21359] -> [..66.152.103.45][...80] [HTTP][Unknown][Web][Acceptable][va.origin.startappservice.com]
analyse: [.....1] [ip4][..tcp] [254.125.135.128][21359] -> [..66.152.103.45][...80] [HTTP][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 23.452| 4.562| 7.140| 50981941.281| 3.500]
[PKTLEN......: 60.000| 1440.000| 626.300| 557.200| 310424.400| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 23.452| 4.562| 7.140| 50981941.281| 3.500]
[PKTLEN......: 60.000| 1440.000| 626.300| 557.200| 310424.400| 4.500]
[BINS(c->s)..: 1,0,0,0,0,0,5,0,3,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1]

6
test/results/flow-info/default/iax.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566]
detected: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][Unknown][VoIP][Acceptable]
analyse: [.....1] [ip4][..udp] [...82.110.36.84][.4569] -> [..192.168.2.120][.4566] [IAX][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.051| 0.019| 0.011| 120.322| 4.700]
[PKTLEN......: 40.000| 200.000| 161.500| 59.500| 3538.200| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.051| 0.019| 0.011| 120.322| 4.700]
[PKTLEN......: 40.000| 200.000| 161.500| 59.500| 3538.200| 4.900]
[BINS(c->s)..: 3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

6
test/results/flow-info/default/icmp-tunnel.pcap.out
View File

@@ -5,9 +5,9 @@
detected: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Unknown][Network][Acceptable]
RISK: Malformed Packet
analyse: [.....1] [ip4][.icmp] [192.168.154.131] -> [192.168.154.132] [ICMP][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.999| 13.999| 1.420| 2.297| 5274800.751| 4.200]
[PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.999| 13.999| 1.420| 2.297| 5274800.751| 4.200]
[PKTLEN......: 112.000| 112.000| 112.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

6
test/results/flow-info/default/iec60780-5-104.pcap.out
View File

@@ -21,9 +21,9 @@
end: [.....4] [ip4][..tcp] [.172.27.248.109][.1572] -> [..172.27.248.79][.2404] [IEC60870][Unknown][IoT-Scada][Acceptable]
end: [.....5] [ip4][..tcp] [.172.27.248.109][.1577] -> [..172.27.248.79][.2404] [IEC60870][Unknown][IoT-Scada][Acceptable]
analyse: [.....6] [ip4][..tcp] [.172.27.248.109][.1578] -> [..172.27.248.79][.2404] [IEC60870][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 32.516| 11.085| 10.877| 118310385.484| 4.100]
[PKTLEN......: 40.000| 104.000| 51.600| 11.500| 132.400| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 32.516| 11.085| 10.877| 118310385.484| 4.100]
[PKTLEN......: 40.000| 104.000| 51.600| 11.500| 132.400| 5.000]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1]

6
test/results/flow-info/default/imap-starttls.pcap.out
View File

@@ -11,9 +11,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Unknown][Email][Safe]
RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
analyse: [.....1] [ip4][..tcp] [..192.168.17.53][49640] -> [.212.227.17.186][..143] [IMAPS][Unknown][Email][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.678| 0.188| 0.378| 143010.873| 3.300]
[PKTLEN......: 40.000| 1500.000| 235.200| 424.600| 180326.200| 3.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.678| 0.188| 0.378| 143010.873| 3.300]
[PKTLEN......: 40.000| 1500.000| 235.200| 424.600| 180326.200| 3.600]
[BINS(c->s)..: 15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1]

6
test/results/flow-info/default/imap.pcap.out
View File

@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Unknown][Email][Unsafe]
RISK: Unsafe Protocol, Clear-Text Credentials
analyse: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Unknown][Email][Unsafe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.331| 0.295| 1.060| 1123749.069| 1.400]
[PKTLEN......: 52.000| 748.000| 101.900| 125.900| 15857.500| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.331| 0.295| 1.060| 1123749.069| 1.400]
[PKTLEN......: 52.000| 748.000| 101.900| 125.900| 15857.500| 4.400]
[BINS(c->s)..: 18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1]

12
test/results/flow-info/default/imo.pcap.out
View File

@@ -6,9 +6,9 @@
new: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604]
detected: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][Unknown][VoIP][Acceptable]
analyse: [.....2] [ip4][..udp] [.192.168.12.169][49207] -> [....93.33.47.58][57604] [IMO][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.464| 0.060| 0.120| 14499.616| 3.200]
[PKTLEN......: 29.000| 135.000| 43.000| 23.000| 529.800| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.464| 0.060| 0.120| 14499.616| 3.200]
[PKTLEN......: 29.000| 135.000| 43.000| 23.000| 529.800| 4.900]
[BINS(c->s)..: 15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0]
@@ -16,9 +16,9 @@
[PKTLENS.....: 29,29,135,38,38,38,38,38,38,38,38,38,38,29,128,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38]
[ENTROPIES...: 4.4,4.5,6.6,4.3,4.3,4.3,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.4,6.4,4.5,4.5,4.5,4.5,4.5,4.4,4.4,4.4,4.5,4.5,4.5,4.4,4.5,4.4,4.5,4.5,4.3]
analyse: [.....1] [ip4][..udp] [.192.168.12.169][49207] -> [.185.155.137.30][36535] [IMO][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.003| 0.138| 0.306| 93428.728| 2.800]
[PKTLEN......: 38.000| 1252.000| 419.400| 488.900| 239046.100| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.003| 0.138| 0.306| 93428.728| 2.800]
[PKTLEN......: 38.000| 1252.000| 419.400| 488.900| 239046.100| 4.100]
[BINS(c->s)..: 0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1]

54
test/results/flow-info/default/instagram.pcap.out
View File

@@ -9,9 +9,9 @@
detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][56382] -> [..173.252.107.4][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun][telegraph-ash.instagram.com]
RISK: Obsolete TLS (v1.1 or older)
analyse: [.....2] [ip4][..tcp] [..192.168.0.103][33936] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.572| 0.136| 0.382| 146017.665| 2.200]
[PKTLEN......: 52.000| 1450.000| 668.500| 663.900| 440818.000| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.572| 0.136| 0.382| 146017.665| 2.200]
[PKTLEN......: 52.000| 1450.000| 668.500| 663.900| 440818.000| 4.200]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,11,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -28,9 +28,9 @@
new: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [MIDSTREAM]
detected: [.....6] [ip4][..tcp] [..192.168.0.103][57965] -> [...82.85.26.185][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun][photos-f.ak.instagram.com]
analyse: [.....3] [ip4][..tcp] [..192.168.0.103][38816] -> [...46.33.70.160][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.033| 0.003| 0.008| 64.366| 2.900]
[PKTLEN......: 52.000| 1470.000| 1212.200| 538.200| 289645.800| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.033| 0.003| 0.008| 64.366| 2.900]
[PKTLEN......: 52.000| 1470.000| 1212.200| 538.200| 289645.800| 4.800]
[BINS(c->s)..: 5,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,1,1,1,1,1,0,1]
@@ -38,9 +38,9 @@
[PKTLENS.....: 312,1470,52,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,52,1470,52,1470,52,1470,1470,1470,1470,1470,1470,52,1470]
[ENTROPIES...: 5.9,7.3,5.1,7.7,7.7,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.7,7.7,7.8,7.7,5.1,7.8,5.1,7.6,5.1,7.8,7.8,7.7,7.7,7.8,7.5,5.1,7.8]
analyse: [.....4] [ip4][..tcp] [..192.168.0.103][57936] -> [...82.85.26.162][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.112| 0.011| 0.030| 883.414| 2.300]
[PKTLEN......: 52.000| 1470.000| 771.400| 697.700| 486813.200| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.112| 0.011| 0.030| 883.414| 2.300]
[PKTLEN......: 52.000| 1470.000| 771.400| 697.700| 486813.200| 4.300]
[BINS(c->s)..: 14,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,15,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,1,0,1,0,1]
@@ -49,9 +49,9 @@
[ENTROPIES...: 5.8,6.9,5.0,7.6,5.0,7.8,5.0,7.8,5.0,7.8,5.1,7.8,5.0,6.5,5.0,6.9,5.0,7.5,5.0,7.8,5.0,7.8,7.8,5.1,5.1,7.8,7.8,7.8,5.1,7.8,5.1,7.8]
new: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [MIDSTREAM]
analyse: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.372| 0.037| 0.093| 8582.227| 2.300]
[PKTLEN......: 52.000| 1470.000| 826.400| 686.900| 471900.100| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.372| 0.037| 0.093| 8582.227| 2.300]
[PKTLEN......: 52.000| 1470.000| 826.400| 686.900| 471900.100| 4.400]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1]
@@ -75,9 +75,9 @@
detected: [....15] [ip4][..tcp] [..192.168.0.103][33763] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe]
new: [....16] [ip4][..tcp] [..192.168.0.103][38817] -> [...46.33.70.160][...80] [MIDSTREAM]
analyse: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 7.322| 0.237| 1.293| 1672842.314| 0.100]
[PKTLEN......: 52.000| 1470.000| 889.300| 693.100| 480370.200| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 7.322| 0.237| 1.293| 1672842.314| 0.100]
[PKTLEN......: 52.000| 1470.000| 889.300| 693.100| 480370.200| 4.400]
[BINS(c->s)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,18,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,0,0]
@@ -128,9 +128,9 @@
new: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [MIDSTREAM]
detected: [....27] [ip4][..tcp] [..192.168.0.103][58053] -> [...82.85.26.162][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun][photos-g.ak.instagram.com]
analyse: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.062| 0.005| 0.015| 225.668| 2.000]
[PKTLEN......: 52.000| 1470.000| 779.200| 693.800| 481326.300| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.062| 0.005| 0.015| 225.668| 2.000]
[PKTLEN......: 52.000| 1470.000| 779.200| 693.800| 481326.300| 4.300]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0]
[DIRECTIONS..: 0,1,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,0,0,1,0,0,1,0,1,0,1,1,1]
@@ -139,9 +139,9 @@
[ENTROPIES...: 5.9,7.4,7.8,7.9,5.0,5.0,5.0,7.8,5.0,7.9,5.0,7.8,7.8,7.8,5.0,5.0,5.0,7.8,7.9,7.8,5.0,5.0,7.8,5.0,5.0,7.7,5.0,7.8,5.0,7.4,7.7,7.7]
new: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [MIDSTREAM]
analyse: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.002| 0.001| 0.001| 0.353| 4.600]
[PKTLEN......: 52.000| 1450.000| 969.400| 664.000| 440886.100| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.002|< 0.001|< 0.001| 0.353| 4.600]
[PKTLEN......: 52.000| 1450.000| 969.400| 664.000| 440886.100| 4.500]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0]
[BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0]
@@ -155,9 +155,9 @@
new: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53]
detected: [....31] [ip4][..udp] [..192.168.0.103][27124] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun][photos-b.ak.instagram.com]
analyse: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.004| 0.001| 0.001| 1.362| 4.300]
[PKTLEN......: 52.000| 1470.000| 805.300| 707.600| 500717.400| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.004| 0.001| 0.001| 1.362| 4.300]
[PKTLEN......: 52.000| 1470.000| 805.300| 707.600| 500717.400| 4.300]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0]
[BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0]
@@ -234,9 +234,9 @@
detection-update: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com]
detection-update: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun][scontent-mxp1-1.cdninstagram.com]
analyse: [....34] [ip4][..tcp] [...192.168.2.17][49357] -> [....31.13.86.52][..443] [TLS.Instagram][Facebook][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.470| 0.692| 2.561| 6557671.096| 1.200]
[PKTLEN......: 52.000| 1440.000| 460.700| 528.600| 279392.300| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 10.470| 0.692| 2.561| 6557671.096| 1.200]
[PKTLEN......: 52.000| 1440.000| 460.700| 528.600| 279392.300| 4.100]
[BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1]

24
test/results/flow-info/default/iphone.pcap.out
View File

@@ -134,9 +134,9 @@
detected: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
detection-update: [....48] [ip4][..udp] [...192.168.2.17][65079] -> [....192.168.2.1][...53] [DNS.AppleiTunes][Unknown][Network][Fun][play.itunes.apple.com]
analyse: [....29] [ip4][..tcp] [...192.168.2.17][50580] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.686| 0.087| 0.170| 29013.449| 3.100]
[PKTLEN......: 52.000| 1492.000| 310.700| 443.900| 197074.700| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.686| 0.087| 0.170| 29013.449| 3.100]
[PKTLEN......: 52.000| 1492.000| 310.700| 443.900| 197074.700| 3.900]
[BINS(c->s)..: 8,4,1,0,1,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,0]
@@ -147,9 +147,9 @@
detected: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com]
detection-update: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun][play.itunes.apple.com]
analyse: [....45] [ip4][..tcp] [...192.168.2.17][50584] -> [..17.248.176.75][..443] [TLS.AppleiCloud][Apple][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.655| 0.067| 0.146| 21410.738| 2.900]
[PKTLEN......: 40.000| 1492.000| 299.400| 449.800| 202280.400| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.655| 0.067| 0.146| 21410.738| 2.900]
[PKTLEN......: 40.000| 1492.000| 299.400| 449.800| 202280.400| 3.800]
[BINS(c->s)..: 9,5,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1]
@@ -157,9 +157,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52]
[ENTROPIES...: 4.4,5.2,5.1,4.5,5.1,6.7,7.5,7.5,7.3,4.9,5.0,6.0,5.7,6.0,5.0,5.0,5.7,5.8,5.5,7.8,5.5,7.4,5.5,4.9,5.5,5.0,5.0,4.9,7.7,5.0,4.5,5.1]
analyse: [....49] [ip4][..tcp] [...192.168.2.17][50587] -> [...92.123.77.26][..443] [TLS.AppleiTunes][Unknown][Streaming][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.147| 0.026| 0.045| 1989.449| 3.200]
[PKTLEN......: 52.000| 1492.000| 322.100| 461.100| 212650.100| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.147| 0.026| 0.045| 1989.449| 3.200]
[PKTLEN......: 52.000| 1492.000| 322.100| 461.100| 212650.100| 3.900]
[BINS(c->s)..: 10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1]
@@ -167,9 +167,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52]
[ENTROPIES...: 4.5,5.3,5.1,4.5,5.2,7.8,7.9,7.8,7.5,5.1,5.2,5.1,6.2,7.4,7.3,6.1,6.0,5.9,7.9,7.6,7.7,5.2,5.2,5.1,6.2,5.1,5.1,5.8,5.1,5.9,5.1,5.1]
analyse: [....38] [ip4][..tcp] [...192.168.2.17][50581] -> [..17.248.185.87][..443] [TLS.AppleiCloud][Apple][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.804| 0.109| 0.185| 34306.707| 3.400]
[PKTLEN......: 52.000| 1492.000| 721.000| 667.300| 445284.800| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.804| 0.109| 0.185| 34306.707| 3.400]
[PKTLEN......: 52.000| 1492.000| 721.000| 667.300| 445284.800| 4.300]
[BINS(c->s)..: 8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0]
[BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0]

6
test/results/flow-info/default/ipp.pcap.out
View File

@@ -8,9 +8,9 @@
detected: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable][10.10.10.251]
RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI
analyse: [.....2] [ip4][..tcp] [....10.10.10.49][55342] -> [...10.10.10.251][..631] [HTTP.IPP][Unknown][System][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.009| 0.004| 0.004| 12.440| 4.200]
[PKTLEN......: 52.000| 2948.000| 883.700| 882.800| 779357.900| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.009| 0.004| 0.004| 12.440| 4.200]
[PKTLEN......: 52.000| 2948.000| 883.700| 882.800| 779357.900| 4.200]
[BINS(c->s)..: 3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,1,1,1,0,1,0,9]
[BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,1,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1]

36
test/results/flow-info/default/ipsec_isakmp_esp.pcap.out
View File

@@ -12,9 +12,9 @@
update: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][Unknown][VPN][Safe]
update: [.....2] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.193][..500] [IPSec][Unknown][VPN][Safe]
analyse: [.....1] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.193][.4500] [IPSec][Unknown][VPN][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 662.067| 70.207| 185.660|34469670203.425| 2.000]
[PKTLEN......: 108.000| 1360.000| 528.100| 468.700| 219671.500| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 662.067| 70.207| 185.660| 34469670203.425| 2.000]
[PKTLEN......: 108.000| 1360.000| 528.100| 468.700| 219671.500| 4.500]
[BINS(c->s)..: 0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,3,0,7,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1]
@@ -119,9 +119,9 @@
new: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500]
detected: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] [IPSec][Unknown][VPN][Safe]
analyse: [....24] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.227][.4500] [IPSec][Unknown][VPN][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 108.000| 1360.000| 493.000| 453.900| 206039.000| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 108.000| 1360.000| 493.000| 453.900| 206039.000| 4.400]
[BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,4,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1]
@@ -129,9 +129,9 @@
[PKTLENS.....: 844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236]
[ENTROPIES...: 7.7,6.9,6.3,5.9,6.1,7.4,7.9,7.9,7.8,6.7,6.6,6.5,7.8,6.7,5.8,7.7,6.9,6.3,5.7,6.1,7.5,7.9,7.9,7.8,6.6,6.6,6.6,7.8,6.5,5.7,7.7,6.8]
analyse: [....23] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.227][..500] [IPSec][Unknown][VPN][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 80.000| 828.000| 507.000| 320.200| 102515.000| 4.700]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 80.000| 828.000| 507.000| 320.200| 102515.000| 4.700]
[BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -147,9 +147,9 @@
new: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500]
detected: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][Unknown][VPN][Safe]
analyse: [....28] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.130][.4500] [IPSec][Unknown][VPN][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 108.000| 1360.000| 651.200| 511.600| 261688.400| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 108.000| 1360.000| 651.200| 511.600| 261688.400| 4.500]
[BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,2,0,4,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,4,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1]
@@ -173,9 +173,9 @@
new: [....36] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.195][..500]
detected: [....36] [ip4][..udp] [..192.168.2.100][10500] -> [109.237.187.195][..500] [IPSec][Unknown][VPN][Safe]
analyse: [....34] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.195][.4500] [IPSec][Unknown][VPN][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 108.000| 1360.000| 570.200| 486.800| 236933.900| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 108.000| 1360.000| 570.200| 486.800| 236933.900| 4.500]
[BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,2,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1]
@@ -183,9 +183,9 @@
[PKTLENS.....: 844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236]
[ENTROPIES...: 7.7,6.9,6.3,5.7,6.2,7.5,7.9,7.8,7.8,6.7,6.7,6.7,7.8,6.5,7.8,7.7,6.9,6.3,5.8,6.1,7.4,7.9,7.9,7.8,6.5,6.5,6.6,7.8,6.7,7.8,7.7,6.9]
analyse: [....18] [ip4][..udp] [..192.168.2.100][14500] -> [109.237.187.225][.4500] [IPSec][Unknown][VPN][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 108.000| 1360.000| 531.600| 472.200| 222978.400| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.000| 0.000| 0.000| 0.000| 0.000]
[PKTLEN......: 108.000| 1360.000| 531.600| 472.200| 222978.400| 4.400]
[BINS(c->s)..: 0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,3,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1]

18
test/results/flow-info/default/jabber.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222]
detected: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
analyse: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.338| 0.039| 0.084| 7085.730| 3.000]
[PKTLEN......: 52.000| 431.000| 128.100| 104.500| 10930.100| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.338| 0.039| 0.084| 7085.730| 3.000]
[PKTLEN......: 52.000| 431.000| 128.100| 104.500| 10930.100| 4.600]
[BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0]
@@ -16,9 +16,9 @@
new: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222]
detected: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
analyse: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.337| 0.038| 0.085| 7210.629| 2.800]
[PKTLEN......: 52.000| 431.000| 128.000| 104.500| 10917.300| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.337| 0.038| 0.085| 7210.629| 2.800]
[PKTLEN......: 52.000| 431.000| 128.000| 104.500| 10917.300| 4.600]
[BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0]
@@ -40,9 +40,9 @@
DAEMON-EVENT: [Processed: 243 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
analyse: [.....6] [ip4][..tcp] [....172.16.0.62][57149] -> [...172.16.1.138][.5222] [Jabber][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 600.488| 42.007| 147.105|21639823353.709| 1.400]
[PKTLEN......: 52.000| 515.000| 150.800| 117.900| 13893.800| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 600.488| 42.007| 147.105| 21639823353.709| 1.400]
[PKTLEN......: 52.000| 515.000| 150.800| 117.900| 13893.800| 4.600]
[BINS(c->s)..: 9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1]

6
test/results/flow-info/default/kismet.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501]
detected: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Unknown][Network][Acceptable]
analyse: [.....1] [ip4][..tcp] [......127.0.0.1][34065] -> [......127.0.0.1][.2501] [Kismet][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.100| 0.836| 0.406| 165002.641| 4.700]
[PKTLEN......: 40.000| 1085.000| 128.900| 184.200| 33913.200| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.100| 0.836| 0.406| 165002.641| 4.700]
[PKTLEN......: 40.000| 1085.000| 128.900| 184.200| 33913.200| 4.200]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

6
test/results/flow-info/default/kontiki.pcap.out
View File

@@ -18,9 +18,9 @@
new: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59]
detected: [.....8] [ip4][.icmp] [...4.79.219.125] -> [....10.25.32.59] [ICMP][Unknown][Network][Acceptable]
analyse: [.....3] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.86][.8888] [Kontiki][Unknown][Media][Potentially Dangerous]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.608| 0.045| 0.118| 13931.400| 2.600]
[PKTLEN......: 32.000| 1269.000| 804.400| 568.000| 322604.600| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.608| 0.045| 0.118| 13931.400| 2.600]
[PKTLEN......: 32.000| 1269.000| 804.400| 568.000| 322604.600| 4.500]
[BINS(c->s)..: 7,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,1,0,1,0,1,0,1,1,1,1,0,1,1,1,1,1,0,1,1,1,1,1,1,0,1,1,1,1]

24
test/results/flow-info/default/line.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610]
detected: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable]
analyse: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.602| 0.105| 0.182| 33194.353| 3.400]
[PKTLEN......: 58.000| 900.000| 171.300| 234.500| 54984.500| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.602| 0.105| 0.182| 33194.353| 3.400]
[PKTLEN......: 58.000| 900.000| 171.300| 234.500| 54984.500| 4.100]
[BINS(c->s)..: 1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0]
@@ -25,9 +25,9 @@
detection-update: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable][uts-front.line-apps.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....2] [ip4][..tcp] [...10.200.3.125][57841] -> [.147.92.165.194][..443] [TLS][Line][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.007| 2.533| 0.220| 0.601| 361429.959| 2.800]
[PKTLEN......: 40.000| 374.000| 118.100| 90.900| 8262.100| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.007| 2.533| 0.220| 0.601| 361429.959| 2.800]
[PKTLEN......: 40.000| 374.000| 118.100| 90.900| 8262.100| 4.600]
[BINS(c->s)..: 1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0]
@@ -35,9 +35,9 @@
[PKTLENS.....: 100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]
[ENTROPIES...: 5.9,4.7,6.3,4.7,6.6,6.0,4.7,6.6,4.7,7.4,6.0,4.7,6.5,4.7,6.4,5.9,4.7,6.7,4.7,7.0,5.9,6.3,6.0,4.7,6.0,4.7,7.3,4.7,7.1,4.8,7.4,5.9]
analyse: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 7.306| 0.634| 1.725| 2976235.913| 2.700]
[PKTLEN......: 40.000| 1500.000| 272.500| 367.300| 134881.600| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 7.306| 0.634| 1.725| 2976235.913| 2.700]
[PKTLEN......: 40.000| 1500.000| 272.500| 367.300| 134881.600| 4.100]
[BINS(c->s)..: 6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0]
@@ -48,9 +48,9 @@
new: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070]
detected: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
analyse: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.225| 0.016| 0.051| 2613.605| 1.500]
[PKTLEN......: 59.000| 881.000| 540.400| 131.000| 17170.000| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.225| 0.016| 0.051| 2613.605| 1.500]
[PKTLEN......: 59.000| 881.000| 540.400| 131.000| 17170.000| 4.900]
[BINS(c->s)..: 1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1]

6
test/results/flow-info/default/log4j-webapp-exploit.pcap.out
View File

@@ -18,9 +18,9 @@
ERROR-EVENT: Unknown L3 protocol [3/16]
ERROR-EVENT: Unknown L3 protocol [4/16]
analyse: [.....4] [ip4][..tcp] [..172.16.238.10][55408] -> [....10.10.10.31][.9001]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 7.289| 0.474| 1.790| 3202664.366| 1.100]
[PKTLEN......: 52.000| 60.000| 53.500| 2.200| 4.600| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 7.289| 0.474| 1.790| 3202664.366| 1.100]
[PKTLEN......: 52.000| 60.000| 53.500| 2.200| 4.600| 5.000]
[BINS(c->s)..: 17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]

6
test/results/flow-info/default/long_tls_certificate.pcap.out
View File

@@ -6,9 +6,9 @@
detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable][beacon-api.aliyuncs.com]
detection-update: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable][beacon-api.aliyuncs.com]
analyse: [.....1] [ip4][..tcp] [...192.168.1.60][55333] -> [.106.15.100.123][..443] [TLS.Alibaba][Alibaba][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.371| 0.087| 0.130| 17024.252| 3.400]
[PKTLEN......: 40.000| 1492.000| 370.700| 546.600| 298744.200| 3.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.371| 0.087| 0.130| 17024.252| 3.400]
[PKTLEN......: 40.000| 1492.000| 370.700| 546.600| 298744.200| 3.700]
[BINS(c->s)..: 10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1]

6
test/results/flow-info/default/malware.pcap.out
View File

@@ -27,9 +27,9 @@
detected: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe][hobbeach.com]
detection-update: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe][hobbeach.com]
analyse: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.111| 0.021| 0.035| 1237.078| 3.200]
[PKTLEN......: 40.000| 1492.000| 579.600| 653.500| 427088.100| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.111| 0.021| 0.035| 1237.078| 3.200]
[PKTLEN......: 40.000| 1492.000| 579.600| 653.500| 427088.100| 4.000]
[BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,0,1,1]

6
test/results/flow-info/default/merakicloud.pcapng.out
View File

@@ -8,9 +8,9 @@
update: [.....1] [ip4][..udp] [...2.36.234.133][47301] -> [..209.206.59.34][.7351] [MerakiCloud][Unknown][Network][Acceptable]
update: [.....1] [ip4][..udp] [...2.36.234.133][47301] -> [..209.206.59.34][.7351] [MerakiCloud][Unknown][Network][Acceptable]
analyse: [.....1] [ip4][..udp] [...2.36.234.133][47301] -> [..209.206.59.34][.7351] [MerakiCloud][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.185| 25.011| 16.136| 11.214| 125752330.682| 4.400]
[PKTLEN......: 74.000| 183.000| 129.700| 43.400| 1881.800| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.185| 25.011| 16.136| 11.214| 125752330.682| 4.400]
[PKTLEN......: 74.000| 183.000| 129.700| 43.400| 1881.800| 4.900]
[BINS(c->s)..: 0,0,0,11,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1]

6
test/results/flow-info/default/modbus.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [MIDSTREAM]
detected: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][Unknown][IoT-Scada][Acceptable]
analyse: [.....1] [ip4][..tcp] [192.168.110.131][.2074] -> [192.168.110.138][..502] [Modbus][Unknown][IoT-Scada][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 1.014| 0.452| 0.497| 247304.159| 3.800]
[PKTLEN......: 51.000| 52.000| 51.500| 0.500| 0.200| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.014| 0.452| 0.497| 247304.159| 3.800]
[PKTLEN......: 51.000| 52.000| 51.500| 0.500| 0.200| 5.000]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

12
test/results/flow-info/default/monero.pcap.out
View File

@@ -8,9 +8,9 @@
detected: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
RISK: Unsafe Protocol
analyse: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 71.693| 7.500| 18.614| 346464978.993| 2.400]
[PKTLEN......: 52.000| 1500.000| 358.800| 549.100| 301531.900| 3.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 71.693| 7.500| 18.614| 346464978.993| 2.400]
[PKTLEN......: 52.000| 1500.000| 358.800| 549.100| 301531.900| 3.700]
[BINS(c->s)..: 8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0]
[BINS(s->c)..: 10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1]
@@ -18,9 +18,9 @@
[PKTLENS.....: 60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]
[ENTROPIES...: 4.7,5.3,5.1,5.8,5.3,5.7,5.3,6.1,5.7,5.9,5.1,5.8,5.3,5.0,5.2,4.5,4.3,5.3,5.3,5.7,5.2,4.5,4.3,5.4,5.7,5.2,4.9,5.2,4.5,4.3,5.4,5.7]
analyse: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 170.525| 32.857| 51.784| 2681624034.542| 3.400]
[PKTLEN......: 40.000| 1484.000| 223.600| 347.600| 120860.400| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 170.525| 32.857| 51.784| 2681624034.542| 3.400]
[PKTLEN......: 40.000| 1484.000| 223.600| 347.600| 120860.400| 3.900]
[BINS(c->s)..: 12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0]
[BINS(s->c)..: 4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1]

60
test/results/flow-info/default/nest_log_sink.pcap.out
View File

@@ -5,9 +5,9 @@
DAEMON-EVENT: [Processed: 30 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
analyse: [.....1] [ip4][..tcp] [.192.168.242.15][63340] -> [..35.174.82.237][11095]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.061| 60.122| 38.821| 28.558| 815563555.209| 4.300]
[PKTLEN......: 40.000| 46.000| 43.000| 3.000| 9.000| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.061| 60.122| 38.821| 28.558| 815563555.209| 4.300]
[PKTLEN......: 40.000| 46.000| 43.000| 3.000| 9.000| 5.000]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1]
@@ -24,9 +24,9 @@
new: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095]
detected: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
analyse: [.....3] [ip4][..tcp] [.192.168.242.15][63342] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.491| 0.199| 0.354| 125081.829| 3.700]
[PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48330.300| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.491| 0.199| 0.354| 125081.829| 3.700]
[PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48330.300| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0]
@@ -39,9 +39,9 @@
detected: [.....5] [ip4][..tcp] [.192.168.242.15][63344] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
update: [.....2] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
analyse: [.....4] [ip4][..tcp] [.192.168.242.15][63343] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.007| 60.078| 8.258| 19.898| 395938807.939| 2.400]
[PKTLEN......: 40.000| 717.000| 167.000| 184.800| 34140.600| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.007| 60.078| 8.258| 19.898| 395938807.939| 2.400]
[PKTLEN......: 40.000| 717.000| 167.000| 184.800| 34140.600| 4.300]
[BINS(c->s)..: 9,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1]
@@ -65,9 +65,9 @@
new: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095]
detected: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
analyse: [.....7] [ip4][..tcp] [.192.168.242.15][63345] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.478| 0.186| 0.338| 114146.574| 3.600]
[PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.478| 0.186| 0.338| 114146.574| 3.600]
[PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0]
@@ -84,9 +84,9 @@
end: [.....9] [ip4][..tcp] [.192.168.242.15][63347] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
update: [.....6] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
analyse: [.....8] [ip4][..tcp] [.192.168.242.15][63346] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.007| 60.066| 10.038| 21.842| 477077551.710| 2.600]
[PKTLEN......: 40.000| 717.000| 162.200| 185.800| 34538.800| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.007| 60.066| 10.038| 21.842| 477077551.710| 2.600]
[PKTLEN......: 40.000| 717.000| 162.200| 185.800| 34538.800| 4.300]
[BINS(c->s)..: 10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0]
@@ -106,9 +106,9 @@
new: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095]
detected: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
analyse: [....11] [ip4][..tcp] [.192.168.242.15][63348] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.475| 0.185| 0.337| 113653.596| 3.600]
[PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.475| 0.185| 0.337| 113653.596| 3.600]
[PKTLEN......: 40.000| 718.000| 241.900| 219.700| 48280.000| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0]
@@ -123,9 +123,9 @@
update: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
idle: [....10] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
analyse: [....12] [ip4][..tcp] [.192.168.242.15][63349] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 60.116| 15.667| 26.142| 683403720.524| 3.100]
[PKTLEN......: 40.000| 718.000| 145.100| 181.000| 32752.900| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 60.116| 15.667| 26.142| 683403720.524| 3.100]
[PKTLEN......: 40.000| 718.000| 145.100| 181.000| 32752.900| 4.200]
[BINS(c->s)..: 10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1]
@@ -143,9 +143,9 @@
new: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095]
detected: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
analyse: [....15] [ip4][..tcp] [.192.168.242.15][63351] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.484| 0.189| 0.353| 124509.217| 3.600]
[PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48309.800| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.484| 0.189| 0.353| 124509.217| 3.600]
[PKTLEN......: 40.000| 719.000| 241.900| 219.800| 48309.800| 4.400]
[BINS(c->s)..: 4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0]
@@ -154,9 +154,9 @@
[ENTROPIES...: 4.3,5.0,4.4,7.0,5.0,7.1,4.5,5.5,5.0,5.8,4.9,5.6,7.6,5.8,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.5,5.7,7.6,5.7,7.5,5.7,4.3,7.5,5.7,7.5]
new: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095]
analyse: [....13] [ip4][..tcp] [.192.168.242.15][63350] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 60.156| 9.910| 20.689| 428051338.887| 2.700]
[PKTLEN......: 40.000| 717.000| 147.100| 180.100| 32452.700| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 60.156| 9.910| 20.689| 428051338.887| 2.700]
[PKTLEN......: 40.000| 717.000| 147.100| 180.100| 32452.700| 4.200]
[BINS(c->s)..: 10,2,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1]
@@ -172,9 +172,9 @@
end: [....17] [ip4][..tcp] [.192.168.242.15][63353] -> [.35.188.154.186][11095] [NestLogSink][GoogleCloud][Cloud][Acceptable]
update: [....14] [ip4][..udp] [.192.168.242.15][52849] -> [..192.168.242.1][...53] [DNS][Unknown][Network][Acceptable]
analyse: [....16] [ip4][..tcp] [.192.168.242.15][63352] -> [..35.174.82.237][11095] [NestLogSink][AmazonAWS][Cloud][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 60.173| 10.045| 21.954| 481957439.865| 2.600]
[PKTLEN......: 40.000| 716.000| 162.200| 185.800| 34529.800| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 60.173| 10.045| 21.954| 481957439.865| 2.600]
[PKTLEN......: 40.000| 716.000| 162.200| 185.800| 34529.800| 4.300]
[BINS(c->s)..: 10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0]

12
test/results/flow-info/default/netbios.pcap.out
View File

@@ -10,9 +10,9 @@
RISK: Unsafe Protocol
new: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [MIDSTREAM]
analyse: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.014| 0.750| 0.325| 0.215| 46083.158| 4.600]
[PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.014| 0.750| 0.325| 0.215| 46083.158| 4.600]
[PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -41,9 +41,9 @@
new: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137]
detected: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable][guru]
analyse: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][Unknown][System][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.749| 1.516| 0.995| 0.356| 126784.610| 4.900]
[PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.749| 1.516| 0.995| 0.356| 126784.610| 4.900]
[PKTLEN......: 78.000| 78.000| 78.000| 0.000| 0.000| 5.000]
[BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

162
test/results/flow-info/default/netflix.pcap.out
View File

@@ -35,9 +35,9 @@
detection-update: [.....8] [ip4][..tcp] [....192.168.1.7][53117] -> [...52.32.196.36][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.364| 0.040| 0.082| 6699.630| 3.200]
[PKTLEN......: 52.000| 1500.000| 265.200| 396.800| 157454.800| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.364| 0.040| 0.082| 6699.630| 3.200]
[PKTLEN......: 52.000| 1500.000| 265.200| 396.800| 157454.800| 3.900]
[BINS(c->s)..: 11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0]
@@ -79,9 +79,9 @@
detection-update: [....16] [ip4][..tcp] [....192.168.1.7][53134] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....15] [ip4][..tcp] [....192.168.1.7][53133] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.350| 0.041| 0.077| 5966.970| 3.500]
[PKTLEN......: 52.000| 1500.000| 530.200| 630.500| 397553.600| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.350| 0.041| 0.077| 5966.970| 3.500]
[PKTLEN......: 52.000| 1500.000| 530.200| 630.500| 397553.600| 4.000]
[BINS(c->s)..: 11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0]
@@ -98,9 +98,9 @@
detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net]
detection-update: [....18] [ip4][..tcp] [....192.168.1.7][53141] -> [..104.86.97.179][..443] [TLS.NetFlix][Unknown][Video][Fun][art-s.nflximg.net]
analyse: [....14] [ip4][..tcp] [....192.168.1.7][53132] -> [...52.89.39.139][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 7.508| 0.502| 1.826| 3335198.867| 1.400]
[PKTLEN......: 52.000| 1500.000| 358.800| 520.700| 271128.800| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 7.508| 0.502| 1.826| 3335198.867| 1.400]
[PKTLEN......: 52.000| 1500.000| 358.800| 520.700| 271128.800| 3.800]
[BINS(c->s)..: 10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1]
@@ -124,9 +124,9 @@
new: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80]
detected: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun][appboot.netflix.com]
analyse: [....24] [ip4][..tcp] [....192.168.1.7][53151] -> [.54.201.191.132][...80] [HTTP.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.187| 0.029| 0.042| 1791.215| 4.000]
[PKTLEN......: 52.000| 1500.000| 812.300| 674.900| 455511.900| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.187| 0.029| 0.042| 1791.215| 4.000]
[PKTLEN......: 52.000| 1500.000| 812.300| 674.900| 455511.900| 4.400]
[BINS(c->s)..: 9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0]
[DIRECTIONS..: 0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0]
@@ -140,9 +140,9 @@
new: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53]
detected: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ios.nccp.netflix.com]
analyse: [....20] [ip4][..tcp] [....192.168.1.7][53148] -> [..184.25.204.25][...80] [HTTP.NetFlix][Unknown][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 6.031| 0.428| 1.232| 1516791.529| 2.300]
[PKTLEN......: 52.000| 1500.000| 795.600| 706.600| 499284.200| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 6.031| 0.428| 1.232| 1516791.529| 2.300]
[PKTLEN......: 52.000| 1500.000| 795.600| 706.600| 499284.200| 4.300]
[BINS(c->s)..: 12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1]
@@ -168,9 +168,9 @@
detection-update: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.145]
RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
analyse: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 0.651| 0.082| 0.154| 23582.077| 3.600]
[PKTLEN......: 52.000| 1500.000| 940.800| 683.500| 467159.100| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 0.651| 0.082| 0.154| 23582.077| 3.600]
[PKTLEN......: 52.000| 1500.000| 940.800| 683.500| 467159.100| 4.500]
[BINS(c->s)..: 10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1]
@@ -188,9 +188,9 @@
detection-update: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable][23.246.3.140]
RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
analyse: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.044| 0.018| 0.010| 100.655| 4.700]
[PKTLEN......: 52.000| 1500.000| 984.900| 672.700| 452466.100| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.044| 0.018| 0.010| 100.655| 4.700]
[PKTLEN......: 52.000| 1500.000| 984.900| 672.700| 452466.100| 4.500]
[BINS(c->s)..: 9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1]
@@ -253,9 +253,9 @@
detection-update: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
analyse: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.098| 0.201| 0.403| 162731.114| 3.600]
[PKTLEN......: 52.000| 1500.000| 493.700| 638.100| 407212.300| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.098| 0.201| 0.403| 162731.114| 3.600]
[PKTLEN......: 52.000| 1500.000| 493.700| 638.100| 407212.300| 3.900]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1]
@@ -263,9 +263,9 @@
[PKTLENS.....: 64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500]
[ENTROPIES...: 4.6,5.3,5.0,6.3,5.8,4.4,5.1,5.2,5.2,5.3,5.3,5.4,5.3,5.2,5.2,5.2,4.8,5.2,4.8,5.1,4.8,4.8,5.2,4.8,5.0,4.8,5.2,5.2,5.2,4.6,5.0,4.6]
analyse: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.047| 0.281| 0.301| 90549.584| 4.200]
[PKTLEN......: 52.000| 1500.000| 490.100| 638.900| 408170.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.047| 0.281| 0.301| 90549.584| 4.200]
[PKTLEN......: 52.000| 1500.000| 490.100| 638.900| 408170.900| 3.900]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1]
@@ -273,9 +273,9 @@
[PKTLENS.....: 64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500]
[ENTROPIES...: 4.5,5.3,5.0,6.4,5.8,4.4,5.1,5.3,5.2,5.1,5.2,5.1,5.1,4.9,4.3,5.2,5.2,5.1,4.9,4.9,5.0,5.1,5.1,4.9,5.0,5.0,4.8,5.0,4.6,4.7,5.1,4.8]
analyse: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 1.636| 0.284| 0.363| 131453.321| 4.000]
[PKTLEN......: 52.000| 1500.000| 536.600| 657.900| 432827.800| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.636| 0.284| 0.363| 131453.321| 4.000]
[PKTLEN......: 52.000| 1500.000| 536.600| 657.900| 432827.800| 3.900]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1]
@@ -283,9 +283,9 @@
[PKTLENS.....: 64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500]
[ENTROPIES...: 4.5,5.3,5.1,6.4,5.8,4.5,5.1,5.3,5.4,5.4,5.2,5.2,5.2,5.2,3.8,4.4,5.2,5.1,5.2,4.4,4.4,5.2,5.2,4.4,4.4,5.2,5.2,4.3,5.0,4.4,5.2,4.6]
analyse: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 1.397| 0.291| 0.314| 98805.531| 4.200]
[PKTLEN......: 52.000| 1500.000| 716.200| 699.000| 488561.800| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 1.397| 0.291| 0.314| 98805.531| 4.200]
[PKTLEN......: 52.000| 1500.000| 716.200| 699.000| 488561.800| 4.200]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1]
@@ -293,9 +293,9 @@
[PKTLENS.....: 64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500]
[ENTROPIES...: 4.6,5.3,5.0,6.4,5.8,4.5,5.0,4.2,5.0,5.3,5.3,4.4,5.3,4.4,5.2,4.3,4.5,4.3,5.1,4.3,5.1,4.3,5.1,5.2,4.5,5.0,4.7,4.7,5.1,4.7,5.2,4.7]
analyse: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.716| 0.300| 0.539| 290723.889| 3.600]
[PKTLEN......: 52.000| 1500.000| 492.600| 638.800| 408052.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.716| 0.300| 0.539| 290723.889| 3.600]
[PKTLEN......: 52.000| 1500.000| 492.600| 638.800| 408052.900| 3.900]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0]
@@ -303,9 +303,9 @@
[PKTLENS.....: 64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52]
[ENTROPIES...: 4.6,5.4,5.1,6.4,5.8,4.4,5.2,5.3,5.4,5.3,5.4,5.3,5.3,5.3,5.3,5.2,5.0,4.6,4.5,5.1,4.6,5.0,4.5,5.0,4.6,5.2,5.1,4.3,5.0,4.4,4.5,5.1]
analyse: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.094| 0.303| 0.556| 309287.715| 3.700]
[PKTLEN......: 52.000| 1500.000| 447.800| 616.500| 380048.700| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.094| 0.303| 0.556| 309287.715| 3.700]
[PKTLEN......: 52.000| 1500.000| 447.800| 616.500| 380048.700| 3.800]
[BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0]
@@ -313,9 +313,9 @@
[PKTLENS.....: 64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52]
[ENTROPIES...: 4.5,5.3,5.1,6.4,5.8,4.4,5.1,5.3,5.4,5.4,5.2,5.3,5.2,5.3,5.3,5.3,5.1,4.7,5.2,5.2,4.7,4.7,5.1,4.7,5.1,4.6,5.2,5.3,4.4,5.3,4.5,5.2]
analyse: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.609| 0.294| 0.529| 280024.056| 3.500]
[PKTLEN......: 52.000| 1500.000| 449.200| 615.600| 378913.200| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.609| 0.294| 0.529| 280024.056| 3.500]
[PKTLEN......: 52.000| 1500.000| 449.200| 615.600| 378913.200| 3.800]
[BINS(c->s)..: 21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0]
@@ -323,9 +323,9 @@
[PKTLENS.....: 64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72]
[ENTROPIES...: 4.6,5.3,5.1,6.4,5.8,4.4,5.1,5.4,5.3,5.3,5.3,5.3,5.2,5.2,5.2,5.2,5.2,5.0,5.0,5.2,5.0,5.0,5.0,5.0,5.2,5.0,5.0,5.1,5.0,4.7,5.2,5.3]
analyse: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.064| 0.322| 0.577| 332375.130| 3.600]
[PKTLEN......: 52.000| 1500.000| 495.000| 637.200| 406023.800| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.064| 0.322| 0.577| 332375.130| 3.600]
[PKTLEN......: 52.000| 1500.000| 495.000| 637.200| 406023.800| 3.900]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1]
@@ -333,9 +333,9 @@
[PKTLENS.....: 64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500]
[ENTROPIES...: 4.5,5.2,5.0,6.3,5.8,4.5,4.2,5.1,5.0,3.8,5.0,5.1,5.1,5.2,5.2,5.2,5.1,5.2,4.3,5.2,4.2,5.0,4.3,5.1,5.1,5.1,5.1,5.1,4.5,5.1,4.5,4.5]
analyse: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.546| 0.356| 0.683| 466078.499| 3.500]
[PKTLEN......: 52.000| 1500.000| 493.200| 638.400| 407523.400| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 3.546| 0.356| 0.683| 466078.499| 3.500]
[PKTLEN......: 52.000| 1500.000| 493.200| 638.400| 407523.400| 3.900]
[BINS(c->s)..: 20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1]
@@ -343,9 +343,9 @@
[PKTLENS.....: 64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500]
[ENTROPIES...: 4.5,5.3,5.0,6.4,5.8,4.5,5.1,5.4,5.4,5.4,5.3,5.4,5.4,5.3,5.3,5.3,5.3,4.4,5.2,4.5,5.0,4.5,4.5,5.2,4.5,5.1,4.5,5.3,5.2,5.0,4.4,4.4]
analyse: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 4.457| 0.415| 0.811| 658300.731| 3.600]
[PKTLEN......: 52.000| 1500.000| 538.100| 656.800| 431419.800| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.457| 0.415| 0.811| 658300.731| 3.600]
[PKTLEN......: 52.000| 1500.000| 538.100| 656.800| 431419.800| 3.900]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1]
@@ -353,9 +353,9 @@
[PKTLENS.....: 64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500]
[ENTROPIES...: 4.5,5.3,5.0,6.4,5.8,4.4,5.1,5.3,5.4,5.4,5.4,5.4,5.3,5.3,5.2,5.2,4.4,4.5,5.1,5.2,4.4,4.5,5.2,4.4,5.1,4.5,5.2,4.3,4.3,5.2,5.2,4.4]
analyse: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 4.432| 0.435| 0.814| 663375.512| 3.600]
[PKTLEN......: 52.000| 1500.000| 404.200| 589.200| 347103.400| 3.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 4.432| 0.435| 0.814| 663375.512| 3.600]
[PKTLEN......: 52.000| 1500.000| 404.200| 589.200| 347103.400| 3.700]
[BINS(c->s)..: 22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1]
@@ -363,9 +363,9 @@
[PKTLENS.....: 64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500]
[ENTROPIES...: 4.6,5.2,5.0,6.4,5.8,4.5,5.1,5.3,5.3,5.4,5.4,5.3,5.4,5.3,5.3,5.1,5.3,5.3,5.2,4.3,5.0,4.3,5.2,5.2,4.4,5.2,5.2,5.2,4.3,4.3,5.2,4.4]
analyse: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 30.086| 1.958| 7.380| 54461959.504| 1.100]
[PKTLEN......: 52.000| 1500.000| 380.000| 556.900| 310128.200| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 30.086| 1.958| 7.380| 54461959.504| 1.100]
[PKTLEN......: 52.000| 1500.000| 380.000| 556.900| 310128.200| 3.800]
[BINS(c->s)..: 9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
[BINS(s->c)..: 9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1]
@@ -390,9 +390,9 @@
detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.geo.netflix.com]
new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443]
analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 30.431| 1.003| 5.373| 28867930.620| 0.200]
[PKTLEN......: 52.000| 1500.000| 379.500| 557.000| 310204.400| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 30.431| 1.003| 5.373| 28867930.620| 0.200]
[PKTLEN......: 52.000| 1500.000| 379.500| 557.000| 310204.400| 3.800]
[BINS(c->s)..: 10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0]
[BINS(s->c)..: 7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0]
@@ -416,9 +416,9 @@
RISK: TLS (probably) Not Carrying HTTPS
detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
analyse: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.282| 0.053| 0.058| 3383.537| 4.200]
[PKTLEN......: 52.000| 1500.000| 552.500| 629.700| 396553.700| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.282| 0.053| 0.058| 3383.537| 4.200]
[PKTLEN......: 52.000| 1500.000| 552.500| 629.700| 396553.700| 4.000]
[BINS(c->s)..: 10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[BINS(s->c)..: 5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0]
@@ -428,9 +428,9 @@
detection-update: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ios.nccp.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.333| 0.059| 0.083| 6944.879| 3.800]
[PKTLEN......: 52.000| 1500.000| 746.100| 703.800| 495333.000| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.333| 0.059| 0.083| 6944.879| 3.800]
[PKTLEN......: 52.000| 1500.000| 746.100| 703.800| 495333.000| 4.200]
[BINS(c->s)..: 6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0]
[BINS(s->c)..: 6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0]
@@ -439,9 +439,9 @@
[ENTROPIES...: 4.6,5.3,5.2,5.8,5.1,7.2,7.3,5.2,6.9,5.2,6.2,5.1,6.1,5.2,6.0,5.2,7.9,7.9,7.9,5.2,7.9,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9]
detection-update: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][ichnaea.netflix.com]
analyse: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 0.731| 0.102| 0.156| 24231.225| 4.000]
[PKTLEN......: 52.000| 1500.000| 648.300| 653.400| 426995.300| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.005| 0.731| 0.102| 0.156| 24231.225| 4.000]
[PKTLEN......: 52.000| 1500.000| 648.300| 653.400| 426995.300| 4.200]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0]
@@ -504,9 +504,9 @@
detection-update: [....58] [ip4][..tcp] [....192.168.1.7][53250] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [....57] [ip4][..tcp] [....192.168.1.7][53249] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.141| 0.020| 0.029| 838.464| 3.900]
[PKTLEN......: 52.000| 1500.000| 420.800| 506.400| 256458.000| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.141| 0.020| 0.029| 838.464| 3.900]
[PKTLEN......: 52.000| 1500.000| 420.800| 506.400| 256458.000| 4.100]
[BINS(c->s)..: 12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -521,9 +521,9 @@
detected: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net]
detected: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun][art-1.nflximg.net]
analyse: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.501| 0.064| 0.122| 14766.799| 3.300]
[PKTLEN......: 52.000| 1500.000| 442.800| 552.300| 305076.800| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.501| 0.064| 0.122| 14766.799| 3.300]
[PKTLEN......: 52.000| 1500.000| 442.800| 552.300| 305076.800| 4.000]
[BINS(c->s)..: 10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[BINS(s->c)..: 5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1]
@@ -532,9 +532,9 @@
[ENTROPIES...: 4.6,5.3,5.2,4.1,5.0,7.3,7.3,5.2,7.0,5.2,6.3,5.1,6.0,5.1,6.0,5.2,7.9,7.8,5.2,7.9,7.5,5.2,7.6,5.1,7.7,5.2,6.0,5.2,7.9,7.7,5.0,7.9]
detection-update: [....55] [ip4][..tcp] [....192.168.1.7][53239] -> [.....52.41.30.5][..443] [TLS.NetFlix][AmazonAWS][Video][Fun][api-global.netflix.com]
analyse: [....61] [ip4][..tcp] [....192.168.1.7][53252] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.001| 0.100| 0.036| 0.022| 464.586| 4.700]
[PKTLEN......: 52.000| 1500.000| 1146.700| 613.300| 376142.500| 4.700]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.100| 0.036| 0.022| 464.586| 4.700]
[PKTLEN......: 52.000| 1500.000| 1146.700| 613.300| 376142.500| 4.700]
[BINS(c->s)..: 5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]
@@ -542,9 +542,9 @@
[PKTLENS.....: 64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]
[ENTROPIES...: 4.5,5.2,5.2,5.9,5.3,7.0,7.5,5.1,7.7,5.1,7.7,5.2,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.8,7.9,7.8,7.9,7.8,7.9,7.8,7.9,7.9,7.8,7.8]
analyse: [....60] [ip4][..tcp] [....192.168.1.7][53251] -> [..184.25.204.10][...80] [HTTP.NetFlix][Unknown][Video][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.416| 0.126| 0.341| 116136.157| 2.600]
[PKTLEN......: 52.000| 1500.000| 767.500| 698.900| 488505.900| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.416| 0.126| 0.341| 116136.157| 2.600]
[PKTLEN......: 52.000| 1500.000| 767.500| 698.900| 488505.900| 4.300]
[BINS(c->s)..: 12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0]

6
test/results/flow-info/default/nfsv2.pcap.out
View File

@@ -15,9 +15,9 @@
new: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049]
detected: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] [NFS][Unknown][DataTransfer][Acceptable]
analyse: [.....5] [ip4][..udp] [....139.25.22.2][.1023] -> [..139.25.22.102][.2049] [NFS][Unknown][DataTransfer][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.040| 0.006| 0.010| 101.769| 3.300]
[PKTLEN......: 56.000| 200.000| 133.500| 43.100| 1860.800| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.040| 0.006| 0.010| 101.769| 3.300]
[PKTLEN......: 56.000| 200.000| 133.500| 43.100| 1860.800| 4.900]
[BINS(c->s)..: 0,0,0,5,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,1,0,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

6
test/results/flow-info/default/nfsv3.pcap.out
View File

@@ -18,9 +18,9 @@
new: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049]
detected: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][Unknown][DataTransfer][Acceptable]
analyse: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][Unknown][DataTransfer][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.050| 0.006| 0.012| 151.925| 3.200]
[PKTLEN......: 60.000| 300.000| 162.400| 63.400| 4021.900| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.050| 0.006| 0.012| 151.925| 3.200]
[PKTLEN......: 60.000| 300.000| 162.400| 63.400| 4021.900| 4.900]
[BINS(c->s)..: 0,0,0,0,13,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,6,0,2,2,2,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]

30
test/results/flow-info/default/nintendo.pcap.out
View File

@@ -12,9 +12,9 @@
new: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335]
detected: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][AmazonAWS][Game][Fun]
analyse: [.....1] [ip4][..udp] [.192.168.12.114][52119] -> [....91.8.243.35][49432] [Nintendo][Unknown][Game][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.730| 0.194| 0.332| 110172.324| 3.600]
[PKTLEN......: 88.000| 840.000| 153.000| 179.500| 32207.000| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.730| 0.194| 0.332| 110172.324| 3.600]
[PKTLEN......: 88.000| 840.000| 153.000| 179.500| 32207.000| 4.500]
[BINS(c->s)..: 0,7,7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,4,8,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1]
@@ -53,9 +53,9 @@
detection-update: [....16] [ip4][..tcp] [.192.168.12.114][31329] -> [....54.192.27.8][..443] [TLS.Nintendo][AmazonAWS][Game][Fun][e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com]
RISK: TLS (probably) Not Carrying HTTPS
analyse: [.....4] [ip4][..tcp] [..54.187.10.185][..443] -> [.192.168.12.114][48328] [TLS][AmazonAWS][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 14.019| 1.263| 3.443| 11853821.379| 2.400]
[PKTLEN......: 52.000| 457.000| 120.200| 98.400| 9678.600| 4.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 14.019| 1.263| 3.443| 11853821.379| 2.400]
[PKTLEN......: 52.000| 457.000| 120.200| 98.400| 9678.600| 4.600]
[BINS(c->s)..: 8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1]
@@ -73,9 +73,9 @@
new: [....21] [ip4][.icmp] [...151.6.184.98] -> [.192.168.12.114]
detected: [....21] [ip4][.icmp] [...151.6.184.98] -> [.192.168.12.114] [ICMP][Unknown][Network][Acceptable]
analyse: [....17] [ip4][..udp] [.192.168.12.114][55915] -> [.185.118.169.65][27520] [Nintendo][Unknown][Game][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.754| 0.078| 0.153| 23284.658| 3.200]
[PKTLEN......: 88.000| 872.000| 154.000| 186.200| 34652.000| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.754| 0.078| 0.153| 23284.658| 3.200]
[PKTLEN......: 88.000| 872.000| 154.000| 186.200| 34652.000| 4.500]
[BINS(c->s)..: 0,2,18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,1,1,1,0,0,1,0,0,1,1,1]
@@ -83,9 +83,9 @@
[PKTLENS.....: 104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,88,104,104,104,104,872,88,872,104,104,88]
[ENTROPIES...: 6.0,6.2,6.0,6.0,6.0,6.0,6.0,6.1,6.0,6.0,6.1,6.1,6.1,6.2,6.0,6.1,6.6,5.9,6.1,6.1,6.7,6.1,6.2,6.3,6.0,6.1,5.6,5.9,5.6,6.1,6.2,5.9]
analyse: [....19] [ip4][..udp] [.192.168.12.114][55915] -> [.93.237.131.235][56066] [Nintendo][Unknown][Game][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.758| 0.106| 0.188| 35487.695| 3.400]
[PKTLEN......: 88.000| 872.000| 207.000| 231.800| 53743.000| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.758| 0.106| 0.188| 35487.695| 3.400]
[PKTLEN......: 88.000| 872.000| 207.000| 231.800| 53743.000| 4.400]
[BINS(c->s)..: 0,3,13,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,0,1,1,1,0,0,0,0,0]
@@ -93,9 +93,9 @@
[PKTLENS.....: 104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,168,88,872,88,872,88,104,104,88,344,840,472,472]
[ENTROPIES...: 6.0,6.1,6.0,6.0,6.1,6.0,6.1,6.1,6.1,6.2,6.2,6.1,6.1,6.1,6.2,6.2,6.1,6.7,6.0,6.7,5.9,5.6,6.0,5.6,5.8,6.2,6.2,6.0,7.3,5.8,6.2,6.2]
analyse: [....20] [ip4][..udp] [.192.168.12.114][55915] -> [..81.61.158.138][51769] [Nintendo][Unknown][Game][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.649| 0.099| 0.184| 33766.533| 3.200]
[PKTLEN......: 88.000| 872.000| 153.500| 186.300| 34709.800| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.649| 0.099| 0.184| 33766.533| 3.200]
[PKTLEN......: 88.000| 872.000| 153.500| 186.300| 34709.800| 4.400]
[BINS(c->s)..: 0,3,15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0]

6
test/results/flow-info/default/nntp.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119]
detected: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Unknown][Web][Acceptable]
analyse: [.....1] [ip4][..tcp] [.192.168.190.20][55630] -> [..192.168.190.5][..119] [Usenet][Unknown][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 25.684| 4.346| 7.782| 60565611.348| 3.100]
[PKTLEN......: 40.000| 1500.000| 205.900| 397.400| 157950.100| 3.600]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 25.684| 4.346| 7.782| 60565611.348| 3.100]
[PKTLEN......: 40.000| 1500.000| 205.900| 397.400| 157950.100| 3.600]
[BINS(c->s)..: 19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0]

18
test/results/flow-info/default/no_sni.pcap.out
View File

@@ -11,9 +11,9 @@
detection-update: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable][mozilla.cloudflare-dns.com]
new: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443]
analyse: [.....2] [ip4][..tcp] [..192.168.1.119][51606] -> [.104.16.249.249][..443] [TLS.DoH_DoT][Cloudflare][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.180| 0.028| 0.054| 2913.211| 3.000]
[PKTLEN......: 40.000| 722.000| 127.200| 163.800| 26828.900| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.180| 0.028| 0.054| 2913.211| 3.000]
[PKTLEN......: 40.000| 722.000| 127.200| 163.800| 26828.900| 4.200]
[BINS(c->s)..: 10,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0]
@@ -23,9 +23,9 @@
detected: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe][]
detection-update: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe][]
analyse: [.....3] [ip4][..tcp] [..192.168.1.119][51612] -> [..104.16.124.96][..443] [TLS][Cloudflare][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.473| 0.050| 0.107| 11455.737| 3.000]
[PKTLEN......: 40.000| 1500.000| 367.000| 489.400| 239474.400| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.473| 0.050| 0.107| 11455.737| 3.000]
[PKTLEN......: 40.000| 1500.000| 367.000| 489.400| 239474.400| 3.900]
[BINS(c->s)..: 12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0]
@@ -48,9 +48,9 @@
detection-update: [.....8] [ip4][..tcp] [..192.168.1.119][51639] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][]
detection-update: [.....7] [ip4][..tcp] [..192.168.1.119][51638] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe][]
analyse: [.....6] [ip4][..tcp] [..192.168.1.119][51637] -> [..104.22.72.170][..443] [TLS][Cloudflare][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.144| 0.032| 0.043| 1852.691| 3.800]
[PKTLEN......: 40.000| 1500.000| 271.300| 409.400| 167573.600| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.144| 0.032| 0.043| 1852.691| 3.800]
[PKTLEN......: 40.000| 1500.000| 271.300| 409.400| 167573.600| 3.800]
[BINS(c->s)..: 12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0]

12
test/results/flow-info/default/ocs.pcap.out
View File

@@ -37,9 +37,9 @@
detected: [....15] [ip4][..tcp] [..192.168.180.2][36680] -> [.178.248.208.54][..443] [TLS.OCS][OCS][Media][Fun][ocs.labgency.ws]
RISK: Obsolete TLS (v1.1 or older), Unidirectional Traffic
analyse: [....13] [ip4][..tcp] [..192.168.180.2][49881] -> [.178.248.208.54][...80] [HTTP.OCS][OCS][Media][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.929| 0.088| 0.173| 29794.175| 3.500]
[PKTLEN......: 52.000| 715.000| 83.100| 113.800| 12942.200| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.929| 0.088| 0.173| 29794.175| 3.500]
[PKTLEN......: 52.000| 715.000| 83.100| 113.800| 12942.200| 4.500]
[BINS(c->s)..: 31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -66,9 +66,9 @@
detected: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][OCS][Media][Fun][www.ocs.fr]
RISK: HTTP Susp User-Agent, Unidirectional Traffic
analyse: [....20] [ip4][..tcp] [..192.168.180.2][42590] -> [178.248.208.210][...80] [HTTP.OCS][OCS][Media][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.079| 0.027| 0.030| 875.550| 4.000]
[PKTLEN......: 52.000| 204.000| 63.900| 26.300| 690.500| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.079| 0.027| 0.030| 875.550| 4.000]
[PKTLEN......: 52.000| 204.000| 63.900| 26.300| 690.500| 4.900]
[BINS(c->s)..: 31,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

36
test/results/flow-info/default/ocsp.pcapng.out
View File

@@ -11,9 +11,9 @@
new: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80]
detected: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe][r3.o.lencr.org]
analyse: [.....2] [ip4][..tcp] [..192.168.1.128][54154] -> [.142.250.184.99][...80] [HTTP.OCSP][Google][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.243| 7.287| 4.408| 19431782.613| 4.500]
[PKTLEN......: 104.000| 806.000| 173.000| 189.100| 35745.500| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.243| 7.287| 4.408| 19431782.613| 4.500]
[PKTLEN......: 104.000| 806.000| 173.000| 189.100| 35745.500| 4.500]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0]
@@ -21,9 +21,9 @@
[PKTLENS.....: 112,112,104,498,104,806,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,498,104,806,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.9,4.3,4.0,6.2,4.4,7.1,4.5,4.4,4.3,4.3,4.4,4.4,4.3,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,6.2,4.4,7.0,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4]
analyse: [.....3] [ip4][..tcp] [..192.168.1.128][43728] -> [..92.122.95.235][...80] [HTTP.OCSP][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.244| 7.440| 4.399| 19348030.751| 4.500]
[PKTLEN......: 104.000| 993.000| 184.200| 228.700| 52281.300| 4.400]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 10.244| 7.440| 4.399| 19348030.751| 4.500]
[PKTLEN......: 104.000| 993.000| 184.200| 228.700| 52281.300| 4.400]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -43,9 +43,9 @@
end: [.....4] [ip4][..tcp] [..192.168.1.128][34320] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe]
end: [.....5] [ip4][..tcp] [..192.168.1.128][34340] -> [.151.139.128.14][...80] [HTTP.OCSP][Unknown][Network][Safe]
analyse: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Edgecast][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.240| 6.308| 4.932| 24328020.165| 4.300]
[PKTLEN......: 104.000| 903.000| 215.700| 247.800| 61420.800| 4.300]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 10.240| 6.308| 4.932| 24328020.165| 4.300]
[PKTLEN......: 104.000| 903.000| 215.700| 247.800| 61420.800| 4.300]
[BINS(c->s)..: 15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0]
@@ -60,9 +60,9 @@
detected: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.globalsign.com]
end: [.....6] [ip4][..tcp] [..192.168.1.128][47904] -> [..93.184.220.29][...80] [HTTP.OCSP][Edgecast][Network][Safe]
analyse: [.....8] [ip4][..tcp] [..192.168.1.128][59922] -> [..151.101.2.133][...80] [HTTP.OCSP][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.241| 7.345| 4.533| 20543650.660| 4.500]
[PKTLEN......: 104.000| 1448.000| 179.500| 263.000| 69147.600| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.241| 7.345| 4.533| 20543650.660| 4.500]
[PKTLEN......: 104.000| 1448.000| 179.500| 263.000| 69147.600| 4.200]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -70,9 +70,9 @@
[PKTLENS.....: 112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]
[ENTROPIES...: 3.8,4.2,4.1,6.2,4.4,6.9,7.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.3,4.4,4.4,4.4,4.4,4.4,4.3,4.4,4.4,4.4,4.4,4.4,4.4,4.4,4.4]
analyse: [.....7] [ip4][..tcp] [..192.168.1.128][49382] -> [....52.85.15.92][...80] [HTTP.OCSP][AmazonAWS][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.241| 7.462| 4.365| 19049033.499| 4.600]
[PKTLEN......: 104.000| 1110.000| 148.300| 185.900| 34567.000| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 10.241| 7.462| 4.365| 19049033.499| 4.600]
[PKTLEN......: 104.000| 1110.000| 148.300| 185.900| 34567.000| 4.500]
[BINS(c->s)..: 16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -89,9 +89,9 @@
detected: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe][ocsp.entrust.net]
end: [.....9] [ip4][..tcp] [..192.168.1.128][45514] -> [.109.70.240.114][...80] [HTTP.OCSP][Unknown][Network][Safe]
analyse: [....10] [ip4][..tcp] [..192.168.1.128][49034] -> [...23.12.96.145][...80] [HTTP.OCSP][Unknown][Network][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.241| 3.776| 4.797| 23012529.144| 3.600]
[PKTLEN......: 104.000| 1552.000| 324.200| 431.700| 186386.900| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 10.241| 3.776| 4.797| 23012529.144| 3.600]
[PKTLEN......: 104.000| 1552.000| 324.200| 431.700| 186386.900| 4.100]
[BINS(c->s)..: 14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0]

18
test/results/flow-info/default/openvpn.pcap.out
View File

@@ -5,9 +5,9 @@
detected: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....1] [ip4][..tcp] [...192.168.1.77][60140] -> [.46.101.231.218][..443] [OpenVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.998| 0.088| 0.234| 54526.591| 2.700]
[PKTLEN......: 52.000| 357.000| 140.300| 75.300| 5671.500| 4.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.998| 0.088| 0.234| 54526.591| 2.700]
[PKTLEN......: 52.000| 357.000| 140.300| 75.300| 5671.500| 4.800]
[BINS(c->s)..: 6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1]
@@ -20,9 +20,9 @@
detected: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....2] [ip4][..udp] [..192.168.43.12][41507] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.196| 0.045| 0.060| 3547.546| 3.900]
[PKTLEN......: 70.000| 331.000| 126.400| 58.600| 3436.100| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.196| 0.045| 0.060| 3547.546| 3.900]
[PKTLEN......: 70.000| 331.000| 126.400| 58.600| 3436.100| 4.900]
[BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
@@ -37,9 +37,9 @@
detected: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable]
RISK: Known Proto on Non Std Port
analyse: [.....3] [ip4][..udp] [..192.168.43.18][13680] -> [.139.59.151.137][13680] [OpenVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 2.242| 0.188| 0.537| 288658.031| 2.400]
[PKTLEN......: 70.000| 331.000| 123.300| 58.900| 3466.400| 4.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.242| 0.188| 0.537| 288658.031| 2.400]
[PKTLEN......: 70.000| 331.000| 123.300| 58.900| 3466.400| 4.900]
[BINS(c->s)..: 0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]

360
test/results/flow-info/default/opera-vpn.pcapng.out
View File

@@ -88,9 +88,9 @@
new: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443]
detection-update: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.035| 0.008| 0.013| 162.243| 3.300]
[PKTLEN......: 52.000| 1492.000| 436.200| 558.200| 311541.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.035| 0.008| 0.013| 162.243| 3.300]
[PKTLEN......: 52.000| 1492.000| 436.200| 558.200| 311541.900| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0]
@@ -100,9 +100,9 @@
detected: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.034| 0.008| 0.013| 161.460| 3.300]
[PKTLEN......: 52.000| 1492.000| 405.900| 517.200| 267501.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.034| 0.008| 0.013| 161.460| 3.300]
[PKTLEN......: 52.000| 1492.000| 405.900| 517.200| 267501.900| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,0]
@@ -110,9 +110,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,1308,52,1098,764,52,52]
[ENTROPIES...: 4.2,5.1,4.6,4.4,5.0,7.8,4.7,7.8,4.7,5.8,7.9,4.9,5.0,5.9,4.7,6.0,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.8,7.7,4.7,4.7]
analyse: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.037| 0.008| 0.013| 178.814| 3.300]
[PKTLEN......: 52.000| 1492.000| 395.100| 500.800| 250764.700| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.037| 0.008| 0.013| 178.814| 3.300]
[PKTLEN......: 52.000| 1492.000| 395.100| 500.800| 250764.700| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1]
@@ -120,9 +120,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,1098,52,262,52,1098,52,401]
[ENTROPIES...: 4.1,5.3,4.7,4.4,4.9,7.8,4.7,7.8,4.6,5.8,7.9,4.9,5.0,5.9,4.8,5.9,5.6,4.8,7.6,5.0,7.8,4.7,7.9,4.8,7.7,7.8,4.7,7.1,4.8,7.8,4.7,7.4]
analyse: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.037| 0.008| 0.014| 182.825| 3.300]
[PKTLEN......: 52.000| 1492.000| 368.800| 501.900| 251883.600| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.037| 0.008| 0.014| 182.825| 3.300]
[PKTLEN......: 52.000| 1492.000| 368.800| 501.900| 251883.600| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0]
@@ -131,9 +131,9 @@
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,4.8,6.0,4.8,5.6,4.8,7.6,5.1,7.8,4.8,7.2,4.8,7.8,4.8,7.8,4.8,7.9,7.0,4.8]
detected: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.046| 0.009| 0.013| 176.947| 3.400]
[PKTLEN......: 52.000| 1492.000| 420.800| 536.500| 287782.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.046| 0.009| 0.013| 176.947| 3.400]
[PKTLEN......: 52.000| 1492.000| 420.800| 536.500| 287782.900| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0]
@@ -141,9 +141,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,93,52,76,52,591,52,1098,52,1492,52,704,52,1492,52,1318,751,52,138]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.9,6.1,4.7,5.6,4.7,7.6,5.1,7.8,4.7,7.8,4.8,7.7,4.8,7.9,4.8,7.8,7.8,4.7,6.3]
analyse: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.048| 0.009| 0.014| 188.006| 3.300]
[PKTLEN......: 52.000| 1492.000| 409.500| 521.500| 271995.400| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.048| 0.009| 0.014| 188.006| 3.300]
[PKTLEN......: 52.000| 1492.000| 409.500| 521.500| 271995.400| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,0]
@@ -151,9 +151,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,1492,272,469,52]
[ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.9,4.7,5.9,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.8,7.1,7.5,4.7]
analyse: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.039| 0.009| 0.014| 196.546| 3.300]
[PKTLEN......: 52.000| 1492.000| 365.500| 491.400| 241507.300| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.039| 0.009| 0.014| 196.546| 3.300]
[PKTLEN......: 52.000| 1492.000| 365.500| 491.400| 241507.300| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0]
@@ -161,9 +161,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1485,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,626,52,1098,52,134,52]
[ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.9,4.8,7.9,4.7,5.8,7.9,5.0,4.9,5.8,4.7,5.8,4.7,5.4,4.7,7.6,5.0,7.8,4.8,7.9,7.7,4.8,7.6,4.7,7.8,4.8,6.4,4.8]
analyse: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.046| 0.009| 0.014| 204.413| 3.300]
[PKTLEN......: 52.000| 1492.000| 390.400| 502.900| 252956.000| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.046| 0.009| 0.014| 204.413| 3.300]
[PKTLEN......: 52.000| 1492.000| 390.400| 502.900| 252956.000| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1]
@@ -172,9 +172,9 @@
[ENTROPIES...: 4.1,5.1,4.6,4.4,5.0,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.1,5.0,5.9,5.9,4.7,4.7,5.5,4.8,7.6,5.1,7.8,4.8,7.5,4.8,7.8,4.8,7.8,4.8,7.9,7.7]
detection-update: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.058| 0.009| 0.015| 228.299| 3.300]
[PKTLEN......: 52.000| 1492.000| 397.300| 525.300| 275956.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.058| 0.009| 0.015| 228.299| 3.300]
[PKTLEN......: 52.000| 1492.000| 397.300| 525.300| 275956.200| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0]
@@ -182,9 +182,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,294,52]
[ENTROPIES...: 4.2,5.3,4.8,4.5,5.1,7.9,4.8,7.8,4.8,5.8,7.9,5.1,5.1,5.8,4.7,5.9,4.7,5.7,4.7,7.7,5.1,7.8,4.7,7.8,4.7,7.9,4.8,7.7,4.7,7.9,7.2,4.7]
analyse: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.033| 0.010| 0.013| 175.212| 3.500]
[PKTLEN......: 52.000| 1492.000| 303.800| 468.300| 219308.000| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.033| 0.010| 0.013| 175.212| 3.500]
[PKTLEN......: 52.000| 1492.000| 303.800| 468.300| 219308.000| 3.800]
[BINS(c->s)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 9,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,0,1,1,0,1]
@@ -192,9 +192,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,52,91,93,52,52,76,52,591,52,1098,52,1492,58,52,138,52,253,52,148]
[ENTROPIES...: 4.1,5.1,4.7,4.4,4.8,7.9,4.6,7.8,4.6,5.9,7.9,4.8,4.8,4.9,5.9,5.9,4.7,4.7,5.6,4.7,7.7,5.0,7.8,4.7,7.9,5.1,4.7,6.3,4.9,7.2,4.7,6.5]
analyse: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.048| 0.010| 0.015| 220.945| 3.400]
[PKTLEN......: 52.000| 1492.000| 397.100| 521.500| 271947.300| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.048| 0.010| 0.015| 220.945| 3.400]
[PKTLEN......: 52.000| 1492.000| 397.100| 521.500| 271947.300| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,3,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1]
@@ -202,9 +202,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,52,76,52,591,52,1098,52,1492,84,52,1492,488,52,1098,52,478]
[ENTROPIES...: 4.2,5.3,4.7,4.5,5.0,7.9,4.8,7.8,4.8,6.0,7.9,5.0,5.0,6.0,4.7,5.8,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.9,5.7,4.7,7.9,7.5,4.7,7.8,4.7,7.5]
analyse: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.043| 0.010| 0.015| 219.628| 3.400]
[PKTLEN......: 52.000| 1492.000| 378.900| 495.600| 245645.300| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.043| 0.010| 0.015| 219.628| 3.400]
[PKTLEN......: 52.000| 1492.000| 378.900| 495.600| 245645.300| 3.900]
[BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,1,0,0]
@@ -212,9 +212,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,52,498,52,1098,52,1492,280,52,1031,52,154]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.9,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.7,7.6,4.8,7.8,4.6,7.9,7.2,4.8,7.8,4.8,6.4]
analyse: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.035| 0.010| 0.013| 178.858| 3.600]
[PKTLEN......: 52.000| 1492.000| 304.800| 439.800| 193461.100| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.035| 0.010| 0.013| 178.858| 3.600]
[PKTLEN......: 52.000| 1492.000| 304.800| 439.800| 193461.100| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0]
@@ -222,9 +222,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,1098,52,475,52,138,52,256,52,160,52]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.0,5.1,5.9,4.8,5.9,4.7,5.5,4.7,7.7,4.9,7.8,7.8,4.8,7.6,4.8,6.3,5.1,7.1,4.8,6.6,4.7]
analyse: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.049| 0.010| 0.016| 255.568| 3.300]
[PKTLEN......: 52.000| 1492.000| 418.400| 525.000| 275583.300| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.049| 0.010| 0.016| 255.568| 3.300]
[PKTLEN......: 52.000| 1492.000| 418.400| 525.000| 275583.300| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1]
@@ -232,9 +232,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1473,52,52,91,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,272,52,751]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.7,7.9,4.7,5.8,7.8,5.0,5.0,5.8,5.9,4.7,5.5,4.7,7.7,5.0,7.8,4.8,7.8,4.7,7.9,4.7,7.7,4.8,7.9,7.2,4.8,7.7]
analyse: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.051| 0.010| 0.016| 247.288| 3.300]
[PKTLEN......: 52.000| 1492.000| 397.700| 512.500| 262691.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.051| 0.010| 0.016| 247.288| 3.300]
[PKTLEN......: 52.000| 1492.000| 397.700| 512.500| 262691.900| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0]
@@ -242,9 +242,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1481,52,52,91,52,93,76,52,591,52,1098,52,1492,704,52,1308,52,1098,52,401,52,138]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.0,5.9,4.8,6.0,5.6,4.8,7.7,5.1,7.8,4.8,7.9,7.7,4.8,7.8,4.8,7.8,4.8,7.5,4.8,6.4]
analyse: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.054| 0.010| 0.016| 241.175| 3.400]
[PKTLEN......: 52.000| 1492.000| 346.900| 471.500| 222289.800| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.054| 0.010| 0.016| 241.175| 3.400]
[PKTLEN......: 52.000| 1492.000| 346.900| 471.500| 222289.800| 3.900]
[BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0]
@@ -252,9 +252,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,52,91,52,93,76,52,591,52,1098,52,1098,52,922,52,1098,52,149,52,200]
[ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,4.8,7.8,4.8,5.9,7.9,5.0,5.0,5.0,5.7,4.7,5.9,5.5,4.8,7.6,5.0,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.8,6.6,4.8,6.8]
analyse: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.036| 0.009| 0.014| 184.863| 3.500]
[PKTLEN......: 52.000| 1492.000| 402.200| 504.900| 254904.000| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.036| 0.009| 0.014| 184.863| 3.500]
[PKTLEN......: 52.000| 1492.000| 402.200| 504.900| 254904.000| 4.000]
[BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1]
@@ -263,9 +263,9 @@
[ENTROPIES...: 4.2,5.3,4.7,4.4,5.0,7.8,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.8,4.8,6.0,4.8,5.6,4.7,7.6,5.0,7.8,4.8,7.8,4.8,7.9,7.7,4.8,7.7,4.7,6.3,7.8]
detection-update: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.040| 0.011| 0.014| 199.830| 3.700]
[PKTLEN......: 52.000| 1492.000| 405.900| 519.400| 269778.800| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.040| 0.011| 0.014| 199.830| 3.700]
[PKTLEN......: 52.000| 1492.000| 405.900| 519.400| 269778.800| 4.000]
[BINS(c->s)..: 8,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,1,1,1,1,0,0,1,1,1,0,1,1,0,1,1,0,0,1,1,0]
@@ -273,9 +273,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,1128,52,116,1477,64,116,52,91,93,76,52,591,64,52,1098,52,1492,704,52,1492,437,52,148,52,1044,52]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,7.8,4.7,5.8,7.9,5.1,5.9,5.1,5.8,5.9,5.6,4.8,7.6,5.0,5.0,7.8,4.7,7.9,7.7,4.7,7.9,7.5,4.7,6.4,4.9,7.8,4.7]
analyse: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.042| 0.011| 0.015| 224.118| 3.600]
[PKTLEN......: 52.000| 1492.000| 344.000| 469.500| 220464.400| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.042| 0.011| 0.015| 224.118| 3.600]
[PKTLEN......: 52.000| 1492.000| 344.000| 469.500| 220464.400| 3.900]
[BINS(c->s)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0]
@@ -283,9 +283,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,52,93,76,52,591,52,1098,52,1304,258,52,1098,408,52,138,52,220,52]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,6.0,4.8,6.0,5.7,4.8,7.7,5.0,7.8,4.7,7.8,7.1,4.7,7.8,7.5,4.8,6.3,5.1,6.9,4.8]
analyse: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.037| 0.011| 0.015| 234.608| 3.600]
[PKTLEN......: 52.000| 1492.000| 339.700| 452.700| 204941.100| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.037| 0.011| 0.015| 234.608| 3.600]
[PKTLEN......: 52.000| 1492.000| 339.700| 452.700| 204941.100| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0]
@@ -293,9 +293,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,831,52,138,52,696,52]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,6.0,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.7,7.5,4.8,7.8,4.8,7.8,4.8,6.3,5.1,7.7,4.8]
analyse: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.043| 0.012| 0.016| 240.534| 3.600]
[PKTLEN......: 52.000| 1492.000| 355.800| 507.100| 257111.100| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.043| 0.012| 0.016| 240.534| 3.600]
[PKTLEN......: 52.000| 1492.000| 355.800| 507.100| 257111.100| 3.800]
[BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0]
@@ -303,9 +303,9 @@
[PKTLENS.....: 64,60,52,569,1492,52,1129,52,116,1469,52,52,52,91,93,52,76,52,591,52,1098,52,1492,104,52,1492,191,52,167,52,364,52]
[ENTROPIES...: 4.2,5.2,4.7,4.4,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.1,5.8,5.9,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.8,6.0,4.7,7.9,6.9,4.7,6.5,5.1,7.4,4.7]
analyse: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.042| 0.012| 0.017| 274.646| 3.500]
[PKTLEN......: 52.000| 1492.000| 304.800| 467.200| 218265.100| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.042| 0.012| 0.017| 274.646| 3.500]
[PKTLEN......: 52.000| 1492.000| 304.800| 467.200| 218265.100| 3.800]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,0]
@@ -313,9 +313,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,52,591,52,1098,52,1492,81,52,138,52,256,52,160,52]
[ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.8,4.6,7.8,4.7,5.9,7.9,4.9,4.9,5.7,4.7,5.8,5.6,4.7,4.7,7.7,4.8,7.8,4.7,7.9,5.7,4.7,6.2,5.0,7.1,4.7,6.6,4.7]
analyse: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.050| 0.009| 0.014| 196.097| 3.300]
[PKTLEN......: 52.000| 1492.000| 424.800| 534.600| 285801.500| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.050| 0.009| 0.014| 196.097| 3.300]
[PKTLEN......: 52.000| 1492.000| 424.800| 534.600| 285801.500| 4.000]
[BINS(c->s)..: 10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,1,0,1,0,1,1,0,0,0]
@@ -324,9 +324,9 @@
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.7,6.0,7.9,5.0,5.0,5.9,5.9,5.6,4.6,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.8,7.7,4.8,6.2,6.5]
new: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443]
analyse: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.044| 0.012| 0.015| 228.764| 3.700]
[PKTLEN......: 52.000| 1492.000| 340.500| 468.200| 219238.800| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.044| 0.012| 0.015| 228.764| 3.700]
[PKTLEN......: 52.000| 1492.000| 340.500| 468.200| 219238.800| 3.900]
[BINS(c->s)..: 9,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,0,1,1,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,1,1]
@@ -334,9 +334,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1487,64,116,52,91,93,52,76,52,591,64,52,1098,52,1492,528,52,627,52,200,52,314]
[ENTROPIES...: 4.2,5.2,4.8,4.5,5.1,7.8,4.8,7.8,4.7,6.0,7.9,5.0,5.9,5.1,5.8,5.9,4.7,5.5,4.7,7.6,5.1,5.1,7.8,4.8,7.9,7.6,4.8,7.7,4.8,6.9,5.1,7.3]
analyse: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.039| 0.010| 0.013| 167.910| 3.600]
[PKTLEN......: 52.000| 1492.000| 287.100| 439.400| 193071.900| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.039| 0.010| 0.013| 167.910| 3.600]
[PKTLEN......: 52.000| 1492.000| 287.100| 439.400| 193071.900| 3.800]
[BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[BINS(s->c)..: 8,2,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0,0]
@@ -344,9 +344,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1457,52,52,91,52,93,76,52,638,52,322,52,138,172,1444,52,52,329,52,166,52,105]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.0,5.0,5.9,4.7,5.9,5.6,4.8,7.6,5.0,7.3,4.6,6.3,6.7,7.8,5.0,4.9,7.3,4.7,6.6,4.7,5.9]
analyse: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.033| 0.009| 0.012| 153.174| 3.500]
[PKTLEN......: 52.000| 1492.000| 342.200| 472.200| 222950.100| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.033| 0.009| 0.012| 153.174| 3.500]
[PKTLEN......: 52.000| 1492.000| 342.200| 472.200| 222950.100| 3.900]
[BINS(c->s)..: 8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 9,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,1,1,1]
@@ -354,9 +354,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1459,52,52,52,91,93,52,76,52,591,52,1098,52,1492,84,759,52,154,623,52,52,274]
[ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.6,7.8,4.8,5.8,7.9,5.0,5.0,5.1,5.9,5.9,4.7,5.6,4.7,7.7,5.0,7.8,4.7,7.9,5.8,7.7,4.6,6.6,7.6,5.0,5.0,7.1]
analyse: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.046| 0.009| 0.014| 185.505| 3.300]
[PKTLEN......: 52.000| 1492.000| 406.800| 492.900| 242924.900| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.046| 0.009| 0.014| 185.505| 3.300]
[PKTLEN......: 52.000| 1492.000| 406.800| 492.900| 242924.900| 4.000]
[BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,1,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,0,1,1,0,1,1,1]
@@ -370,9 +370,9 @@
new: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443]
detected: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.108| 0.020| 0.028| 811.176| 3.500]
[PKTLEN......: 52.000| 1492.000| 324.200| 448.200| 200860.400| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.108| 0.020| 0.028| 811.176| 3.500]
[PKTLEN......: 52.000| 1492.000| 324.200| 448.200| 200860.400| 3.900]
[BINS(c->s)..: 10,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1]
@@ -381,9 +381,9 @@
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.7,7.8,4.8,5.8,7.9,5.1,5.0,5.8,5.1,5.9,4.8,5.9,4.8,5.5,4.8,7.6,5.0,7.8,4.8,7.5,7.8,4.7,7.7,4.8,6.9,5.0]
detection-update: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.037| 0.009| 0.014| 195.258| 3.400]
[PKTLEN......: 52.000| 1492.000| 433.800| 539.400| 290977.100| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.037| 0.009| 0.014| 195.258| 3.400]
[PKTLEN......: 52.000| 1492.000| 433.800| 539.400| 290977.100| 4.000]
[BINS(c->s)..: 10,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0,0]
@@ -391,9 +391,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1113,52,116,1324,52,52,91,93,76,52,591,52,1098,52,1492,704,52,1492,52,1492,52,950,52,138,252]
[ENTROPIES...: 4.1,5.2,4.7,4.2,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.0,5.9,6.0,5.5,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.6,7.9,4.5,7.9,4.6,7.8,4.6,6.3,7.0]
analyse: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.031| 0.008| 0.012| 151.638| 3.300]
[PKTLEN......: 52.000| 1492.000| 406.100| 507.800| 257847.600| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.031| 0.008| 0.012| 151.638| 3.300]
[PKTLEN......: 52.000| 1492.000| 406.100| 507.800| 257847.600| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1]
@@ -401,9 +401,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1098,52,1308,52,1098,52,770]
[ENTROPIES...: 4.1,5.3,4.7,4.5,4.9,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.1,5.0,5.9,5.8,5.5,4.7,4.7,7.7,5.0,7.8,4.7,7.8,4.7,7.8,4.7,7.9,4.7,7.8,4.7,7.7]
analyse: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.180| 0.027| 0.054| 2903.055| 2.900]
[PKTLEN......: 52.000| 1492.000| 452.000| 548.400| 300791.000| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.180| 0.027| 0.054| 2903.055| 2.900]
[PKTLEN......: 52.000| 1492.000| 452.000| 548.400| 300791.000| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0]
@@ -421,9 +421,9 @@
detected: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.028| 0.074| 0.247| 61210.599| 1.800]
[PKTLEN......: 52.000| 1492.000| 351.000| 482.300| 232616.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.028| 0.074| 0.247| 61210.599| 1.800]
[PKTLEN......: 52.000| 1492.000| 351.000| 482.300| 232616.900| 3.900]
[BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,0,1,1]
@@ -438,9 +438,9 @@
detected: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detected: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.029| 0.007| 0.012| 137.076| 3.300]
[PKTLEN......: 52.000| 1492.000| 397.000| 481.500| 231822.500| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.029| 0.007| 0.012| 137.076| 3.300]
[PKTLEN......: 52.000| 1492.000| 397.000| 481.500| 231822.500| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,1]
@@ -449,9 +449,9 @@
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,4.7,7.8,4.8,5.9,7.9,5.1,5.1,5.9,4.8,5.9,5.7,4.8,7.6,5.0,7.8,7.5,4.7,4.7,7.8,4.7,7.8,4.7,7.7,7.8,4.7,7.5]
detection-update: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.058| 0.009| 0.015| 225.527| 3.300]
[PKTLEN......: 52.000| 1492.000| 408.200| 535.400| 286624.800| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.058| 0.009| 0.015| 225.527| 3.300]
[PKTLEN......: 52.000| 1492.000| 408.200| 535.400| 286624.800| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1]
@@ -461,9 +461,9 @@
detection-update: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.039| 0.008| 0.012| 156.003| 3.400]
[PKTLEN......: 52.000| 1492.000| 410.500| 518.800| 269178.600| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.039| 0.008| 0.012| 156.003| 3.400]
[PKTLEN......: 52.000| 1492.000| 410.500| 518.800| 269178.600| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1]
@@ -474,9 +474,9 @@
detected: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.032| 0.009| 0.013| 159.388| 3.500]
[PKTLEN......: 52.000| 1492.000| 374.000| 504.400| 254392.600| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.032| 0.009| 0.013| 159.388| 3.500]
[PKTLEN......: 52.000| 1492.000| 374.000| 504.400| 254392.600| 3.900]
[BINS(c->s)..: 9,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 7,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,1,0,0,1,1]
@@ -484,9 +484,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1457,52,52,91,52,93,76,52,591,52,1098,52,1492,104,52,1492,280,367,52,138,52,584]
[ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,4.7,7.9,4.7,5.9,7.8,5.0,4.9,5.9,4.7,5.9,5.5,4.7,7.6,5.0,7.8,4.8,7.9,6.0,4.8,7.9,7.2,7.3,4.8,6.3,5.0,7.6]
analyse: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.036| 0.009| 0.013| 161.218| 3.500]
[PKTLEN......: 52.000| 1492.000| 330.400| 469.300| 220240.500| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.036| 0.009| 0.013| 161.218| 3.500]
[PKTLEN......: 52.000| 1492.000| 330.400| 469.300| 220240.500| 3.900]
[BINS(c->s)..: 9,0,1,2,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,1,1]
@@ -494,9 +494,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,93,52,76,52,591,52,1098,52,1492,704,132,52,52,154,172,338,52,52]
[ENTROPIES...: 4.2,5.1,4.7,4.5,5.0,7.9,4.8,7.8,4.8,5.8,7.9,5.0,5.1,5.8,5.9,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.9,7.7,6.5,4.7,4.8,6.5,6.6,7.3,5.0,5.0]
analyse: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.122| 0.019| 0.034| 1173.117| 3.100]
[PKTLEN......: 52.000| 1492.000| 390.500| 496.900| 246958.900| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.122| 0.019| 0.034| 1173.117| 3.100]
[PKTLEN......: 52.000| 1492.000| 390.500| 496.900| 246958.900| 4.000]
[BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1]
@@ -504,9 +504,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,591,52,1098,478,52,52,1098,52,1492,488,52,1098,52,271]
[ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.8,4.7,7.8,4.6,5.9,7.9,4.8,4.8,4.9,5.7,5.8,5.6,4.7,7.6,5.0,7.8,7.5,4.8,4.8,7.8,4.8,7.9,7.5,4.8,7.8,4.8,7.1]
analyse: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.126| 0.020| 0.036| 1286.879| 3.200]
[PKTLEN......: 52.000| 1492.000| 386.500| 502.300| 252311.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.126| 0.020| 0.036| 1286.879| 3.200]
[PKTLEN......: 52.000| 1492.000| 386.500| 502.300| 252311.900| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1,1,0,1]
@@ -517,9 +517,9 @@
detected: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.125| 0.019| 0.036| 1295.429| 3.100]
[PKTLEN......: 52.000| 1492.000| 390.500| 500.100| 250056.100| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.125| 0.019| 0.036| 1295.429| 3.100]
[PKTLEN......: 52.000| 1492.000| 390.500| 500.100| 250056.100| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,1,1,0]
@@ -536,9 +536,9 @@
detection-update: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.042| 0.008| 0.013| 169.929| 3.400]
[PKTLEN......: 52.000| 1492.000| 425.100| 548.500| 300824.400| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.042| 0.008| 0.013| 169.929| 3.400]
[PKTLEN......: 52.000| 1492.000| 425.100| 548.500| 300824.400| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0]
@@ -546,9 +546,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,52,91,93,52,52,76,52,660,52,1098,52,1492,704,52,1492,52,1492,726,52]
[ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.8,4.8,7.8,4.7,5.9,7.9,5.0,5.0,5.0,6.0,6.0,4.8,4.8,5.7,4.8,7.6,5.0,7.8,4.8,7.9,7.7,4.8,7.9,4.8,7.9,7.8,4.8]
analyse: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.099| 0.017| 0.025| 636.110| 3.600]
[PKTLEN......: 52.000| 1492.000| 288.800| 419.800| 176233.300| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.099| 0.017| 0.025| 636.110| 3.600]
[PKTLEN......: 52.000| 1492.000| 288.800| 419.800| 176233.300| 3.900]
[BINS(c->s)..: 8,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,1,0,0,1]
@@ -559,9 +559,9 @@
new: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443]
new: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443]
analyse: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.207| 0.028| 0.058| 3307.776| 2.900]
[PKTLEN......: 52.000| 1492.000| 468.700| 574.100| 329541.200| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.207| 0.028| 0.058| 3307.776| 2.900]
[PKTLEN......: 52.000| 1492.000| 468.700| 574.100| 329541.200| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1]
@@ -581,9 +581,9 @@
detection-update: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.032| 0.009| 0.012| 154.797| 3.600]
[PKTLEN......: 52.000| 1492.000| 341.300| 465.200| 216385.700| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.032| 0.009| 0.012| 154.797| 3.600]
[PKTLEN......: 52.000| 1492.000| 341.300| 465.200| 216385.700| 3.900]
[BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0]
@@ -591,9 +591,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1185,52,154,595,52,52,274,52]
[ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.8,4.8,7.8,4.7,5.8,7.9,4.9,4.9,5.9,4.8,5.9,5.7,4.8,7.6,4.9,7.8,4.7,7.8,4.7,7.8,4.7,6.3,7.6,5.0,5.1,7.2,4.8]
analyse: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.034| 0.008| 0.012| 146.948| 3.400]
[PKTLEN......: 52.000| 1492.000| 259.000| 395.400| 156313.400| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.034| 0.008| 0.012| 146.948| 3.400]
[PKTLEN......: 52.000| 1492.000| 259.000| 395.400| 156313.400| 3.900]
[BINS(c->s)..: 7,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1]
@@ -601,9 +601,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1461,52,52,52,91,93,52,76,52,608,52,527,52,138,172,603,155,156,52,52,52,52]
[ENTROPIES...: 4.2,5.1,4.7,4.4,4.9,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.1,5.9,5.8,4.7,5.5,4.7,7.7,5.1,7.6,4.7,6.2,6.7,7.6,6.5,6.5,5.0,4.9,5.0,4.9]
analyse: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.034| 0.009| 0.013| 163.660| 3.600]
[PKTLEN......: 52.000| 1492.000| 255.100| 395.400| 156328.100| 3.800]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.034| 0.009| 0.013| 163.660| 3.600]
[PKTLEN......: 52.000| 1492.000| 255.100| 395.400| 156328.100| 3.800]
[BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0]
@@ -614,9 +614,9 @@
detected: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.178| 0.027| 0.054| 2913.054| 2.900]
[PKTLEN......: 52.000| 1492.000| 434.600| 557.900| 311277.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.178| 0.027| 0.054| 2913.054| 2.900]
[PKTLEN......: 52.000| 1492.000| 434.600| 557.900| 311277.200| 3.900]
[BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0]
@@ -632,9 +632,9 @@
new: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443]
new: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443]
analyse: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.028| 0.204| 0.738| 545057.276| 1.400]
[PKTLEN......: 52.000| 1492.000| 304.700| 439.900| 193493.400| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 3.028| 0.204| 0.738| 545057.276| 1.400]
[PKTLEN......: 52.000| 1492.000| 304.700| 439.900| 193493.400| 3.900]
[BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1]
@@ -643,9 +643,9 @@
[ENTROPIES...: 4.2,5.2,4.8,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.0,4.9,5.9,5.9,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.8,7.6,4.7,6.3,7.1,4.8,6.6,4.7,4.6,5.6]
new: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443]
analyse: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.029| 0.007| 0.012| 139.021| 3.300]
[PKTLEN......: 52.000| 1492.000| 382.700| 493.600| 243675.800| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.029| 0.007| 0.012| 139.021| 3.300]
[PKTLEN......: 52.000| 1492.000| 382.700| 493.600| 243675.800| 4.000]
[BINS(c->s)..: 10,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,1,0,0,0]
@@ -653,9 +653,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1467,52,52,91,52,93,76,52,591,52,1098,498,52,1098,52,1492,280,52,1031,52,154,172]
[ENTROPIES...: 4.1,5.1,4.6,4.4,5.0,7.8,4.6,7.8,4.7,5.9,7.9,5.0,5.0,5.8,4.6,6.0,5.6,4.6,7.7,5.0,7.8,7.5,4.6,7.8,4.7,7.9,7.1,4.7,7.8,4.6,6.5,6.6]
analyse: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.189| 0.028| 0.055| 3044.153| 3.000]
[PKTLEN......: 52.000| 1492.000| 416.200| 521.000| 271438.600| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.189| 0.028| 0.055| 3044.153| 3.000]
[PKTLEN......: 52.000| 1492.000| 416.200| 521.000| 271438.600| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1,0]
@@ -666,9 +666,9 @@
detected: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.040| 0.010| 0.014| 190.700| 3.500]
[PKTLEN......: 52.000| 1492.000| 336.200| 468.300| 219266.800| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.040| 0.010| 0.014| 190.700| 3.500]
[PKTLEN......: 52.000| 1492.000| 336.200| 468.300| 219266.800| 3.900]
[BINS(c->s)..: 10,0,1,2,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,0,0,0,1]
@@ -677,9 +677,9 @@
[ENTROPIES...: 4.2,5.3,4.8,4.4,5.1,7.8,4.8,7.8,4.8,6.0,7.9,5.0,5.1,5.1,6.0,5.8,4.8,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.8,4.8,7.8,4.7,6.4,6.7,7.5,5.1]
detection-update: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.169| 0.025| 0.051| 2565.544| 2.900]
[PKTLEN......: 52.000| 1492.000| 435.800| 558.300| 311649.100| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.169| 0.025| 0.051| 2565.544| 2.900]
[PKTLEN......: 52.000| 1492.000| 435.800| 558.300| 311649.100| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1]
@@ -687,9 +687,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,1127,52,52,116,1471,52,52,52,91,93,76,52,52,52,629,52,1098,52,1098,52,1492,704,52,1492,52,1492]
[ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,7.8,4.8,4.8,5.9,7.9,5.0,5.0,5.0,5.8,6.0,5.6,4.8,4.8,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.9]
analyse: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.179| 0.027| 0.054| 2949.282| 2.900]
[PKTLEN......: 52.000| 1492.000| 461.800| 572.200| 327423.800| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.179| 0.027| 0.054| 2949.282| 2.900]
[PKTLEN......: 52.000| 1492.000| 461.800| 572.200| 327423.800| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1]
@@ -697,9 +697,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,93,52,76,52,591,52,1098,52,1492,528,52,1492,52,704,52,1492,52,1492]
[ENTROPIES...: 4.1,5.2,4.8,4.3,5.1,7.8,4.8,7.8,4.8,5.8,7.9,5.0,5.0,5.9,5.9,4.7,5.6,4.7,7.5,5.0,7.8,4.7,7.8,7.5,4.7,7.9,4.7,7.7,4.7,7.9,4.7,7.9]
analyse: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.604| 0.075| 0.151| 22860.368| 3.100]
[PKTLEN......: 52.000| 1492.000| 384.700| 500.500| 250468.600| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.604| 0.075| 0.151| 22860.368| 3.100]
[PKTLEN......: 52.000| 1492.000| 384.700| 500.500| 250468.600| 3.900]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,1,0,1,0,1]
@@ -710,9 +710,9 @@
detected: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.188| 0.020| 0.046| 2094.229| 2.900]
[PKTLEN......: 52.000| 1492.000| 356.800| 487.600| 237730.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.188| 0.020| 0.046| 2094.229| 2.900]
[PKTLEN......: 52.000| 1492.000| 356.800| 487.600| 237730.200| 3.900]
[BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,0,1,0,0]
@@ -723,9 +723,9 @@
detected: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.034| 0.008| 0.012| 144.514| 3.500]
[PKTLEN......: 52.000| 1492.000| 397.200| 485.100| 235309.800| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.034| 0.008| 0.012| 144.514| 3.500]
[PKTLEN......: 52.000| 1492.000| 397.200| 485.100| 235309.800| 4.000]
[BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1,0,1,1,0]
@@ -736,9 +736,9 @@
detected: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.033| 0.008| 0.012| 145.944| 3.400]
[PKTLEN......: 52.000| 1492.000| 372.100| 488.600| 238772.900| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.033| 0.008| 0.012| 145.944| 3.400]
[PKTLEN......: 52.000| 1492.000| 372.100| 488.600| 238772.900| 3.900]
[BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,1,1,0,0,0]
@@ -755,9 +755,9 @@
detection-update: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
detection-update: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com]
analyse: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.034| 0.008| 0.012| 142.779| 3.400]
[PKTLEN......: 52.000| 1492.000| 385.300| 506.900| 256960.200| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.034| 0.008| 0.012| 142.779| 3.400]
[PKTLEN......: 52.000| 1492.000| 385.300| 506.900| 256960.200| 3.900]
[BINS(c->s)..: 10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0]
@@ -765,9 +765,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,52,1492,271,52,138,172,539]
[ENTROPIES...: 4.2,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,6.0,4.8,5.9,5.6,4.8,7.6,4.9,7.8,4.6,7.9,4.6,7.7,4.6,7.9,7.2,4.6,6.3,6.5,7.6]
analyse: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.032| 0.009| 0.013| 162.784| 3.500]
[PKTLEN......: 52.000| 1492.000| 403.100| 505.200| 255231.400| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.032| 0.009| 0.013| 162.784| 3.500]
[PKTLEN......: 52.000| 1492.000| 403.100| 505.200| 255231.400| 4.000]
[BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
[BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1]
@@ -775,9 +775,9 @@
[PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,830,52,148,52,1044]
[ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,6.0,7.9,5.0,4.9,5.9,4.7,6.0,5.7,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.8,4.7,6.3,5.0,7.8]
analyse: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.031| 0.009| 0.012| 155.373| 3.600]
[PKTLEN......: 52.000| 1492.000| 343.300| 466.300| 217422.700| 3.900]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.031| 0.009| 0.012| 155.373| 3.600]
[PKTLEN......: 52.000| 1492.000| 343.300| 466.300| 217422.700| 3.900]
[BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0]

6
test/results/flow-info/default/pgm.pcap.out
View File

@@ -4,9 +4,9 @@
new: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47]
detected: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Unknown][Network][Acceptable]
analyse: [.....1] [ip4][..113] [..10.244.64.154] -> [.....235.0.1.47] [PGM][Unknown][Network][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.841| 0.063| 0.156| 24250.839| 2.900]
[PKTLEN......: 56.000| 1330.000| 189.200| 214.800| 46132.500| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.841| 0.063| 0.156| 24250.839| 2.900]
[PKTLEN......: 56.000| 1330.000| 189.200| 214.800| 46132.500| 4.500]
[BINS(c->s)..: 0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0]
[BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

78
test/results/flow-info/default/pinterest.pcap.out
View File

@@ -8,9 +8,9 @@
detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][www.pinterest.fr]
detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][www.pinterest.fr]
analyse: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.172| 0.013| 0.032| 1054.860| 2.700]
[PKTLEN......: 72.000| 1120.000| 364.100| 421.400| 177613.600| 4.200]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.172| 0.013| 0.032| 1054.860| 2.700]
[PKTLEN......: 72.000| 1120.000| 364.100| 421.400| 177613.600| 4.200]
[BINS(c->s)..: 10,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1]
@@ -46,9 +46,9 @@
new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] [MIDSTREAM]
new: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][34626] -> [.....................64:ff9b::acd9:13e2][..443] [MIDSTREAM]
analyse: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.054| 0.008| 0.015| 217.895| 3.000]
[PKTLEN......: 72.000| 1460.000| 381.000| 486.900| 237029.200| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.054| 0.008| 0.015| 217.895| 3.000]
[PKTLEN......: 72.000| 1460.000| 381.000| 486.900| 237029.200| 4.100]
[BINS(c->s)..: 9,1,1,1,0,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,1,0,0,1,0]
@@ -64,9 +64,9 @@
detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com]
detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com]
analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.044| 0.009| 0.014| 192.210| 3.400]
[PKTLEN......: 72.000| 1280.000| 251.000| 327.800| 107441.100| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.044| 0.009| 0.014| 192.210| 3.400]
[PKTLEN......: 72.000| 1280.000| 251.000| 327.800| 107441.100| 4.100]
[BINS(c->s)..: 12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1]
@@ -77,9 +77,9 @@
detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com]
new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443]
analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.133| 0.015| 0.030| 874.849| 3.100]
[PKTLEN......: 72.000| 1280.000| 309.400| 401.100| 160869.700| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.133| 0.015| 0.030| 874.849| 3.100]
[PKTLEN......: 72.000| 1280.000| 309.400| 401.100| 160869.700| 4.100]
[BINS(c->s)..: 11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0]
@@ -90,9 +90,9 @@
detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Web][Safe][images.unsplash.com]
detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe][images.unsplash.com]
analyse: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.090| 0.014| 0.022| 502.919| 3.300]
[PKTLEN......: 72.000| 1120.000| 300.800| 374.800| 140490.000| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.090| 0.014| 0.022| 502.919| 3.300]
[PKTLEN......: 72.000| 1120.000| 300.800| 374.800| 140490.000| 4.100]
[BINS(c->s)..: 11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0]
@@ -101,9 +101,9 @@
[ENTROPIES...: 4.8,5.1,5.1,4.6,5.0,6.8,4.4,5.2,5.1,6.6,7.1,5.2,5.2,7.6,6.2,5.2,5.2,6.1,6.3,7.3,5.0,5.0,5.0,7.0,6.2,5.2,5.2,5.6,5.0,7.5,6.9,5.2]
detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com]
analyse: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.050| 0.008| 0.015| 236.626| 2.900]
[PKTLEN......: 72.000| 1460.000| 498.700| 595.900| 355070.700| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.050| 0.008| 0.015| 236.626| 2.900]
[PKTLEN......: 72.000| 1460.000| 498.700| 595.900| 355070.700| 4.000]
[BINS(c->s)..: 12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1]
@@ -121,9 +121,9 @@
detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com]
detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][connect.facebook.net]
analyse: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.093| 0.011| 0.022| 473.126| 3.000]
[PKTLEN......: 72.000| 1452.000| 271.000| 368.400| 135732.300| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.093| 0.011| 0.022| 473.126| 3.000]
[PKTLEN......: 72.000| 1452.000| 271.000| 368.400| 135732.300| 4.100]
[BINS(c->s)..: 12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0]
@@ -142,9 +142,9 @@
RISK: Unidirectional Traffic
detection-update: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe]
analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.029| 0.002| 0.006| 41.161| 1.800]
[PKTLEN......: 72.000| 1280.000| 738.800| 578.200| 334348.700| 4.500]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.029| 0.002| 0.006| 41.161| 1.800]
[PKTLEN......: 72.000| 1280.000| 738.800| 578.200| 334348.700| 4.500]
[BINS(c->s)..: 7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1]
@@ -155,9 +155,9 @@
detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com]
detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com]
analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.486| 0.062| 0.261| 67965.321| 1.600]
[PKTLEN......: 72.000| 1280.000| 238.100| 317.700| 100919.600| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 1.486| 0.062| 0.261| 67965.321| 1.600]
[PKTLEN......: 72.000| 1280.000| 238.100| 317.700| 100919.600| 4.100]
[BINS(c->s)..: 11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0]
@@ -165,9 +165,9 @@
[PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237]
[ENTROPIES...: 4.8,5.2,5.1,4.7,5.0,7.8,7.8,5.2,5.2,7.6,5.2,6.1,6.5,7.5,5.1,5.1,5.1,7.6,5.2,5.8,5.7,5.2,7.5,6.2,5.2,5.2,5.9,5.1,5.2,6.0,5.1,6.9]
analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.043| 0.009| 0.013| 168.080| 3.500]
[PKTLEN......: 72.000| 1280.000| 418.800| 492.400| 242485.900| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.043| 0.009| 0.013| 168.080| 3.500]
[PKTLEN......: 72.000| 1280.000| 418.800| 492.400| 242485.900| 4.100]
[BINS(c->s)..: 12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0]
@@ -193,9 +193,9 @@
detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][assets.pinterest.com]
detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable][www.google-analytics.com]
analyse: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.157| 0.016| 0.035| 1243.837| 2.700]
[PKTLEN......: 72.000| 1280.000| 413.000| 486.700| 236885.800| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.157| 0.016| 0.035| 1243.837| 2.700]
[PKTLEN......: 72.000| 1280.000| 413.000| 486.700| 236885.800| 4.100]
[BINS(c->s)..: 13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0]
@@ -203,9 +203,9 @@
[PKTLENS.....: 80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72]
[ENTROPIES...: 4.9,5.3,5.1,4.6,5.1,7.8,7.8,7.5,5.1,5.1,5.2,6.1,6.6,7.3,5.0,5.1,5.1,7.6,7.5,7.8,5.1,5.1,5.1,5.8,7.8,7.9,7.8,7.9,5.1,5.2,5.1,5.2]
analyse: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.136| 0.023| 0.040| 1569.290| 3.200]
[PKTLEN......: 72.000| 1460.000| 430.600| 544.300| 296293.800| 4.000]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.136| 0.023| 0.040| 1569.290| 3.200]
[PKTLEN......: 72.000| 1460.000| 430.600| 544.300| 296293.800| 4.000]
[BINS(c->s)..: 9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1]
@@ -218,9 +218,9 @@
detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][js-agent.newrelic.com]
detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][js-agent.newrelic.com]
analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.000| 0.045| 0.007| 0.012| 147.627| 3.200]
[PKTLEN......: 72.000| 1120.000| 377.700| 441.200| 194656.500| 4.100]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.045| 0.007| 0.012| 147.627| 3.200]
[PKTLEN......: 72.000| 1120.000| 377.700| 441.200| 194656.500| 4.100]
[BINS(c->s)..: 11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[BINS(s->c)..: 5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
[DIRECTIONS..: 0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1]

Some files were not shown because too many files have changed in this diff Show More