vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-23 21:05:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Added check for invalid HTTP URLs

Browse source
This commit is contained in:
Luca Deri 2020-05-16 00:10:35 +02:00
parent c375782b96
commit 3d9285f1be
15 changed files with 878 additions and 849 deletions
Download patch file Download diff file Expand all files Collapse all files

10
example/ndpiReader.c
View file

@ -1199,10 +1199,10 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
}
if(flow->http.url[0] != '\0') {
u_int16_t risk = ndpi_validate_url(flow->http.url);
ndpi_risk_enum risk = ndpi_validate_url(flow->http.url);
if(risk != NDPI_NO_RISK)
flow->risk |= risk;
NDPI_SET_BIT(flow->risk, risk);
fprintf(out, "[URL: %s[StatusCode: %u]",
flow->http.url, flow->http.response_status_code);
@ -3046,13 +3046,13 @@ void test_lib() {
static void bitmapUnitTest() {
u_int32_t val, i, j;
for(i=0; i<16; i++) {
val = 0;
for(i=0; i<32; i++) {
NDPI_ZERO_BIT(val);
NDPI_SET_BIT(val, i);
assert(NDPI_ISSET_BIT(val, i));
for(j=0; j<16; j++) {
for(j=0; j<32; j++) {
if(j != i) {
assert(!NDPI_ISSET_BIT(val, j));
}

4
src/include/ndpi_api.h.in
View file

@ -1029,12 +1029,12 @@ extern "C" {
void ndpi_data_print_window_values(struct ndpi_analyze_struct *s); /* debug */
ndpi_risk ndpi_validate_url(char *url);
ndpi_risk_enum ndpi_validate_url(char *url);
u_int8_t ndpi_is_protocol_detected(struct ndpi_detection_module_struct *ndpi_str,
ndpi_protocol proto);
const char* ndpi_risk2str(ndpi_risk risk);
const char* ndpi_risk2str(ndpi_risk_enum risk);
#ifdef __cplusplus
}
#endif

1
src/include/ndpi_define.h.in
View file

@ -278,6 +278,7 @@
#define NDPI_CLR_BIT(num, n) num &= ~(1UL << n)
#define NDPI_CLR_BIT(num, n) num &= ~(1UL << n)
#define NDPI_ISSET_BIT(num, n) (num & (1 << n))
#define NDPI_ZERO_BIT(num) num = 0
/* this is a very very tricky macro *g*,
* the compiler will remove all shifts here if the protocol is static...

5
src/include/ndpi_typedefs.h
View file

@ -64,10 +64,13 @@ typedef enum {
NDPI_TLS_CERTIFICATE_MISMATCH,
NDPI_HTTP_SUSPICIOUS_USER_AGENT,
NDPI_HTTP_NUMERIC_IP_HOST,
NDPI_HTTP_SUSPICIOUS_URL,
/* Leave this as last member */
NDPI_MAX_RISK
} ndpi_risk;
} ndpi_risk_enum;
typedef u_int32_t ndpi_risk;
/* NDPI_VISIT */
typedef enum {

25
src/lib/ndpi_utils.c
View file

@ -1332,9 +1332,9 @@ static int ndpi_is_rce_injection(char* query) {
/* ********************************** */
ndpi_risk ndpi_validate_url(char *url) {
ndpi_risk_enum ndpi_validate_url(char *url) {
char *orig_str = NULL, *str = NULL, *question_mark = strchr(url, '?');
ndpi_risk rc = NDPI_NO_RISK;
ndpi_risk_enum rc = NDPI_NO_RISK;
if(question_mark) {
char *tmp;
@ -1389,6 +1389,15 @@ ndpi_risk ndpi_validate_url(char *url) {
validate_rc:
if(orig_str) ndpi_free(orig_str);
if(rc == NDPI_NO_RISK) {
/* Let's do an extra check */
if(strstr(url, "..")) {
/* 127.0.0.1/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe */
rc = NDPI_HTTP_SUSPICIOUS_URL;
}
}
return(rc);
}
@ -1406,7 +1415,9 @@ u_int8_t ndpi_is_protocol_detected(struct ndpi_detection_module_struct *ndpi_str
/* ******************************************************************** */
const char* ndpi_risk2str(ndpi_risk risk) {
const char* ndpi_risk2str(ndpi_risk_enum risk) {
static char buf[16];
switch(risk) {
case NDPI_URL_POSSIBLE_XSS:
return("XSS attack");
@ -1443,8 +1454,12 @@ const char* ndpi_risk2str(ndpi_risk risk) {
case NDPI_HTTP_NUMERIC_IP_HOST:
return("HTTP Numeric IP Address");
case NDPI_HTTP_SUSPICIOUS_URL:
return("HTTP Suspicious URL");
default:
return("");
default:
snprintf(buf, sizeof(buf), "%d", (int)risk);
return(buf);
}
}

12
src/lib/protocols/http.c
View file

@ -266,7 +266,7 @@ static void ndpi_check_numeric_ip(struct ndpi_detection_module_struct *ndpi_stru
strncpy(buf, ip, ip_len);
buf[ip_len] = '\0';
ip_addr.s_addr = inet_addr(buf);;
ip_addr.s_addr = inet_addr(buf);
if(strcmp(inet_ntoa(ip_addr), buf) == 0) {
NDPI_SET_BIT(flow->risk, NDPI_HTTP_NUMERIC_IP_HOST);
}
@ -274,6 +274,14 @@ static void ndpi_check_numeric_ip(struct ndpi_detection_module_struct *ndpi_stru
/* ************************************************************* */
static void ndpi_check_http_url(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
char *url) {
}
/* ************************************************************* */
/**
NOTE
ndpi_parse_packet_line_info is in ndpi_main.c
@ -302,6 +310,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
strncpy(&flow->http.url[packet->host_line.len], (char*)packet->http_url_name.ptr,
packet->http_url_name.len);
flow->http.url[len-1] = '\0';
ndpi_check_http_url(ndpi_struct, flow, &flow->http.url[packet->host_line.len]);
}
if(flow->packet.http_method.len < 3)

4
tests/result/1kxun.pcap.out
View file

@ -20,7 +20,7 @@ JA3 Host Stats:
1 192.168.5.16 2
1 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][cat: Media/1][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Goodput ratio: 7/95][51.74 sec][Host: 183.131.48.144][bytes ratio: -0.836 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 190/321 862/665 236/194][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 58/1061 557/1078 44/127][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656[StatusCode: 206][ContentType: video/mp4][PLAIN TEXT (GET /vlive.qq)]
1 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][cat: Media/1][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Goodput ratio: 7/95][51.74 sec][Host: 183.131.48.144][bytes ratio: -0.836 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 190/321 862/665 236/194][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 58/1061 557/1078 44/127][URL: 183.131.48.144/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656[StatusCode: 206][ContentType: video/mp4][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /vlive.qq)]
2 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Goodput ratio: 42/95][45.37 sec][Host: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472/1029 44994/45054 11986/6714][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/1210 416/1314 113/325][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg[StatusCode: 200][ContentType: image/jpeg][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)]
3 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Goodput ratio: 59/95][45.30 sec][Host: pic.1kxun.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3466/4 44999/62 11990/13][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 136/1145 415/1314 149/400][URL: pic.1kxun.com/video_kankan/images/videos/3578-ywzj.jpg[StatusCode: 200][ContentType: image/jpeg][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)]
4 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Goodput ratio: 52/95][45.33 sec][Host: pic.1kxun.com][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2649/12 44748/253 10525/45][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1127 415/1314 133/398][URL: pic.1kxun.com/video_kankan/images/videos/3713-ydm.jpg[StatusCode: 200][ContentType: image/jpeg][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)]
@ -46,7 +46,7 @@ JA3 Host Stats:
24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463]
25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )]
26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7/HTTP][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Host: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899[StatusCode: 200][ContentType: application/json][UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/alsolikes/10410)]
27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Host: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656[StatusCode: 302][PLAIN TEXT (GET /vlive.qq)]
27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Host: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656[StatusCode: 302][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /vlive.qq)]
28 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )]
29 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )]
30 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )]

1554
tests/result/WebattackRCE.pcap.out
View file

File diff suppressed because it is too large Load diff

18
tests/result/WebattackSQLinj.pcap.out
View file

@ -1,11 +1,11 @@
HTTP 94 30008 9
1 TCP 172.16.0.1:36212 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][7 pkts/1070 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 56/92][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002/3 5000/10 1999/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/897 666/2767 210/1090][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
2 TCP 172.16.0.1:36202 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][6 pkts/1004 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 60/92][5.09 sec][Host: 205.174.165.68][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/80 1017/40 5004/80 1994/40][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 167/897 666/4215 223/1659][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
3 TCP 172.16.0.1:36204 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/937 bytes <-> 5 pkts/2359 bytes][Goodput ratio: 64/86][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 1251/1 5000/4 2164/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 187/472 665/2087 239/808][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
4 TCP 172.16.0.1:36200 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/875 bytes <-> 5 pkts/2219 bytes][Goodput ratio: 61/85][5.04 sec][Host: 205.174.165.68][bytes ratio: -0.434 (Download)][IAT c2s/s2c min/avg/max/stddev: 33/0 1259/11 5004/32 2162/15][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/444 603/1947 214/752][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
5 TCP 172.16.0.1:36210 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][6 pkts/941 bytes <-> 4 pkts/2153 bytes][Goodput ratio: 57/87][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 1001/2 5000/5 2000/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 157/538 603/1947 200/813][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
6 TCP 172.16.0.1:36208 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/874 bytes <-> 5 pkts/2178 bytes][Goodput ratio: 61/84][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/0 1252/1 5005/3 2167/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/436 602/1906 214/735][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
7 TCP 172.16.0.1:36198 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/798 bytes <-> 5 pkts/2178 bytes][Goodput ratio: 58/84][5.07 sec][Host: 205.174.165.68][bytes ratio: -0.464 (Download)][IAT c2s/s2c min/avg/max/stddev: 68/0 1267/22 5001/67 2156/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 160/436 526/1906 183/735][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
8 TCP 172.16.0.1:36206 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/861 bytes <-> 5 pkts/868 bytes][Goodput ratio: 61/61][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 1252/1 5005/2 2167/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/174 589/596 208/211][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
9 TCP 172.16.0.1:36196 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][6 pkts/851 bytes <-> 5 pkts/868 bytes][Goodput ratio: 52/61][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1251/1 5000/3 2164/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/174 513/596 166/211][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
1 TCP 172.16.0.1:36212 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][7 pkts/1070 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 56/92][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002/3 5000/10 1999/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/897 666/2767 210/1090][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL injection **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
2 TCP 172.16.0.1:36202 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][6 pkts/1004 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 60/92][5.09 sec][Host: 205.174.165.68][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/80 1017/40 5004/80 1994/40][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 167/897 666/4215 223/1659][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL injection **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
3 TCP 172.16.0.1:36204 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/937 bytes <-> 5 pkts/2359 bytes][Goodput ratio: 64/86][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 1251/1 5000/4 2164/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 187/472 665/2087 239/808][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL injection **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
4 TCP 172.16.0.1:36200 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/875 bytes <-> 5 pkts/2219 bytes][Goodput ratio: 61/85][5.04 sec][Host: 205.174.165.68][bytes ratio: -0.434 (Download)][IAT c2s/s2c min/avg/max/stddev: 33/0 1259/11 5004/32 2162/15][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/444 603/1947 214/752][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL injection **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
5 TCP 172.16.0.1:36210 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][6 pkts/941 bytes <-> 4 pkts/2153 bytes][Goodput ratio: 57/87][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 1001/2 5000/5 2000/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 157/538 603/1947 200/813][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL injection **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
6 TCP 172.16.0.1:36208 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/874 bytes <-> 5 pkts/2178 bytes][Goodput ratio: 61/84][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/0 1252/1 5005/3 2167/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/436 602/1906 214/735][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL injection **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
7 TCP 172.16.0.1:36198 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/798 bytes <-> 5 pkts/2178 bytes][Goodput ratio: 58/84][5.07 sec][Host: 205.174.165.68][bytes ratio: -0.464 (Download)][IAT c2s/s2c min/avg/max/stddev: 68/0 1267/22 5001/67 2156/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 160/436 526/1906 183/735][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1%23&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL injection **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
8 TCP 172.16.0.1:36206 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/861 bytes <-> 5 pkts/868 bytes][Goodput ratio: 61/61][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 1252/1 5005/2 2167/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/174 589/596 208/211][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]
9 TCP 172.16.0.1:36196 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][6 pkts/851 bytes <-> 5 pkts/868 bytes][Goodput ratio: 52/61][5.01 sec][Host: 205.174.165.68][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1251/1 5000/3 2164/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/174 513/596 166/211][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27&Submit=Submit[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)]

44
tests/result/WebattackXSS.pcap.out
View file

@ -1,27 +1,27 @@
HTTP 9374 4721148 661
1 TCP 172.16.0.1:59042 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][214 pkts/62915 bytes <-> 107 pkts/190654 bytes][Goodput ratio: 78/96][68.07 sec][Host: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 340/680 4821/4822 530/629][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/1782 651/1935 251/393][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
2 TCP 172.16.0.1:56306 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 115 pkts/191204 bytes][Goodput ratio: 78/96][68.15 sec][Host: 205.174.165.68][bytes ratio: -0.508 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 354/600 4804/4805 540/628][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1663 651/1936 252/500][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
3 TCP 172.16.0.1:58360 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][210 pkts/62853 bytes <-> 105 pkts/190635 bytes][Goodput ratio: 78/96][67.29 sec][Host: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 346/635 3808/3809 494/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 299/1816 651/1936 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
4 TCP 172.16.0.1:33580 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][206 pkts/62387 bytes <-> 110 pkts/190854 bytes][Goodput ratio: 78/96][69.42 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 343/690 4839/4840 532/624][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 303/1735 651/1935 252/442][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
5 TCP 172.16.0.1:34278 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][206 pkts/62589 bytes <-> 105 pkts/190625 bytes][Goodput ratio: 78/96][67.05 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 328/716 2587/2588 440/440][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1815 651/1936 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
6 TCP 172.16.0.1:32906 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190638 bytes][Goodput ratio: 78/96][68.34 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 377/619 3861/3861 508/538][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1816 651/1936 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
7 TCP 172.16.0.1:56994 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190634 bytes][Goodput ratio: 78/96][67.00 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 370/605 3818/3818 505/541][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1816 651/1935 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
8 TCP 172.16.0.1:52910 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190630 bytes][Goodput ratio: 78/96][68.12 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 376/617 3808/3808 507/537][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1816 651/1935 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
9 TCP 172.16.0.1:55632 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190627 bytes][Goodput ratio: 78/96][67.55 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 373/609 3784/3784 507/541][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1815 651/1935 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
10 TCP 172.16.0.1:54268 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190611 bytes][Goodput ratio: 78/96][67.52 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 373/611 3826/3827 507/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1815 651/1935 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** **][PLAIN TEXT (KGET /dv/vulnerabilities/xss)]
11 TCP 172.16.0.1:53584 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 107 pkts/190662 bytes][Goodput ratio: 78/96][69.30 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 354/685 4897/4898 539/630][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1782 651/1935 252/393][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
12 TCP 172.16.0.1:60464 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 106 pkts/190596 bytes][Goodput ratio: 78/96][67.94 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 340/695 3581/3582 475/513][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1798 651/1936 252/373][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
13 TCP 172.16.0.1:57684 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 106 pkts/190590 bytes][Goodput ratio: 78/96][66.98 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 339/669 3535/3536 477/517][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1798 651/1935 252/373][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
14 TCP 172.16.0.1:34940 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][206 pkts/62387 bytes <-> 105 pkts/190510 bytes][Goodput ratio: 78/96][69.37 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 368/664 4896/4897 547/631][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 303/1814 651/1935 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
15 TCP 172.16.0.1:54956 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 105 pkts/190525 bytes][Goodput ratio: 78/96][66.90 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 325/707 3641/3642 473/524][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1815 651/1935 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
16 TCP 172.16.0.1:59732 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][206 pkts/62299 bytes <-> 106 pkts/190495 bytes][Goodput ratio: 78/96][70.21 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 384/681 3766/3767 516/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 302/1797 651/1935 251/373][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
17 TCP 172.16.0.1:52298 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][208 pkts/61639 bytes <-> 107 pkts/190727 bytes][Goodput ratio: 78/96][60.17 sec][Host: 205.174.165.68][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 317/536 1046/1043 421/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 296/1782 651/4410 248/575][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 302][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
18 TCP 172.16.0.1:35626 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][88 pkts/26722 bytes <-> 45 pkts/81226 bytes][Goodput ratio: 78/96][31.23 sec][Host: 205.174.165.68][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/3 401/695 3953/3953 601/706][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1805 651/1935 253/377][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
19 TCP 172.16.0.1:52200 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][21 pkts/4366 bytes <-> 12 pkts/14453 bytes][Goodput ratio: 68/94][4.02 sec][Host: 205.174.165.68][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/140 842/846 196/272][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 208/1204 625/7992 186/2089][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 302][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
20 TCP 172.16.0.1:52098 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][17 pkts/3745 bytes <-> 13 pkts/13999 bytes][Goodput ratio: 70/94][6.08 sec][Host: 205.174.165.68][bytes ratio: -0.578 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 431/104 5005/845 1286/263][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/1077 625/7306 191/1849][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 302][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
21 TCP 172.16.0.1:52300 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][7 pkts/1229 bytes <-> 6 pkts/6497 bytes][Goodput ratio: 62/94][6.24 sec][Host: 205.174.165.68][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 246/308 1185/1186 470/507][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 176/1083 461/5396 171/1949][URL: 205.174.165.68/dv/dvwa/js/dvwaPage.js[StatusCode: 200][ContentType: application/javascript][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/dvwa/js/dvwaPage.js HTT)]
22 TCP 172.16.0.1:52318 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/696 bytes <-> 5 pkts/2045 bytes][Goodput ratio: 51/83][5.91 sec][Host: 205.174.165.68][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 34/0 1476/301 5002/870 2065/403][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 139/409 424/1773 142/682][URL: 205.174.165.68/dv/favicon.ico[StatusCode: 200][ContentType: image/vnd.microsoft.icon][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][PLAIN TEXT (GET /dv/favicon.ico HTTP/1.1)]
1 TCP 172.16.0.1:59042 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][214 pkts/62915 bytes <-> 107 pkts/190654 bytes][Goodput ratio: 78/96][68.07 sec][Host: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 340/680 4821/4822 530/629][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/1782 651/1935 251/393][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
2 TCP 172.16.0.1:56306 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 115 pkts/191204 bytes][Goodput ratio: 78/96][68.15 sec][Host: 205.174.165.68][bytes ratio: -0.508 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 354/600 4804/4805 540/628][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1663 651/1936 252/500][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
3 TCP 172.16.0.1:58360 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][210 pkts/62853 bytes <-> 105 pkts/190635 bytes][Goodput ratio: 78/96][67.29 sec][Host: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 346/635 3808/3809 494/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 299/1816 651/1936 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
4 TCP 172.16.0.1:33580 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][206 pkts/62387 bytes <-> 110 pkts/190854 bytes][Goodput ratio: 78/96][69.42 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 343/690 4839/4840 532/624][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 303/1735 651/1935 252/442][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
5 TCP 172.16.0.1:34278 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][206 pkts/62589 bytes <-> 105 pkts/190625 bytes][Goodput ratio: 78/96][67.05 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 328/716 2587/2588 440/440][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1815 651/1936 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
6 TCP 172.16.0.1:32906 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190638 bytes][Goodput ratio: 78/96][68.34 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 377/619 3861/3861 508/538][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1816 651/1936 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
7 TCP 172.16.0.1:56994 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190634 bytes][Goodput ratio: 78/96][67.00 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 370/605 3818/3818 505/541][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1816 651/1935 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
8 TCP 172.16.0.1:52910 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190630 bytes][Goodput ratio: 78/96][68.12 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 376/617 3808/3808 507/537][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1816 651/1935 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
9 TCP 172.16.0.1:55632 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190627 bytes][Goodput ratio: 78/96][67.55 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 373/609 3784/3784 507/541][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1815 651/1935 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
10 TCP 172.16.0.1:54268 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62523 bytes <-> 105 pkts/190611 bytes][Goodput ratio: 78/96][67.52 sec][Host: 205.174.165.68][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 373/611 3826/3827 507/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 305/1815 651/1935 253/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **** HTTP Numeric IP Address **][PLAIN TEXT (KGET /dv/vulnerabilities/xss)]
11 TCP 172.16.0.1:53584 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 107 pkts/190662 bytes][Goodput ratio: 78/96][69.30 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 354/685 4897/4898 539/630][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1782 651/1935 252/393][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
12 TCP 172.16.0.1:60464 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 106 pkts/190596 bytes][Goodput ratio: 78/96][67.94 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 340/695 3581/3582 475/513][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1798 651/1936 252/373][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
13 TCP 172.16.0.1:57684 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 106 pkts/190590 bytes][Goodput ratio: 78/96][66.98 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 339/669 3535/3536 477/517][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1798 651/1935 252/373][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
14 TCP 172.16.0.1:34940 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][206 pkts/62387 bytes <-> 105 pkts/190510 bytes][Goodput ratio: 78/96][69.37 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 368/664 4896/4897 547/631][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 303/1814 651/1935 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
15 TCP 172.16.0.1:54956 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][205 pkts/62321 bytes <-> 105 pkts/190525 bytes][Goodput ratio: 78/96][66.90 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 325/707 3641/3642 473/524][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1815 651/1935 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
16 TCP 172.16.0.1:59732 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][206 pkts/62299 bytes <-> 106 pkts/190495 bytes][Goodput ratio: 78/96][70.21 sec][Host: 205.174.165.68][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 384/681 3766/3767 516/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 302/1797 651/1935 251/373][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
17 TCP 172.16.0.1:52298 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][208 pkts/61639 bytes <-> 107 pkts/190727 bytes][Goodput ratio: 78/96][60.17 sec][Host: 205.174.165.68][bytes ratio: -0.512 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 317/536 1046/1043 421/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 296/1782 651/4410 248/575][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 302][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
18 TCP 172.16.0.1:35626 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][88 pkts/26722 bytes <-> 45 pkts/81226 bytes][Goodput ratio: 78/96][31.23 sec][Host: 205.174.165.68][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/3 401/695 3953/3953 601/706][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1805 651/1935 253/377][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E[StatusCode: 200][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS attack **** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
19 TCP 172.16.0.1:52200 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][21 pkts/4366 bytes <-> 12 pkts/14453 bytes][Goodput ratio: 68/94][4.02 sec][Host: 205.174.165.68][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/140 842/846 196/272][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 208/1204 625/7992 186/2089][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 302][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
20 TCP 172.16.0.1:52098 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][17 pkts/3745 bytes <-> 13 pkts/13999 bytes][Goodput ratio: 70/94][6.08 sec][Host: 205.174.165.68][bytes ratio: -0.578 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 431/104 5005/845 1286/263][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/1077 625/7306 191/1849][URL: 205.174.165.68/dv/vulnerabilities/xss_r/[StatusCode: 302][ContentType: text/html][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/vulnerabilities/xss)]
21 TCP 172.16.0.1:52300 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][7 pkts/1229 bytes <-> 6 pkts/6497 bytes][Goodput ratio: 62/94][6.24 sec][Host: 205.174.165.68][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 8/0 246/308 1185/1186 470/507][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 176/1083 461/5396 171/1949][URL: 205.174.165.68/dv/dvwa/js/dvwaPage.js[StatusCode: 200][ContentType: application/javascript][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/dvwa/js/dvwaPage.js HTT)]
22 TCP 172.16.0.1:52318 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][5 pkts/696 bytes <-> 5 pkts/2045 bytes][Goodput ratio: 51/83][5.91 sec][Host: 205.174.165.68][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 34/0 1476/301 5002/870 2065/403][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 139/409 424/1773 142/682][URL: 205.174.165.68/dv/favicon.ico[StatusCode: 200][ContentType: image/vnd.microsoft.icon][UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /dv/favicon.ico HTTP/1.1)]
23 TCP 172.16.0.1:33068 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][4 pkts/272 bytes <-> 3 pkts/206 bytes][Goodput ratio: 0/0][5.73 sec][bytes ratio: 0.138 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5728 1909/5728 5727/5728 2700/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/69 74/74 3/4]
24 TCP 172.16.0.1:34752 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][4 pkts/272 bytes <-> 3 pkts/206 bytes][Goodput ratio: 0/0][5.52 sec][bytes ratio: 0.138 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5523 1841/5523 5522/5523 2603/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/69 74/74 3/4]
25 TCP 172.16.0.1:35208 <-> 192.168.10.50:80 [proto: 7/HTTP][cat: Web/5][4 pkts/272 bytes <-> 3 pkts/206 bytes][Goodput ratio: 0/0][5.79 sec][bytes ratio: 0.138 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5792 1931/5792 5790/5792 2729/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/69 74/74 3/4]

2
tests/result/exe_download.pcap.out
View file

@ -1,3 +1,3 @@
HTTP 703 717463 1
1 TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][cat: Download-FileTransfer-FileSharing/7][203 pkts/11127 bytes <-> 500 pkts/706336 bytes][Goodput ratio: 1/96][5.18 sec][Host: 144.91.69.195][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/9 319/365 49/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 55/1413 207/1514 11/134][URL: 144.91.69.195/solar.php[StatusCode: 200][ContentType: application/octet-stream][UserAgent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Risk: ** Binary application transfer **** HTTP Suspicious User-Agent **][PLAIN TEXT (GET /solar.php HTTP/1.1)]
1 TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][cat: Download-FileTransfer-FileSharing/7][203 pkts/11127 bytes <-> 500 pkts/706336 bytes][Goodput ratio: 1/96][5.18 sec][Host: 144.91.69.195][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/9 319/365 49/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 55/1413 207/1514 11/134][URL: 144.91.69.195/solar.php[StatusCode: 200][ContentType: application/octet-stream][UserAgent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Risk: ** Binary application transfer **** HTTP Suspicious User-Agent **** HTTP Numeric IP Address **][PLAIN TEXT (GET /solar.php HTTP/1.1)]

2
tests/result/exe_download_as_png.pcap.out
View file

@ -1,3 +1,3 @@
HTTP 534 529449 1
1 TCP 10.9.25.101:49197 <-> 185.98.87.185:80 [proto: 7/HTTP][cat: Web/5][163 pkts/9113 bytes <-> 371 pkts/520336 bytes][Goodput ratio: 3/96][69.52 sec][Host: 185.98.87.185][bytes ratio: -0.966 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 623/25 60010/4824 5733/276][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 56/1403 204/1514 16/164][URL: 185.98.87.185/tablone.png[StatusCode: 200][ContentType: image/png][UserAgent: WinHTTP loader/1.0][Risk: ** Binary application transfer **][PLAIN TEXT (GET /tablone.png HTTP/1.1)]
1 TCP 10.9.25.101:49197 <-> 185.98.87.185:80 [proto: 7/HTTP][cat: Web/5][163 pkts/9113 bytes <-> 371 pkts/520336 bytes][Goodput ratio: 3/96][69.52 sec][Host: 185.98.87.185][bytes ratio: -0.966 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 623/25 60010/4824 5733/276][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 56/1403 204/1514 16/164][URL: 185.98.87.185/tablone.png[StatusCode: 200][ContentType: image/png][UserAgent: WinHTTP loader/1.0][Risk: ** Binary application transfer **** HTTP Numeric IP Address **][PLAIN TEXT (GET /tablone.png HTTP/1.1)]

6
tests/result/fuzz-2006-09-29-28586.pcap.out
View file

@ -3,10 +3,10 @@ HTTP 117 27855 36
Cloudflare 1 854 1
1 TCP 172.20.3.5:2601 <-> 172.20.3.13:80 [proto: 7/HTTP][cat: Web/5][9 pkts/6343 bytes <-> 4 pkts/409 bytes][Goodput ratio: 92/46][11.25 sec][bytes ratio: 0.879 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/104 67/128 469/152 164/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 705/102 1514/243 721/81][PLAIN TEXT (POST /servlets/mms HTTP/1.1)]
2 TCP 172.20.3.5:2606 <-> 172.20.3.13:80 [proto: 7/HTTP][cat: Web/5][8 pkts/2287 bytes <-> 5 pkts/2963 bytes][Goodput ratio: 80/91][11.18 sec][Host: 172.20.3.13][bytes ratio: -0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/58 177/172 83/81][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 286/593 1514/1514 478/662][URL: 172.20.3.13/servlets/mms?message-id=189301[StatusCode: 0][PLAIN TEXT (GET /servlets/mms)]
3 TCP 172.20.3.5:2604 <-> 172.20.3.13:80 [proto: 7/HTTP][cat: Web/5][5 pkts/1754 bytes <-> 4 pkts/583 bytes][Goodput ratio: 83/62][11.17 sec][Host: 172.20.3.13][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 307/81 2793/3724 10864/10997 4662/5143][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 351/146 1514/417 582/157][URL: 172.20.3.13/servlets/mms?message-id=189001[StatusCode: 200][UserAgent: SonyEricssonT68/R201A][PLAIN TEXT (GET /servlets/mms)]
2 TCP 172.20.3.5:2606 <-> 172.20.3.13:80 [proto: 7/HTTP][cat: Web/5][8 pkts/2287 bytes <-> 5 pkts/2963 bytes][Goodput ratio: 80/91][11.18 sec][Host: 172.20.3.13][bytes ratio: -0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/58 177/172 83/81][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 286/593 1514/1514 478/662][URL: 172.20.3.13/servlets/mms?message-id=189301[StatusCode: 0][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /servlets/mms)]
3 TCP 172.20.3.5:2604 <-> 172.20.3.13:80 [proto: 7/HTTP][cat: Web/5][5 pkts/1754 bytes <-> 4 pkts/583 bytes][Goodput ratio: 83/62][11.17 sec][Host: 172.20.3.13][bytes ratio: 0.501 (Upload)][IAT c2s/s2c min/avg/max/stddev: 307/81 2793/3724 10864/10997 4662/5143][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 351/146 1514/417 582/157][URL: 172.20.3.13/servlets/mms?message-id=189001[StatusCode: 200][UserAgent: SonyEricssonT68/R201A][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /servlets/mms)]
4 TCP 172.20.3.13:53132 <-> 172.20.3.5:80 [proto: 7/HTTP][cat: Web/5][9 pkts/1650 bytes <-> 4 pkts/240 bytes][Goodput ratio: 70/0][5.14 sec][Host: %s][bytes ratio: 0.746 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 734/1 4911/1 1706/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 183/60 894/60 270/0][URL: %s[StatusCode: 0][ContentType: multipart/related][UserAgent: MMS-Relay-DeliveryInitiator][PLAIN TEXT (POST /ppgctrl/ppgcontrollogic.d)]
5 TCP 172.20.3.5:2602 <-> 172.20.3.13:80 [proto: 7/HTTP][cat: Web/5][4 pkts/942 bytes <-> 4 pkts/703 bytes][Goodput ratio: 75/69][11.10 sec][Host: 172.20.3.13][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/106 3699/5548 10844/10989 5054/5442][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 236/176 762/541 304/211][URL: 172.20.3.13.servlets/mms[StatusCode: 200][ContentType: application/xml][PLAIN TEXT (POST .servlets/mms HTTP/1.1)]
5 TCP 172.20.3.5:2602 <-> 172.20.3.13:80 [proto: 7/HTTP][cat: Web/5][4 pkts/942 bytes <-> 4 pkts/703 bytes][Goodput ratio: 75/69][11.10 sec][Host: 172.20.3.13][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/106 3699/5548 10844/10989 5054/5442][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 236/176 762/541 304/211][URL: 172.20.3.13.servlets/mms[StatusCode: 200][ContentType: application/xml][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (POST .servlets/mms HTTP/1.1)]
6 TCP 172.20.3.13:53136 <-> 172.20.3.5:80 [proto: 7/HTTP][cat: Web/5][5 pkts/586 bytes <-> 6 pkts/999 bytes][Goodput ratio: 54/66][5.21 sec][bytes ratio: -0.261 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/96 1737/1302 4910/5010 2247/2141][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 117/166 370/481 126/150][PLAIN TEXT (POST /ppgctrl/ppgcon)]
7 TCP 172.20.3.5:9587 -> 172.20.3.13:80 [proto: 7/HTTP][cat: Web/5][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][PLAIN TEXT (POST /servlets/mms HTTP/)]
8 TCP 172.20.3.13:80 -> 172.20.72.5:2606 [proto: 7/HTTP][cat: Web/5][1 pkts/1514 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][PLAIN TEXT (HTTP/1.1 200 OK)]

36
tests/result/netflix.pcap.out
View file

@ -9,37 +9,37 @@ JA3 Host Stats:
1 192.168.1.7 4
1 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Goodput ratio: 12/96][26.40 sec][Host: 23.246.11.141][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/21 522/505 51/40][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 76/1500 584/1514 69/116][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8[StatusCode: 206][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][PLAIN TEXT (oMrLRiWL2)]
2 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Goodput ratio: 17/96][53.10 sec][Host: 23.246.3.140][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117/55 5026/5044 455/248][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 80/1494 581/1514 81/140][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4[StatusCode: 206][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][PLAIN TEXT (oMrLRiWL)]
3 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Goodput ratio: 16/96][46.97 sec][Host: 23.246.11.133][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 194/107 26359/26393 1829/1321][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/1487 582/1514 79/167][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10[StatusCode: 206][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][PLAIN TEXT (oMrLRiWL1)]
1 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][667 pkts/50462 bytes <-> 1205 pkts/1807875 bytes][Goodput ratio: 12/96][26.40 sec][Host: 23.246.11.141][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/21 522/505 51/40][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 76/1500 584/1514 69/116][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8[StatusCode: 206][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (oMrLRiWL2)]
2 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][502 pkts/40335 bytes <-> 805 pkts/1202445 bytes][Goodput ratio: 17/96][53.10 sec][Host: 23.246.3.140][bytes ratio: -0.935 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117/55 5026/5044 455/248][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 80/1494 581/1514 81/140][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4[StatusCode: 206][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (oMrLRiWL)]
3 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][293 pkts/23170 bytes <-> 495 pkts/736113 bytes][Goodput ratio: 16/96][46.97 sec][Host: 23.246.11.133][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 194/107 26359/26393 1829/1321][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/1487 582/1514 79/167][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10[StatusCode: 206][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (oMrLRiWL1)]
4 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][147 pkts/11558 bytes <-> 490 pkts/734346 bytes][Goodput ratio: 2/96][59.61 sec][Host: tp.akam.nflximg.com][bytes ratio: -0.969 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 418/45 30607/2159 2956/164][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/1499 282/1514 21/140][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif[StatusCode: 200][ContentType: text/plain][UserAgent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)]
5 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][83 pkts/7225 bytes <-> 147 pkts/202723 bytes][Goodput ratio: 20/95][73.78 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.931 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1184/604 69170/69192 8780/6263][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1379 293/1514 39/401][TLSv1.2][Client: art-s.nflximg.net][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
6 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Goodput ratio: 23/95][6.10 sec][Host: 23.246.11.141][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 90/58 504/714 130/109][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 88/1464 582/1514 100/228][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo[StatusCode: 206][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][PLAIN TEXT (oMrLRiWL2)]
6 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][75 pkts/6610 bytes <-> 103 pkts/150772 bytes][Goodput ratio: 23/95][6.10 sec][Host: 23.246.11.141][bytes ratio: -0.916 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 90/58 504/714 130/109][Pkt Len c2s/s2c min/avg/max/stddev: 60/74 88/1464 582/1514 100/228][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo[StatusCode: 206][UserAgent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (oMrLRiWL2)]
7 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][40 pkts/3413 bytes <-> 86 pkts/125190 bytes][Goodput ratio: 7/95][34.92 sec][Host: art-2.nflximg.net][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/12 1101/41 30978/402 5647/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1456 311/1514 38/274][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg[StatusCode: 200][ContentType: image/jpeg][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /5758)]
8 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][75 pkts/31024 bytes <-> 73 pkts/42930 bytes][Goodput ratio: 84/89][47.10 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 744/738 30450/30505 3962/4075][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 414/588 1514/1514 553/594][TLSv1.2][Client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
9 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][46 pkts/50218 bytes <-> 25 pkts/7943 bytes][Goodput ratio: 94/78][53.21 sec][bytes ratio: 0.727 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1378/2893 51181/51242 8188/11726][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1092/318 1514/1514 615/491][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
10 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][Goodput ratio: 17/95][1.88 sec][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 77/62 638/579 155/122][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1328 422/1514 71/457][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607[StatusCode: 200][PLAIN TEXT (GET /range/0)]
11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657[StatusCode: 200][PLAIN TEXT (GET /range/0)]
10 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2040 bytes <-> 34 pkts/45136 bytes][Goodput ratio: 17/95][1.88 sec][bytes ratio: -0.914 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 77/62 638/579 155/122][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1328 422/1514 71/457][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
12 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Goodput ratio: 17/95][42.46 sec][Host: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 425/43 3643/161 850/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1378 312/1514 59/421][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp[StatusCode: 200][ContentType: image/webp][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /af)]
13 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082[StatusCode: 200][PLAIN TEXT (GET /range/0)]
13 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
14 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][Goodput ratio: 69/93][38.50 sec][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1640/1232 30390/30443 6288/5475][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 211/964 1514/1514 376/637][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
15 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Goodput ratio: 20/95][1.39 sec][Host: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 28/35 45/81 10/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/1414 311/1514 64/366][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg[StatusCode: 200][ContentType: image/jpeg][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /8b)]
16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897[StatusCode: 200][PLAIN TEXT (czGET /range/0)]
16 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (czGET /range/0)]
17 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Goodput ratio: 31/95][2.07 sec][Host: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166/94 1389/1416 394/300][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/1337 311/1514 81/428][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg[StatusCode: 200][ContentType: image/jpeg][UserAgent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /4e)]
18 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Goodput ratio: 72/94][31.31 sec][Host: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092/21 30728/135 9212/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 242/1136 1514/1514 405/584][URL: appboot.netflix.com/appboot/NFAPPL-02-[StatusCode: 0][UserAgent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /appboot/NFAPPL)]
19 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981[StatusCode: 200][PLAIN TEXT (GET /range/0)]
20 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666[StatusCode: 200][PLAIN TEXT (GET /range/0)]
21 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][Goodput ratio: 14/95][7.15 sec][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 265/326 1355/1382 337/387][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1275 423/1514 62/517][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765[StatusCode: 200][PLAIN TEXT (GET /range/0)]
19 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
20 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
21 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][Goodput ratio: 14/95][7.15 sec][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 265/326 1355/1382 337/387][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1275 423/1514 62/517][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
22 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][Goodput ratio: 77/93][1.73 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/42 437/291 101/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290/895 1514/1514 442/626][TLSv1.2][Client: api-global.netflix.com][JA3C: d8bfad189bd26664e04570c104ee8418][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
23 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][Goodput ratio: 14/94][7.05 sec][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/271 635/1046 213/317][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80/1159 426/1514 62/603][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386[StatusCode: 200][PLAIN TEXT (fGET /range/0)]
24 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][Goodput ratio: 12/95][8.05 sec][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258/237 1250/1203 331/381][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 424/1514 58/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473[StatusCode: 200][PLAIN TEXT (GET /range/0)]
25 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][Goodput ratio: 13/95][5.76 sec][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/223 1162/1317 246/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 426/1514 60/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846[StatusCode: 200][PLAIN TEXT (GET /range/0)]
26 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][Goodput ratio: 14/94][7.56 sec][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 298/146 1317/530 354/131][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1160 423/1514 63/590][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467[StatusCode: 200][PLAIN TEXT (GET /range/0)]
23 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][Goodput ratio: 14/94][7.05 sec][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/271 635/1046 213/317][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80/1159 426/1514 62/603][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (fGET /range/0)]
24 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][Goodput ratio: 12/95][8.05 sec][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258/237 1250/1203 331/381][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 424/1514 58/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
25 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][Goodput ratio: 13/95][5.76 sec][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/223 1162/1317 246/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 426/1514 60/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
26 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][Goodput ratio: 14/94][7.56 sec][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 298/146 1317/530 354/131][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1160 423/1514 63/590][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
27 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][Goodput ratio: 92/78][32.21 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/84 332/331 94/95][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 811/309 1514/1514 700/493][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
28 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][Goodput ratio: 72/91][0.86 sec][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/33 266/316 64/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237/739 1514/1514 407/542][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
29 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][Goodput ratio: 12/94][7.38 sec][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222/250 636/1132 227/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1180 424/1514 59/570][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564[StatusCode: 200][PLAIN TEXT (GET /range/0)]
30 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][Goodput ratio: 12/94][8.26 sec][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/289 1152/1208 301/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1119 425/1514 60/614][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294[StatusCode: 200][PLAIN TEXT (GET /range/0)]
31 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333[StatusCode: 200][PLAIN TEXT (GET /range/0)]
29 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][Goodput ratio: 12/94][7.38 sec][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222/250 636/1132 227/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1180 424/1514 59/570][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
30 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][Goodput ratio: 12/94][8.26 sec][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/289 1152/1208 301/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1119 425/1514 60/614][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
31 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333[StatusCode: 200][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /range/0)]
32 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][Goodput ratio: 86/86][0.92 sec][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/54 282/127 72/35][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 486/491 1514/1514 603/610][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
33 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][cat: Video/26][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Goodput ratio: 91/87][31.72 sec][Host: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2877/42 31088/123 8921/33][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714/500 1514/1514 676/651][URL: api-global.netflix.com/msl/nrdjs/2.1.2[StatusCode: 0][UserAgent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)]
34 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][Goodput ratio: 79/90][1.01 sec][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/96 322/423 89/121][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 314/697 1514/1514 477/667][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]

4
tests/result/pps.pcap.out
View file

@ -6,7 +6,7 @@ Google 2 1093 1
1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Goodput ratio: 82/96][0.98 sec][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/77 0/8][Pkt Len c2s/s2c min/avg/max/stddev: 303/522 303/1313 303/1314 0/34][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_2.jpg?no=2[StatusCode: 200][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)]
2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Goodput ratio: 82/96][0.82 sec][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/51 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 303/180 303/1312 303/1314 0/49][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_1.jpg?no=1[StatusCode: 200][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)]
3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Goodput ratio: 73/96][0.11 sec][Host: static.qiyi.com][bytes ratio: -0.998 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/0 35/0 35/35 0/2][Pkt Len c2s/s2c min/avg/max/stddev: 198/566 200/1310 202/1314 2/50][URL: static.qiyi.com/ext/common/qisu2/downloader.ini[StatusCode: 200][UserAgent: Downloader][PLAIN TEXT (GET /ext/common/qisu2/downloade)]
4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Goodput ratio: 87/96][0.02 sec][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426/1303 426/1314 0/56][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de[StatusCode: 0][UserAgent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /videos/v)]
4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Goodput ratio: 87/96][0.02 sec][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426/1303 426/1314 0/56][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de[StatusCode: 0][UserAgent: QY-Player-Windows/2.0.102][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /videos/v)]
5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7/HTTP][cat: Web/5][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Goodput ratio: 95/96][13.04 sec][Host: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/0 307/0 127/0][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002/1239 1314/1314 434/215][URL: bcu.ff.avast.com/bc2[StatusCode: 0][ContentType: application/x-enc][UserAgent: {D699054D-1699-47D2-9B2B-E96F438C1160}][PLAIN TEXT (POST /bc2 HTTP/1.1)]
6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][6.36 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 46/0 393/0 2654/0 855/0][Pkt Len c2s/s2c min/avg/max/stddev: 473/0 518/0 553/0 30/0][PLAIN TEXT (NOTIFY )]
7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Goodput ratio: 92/94][0.04 sec][Host: cache.video.iqiyi.com][URL: cache.video.iqiyi.com/vi/500494600/562e26caed5695900212eb3259070f8a/?src=1_11_114[StatusCode: 200][PLAIN TEXT (GET /vi/500494600/562)]
@ -24,7 +24,7 @@ Google 2 1093 1
19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7/HTTP][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Goodput ratio: 92/93][0.12 sec][Host: click.hm.baidu.com][URL: click.hm.baidu.com/clk?53e25e33e064c657c06b558e5c3c33fd[StatusCode: 302][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /clk)]
20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Goodput ratio: 86/89][0.28 sec][Host: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/2efc8cd5fbe0f4ee498fb1c2fc1de8b6/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012[StatusCode: 200][UserAgent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][PLAIN TEXT (GET /2efc)]
21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Goodput ratio: 95/72][0.09 sec][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%[StatusCode: 200][UserAgent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /b)]
22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][2 pkts/887 bytes <-> 1 pkts/443 bytes][Goodput ratio: 88/88][2.24 sec][Host: 223.26.106.66][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b[StatusCode: 200][UserAgent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][PLAIN TEXT (GET /videos/v)]
22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][2 pkts/887 bytes <-> 1 pkts/443 bytes][Goodput ratio: 88/88][2.24 sec][Host: 223.26.106.66][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b[StatusCode: 200][UserAgent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][Risk: ** HTTP Numeric IP Address **][PLAIN TEXT (GET /videos/v)]
23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7/HTTP][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Goodput ratio: 95/62][0.10 sec][Host: click.hm.baidu.com][URL: click.hm.baidu.com/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0[StatusCode: 204][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ][PLAIN TEXT (GET /mkt.gif)]
24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Goodput ratio: 95/73][0.78 sec][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A//vodguide.pps.iqiyi.com/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26b[StatusCode: 200][UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][PLAIN TEXT (GET /b)]
25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Goodput ratio: 95/72][0.05 sec][Host: msg.iqiyi.com][URL: msg.iqiyi.com/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=2265[StatusCode: 200][UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.307][PLAIN TEXT (GET /b)]