mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-04-26 14:10:45 +00:00
Exteded Slowloris detection to TLS/QUIC
DoS latency reported in sec (used to be ms)
This commit is contained in:
Luca Deri
parent
dc29d855d3
commit
851703b8bb
13 changed files with 50 additions and 37 deletions
|
|
@ -9189,7 +9189,7 @@ static void check_probing_attempt(struct ndpi_detection_module_struct *ndpi_str,
|
|||
if(tdiff_ms > 1500 /* 1.5 sec */) {
|
||||
char buf[64];
|
||||
|
||||
snprintf(buf, sizeof(buf), "Slow TCP 3WH (SYN|ACK): %u ms", (unsigned int)tdiff_ms);
|
||||
snprintf(buf, sizeof(buf), "Slow TCP 3WH (SYN|ACK): %.1f sec", tdiff_ms/1000.);
|
||||
ndpi_set_risk(ndpi_str, flow, NDPI_SLOW_DOS, buf);
|
||||
}
|
||||
}
|
||||
|
|
@ -9203,7 +9203,7 @@ static void check_probing_attempt(struct ndpi_detection_module_struct *ndpi_str,
|
|||
if(tdiff_ms > 1500 /* 1.5 sec */) {
|
||||
char buf[64];
|
||||
|
||||
snprintf(buf, sizeof(buf), "Slow TCP 3WH (ACK): %u ms", (unsigned int)tdiff_ms);
|
||||
snprintf(buf, sizeof(buf), "Slow TCP 3WH (ACK): %.1f sec", tdiff_ms/1000.);
|
||||
ndpi_set_risk(ndpi_str, flow, NDPI_SLOW_DOS, buf);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1293,6 +1293,19 @@ static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct,
|
|||
|
||||
switch(packet->payload[0] /* block type */) {
|
||||
case 0x01: /* Client Hello */
|
||||
if((flow->l4.tcp.three_way_handshake.syn_time != 0) /* Check only if 3WH was observed */
|
||||
&& (flow->l4.tcp.three_way_handshake.ack_time != 0)
|
||||
) {
|
||||
u_int64_t tdiff_ms = packet->current_time_ms - flow->l4.tcp.three_way_handshake.ack_time;
|
||||
|
||||
if((tdiff_ms > 3000 /* 3 sec */) && (!ndpi_isset_risk(flow, NDPI_SLOW_DOS))) {
|
||||
char buf[64];
|
||||
|
||||
snprintf(buf, sizeof(buf), "Slow TLS Request: %.1f sec", tdiff_ms/1000.);
|
||||
ndpi_set_risk(ndpi_struct, flow, NDPI_SLOW_DOS, buf);
|
||||
}
|
||||
}
|
||||
|
||||
flow->protos.tls_quic.client_hello_processed = 1;
|
||||
flow->protos.tls_quic.ch_direction = packet->packet_direction;
|
||||
processClientServerHello(ndpi_struct, flow, 0);
|
||||
|
|
|
|||
|
|
@ -36,6 +36,6 @@ Unspecified 82 58035 3
|
|||
|
||||
|
||||
Undetected flows:
|
||||
1 TCP 127.0.0.1:54900 <-> 127.0.0.1:1234 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 27][Breed: Unrated][23 pkts/4536 bytes <-> 25 pkts/36959 bytes][Goodput ratio: 65/95][140.47 sec][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7803/22 139814/295 32017/65][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 197/1478 866/9429 234/2245][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (ACK): 140136 ms][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (StFJbE.l)][Plen Bins: 0,0,0,13,4,0,13,0,0,0,8,0,0,4,0,0,0,0,4,0,0,0,0,0,8,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,34]
|
||||
1 TCP 127.0.0.1:54900 <-> 127.0.0.1:1234 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 27][Breed: Unrated][23 pkts/4536 bytes <-> 25 pkts/36959 bytes][Goodput ratio: 65/95][140.47 sec][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7803/22 139814/295 32017/65][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 197/1478 866/9429 234/2245][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (ACK): 140.1 sec][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][PLAIN TEXT (StFJbE.l)][Plen Bins: 0,0,0,13,4,0,13,0,0,0,8,0,0,4,0,0,0,0,4,0,0,0,0,0,8,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,34]
|
||||
2 TCP 127.0.0.1:49996 <-> 127.0.0.1:1234 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 19][Breed: Unrated][10 pkts/2323 bytes <-> 9 pkts/7085 bytes][Goodput ratio: 70/91][0.11 sec][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/14 79/79 25/27][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 232/787 856/2116 289/942][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][Plen Bins: 0,0,11,22,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
||||
3 TCP 127.0.0.1:33550 <-> 127.0.0.1:1234 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][Breed: Unrated][8 pkts/1346 bytes <-> 7 pkts/5786 bytes][Goodput ratio: 59/92][2.18 sec][bytes ratio: -0.623 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 363/12 1127/43 497/18][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 168/827 862/2116 262/911][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,50]
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ JA Host Stats:
|
|||
50 UDP 10.0.2.15:28681 <-> 188.165.203.190:21995 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][4 pkts/414 bytes <-> 4 pkts/1836 bytes][Goodput ratio: 59/91][191.45 sec][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 35550/35547 63808/63807 112098/112099 34311/34312][Pkt Len c2s/s2c min/avg/max/stddev: 70/149 104/459 123/769 22/310][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 12,12,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
51 UDP 10.0.2.15:28681 <-> 190.192.210.182:6754 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][3 pkts/525 bytes <-> 3 pkts/1686 bytes][Goodput ratio: 76/92][8.37 sec][bytes ratio: -0.525 (Download)][IAT c2s/s2c min/avg/max/stddev: 2425/2441 4050/4054 5674/5668 1624/1613][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 175/562 274/769 70/293][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (.LGTKG)][Plen Bins: 0,0,33,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
52 UDP 10.0.2.15:28681 <-> 63.228.175.169:1936 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][3 pkts/520 bytes <-> 3 pkts/1686 bytes][Goodput ratio: 76/92][37.66 sec][bytes ratio: -0.529 (Download)][IAT c2s/s2c min/avg/max/stddev: 8739/8738 18728/18726 28718/28714 9990/9988][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 173/562 274/769 71/293][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,33,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
53 TCP 10.0.2.15:50198 <-> 86.129.196.84:9915 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][Breed: Potentially_Dangerous][7 pkts/1013 bytes <-> 5 pkts/772 bytes][Goodput ratio: 59/64][15.56 sec][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 3112/22 6485/43 2789/21][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 145/154 653/552 208/199][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow TCP 3WH (SYN|ACK): 6485 ms][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
53 TCP 10.0.2.15:50198 <-> 86.129.196.84:9915 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][Breed: Potentially_Dangerous][7 pkts/1013 bytes <-> 5 pkts/772 bytes][Goodput ratio: 59/64][15.56 sec][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 3112/22 6485/43 2789/21][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 145/154 653/552 208/199][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow TCP 3WH (SYN|ACK): 6.5 sec][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
54 UDP 10.0.2.15:28681 <-> 73.250.179.237:20848 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][2 pkts/246 bytes <-> 2 pkts/1538 bytes][Goodput ratio: 66/94][43.97 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
55 UDP 10.0.2.15:28681 <-> 92.217.84.16:20223 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][2 pkts/246 bytes <-> 2 pkts/1538 bytes][Goodput ratio: 66/94][44.00 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 UDP 10.0.2.15:28681 <-> 173.183.183.110:59920 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][2 pkts/246 bytes <-> 2 pkts/1538 bytes][Goodput ratio: 66/94][44.11 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -161,7 +161,7 @@ JA Host Stats:
|
|||
95 UDP 10.0.2.15:28681 <-> 213.229.111.224:4876 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][6 pkts/555 bytes <-> 3 pkts/612 bytes][Goodput ratio: 54/79][388.82 sec][bytes ratio: -0.049 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 487/2153 77092/101426 199495/200699 72356/99273][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 92/204 123/320 24/83][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (CEGTKGb)][Plen Bins: 33,11,33,11,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
96 TCP 10.0.2.15:50199 <-> 47.147.52.21:36728 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Download/7][Breed: Potentially_Dangerous][5 pkts/880 bytes <-> 4 pkts/220 bytes][Goodput ratio: 68/0][0.44 sec][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 27/27 111/36 232/44 82/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 176/55 652/58 238/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
97 UDP 10.0.2.15:28681 <-> 14.200.255.229:37058 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][6 pkts/451 bytes <-> 6 pkts/641 bytes][Goodput ratio: 44/61][433.20 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6450/6454 93822/93822 203345/203341 72163/72161][Pkt Len c2s/s2c min/avg/max/stddev: 70/88 75/107 98/120 10/14][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (LOCCen)][Plen Bins: 41,33,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
98 TCP 10.0.2.15:50291 <-> 200.7.155.210:28365 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][Breed: Potentially_Dangerous][5 pkts/905 bytes <-> 3 pkts/166 bytes][Goodput ratio: 66/0][24.54 sec][bytes ratio: 0.690 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/2 3913/2 6610/2 2636/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 181/55 653/58 236/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow TCP 3WH (SYN|ACK): 6610 ms][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
98 TCP 10.0.2.15:50291 <-> 200.7.155.210:28365 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][Breed: Potentially_Dangerous][5 pkts/905 bytes <-> 3 pkts/166 bytes][Goodput ratio: 66/0][24.54 sec][bytes ratio: 0.690 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/2 3913/2 6610/2 2636/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 181/55 653/58 236/2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow TCP 3WH (SYN|ACK): 6.6 sec][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
99 UDP [fe80::c50d:519f:96a4:e108]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][Stack: DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 103/DHCPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/1071 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][63.04 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 993/0 10506/0 32011/0 10831/0][Pkt Len c2s/s2c min/avg/max/stddev: 153/0 153/0 153/0 0/0][PLAIN TEXT (MSEDGEWIN)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
100 UDP 10.0.2.15:28681 <-> 149.28.163.175:49956 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][2 pkts/198 bytes <-> 1 pkts/769 bytes][Goodput ratio: 57/94][113.17 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (.LGTKG)][Plen Bins: 33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
101 UDP 10.0.2.15:28681 <-> 38.142.119.234:49732 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 35/Gnutella, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][2 pkts/193 bytes <-> 1 pkts/769 bytes][Goodput ratio: 56/94][163.26 sec][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -741,11 +741,11 @@ JA Host Stats:
|
|||
|
||||
|
||||
Undetected flows:
|
||||
1 TCP 10.0.2.15:50245 <-> 73.62.225.181:46843 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][Breed: Unrated][3 pkts/198 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][122.56 sec][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 3014/0 4514/0 6013/0 1499/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 102192 ms|Slow TCP 3WH (ACK): 11339 ms / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 10.0.2.15:50190 <-> 80.140.63.147:29545 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][Breed: Unrated][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 76679 ms|Slow TCP 3WH (ACK): 10981 ms / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 10.0.2.15:50191 <-> 207.38.163.228:6778 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][Breed: Unrated][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 76679 ms|Slow TCP 3WH (ACK): 10981 ms / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 TCP 10.0.2.15:50192 <-> 45.65.87.24:16201 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][Breed: Unrated][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 76678 ms|Slow TCP 3WH (ACK): 10981 ms / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 10.0.2.15:50193 <-> 89.75.52.19:46010 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][Breed: Unrated][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 76678 ms|Slow TCP 3WH (ACK): 10981 ms / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
1 TCP 10.0.2.15:50245 <-> 73.62.225.181:46843 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][Breed: Unrated][3 pkts/198 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][122.56 sec][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 3014/0 4514/0 6013/0 1499/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 102.2 sec|Slow TCP 3WH (ACK): 11.3 sec / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 10.0.2.15:50190 <-> 80.140.63.147:29545 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][Breed: Unrated][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 76.7 sec|Slow TCP 3WH (ACK): 11.0 sec / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 10.0.2.15:50191 <-> 207.38.163.228:6778 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][Breed: Unrated][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 76.7 sec|Slow TCP 3WH (ACK): 11.0 sec / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 TCP 10.0.2.15:50192 <-> 45.65.87.24:16201 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][Breed: Unrated][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 76.7 sec|Slow TCP 3WH (ACK): 11.0 sec / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 10.0.2.15:50193 <-> 89.75.52.19:46010 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][Breed: Unrated][1 pkts/66 bytes <-> 8 pkts/460 bytes][Goodput ratio: 0/0][87.66 sec][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/58 66/58 0/1][Risk: ** TCP Connection Issues **** Probing Attempt **** (Possible) Slow DoS **][Risk Score: 200][Risk Info: Slow TCP 3WH (SYN|ACK): 76.7 sec|Slow TCP 3WH (ACK): 11.0 sec / TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 TCP 10.0.2.15:50202 <-> 61.238.173.128:57648 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][Breed: Unrated][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][1.55 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 686/0 686/0 686/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 TCP 10.0.2.15:50220 <-> 36.233.196.226:3820 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][Breed: Unrated][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.38 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 953/0 1015/0 1077/0 62/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
8 TCP 10.0.2.15:50222 <-> 119.14.143.237:6523 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][Breed: Unrated][3 pkts/198 bytes <-> 3 pkts/162 bytes][Goodput ratio: 0/0][2.12 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 875/0 881/0 887/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 66/54 66/54 0/0][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -51,6 +51,6 @@ JA Host Stats:
|
|||
1 TCP 194.226.199.61:27453 <-> 35.241.9.150:443 [proto: 91.125/TLS.Mozilla][Stack: TLS.Mozilla][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][36 pkts/3477 bytes <-> 42 pkts/37330 bytes][Goodput ratio: 44/94][171.42 sec][Hostname/SNI: firefox.settings.services.mozilla.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.830 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4196/3653 58250/58245 14929/14067][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 97/889 375/2878 73/1070][nDPI Fingerprint: 928424e934f386bb86d141f25fe4abbf][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1410h2_c866b44c5a26_b5b8faed2b99][ServerNames: firefox.settings.services.mozilla.com,main-2-cdn.prod.kinto.prod.cloudops.mozgcp.net][JA3S: 9d9ce860f1b1cbef07b019450cb368d8][Issuer: C=US, O=Let's Encrypt, CN=R3][Subject: CN=main-2-cdn.prod.kinto.prod.cloudops.mozgcp.net][Certificate SHA-1: 30:0D:22:77:6E:DA:4E:99:3E:AF:8A:D0:5C:7D:97:51:8B:E6:22:11][Firefox][Validity: 2023-04-04 08:33:24 - 2023-07-03 08:33:23][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 49,16,2,0,3,3,1,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,11]
|
||||
2 TCP 194.226.199.61:6946 <-> 2.22.40.186:443 [proto: 91.183/TLS.Pinterest][Stack: TLS.Pinterest][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][41 pkts/7780 bytes <-> 47 pkts/26668 bytes][Goodput ratio: 70/90][18.13 sec][Hostname/SNI: ru.pinterest.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.548 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 404/181 3512/2129 852/406][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 190/567 1514/2974 287/678][nDPI Fingerprint: aba5d0a8f961a4ec8f557e80f37f969f][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d1516h2_8daaf6152771_9b887d9acb53][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 50,9,1,5,0,0,0,0,2,0,0,0,0,1,0,0,1,1,0,4,0,0,0,0,1,1,2,0,0,0,0,4,1,0,0,0,1,0,0,0,0,0,0,0,0,12,0,1]
|
||||
3 TCP 194.226.199.21:58155 <-> 52.18.127.189:443 [proto: 91/TLS][Stack: TLS][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 13][cat: Web/5][Breed: Safe][28 pkts/6789 bytes <-> 35 pkts/8995 bytes][Goodput ratio: 78/79][130.64 sec][Hostname/SNI: bitrix.info][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5498/4834 45102/45058 12717/11564][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 242/257 1547/2974 352/535][nDPI Fingerprint: ac1867928681fc04fd12abce7c094c79][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: bfc90d56141386ee83b56cda231cccfc][Chrome][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 46,22,6,6,0,0,0,0,0,0,1,0,6,0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1]
|
||||
4 TCP 194.226.199.103:62580 <-> 217.69.139.59:443 [proto: 91/TLS][Stack: TLS][IP: 22/VK][Encrypted][Confidence: DPI][FPC: 22/VK, Confidence: IP address][DPI packets: 15][cat: Web/5][Breed: Safe][22 pkts/2692 bytes <-> 16 pkts/10450 bytes][Goodput ratio: 55/92][7.28 sec][Hostname/SNI: portal.mail.ru][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.590 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 100/27 1559/213 357/70][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 122/653 623/2897 162/957][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1559 ms][nDPI Fingerprint: 39a72d7829fd33f03e867c5ab1f708a7][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t13d1714h2_5b57614c22b0_37205ffde759][ServerNames: *.mail.ru,mail.ru][JA3S: 2b33c1374db4ddf06942f92373c0b54b][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru][Certificate SHA-1: 9F:A2:43:EA:AA:62:15:13:44:0D:15:75:17:47:4C:6B:E5:8E:10:1E][Firefox][Validity: 2022-10-20 09:52:31 - 2023-11-21 09:52:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 68,0,0,5,0,0,0,0,11,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5]
|
||||
4 TCP 194.226.199.103:62580 <-> 217.69.139.59:443 [proto: 91/TLS][Stack: TLS][IP: 22/VK][Encrypted][Confidence: DPI][FPC: 22/VK, Confidence: IP address][DPI packets: 15][cat: Web/5][Breed: Safe][22 pkts/2692 bytes <-> 16 pkts/10450 bytes][Goodput ratio: 55/92][7.28 sec][Hostname/SNI: portal.mail.ru][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.590 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 100/27 1559/213 357/70][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 122/653 623/2897 162/957][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.6 sec][nDPI Fingerprint: 39a72d7829fd33f03e867c5ab1f708a7][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t13d1714h2_5b57614c22b0_37205ffde759][ServerNames: *.mail.ru,mail.ru][JA3S: 2b33c1374db4ddf06942f92373c0b54b][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru][Certificate SHA-1: 9F:A2:43:EA:AA:62:15:13:44:0D:15:75:17:47:4C:6B:E5:8E:10:1E][Firefox][Validity: 2022-10-20 09:52:31 - 2023-11-21 09:52:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 68,0,0,5,0,0,0,0,11,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5]
|
||||
5 TCP 194.226.199.9:49756 <-> 92.223.106.21:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][9 pkts/1140 bytes <-> 8 pkts/5344 bytes][Goodput ratio: 54/91][0.28 sec][Hostname/SNI: moevideo.biz][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1;SSLv3][bytes ratio: -0.648 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/6 44/20 18/8][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 127/668 571/2690 159/894][nDPI Fingerprint: 8523452234b2178807578cbfc1da1749][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d1613h1_1711a4c0508c_65df7edfe3b3][ServerNames: *.moevideo.biz,moevideo.biz][JA3S: d154fcfa5bb4f0748e1dd1992c681104][Issuer: C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4][Subject: CN=*.moevideo.biz][Certificate SHA-1: FF:0C:ED:41:2C:7C:DA:BA:89:FE:7E:09:4A:2B:62:26:A0:20:AC:53][Safari][Validity: 2023-04-04 15:59:15 - 2024-05-05 15:59:14][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 51,0,8,0,0,0,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8]
|
||||
6 TCP 194.226.199.226:34101 <-> 8.247.226.126:80 [proto: 7.147/HTTP.WindowsUpdate][Stack: HTTP.WindowsUpdate][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: SoftwareUpdate/19][Breed: Safe][7 pkts/896 bytes <-> 12 pkts/1742 bytes][Goodput ratio: 56/62][0.04 sec][Hostname/SNI: 3.tlu.dl.delivery.mp.microsoft.com][bytes ratio: -0.321 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/1 12/11 6/3][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 128/145 550/1076 172/281][URL: 3.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b4f27514-1618-47a0-bcd4-5fcb469edb63?P1=1681888058&P2=404&P3=2&P4=VJ2Qv%2bUXzBGOULZmyshxlc8XXx4pLl7hoFcLgf1iS33rDGfm0tCVrTPvZN8tn8yWBSrA0idwdtOBFLQMjZCUkw%3d%3d][Nat-IP: 10.13.38.160][User-Agent: Microsoft-Delivery-Optimization/10.0][TCP Fingerprint: 2_64_64240_565ad129ac37/Unknown][PLAIN TEXT (GET /filestreamingservice/files)][Plen Bins: 89,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ Web 688 353898 25
|
|||
3 TCP 192.168.0.4:54584 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][27 pkts/3947 bytes <-> 36 pkts/37139 bytes][Goodput ratio: 55/94][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.808 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 502/211 4249/2440 1050/592][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/1032 797/1514 225/628][URL: browserspy.dk/pics/logo.png][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /pics/logo.png HTTP/1.1)][Plen Bins: 0,0,6,0,3,0,3,0,3,0,0,0,0,0,0,0,0,3,0,0,0,0,12,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0]
|
||||
4 TCP 192.168.0.4:54505 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][27 pkts/3165 bytes <-> 36 pkts/37069 bytes][Goodput ratio: 43/94][10.97 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.843 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 298/138 2784/2976 683/551][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/1030 775/1514 180/625][URL: browserspy.dk/password.php][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password.php HTTP/1.1)][Plen Bins: 0,0,6,0,0,0,6,3,3,3,0,0,0,0,0,0,0,3,0,0,3,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0]
|
||||
5 TCP 192.168.0.4:54506 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Acceptable][16 pkts/1711 bytes <-> 20 pkts/21882 bytes][Goodput ratio: 38/94][18.69 sec][Hostname/SNI: browserspy.dk][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/2 1542/885 9336/9536 2720/2475][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 107/1094 709/1514 155/644][URL: browserspy.dk/?_=1381844104551][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow HTTP Req. (Slowloris): 11.0 sec][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (yGET /)][Plen Bins: 0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,87,0,0]
|
||||
6 TCP 192.168.0.4:54318 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Acceptable][15 pkts/1737 bytes <-> 20 pkts/19002 bytes][Goodput ratio: 42/93][15.29 sec][Username: test][Password: fail][Hostname/SNI: browserspy.dk][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1372/588 7743/7938 2428/1969][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 116/950 801/1514 183/656][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **** (Possible) Slow DoS **][Risk Score: 210][Risk Info: Slow HTTP Req. (Slowloris): 9.5 sec|Slow TCP 3WH (SYN|ACK): 1628 ms / HTTP Error Code 401 / Found credentials in HTTP Auth Lin][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
|
||||
6 TCP 192.168.0.4:54318 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Acceptable][15 pkts/1737 bytes <-> 20 pkts/19002 bytes][Goodput ratio: 42/93][15.29 sec][Username: test][Password: fail][Hostname/SNI: browserspy.dk][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1372/588 7743/7938 2428/1969][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 116/950 801/1514 183/656][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **** (Possible) Slow DoS **][Risk Score: 210][Risk Info: Slow HTTP Req. (Slowloris): 9.5 sec|Slow TCP 3WH (SYN|ACK): 1.6 sec / HTTP Error Code 401 / Found credentials in HTTP Auth Li][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
|
||||
7 TCP 192.168.0.4:54337 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][14 pkts/1675 bytes <-> 19 pkts/18899 bytes][Goodput ratio: 44/93][7.10 sec][Username: test][Password: fail2][Hostname/SNI: browserspy.dk][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 204/31 1269/206 376/69][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/995 805/1514 190/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **** Error Code **][Risk Score: 110][Risk Info: HTTP Error Code 401 / Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
|
||||
8 TCP 192.168.0.4:54317 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][14 pkts/1636 bytes <-> 19 pkts/18925 bytes][Goodput ratio: 43/93][9.56 sec][Hostname/SNI: browserspy.dk][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 454/33 3673/227 1082/74][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/996 766/1514 180/642][URL: browserspy.dk/password-ok.php][StatusCode: 401][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password)][Plen Bins: 0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,6,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
|
||||
9 TCP 192.168.0.4:54487 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][15 pkts/1711 bytes <-> 19 pkts/18579 bytes][Goodput ratio: 41/93][11.68 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: -0.831 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 605/442 5841/6025 1661/1494][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 114/978 775/1514 177/643][URL: browserspy.dk/password.php][StatusCode: 200][Content-Type: text/html][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /password.php HTTP/1.1)][Plen Bins: 0,0,6,0,0,0,0,0,0,0,6,0,0,6,0,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
|
||||
|
|
@ -54,10 +54,10 @@ Web 688 353898 25
|
|||
16 TCP 192.168.0.4:54583 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][6 pkts/1121 bytes <-> 5 pkts/475 bytes][Goodput ratio: 64/29][15.57 sec][Username: test][Password: test][Hostname/SNI: browserspy.dk][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 191/2 3074/332 9499/662 3700/330][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 187/95 779/203 265/54][URL: browserspy.dk/js/jquery.js][StatusCode: 304][Server: Apache][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found credentials in HTTP Auth Line][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][PLAIN TEXT (GET /js/j)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
17 TCP 192.168.0.4:54319 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.83 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 245/1181 3160/1181 10225/1181 4094/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
18 TCP 192.168.0.4:54320 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 246/1178 3161/1178 10229/1178 4096/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
19 TCP 192.168.0.4:54321 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 246/940 3160/940 10267/940 4123/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1628 ms][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
20 TCP 192.168.0.4:54322 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/760 3160/760 10249/760 4122/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1827 ms|Slow TCP 3WH (ACK): 1578 ms][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
19 TCP 192.168.0.4:54321 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 246/940 3160/940 10267/940 4123/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.6 sec][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
20 TCP 192.168.0.4:54322 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][12.84 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 248/760 3160/760 10249/760 4122/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.8 sec|Slow TCP 3WH (ACK): 1.6 sec][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
21 TCP 192.168.0.4:54354 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.68 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 202/3082 3577/3082 10249/3082 3955/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
22 TCP 192.168.0.4:54507 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.09 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2408 3474/2408 10240/2408 3970/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
23 TCP 192.168.0.4:54508 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.09 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2410 3475/2410 10240/2410 3970/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
24 TCP 192.168.0.4:54509 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.10 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2207 3474/2207 10236/2207 3958/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1651 ms][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
25 TCP 192.168.0.4:54596 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][15.49 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 194/3741 3824/3741 10228/3741 3889/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1522 ms][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
24 TCP 192.168.0.4:54509 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][14.10 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 204/2207 3474/2207 10236/2207 3958/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.7 sec][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
25 TCP 192.168.0.4:54596 <-> 192.254.189.169:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][5 pkts/342 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][15.49 sec][bytes ratio: 0.100 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 194/3741 3824/3741 10228/3741 3889/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 78/74 5/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.5 sec][TCP Fingerprint: 2_64_65535_09b18f059744/macOS][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -47,5 +47,5 @@ JA Host Stats:
|
|||
|
||||
1 TCP 192.168.1.146:35968 <-> 151.101.2.132:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][28 pkts/3557 bytes <-> 30 pkts/32939 bytes][Goodput ratio: 48/94][0.11 sec][Hostname/SNI: apache.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.805 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 53/54 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 127/1098 583/1450 129/576][nDPI Fingerprint: 6def9cba39e7d96f14bb96e41556e944][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1813h2_e8a523a41297_f81080dfc557][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,2,8,8,2,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0]
|
||||
2 TCP 192.168.1.103:1714 <-> 192.168.1.146:8080 [proto: 130/HTTP_Connect][Stack: HTTP_Connect][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][18 pkts/2918 bytes <-> 22 pkts/23923 bytes][Goodput ratio: 65/95][0.11 sec][Hostname/SNI: apache.org][bytes ratio: -0.783 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 50/53 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 162/1087 571/5590 128/1857][URL: apache.org:443][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.267 (Executable?)][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (CONNECT apache.org)][Plen Bins: 4,4,20,15,4,4,4,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,20]
|
||||
3 TCP 10.10.109.10:3128 <-> 10.100.3.133:50474 [VLAN: 1606][proto: 130.147/HTTP_Connect.WindowsUpdate][Stack: HTTP_Connect.WindowsUpdate][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: SoftwareUpdate/19][Breed: Safe][6 pkts/4297 bytes <-> 2 pkts/227 bytes][Goodput ratio: 91/43][502.21 sec][Hostname/SNI: fe3cr.delivery.mp.microsoft.com][bytes ratio: 0.900 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 100441/4 502189/4 200874/0][Pkt Len c2s/s2c min/avg/max/stddev: 64/70 716/114 1518/157 666/44][URL: fe3cr.delivery.mp.microsoft.com:443][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** Susp Entropy **** (Possible) Slow DoS **][Risk Score: 260][Risk Info: Slow TCP 3WH (ACK): 502190 ms / Entropy: 5.246 (Executable?) / Empty or missing User-Agent / Expected on port 80][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (HTTP/1.1 407 Proxy Authenticati)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
3 TCP 10.10.109.10:3128 <-> 10.100.3.133:50474 [VLAN: 1606][proto: 130.147/HTTP_Connect.WindowsUpdate][Stack: HTTP_Connect.WindowsUpdate][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: SoftwareUpdate/19][Breed: Safe][6 pkts/4297 bytes <-> 2 pkts/227 bytes][Goodput ratio: 91/43][502.21 sec][Hostname/SNI: fe3cr.delivery.mp.microsoft.com][bytes ratio: 0.900 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 100441/4 502189/4 200874/0][Pkt Len c2s/s2c min/avg/max/stddev: 64/70 716/114 1518/157 666/44][URL: fe3cr.delivery.mp.microsoft.com:443][Risk: ** Known Proto on Non Std Port **** HTTP Susp User-Agent **** Susp Entropy **** (Possible) Slow DoS **][Risk Score: 260][Risk Info: Slow TCP 3WH (ACK): 502.2 sec / Entropy: 5.246 (Executable?) / Empty or missing User-Agent / Expected on port 80][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (HTTP/1.1 407 Proxy Authenticati)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
4 UDP 192.168.1.146:47767 <-> 192.168.1.2:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/81 bytes <-> 1 pkts/97 bytes][Goodput ratio: 48/56][< 1 sec][Hostname/SNI: apache.org][151.101.2.132][DNS Id: 0xf5b7][PLAIN TEXT (apache)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -33,6 +33,6 @@ Acceptable 77 24228 3
|
|||
|
||||
Web 77 24228 3
|
||||
|
||||
1 TCP 192.168.1.66:35276 <-> 192.168.10.124:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Web/5][Breed: Acceptable][22 pkts/3662 bytes <-> 12 pkts/11981 bytes][Goodput ratio: 61/93][51856.96 sec][Hostname/SNI: 192.168.10.124][bytes ratio: -0.532 (Download)][IAT c2s/s2c min/avg/max/stddev: 4265/5 1682988/2370751 15055176/17341811 3747803/5683438][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 166/998 347/1514 137/666][URL: 192.168.10.124/][User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.7.0; U; Edition MacAppStore; en) Mozilla/5.0 (Macintosh; Intel Mac OS X) AppleWebKit/534.34 (KHTML,like Gecko) PhantomJS/1.9.0 (development) Safari/534.34][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow TCP 3WH (SYN|ACK): 31609590 ms|Slow TCP 3WH (ACK): 31550452 ms / Found host 192.168.10.124][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (TGET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0]
|
||||
2 TCP 192.168.1.68:35276 <-> 192.168.10.124:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][10 pkts/1035 bytes <-> 8 pkts/4896 bytes][Goodput ratio: 36/89][2896.03 sec][Hostname/SNI: 192.168.10.124][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 81/25 288427/150920 1067288/601684 389140/260249][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 104/612 443/1514 113/699][URL: 192.168.10.124:80/?NYR=SVPWCP][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow TCP 3WH (ACK): 599772 ms / Found host 192.168.10.124][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (P HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
3 TCP 192.168.1.64:35276 <-> 192.168.10.124:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: Web/5][Breed: Acceptable][14 pkts/1438 bytes <-> 11 pkts/1216 bytes][Goodput ratio: 33/40][70785.80 sec][Hostname/SNI: 192.168.10.124][bytes ratio: 0.084 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3333/14276 4670506/6312836 10192148/10192169 4225333/4397107][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/111 345/548 69/138][URL: 192.168.10.124/][User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.7.0; U; Edition MacAppStore; en) Mozilla/5.0 (Macintosh; Intel Mac OS X) AppleWebKit/534.34 (KHTML,like Gecko) PhantomJS/1.9.0 (development) Safari/534.34][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow HTTP Req. (Slowloris): 4425.9 sec|Slow TCP 3WH (ACK): 3297 ms / Found host 192.168.10.124][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 12,63,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
1 TCP 192.168.1.66:35276 <-> 192.168.10.124:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Web/5][Breed: Acceptable][22 pkts/3662 bytes <-> 12 pkts/11981 bytes][Goodput ratio: 61/93][51856.96 sec][Hostname/SNI: 192.168.10.124][bytes ratio: -0.532 (Download)][IAT c2s/s2c min/avg/max/stddev: 4265/5 1682988/2370751 15055176/17341811 3747803/5683438][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 166/998 347/1514 137/666][URL: 192.168.10.124/][User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.7.0; U; Edition MacAppStore; en) Mozilla/5.0 (Macintosh; Intel Mac OS X) AppleWebKit/534.34 (KHTML,like Gecko) PhantomJS/1.9.0 (development) Safari/534.34][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow TCP 3WH (SYN|ACK): 31609.6 sec|Slow TCP 3WH (ACK): 31550.5 sec / Found host 192.168.10.124][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (TGET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0]
|
||||
2 TCP 192.168.1.68:35276 <-> 192.168.10.124:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][10 pkts/1035 bytes <-> 8 pkts/4896 bytes][Goodput ratio: 36/89][2896.03 sec][Hostname/SNI: 192.168.10.124][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 81/25 288427/150920 1067288/601684 389140/260249][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 104/612 443/1514 113/699][URL: 192.168.10.124:80/?NYR=SVPWCP][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow TCP 3WH (ACK): 599.8 sec / Found host 192.168.10.124][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (P HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
3 TCP 192.168.1.64:35276 <-> 192.168.10.124:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: Web/5][Breed: Acceptable][14 pkts/1438 bytes <-> 11 pkts/1216 bytes][Goodput ratio: 33/40][70785.80 sec][Hostname/SNI: 192.168.10.124][bytes ratio: 0.084 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3333/14276 4670506/6312836 10192148/10192169 4225333/4397107][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/111 345/548 69/138][URL: 192.168.10.124/][User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.7.0; U; Edition MacAppStore; en) Mozilla/5.0 (Macintosh; Intel Mac OS X) AppleWebKit/534.34 (KHTML,like Gecko) PhantomJS/1.9.0 (development) Safari/534.34][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** (Possible) Slow DoS **][Risk Score: 110][Risk Info: Slow HTTP Req. (Slowloris): 4425.9 sec|Slow TCP 3WH (ACK): 3.3 sec / Found host 192.168.10.124][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 12,63,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -34,6 +34,6 @@ Acceptable 20 10948 3
|
|||
Collaborative 1 1506 1
|
||||
RPC 19 9442 2
|
||||
|
||||
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 253/SOAP][Stack: SOAP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 5][cat: RPC/16][Breed: Acceptable][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (ACK): 2461 ms][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 253/SOAP][Stack: SOAP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 5][cat: RPC/16][Breed: Acceptable][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (ACK): 2.5 sec][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 253/SOAP][Stack: SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RPC/16][Breed: Acceptable][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.253/HTTP.SOAP][Stack: HTTP.Microsoft365.SOAP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 7.253/HTTP.SOAP, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][Breed: Acceptable][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
|
||||
|
|
|
|||
|
|
@ -121,9 +121,9 @@ System 12 696 12
|
|||
IoT-Scada 4 232 4
|
||||
Crypto_Currency 2 116 2
|
||||
|
||||
1 TCP 172.16.0.8:36050 <-> 64.13.134.52:22 [proto: 92/SSH][Stack: SSH][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.68 sec][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 21682 ms][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][0.0.0.0][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 21092 ms][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 172.16.0.8:36050 <-> 64.13.134.52:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.27 sec][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 21273 ms][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
1 TCP 172.16.0.8:36050 <-> 64.13.134.52:22 [proto: 92/SSH][Stack: SSH][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.68 sec][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 21.7 sec][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][0.0.0.0][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 21.1 sec][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 172.16.0.8:36050 <-> 64.13.134.52:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.27 sec][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 21.3 sec][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 TCP 172.16.0.8:36050 <-> 64.13.134.52:25 [proto: 3/SMTP][Stack: SMTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Email/3][Breed: Acceptable][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / Connection refused (server)][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 172.16.0.8:36050 -> 64.13.134.52:20 [proto: 175/FTP_DATA][Stack: FTP_DATA][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 TCP 172.16.0.8:36050 -> 64.13.134.52:21 [proto: 1/FTP_CONTROL][Stack: FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -38,4 +38,4 @@ JA Host Stats:
|
|||
1 57.91.202.194 1
|
||||
|
||||
|
||||
1 TCP 57.91.202.194:50541 <-> 132.49.141.56:80 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Web/5][Breed: Safe][5 pkts/563 bytes <-> 8 pkts/1876 bytes][Goodput ratio: 43/72][14.65 sec][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 1011/3433 2355/3433 3621/3433 1067/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/234 299/1414 93/446][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** (Possible) Slow DoS **][Risk Score: 210][Risk Info: Slow TCP 3WH (SYN|ACK): 4151 ms|Slow TCP 3WH (ACK): 3305 ms / SNI should always be present / No ALPN / Expected on port 443][nDPI Fingerprint: ab49185fadc49dfb8599a7658ba655c0][TCP Fingerprint: 2_128_64240_5e2eda046ca7/Unknown][TLSv1.2][JA4: t12i550500_168bb377f8c8_a1e935682795][JA3S: 107030a763c7224285717ff1569a17f3][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (AnyNet Root CA1 0)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
|
||||
1 TCP 57.91.202.194:50541 <-> 132.49.141.56:80 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Web/5][Breed: Safe][5 pkts/563 bytes <-> 8 pkts/1876 bytes][Goodput ratio: 43/72][14.65 sec][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 1011/3433 2355/3433 3621/3433 1067/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/234 299/1414 93/446][Risk: ** Known Proto on Non Std Port **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** (Possible) Slow DoS **][Risk Score: 210][Risk Info: Slow TCP 3WH (SYN|ACK): 4.2 sec|Slow TCP 3WH (ACK): 3.3 sec / SNI should always be present / No ALPN / Expected on port 443][nDPI Fingerprint: ab49185fadc49dfb8599a7658ba655c0][TCP Fingerprint: 2_128_64240_5e2eda046ca7/Unknown][TLSv1.2][JA4: t12i550500_168bb377f8c8_a1e935682795][JA3S: 107030a763c7224285717ff1569a17f3][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (AnyNet Root CA1 0)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -17,9 +17,9 @@ LRU cache fpc_dns: 15/57/7 (insert/search/found)
|
|||
Automa host: 138/51 (search/found)
|
||||
Automa domain: 94/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 0/0 (search/found)
|
||||
Automa risk mask: 1/0 (search/found)
|
||||
Automa common alpns: 56/56 (search/found)
|
||||
Patricia risk mask: 0/0 (search/found)
|
||||
Patricia risk mask: 2/0 (search/found)
|
||||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 1/0 (search/found)
|
||||
Patricia risk IPv6: 8/0 (search/found)
|
||||
|
|
@ -73,7 +73,7 @@ JA Host Stats:
|
|||
6 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][Goodput ratio: 79/93][28.03 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.475 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1291/951 9696/8423 2840/2427][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 313/952 1306/2922 423/964][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,4,0,0,4,4,4,0,0,4,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,4,0,0,8,0,8,0,0,0,0,0,28,0,0,12]
|
||||
7 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 197/WeChat, Confidence: DNS][DPI packets: 8][cat: Chat/9][Breed: Fun][34 pkts/17556 bytes <-> 25 pkts/12172 bytes][Goodput ratio: 87/86][38.16 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.181 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1114/1110 15327/15635 3311/3567][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 516/487 1306/1754 494/579][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,0,9,3,0,0,0,9,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,18,0,3,6,0,0,3,0,0,3]
|
||||
8 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][Goodput ratio: 82/93][13.58 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.411 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 777/120 9999/394 2313/166][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/938 1306/5892 454/1304][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,4,4,0,0,4,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,4,0,4,0,9,0,0,0,0,0,33,0,0,4]
|
||||
9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Chat/9][Breed: Fun][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][Goodput ratio: 82/93][22.24 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1174/416 10039/3644 2412/985][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/994 1306/8291 454/1871][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1531 ms][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,5,5,5,0,0,5,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,0,10,0,5,0,0,0,21,0,0,5]
|
||||
9 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Chat/9][Breed: Fun][21 pkts/7825 bytes <-> 18 pkts/17898 bytes][Goodput ratio: 82/93][22.24 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.392 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1174/416 10039/3644 2412/985][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 373/994 1306/8291 454/1871][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.5 sec][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,5,5,5,0,0,5,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,5,0,10,0,5,0,0,0,21,0,0,5]
|
||||
10 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 8][cat: Chat/9][Breed: Fun][29 pkts/17545 bytes <-> 20 pkts/6923 bytes][Goodput ratio: 89/81][31.02 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1265/1401 15319/15624 3541/3988][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 605/346 1494/1494 586/472][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,3,3,0,0,0,11,7,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,11,0,7,0,0,0,0,0,27,0,0,0]
|
||||
11 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][25 pkts/12063 bytes <-> 19 pkts/7932 bytes][Goodput ratio: 86/84][47.29 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.207 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1388/1930 15313/15715 3511/4240][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 483/417 1306/1754 480/530][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,0,0,17,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,13,0,13,0,0,0,0,0,4,0,0,4]
|
||||
12 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][22 pkts/10193 bytes <-> 18 pkts/8262 bytes][Goodput ratio: 86/86][22.50 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.105 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1165/786 10037/4544 2455/1496][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 463/459 1306/1754 478/579][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,0,4,0,4,4,9,0,0,0,4,0,0,15,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,15,0,0,0,0,0,9,0,0,4]
|
||||
|
|
@ -82,15 +82,15 @@ JA Host Stats:
|
|||
15 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][Goodput ratio: 84/84][25.19 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1503/1316 9999/7806 2987/2505][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 420/410 1306/1494 462/507][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,0,5,0,0,0,16,5,0,0,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,11,0,0,0,0,0,11,0,0,0]
|
||||
16 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 197/WeChat, Confidence: DNS][DPI packets: 8][cat: Chat/9][Breed: Fun][15 pkts/6450 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 85/86][11.52 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 931/134 9811/287 2681/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/461 1306/1494 463/553][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,14,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0]
|
||||
17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][15 pkts/6438 bytes <-> 11 pkts/5068 bytes][Goodput ratio: 84/86][11.77 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.119 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 947/155 9639/333 2626/154][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 429/461 1306/1494 463/553][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,0,14,7,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,14,0,0,0,0,0,14,0,0,0]
|
||||
18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Chat/9][Breed: Fun][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][Goodput ratio: 78/86][14.48 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 1140/318 10004/1570 2698/530][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 308/492 1306/1798 406/692][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1516 ms][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,9,9,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,18]
|
||||
18 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Chat/9][Breed: Fun][15 pkts/4627 bytes <-> 12 pkts/5905 bytes][Goodput ratio: 78/86][14.48 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 1140/318 10004/1570 2698/530][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 308/492 1306/1798 406/692][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.5 sec][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,9,9,0,0,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,18]
|
||||
19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][Goodput ratio: 80/84][22.95 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2021/1536 10879/11228 3976/3666][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 330/428 1306/1494 416/541][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,0,16,8,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,8,0,0,0,0,0,16,0,0,0]
|
||||
20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 8][cat: Chat/9][Breed: Fun][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][Goodput ratio: 82/87][11.54 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.051 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 140/136 356/292 157/130][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 376/500 1306/1754 434/627][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,0,9,0,0,0,18,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,9,0,9,0,0,0,0,0,9,0,0,9]
|
||||
21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/TLS.QQ][Stack: TLS.QQ][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 48/QQ, Confidence: DNS][DPI packets: 8][cat: Chat/9][Breed: Fun][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][Goodput ratio: 67/90][72.13 sec][Hostname/SNI: res.wx.qq.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.544 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7939/7944 44960/45306 14472/14557][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 167/566 571/3484 197/987][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_256_GCM_SHA384][nDPI Fingerprint: 19caae3f2d2c8820bcc690a095de5718][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1512h2_f0daf39aad75_1c0c7ba38891][ServerNames: wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com][JA3S: 290adf098a54ade688d1df074dbecbf2][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com][Certificate SHA-1: 67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9][Validity: 2016-05-10 00:00:00 - 2018-08-09 23:59:59][Cipher: TLS_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,0,0,0,0,12,12,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,12]
|
||||
22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 10][cat: Web/5][Breed: Acceptable][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][Goodput ratio: 53/82][135.40 sec][Hostname/SNI: safebrowsing.googleusercontent.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6942/6942 45055/45055 16249/16250][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/369 895/1484 196/525][nDPI Fingerprint: c612d6fd18e55b74f65e6d3e2a340bc7][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: *.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news][JA3S: d655f7cd00e93ea8969c3c6e06f0156f][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com][Certificate SHA-1: 8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53][Validity: 2017-04-05 17:14:46 - 2017-06-28 16:57:00][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 12,38,6,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,12,0,0,0]
|
||||
23 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Goodput ratio: 92/92][0.18 sec][Hostname/SNI: ssl.gstatic.com][bytes ratio: 0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 27/2 76/4 27/1][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 501/555 1392/1392 574/599][QUIC ver: Q035][Idle Timeout: 30][PLAIN TEXT (ssl.gstatic.com)][Plen Bins: 23,30,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0]
|
||||
24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][Stack: QUIC.GoogleDocs][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.241/QUIC.GoogleDocs, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][Breed: Acceptable][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Goodput ratio: 91/86][1.33 sec][Hostname/SNI: docs.google.com][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/248 55/1178 23/465][Pkt Len c2s/s2c min/avg/max/stddev: 77/70 448/304 1392/1392 532/455][QUIC ver: Q035][Idle Timeout: 30][PLAIN TEXT (docs.google.comr)][Plen Bins: 30,39,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0]
|
||||
25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Chat/9][Breed: Fun][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][27.78 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3428/1426 19999/5411 6454/2304][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1717 ms][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20]
|
||||
26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 10][cat: Chat/9][Breed: Fun][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][30.78 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3813/2235 20004/5405 6348/2331][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1560 ms][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20]
|
||||
25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Chat/9][Breed: Fun][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][27.78 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3428/1426 19999/5411 6454/2304][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.7 sec][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20]
|
||||
26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 10][cat: Chat/9][Breed: Fun][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][Goodput ratio: 35/85][30.78 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.565 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 3813/2235 20004/5405 6348/2331][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/464 304/1754 77/673][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TLS Request: 4.6 sec|Slow TCP 3WH (SYN|ACK): 1.6 sec][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,20,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,20]
|
||||
27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][Goodput ratio: 35/86][24.98 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3076/848 20000/3092 6448/1207][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/463 304/1494 77/601][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0]
|
||||
28 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][13.33 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1665/362 10763/1441 3453/623][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0]
|
||||
29 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/TLS.WeChat][Stack: TLS.WeChat][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Chat/9][Breed: Fun][10 pkts/1032 bytes <-> 7 pkts/3637 bytes][Goodput ratio: 35/87][20.54 sec][Hostname/SNI: web.wechat.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2567/80 19243/317 6305/137][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/520 304/1494 77/622][nDPI Fingerprint: acd10ce93e8e3b54d93451e997df2ff0][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][TLSv1.2][JA4: t12d1511h2_f0daf39aad75_eb7c9aabf852][ServerNames: webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com][JA3S: 699a80bdb17efe157c861f92c5bf5d1d][Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3][Subject: C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com][Certificate SHA-1: 4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1][Validity: 2015-09-21 00:00:00 - 2018-09-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0]
|
||||
|
|
@ -103,14 +103,14 @@ JA Host Stats:
|
|||
36 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][14 pkts/1428 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][123.08 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 4608/0 45060/0 12222/0][Pkt Len c2s/s2c min/avg/max/stddev: 102/0 102/0 102/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
37 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][Stack: Google][IP: 126/Google][Encrypted][Confidence: Match by IP][FPC: 126/Google, Confidence: IP address][DPI packets: 20][cat: Web/5][Breed: Acceptable][10 pkts/660 bytes <-> 10 pkts/660 bytes][Goodput ratio: 0/0][540.78 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 45051/45051 61959/61957 180207/180208 44694/44695][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
38 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][14 pkts/1148 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][123.08 sec][Hostname/SNI: _googlecast._tcp.local][_googlecast._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 4608/0 45058/0 12221/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 82/0 82/0 0/0][PLAIN TEXT (googlecast)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91/TLS][Stack: TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][FPC: 197/WeChat, Confidence: DNS][DPI packets: 17][cat: Web/5][Breed: Safe][13 pkts/866 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][140.92 sec][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 272/45308 12755/45308 45020/45308 13611/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 67/70 74/74 2/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1701 ms][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
39 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91/TLS][Stack: TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][FPC: 197/WeChat, Confidence: DNS][DPI packets: 17][cat: Web/5][Breed: Safe][13 pkts/866 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][140.92 sec][bytes ratio: 0.511 (Upload)][IAT c2s/s2c min/avg/max/stddev: 272/45308 12755/45308 45020/45308 13611/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 67/70 74/74 2/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.7 sec][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
40 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 3][cat: Web/5][Breed: Safe][3 pkts/1078 bytes -> 0 pkts/0 bytes][Goodput ratio: 82/0][92.69 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
41 TCP 203.205.151.162:443 <-> 192.168.1.103:54084 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][3 pkts/802 bytes <-> 3 pkts/198 bytes][Goodput ratio: 75/0][16.21 sec][bytes ratio: 0.604 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6562/9679 8102/9679 9642/9679 1540/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 267/66 670/66 285/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
42 UDP 192.168.1.100:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/828 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.44 sec][Hostname/SNI: lbjamwptxz][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 179/0 816/0 313/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( EMECEKEBENFHFAFEFIFKCACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
43 IGMP 192.168.1.100:0 -> 224.0.0.22:0 [proto: 82/IGMP][Stack: IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 82/IGMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][15 pkts/810 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3769.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 409/0 289920/0 3384346/0 895904/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 54/0 54/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
44 UDP 192.168.1.100:138 -> 192.168.1.255:138 [proto: 10.16/NetBIOS.SMBv1][Stack: NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10.16/NetBIOS.SMBv1, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Dangerous][3 pkts/751 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][3600.00 sec][Hostname/SNI: giovanni-pc][PLAIN TEXT ( EHEJEPFGEBEOEOEJ)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][22.72 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 351/910 5597/910 20327/910 8509/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][55.41 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 312/33511 13774/33511 33196/33511 13762/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1585 ms][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][55.41 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 312/33511 13774/33511 33196/33511 13762/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.6 sec][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/73 bytes <-> 1 pkts/537 bytes][Goodput ratio: 42/92][0.03 sec][Hostname/SNI: res.wx.qq.com][203.205.158.34][DNS Id: 0x30dd][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 259/0 12546/0 83360/0 26898/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 252/0 12622/0 82310/0 26534/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -119,8 +119,8 @@ JA Host Stats:
|
|||
52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][104.22 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 239/0 13028/0 84664/0 27320/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][99.19 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 255/0 12398/0 82310/0 26558/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (PLTbOhOof)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
54 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Safe][4 pkts/264 bytes <-> 4 pkts/319 bytes][Goodput ratio: 0/17][14.77 sec][bytes ratio: -0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/39 4910/7364 14730/14688 6944/7324][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/80 66/121 0/24][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 3 pkts/214 bytes][Goodput ratio: 0/0][11.84 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 325/0 2960/0 9935/0 4045/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/71 74/74 3/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1579 ms][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91/TLS][Stack: TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][FPC: 197/WeChat, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 3 pkts/214 bytes][Goodput ratio: 0/0][11.56 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 2890/0 9679/0 3944/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/71 74/74 3/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1617 ms][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 3 pkts/214 bytes][Goodput ratio: 0/0][11.84 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 325/0 2960/0 9935/0 4045/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/71 74/74 3/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.6 sec][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91/TLS][Stack: TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][FPC: 197/WeChat, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 3 pkts/214 bytes][Goodput ratio: 0/0][11.56 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 2890/0 9679/0 3944/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/71 74/74 3/4][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.6 sec][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][8 pkts/528 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][90.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 232/0 12972/0 83248/0 28714/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][8 pkts/528 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][94.52 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 13502/0 85920/0 29594/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 48/QQ, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Safe][5 pkts/290 bytes <-> 4 pkts/234 bytes][Goodput ratio: 0/0][47.04 sec][bytes ratio: 0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 301/1307 11760/23331 45054/45355 19226/22024][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58/58 74/66 8/5][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -130,7 +130,7 @@ JA Host Stats:
|
|||
63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Safe][3 pkts/198 bytes <-> 3 pkts/198 bytes][Goodput ratio: 0/0][90.15 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 45055/45054 45056/45055 45056/45056 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91/TLS][Stack: TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][FPC: 285/Tencent, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Safe][6 pkts/396 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][92.42 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 607/0 18483/0 85584/0 33566/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/94 bytes <-> 1 pkts/272 bytes][Goodput ratio: 55/84][0.04 sec][Hostname/SNI: safebrowsing.googleusercontent.com][172.217.22.14][DNS Id: 0x3c19][PLAIN TEXT (safebrowsing)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91/TLS][Stack: TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][FPC: 285/Tencent, Confidence: IP address][DPI packets: 5][cat: Web/5][Breed: Safe][3 pkts/206 bytes <-> 2 pkts/148 bytes][Goodput ratio: 0/0][1.65 sec][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1646 ms][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91/TLS][Stack: TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][FPC: 285/Tencent, Confidence: IP address][DPI packets: 5][cat: Web/5][Breed: Safe][3 pkts/206 bytes <-> 2 pkts/148 bytes][Goodput ratio: 0/0][1.65 sec][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (SYN|ACK): 1.6 sec][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: iphonedimonica][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (iPhonediMonica)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43/82][0.04 sec][Hostname/SNI: ssl.gstatic.com][172.217.23.67][DNS Id: 0x6602][PLAIN TEXT (gstatic)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/75 bytes <-> 1 pkts/234 bytes][Goodput ratio: 43/82][0.03 sec][Hostname/SNI: ssl.gstatic.com][172.217.23.67][DNS Id: 0x2b39][PLAIN TEXT (gstatic)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -38,6 +38,6 @@ Acceptable 20 10948 3
|
|||
Web 19 9442 2
|
||||
Collaborative 1 1506 1
|
||||
|
||||
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 14][cat: Web/5][Breed: Acceptable][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (ACK): 2461 ms][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 14][cat: Web/5][Breed: Acceptable][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][Risk: ** (Possible) Slow DoS **][Risk Score: 100][Risk Info: Slow TCP 3WH (ACK): 2.5 sec][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][Breed: Acceptable][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.075 (Executable?)][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.219/HTTP.Microsoft365][Stack: HTTP.Microsoft365][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 7.219/HTTP.Microsoft365, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][Breed: Acceptable][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 160][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue