mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-05 02:16:47 +00:00
ndpiReader: print categories summary (#2895)
This commit is contained in:
Ivan Nardi
GitHub
parent
a671226078
commit
aa6dcad15e
679 changed files with 1867 additions and 0 deletions
|
|
@ -52,6 +52,17 @@ Fun 933 1975152 48
|
|||
Dangerous 5 1197 2
|
||||
Unrated 19 5564 9
|
||||
|
||||
Unspecified 19 5564 9
|
||||
Media 13 4318 2
|
||||
Web 380 410792 43
|
||||
Download 2 553 1
|
||||
Chat 58 25273 5
|
||||
Network 148 18784 68
|
||||
Streaming 902 1969950 44
|
||||
System 175 40630 22
|
||||
SoftwareUpdate 2 1359 1
|
||||
Advertisement 24 50551 2
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.5.16 2
|
||||
|
|
|
|||
|
|
@ -26,4 +26,6 @@ TLS 1 1506 1
|
|||
|
||||
Safe 1 1506 1
|
||||
|
||||
Web 1 1506 1
|
||||
|
||||
1 TCP 178.62.197.130:443 -> 192.168.1.13:53059 [proto: 91/TLS][IP: 26/ntop][Encrypted][Confidence: Match by port][FPC: 26/ntop, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic / Entropy: 7.855 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ ntop 109 73982 1
|
|||
|
||||
Safe 109 73982 1
|
||||
|
||||
Network 109 73982 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.1.13 1
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ ntop 667 458067 1
|
|||
|
||||
Safe 667 458067 1
|
||||
|
||||
Network 667 458067 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.1.13 1
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Github 70 37189 1
|
|||
|
||||
Acceptable 70 37189 1
|
||||
|
||||
Collaborative 70 37189 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.1.13 1
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ OpenVPN 46 11573 1
|
|||
|
||||
Acceptable 46 11573 1
|
||||
|
||||
VPN 46 11573 1
|
||||
|
||||
1 TCP 192.168.1.84:52973 <-> 192.12.192.103:1194 [proto: 159/OpenVPN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][25 pkts/5636 bytes <-> 21 pkts/5937 bytes][Goodput ratio: 70/77][8.96 sec][bytes ratio: -0.026 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 443/427 3959/4015 926/1024][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 225/283 1506/1506 330/399][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (Registro.it)][Plen Bins: 4,41,4,8,0,0,0,0,0,4,4,0,0,0,4,0,0,4,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,8,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ ntop 41 19929 1
|
|||
|
||||
Safe 41 19929 1
|
||||
|
||||
Network 41 19929 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.1.13 1
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Unknown 5 850 1
|
|||
|
||||
Unrated 5 850 1
|
||||
|
||||
Unspecified 5 850 1
|
||||
|
||||
|
||||
|
||||
Undetected flows:
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Microsoft365 4 2188 1
|
|||
|
||||
Acceptable 4 2188 1
|
||||
|
||||
Collaborative 4 2188 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.0.1 1
|
||||
|
|
|
|||
|
|
@ -33,6 +33,11 @@ Safe 32 15913 3
|
|||
Acceptable 62 10454 6
|
||||
Fun 33 13926 1
|
||||
|
||||
Email 4 516 2
|
||||
Web 38 17189 2
|
||||
SocialNetwork 33 13926 1
|
||||
Network 52 8662 5
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 2001:470:1f17:13f:3e97:eff:fe73:4dec 2
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Unknown 2 212 1
|
|||
|
||||
Unrated 2 212 1
|
||||
|
||||
Unspecified 2 212 1
|
||||
|
||||
|
||||
|
||||
Undetected flows:
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ BGP 14 969 1
|
|||
|
||||
Acceptable 14 969 1
|
||||
|
||||
Network 14 969 1
|
||||
|
||||
1 TCP 100.16.1.2:18324 <-> 100.16.1.1:179 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Network/14][7 pkts/388 bytes <-> 7 pkts/581 bytes][Goodput ratio: 20/46][50.10 sec][bytes ratio: -0.199 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 10014/9944 50028/49681 20007/19868][Pkt Len c2s/s2c min/avg/max/stddev: 44/44 55/83 101/195 20/49][Risk: ** Malicious Fingerpint **][Risk Score: 100][Risk Info: Unusual TCP fingerprint (scanner detected?)][TCP Fingerprint: 2_32_16384_6bbe28597824/Unknown][Plen Bins: 57,28,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,5 +24,7 @@ BGP 2 322 2
|
|||
|
||||
Acceptable 2 322 2
|
||||
|
||||
Network 2 322 2
|
||||
|
||||
1 TCP 2.2.2.2:179 -> 4.4.4.4:63535 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 13/BGP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 2.2.2.2:179 -> 5.5.5.5:49433 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 13/BGP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/159 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -26,6 +26,9 @@ EAQ 174 10092 29
|
|||
|
||||
Acceptable 197 21835 31
|
||||
|
||||
Web 23 11743 2
|
||||
Network 174 10092 29
|
||||
|
||||
1 TCP 10.8.0.1:40467 <-> 173.194.119.24:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][8 pkts/591 bytes <-> 6 pkts/9998 bytes][Goodput ratio: 23/97][0.51 sec][Hostname/SNI: www.google.com.br][bytes ratio: -0.888 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/8 76/114 400/349 146/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74/1666 193/2818 45/1240][URL: www.google.com.br/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg][StatusCode: 200][Content-Type: text/html][Server: gws][User-Agent: test][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Suspicious Log4J][TCP Fingerprint: 2_64_14600_38c452335ffe/Unknown][PLAIN TEXT (we50oDAAg HTTP/1.1)][Plen Bins: 0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,60]
|
||||
2 TCP 10.8.0.1:53497 <-> 173.194.119.48:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][5 pkts/390 bytes <-> 4 pkts/764 bytes][Goodput ratio: 26/72][0.20 sec][Hostname/SNI: www.google.com][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/10 51/50 139/89 54/40][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 78/191 154/602 39/237][URL: www.google.com/][StatusCode: 302][Content-Type: text/html][Server: GFE/2.0][User-Agent: test][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Suspicious Log4J][TCP Fingerprint: 2_64_14600_38c452335ffe/Unknown][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 10.8.0.1:39185 <-> 200.194.132.67:6000 [proto: 190/EAQ][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Network/14][5 pkts/290 bytes <-> 5 pkts/290 bytes][Goodput ratio: 27/27][86.62 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 21509/21499 21642/21642 21860/21869 132/138][Pkt Len c2s/s2c min/avg/max/stddev: 58/58 58/58 58/58 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -26,6 +26,9 @@ Megaco 130 23570 1
|
|||
|
||||
Acceptable 1552 259123 5
|
||||
|
||||
Media 1330 182702 1
|
||||
VoIP 222 76421 4
|
||||
|
||||
1 UDP 10.35.60.100:15580 <-> 10.23.1.52:16756 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][Payload Type: ITU-T G.711 PCMA (8.0)][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 25][cat: Media/1][159 pkts/33872 bytes <-> 1171 pkts/148830 bytes][Goodput ratio: 80/66][37.44 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/30 81/286 7/49][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 213/127 214/214 12/32][PLAIN TEXT (UUUUUU)][Plen Bins: 0,0,50,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 10.35.40.25:5060 <-> 10.35.40.200:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/13254 bytes <-> 24 pkts/13218 bytes][Goodput ratio: 93/92][83.79 sec][SIP From: <sip:unavailable@hostportion>;tag=00e9d478][SIP To: <sip:061963177@italtel.it;user=phone>][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3385/1643 27628/17187 8177/4202][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 10.35.40.22:2944 <-> 10.23.1.42:2944 [proto: 181/Megaco][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 181/Megaco, Confidence: DPI][DPI packets: 1][cat: VoIP/10][65 pkts/7788 bytes <-> 65 pkts/15782 bytes][Goodput ratio: 65/83][109.25 sec][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1409/1356 4370/4370 1953/1909][Pkt Len c2s/s2c min/avg/max/stddev: 77/101 120/243 583/561 107/94][PLAIN TEXT (555282713)][Plen Bins: 0,48,0,23,0,1,1,21,0,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,5 +24,7 @@ IEC60870 15 1431 2
|
|||
|
||||
Acceptable 15 1431 2
|
||||
|
||||
IoT-Scada 15 1431 2
|
||||
|
||||
1 TCP 10.175.211.1:2404 <-> 10.119.105.26:54768 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: IoT-Scada/31][7 pkts/987 bytes <-> 5 pkts/270 bytes][Goodput ratio: 61/0][2.00 sec][bytes ratio: 0.570 (Upload)][IAT c2s/s2c min/avg/max/stddev: 36/199 360/521 935/935 313/307][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 141/54 306/54 90/0][Plen Bins: 51,0,0,16,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 10.175.211.3:2404 <-> 10.119.105.26:54769 [proto: 245/IEC60870][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: IoT-Scada/31][2 pkts/120 bytes <-> 1 pkts/54 bytes][Goodput ratio: 5/0][0.22 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -37,6 +37,11 @@ Safe 37 5258 7
|
|||
Acceptable 105 15763 23
|
||||
Fun 205 50915 8
|
||||
|
||||
Web 78 10024 10
|
||||
SocialNetwork 205 50915 8
|
||||
Chat 27 7126 1
|
||||
Network 37 3871 19
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.24.82.188 3
|
||||
|
|
|
|||
|
|
@ -39,6 +39,14 @@ Safe 41 5761 8
|
|||
Acceptable 3147 428304 11
|
||||
Fun 15 1727 1
|
||||
|
||||
Media 2991 398751 2
|
||||
Web 62 7879 11
|
||||
Download 15 1727 1
|
||||
Chat 85 20646 2
|
||||
VoIP 44 6196 2
|
||||
Cloud 4 396 1
|
||||
Network 2 197 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.24.82.188 2
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ NTP 1 410 1
|
|||
|
||||
Acceptable 1 410 1
|
||||
|
||||
System 1 410 1
|
||||
|
||||
1 UDP 208.104.95.10:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 9/NTP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/410 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ NTP 1 90 1
|
|||
|
||||
Acceptable 1 90 1
|
||||
|
||||
System 1 90 1
|
||||
|
||||
1 UDP 175.144.140.29:123 -> 78.46.76.2:80 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 9/NTP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ NTP 1 90 1
|
|||
|
||||
Acceptable 1 90 1
|
||||
|
||||
System 1 90 1
|
||||
|
||||
1 UDP 85.22.62.120:123 -> 78.46.76.11:123 [proto: 9/NTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 9/NTP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -26,4 +26,6 @@ TLS 71 9386 1
|
|||
|
||||
Safe 71 9386 1
|
||||
|
||||
Web 71 9386 1
|
||||
|
||||
1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/TLS][IP: 22/VK][Encrypted][Confidence: Match by port][FPC: 22/VK, Confidence: IP address][DPI packets: 19][cat: Web/5][38 pkts/3580 bytes <-> 33 pkts/5806 bytes][Goodput ratio: 42/68][72.45 sec][bytes ratio: -0.237 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2392/2607 58175/58215 10382/11142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/176 369/1414 75/257][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 7,58,5,5,0,0,5,2,2,7,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ TiVoConnect 2 422 1
|
|||
|
||||
Fun 2 422 1
|
||||
|
||||
Network 2 422 1
|
||||
|
||||
1 UDP 98.245.242.69:2190 -> 255.255.255.255:2190 [proto: 308/TiVoConnect][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 308/TiVoConnect, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/422 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][0.00 sec][UUID: 4d696e69-444c-164e-9d41-1459c099c04][Machine: R7000P][Platform: pc/minidlna][Services: TiVoMediaServer:8200/http][PLAIN TEXT (TiVoConnect)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ HTTP 797 191003 797
|
|||
|
||||
Acceptable 797 191003 797
|
||||
|
||||
Web 797 191003 797
|
||||
|
||||
1 TCP 127.0.0.1:51184 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/651 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/ajax/api/hook/de)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 127.0.0.1:51182 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/644 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vb/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7D][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007058)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vb/ajax/api/hook/decodeArg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 127.0.0.1:50946 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/387 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/postnuke/html/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:001397)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unidirectional Traffic **][Risk Score: 220][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80 / Suspicious URL [/postnuke/html/index.php?Nikto=Foru][PLAIN TEXT (GET /postnuke/html/index.php)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ HTTP 94 30008 9
|
|||
|
||||
Acceptable 94 30008 9
|
||||
|
||||
Web 94 30008 9
|
||||
|
||||
1 TCP 172.16.0.1:36212 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/1070 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 56/92][5.01 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1002/3 5000/10 1999/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/897 666/2767 210/1090][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Expected 192.168.10.50, found 205.174.165.68 / Found host 205.174.165.68 / Suspicious URL [/dv/vulnerabilities/sqli/?id=1%27+a][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,33]
|
||||
2 TCP 172.16.0.1:36202 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][6 pkts/1004 bytes <-> 5 pkts/4487 bytes][Goodput ratio: 60/92][5.09 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/80 1017/40 5004/80 1994/40][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 167/897 666/4215 223/1659][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Expected 192.168.10.50, found 205.174.165.68 / Found host 205.174.165.68 / Suspicious URL [/dv/vulnerabilities/sqli/?id=1%27+a][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
3 TCP 172.16.0.1:36204 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][5 pkts/937 bytes <-> 5 pkts/2359 bytes][Goodput ratio: 64/86][5.01 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 1251/1 5000/4 2164/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 187/472 665/2087 239/808][URL: 205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** SQL Injection **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Expected 192.168.10.50, found 205.174.165.68 / Found host 205.174.165.68 / Suspicious URL [/dv/vulnerabilities/sqli/?id=1%27+a][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GET /dv/vulnerabilities/sqli/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@ HTTP 9374 4721148 661
|
|||
|
||||
Acceptable 9374 4721148 661
|
||||
|
||||
Web 9374 4721148 661
|
||||
|
||||
1 TCP 172.16.0.1:59042 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][214 pkts/62915 bytes <-> 107 pkts/190654 bytes][Goodput ratio: 78/96][68.07 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 340/680 4821/4822 530/629][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 294/1782 651/1935 251/393][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Expected 192.168.10.50, found 205.174.165.68 / Found host 205.174.165.68][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,49]
|
||||
2 TCP 172.16.0.1:56306 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][205 pkts/62321 bytes <-> 115 pkts/191204 bytes][Goodput ratio: 78/96][68.15 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.508 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 354/600 4804/4805 540/628][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 304/1663 651/1936 252/500][URL: 205.174.165.68/dv/vulnerabilities/xss_r/][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 110][Risk Info: Expected 192.168.10.50, found 205.174.165.68 / Found host 205.174.165.68][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,23,0,5,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,42]
|
||||
3 TCP 172.16.0.1:58360 <-> 192.168.10.50:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][210 pkts/62853 bytes <-> 105 pkts/190635 bytes][Goodput ratio: 78/96][67.29 sec][Hostname/SNI: 205.174.165.68][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 346/635 3808/3809 494/543][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 299/1816 651/1936 252/351][URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.18 (Ubuntu)][User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0][Risk: ** XSS Attack **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **][Risk Score: 260][Risk Info: Expected 192.168.10.50, found 205.174.165.68 / Found host 205.174.165.68 / Suspicious URL [/dv/vulnerabilities/xss_r/?name=%3C][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GET /dv/vulnerabilities/xss)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Activision 60 3904 4
|
|||
|
||||
Fun 60 3904 4
|
||||
|
||||
Game 60 3904 4
|
||||
|
||||
1 UDP 192.168.2.100:3074 <-> 45.63.112.54:34741 [proto: 258/Activision][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 258/Activision, Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/491 bytes <-> 7 pkts/485 bytes][Goodput ratio: 32/39][0.88 sec][bytes ratio: 0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 79/66 130/134 202/202 51/56][Pkt Len c2s/s2c min/avg/max/stddev: 60/69 61/69 71/71 4/1][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 192.168.2.100:3074 <-> 108.61.235.31:33441 [proto: 258/Activision][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 258/Activision, Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/491 bytes <-> 7 pkts/485 bytes][Goodput ratio: 32/39][1.58 sec][bytes ratio: 0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 198/198 212/214 274/269 28/28][Pkt Len c2s/s2c min/avg/max/stddev: 60/69 61/69 71/71 4/1][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.2.100:3074 <-> 148.72.173.162:34311 [proto: 258/Activision][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 258/Activision, Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/491 bytes <-> 7 pkts/485 bytes][Goodput ratio: 32/39][1.42 sec][bytes ratio: 0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 200/198 203/200 213/202 5/1][Pkt Len c2s/s2c min/avg/max/stddev: 60/69 61/69 71/71 4/1][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ STUN 25 7972 1
|
|||
|
||||
Acceptable 25 7972 1
|
||||
|
||||
AdultContent 25 7972 1
|
||||
|
||||
1 UDP 192.168.1.199:42759 <-> 31.220.27.69:80 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: AdultContent/34][11 pkts/3593 bytes <-> 14 pkts/4379 bytes][Goodput ratio: 87/87][0.22 sec][Hostname/SNI: b-eu14.stripcdn.com][bytes ratio: -0.099 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/14 55/54 17/17][Pkt Len c2s/s2c min/avg/max/stddev: 62/94 327/313 1246/1418 350/353][Mapped IP/Port: 93.35.171.161:59534][Peer IP/Port: 31.220.27.69:13304][Relayed IP/Port: 127.0.0.254:46990][Rsp Origin IP/Port: 31.220.27.69:80][Other IP/Port: 127.0.0.249:2083][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 3478][PLAIN TEXT (NurOKA)][Plen Bins: 8,8,12,24,8,16,0,0,4,0,0,0,0,0,0,0,4,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ AFP 16 1218 1
|
|||
|
||||
Acceptable 16 1218 1
|
||||
|
||||
DataTransfer 16 1218 1
|
||||
|
||||
1 TCP 192.168.27.57:64987 <-> 192.168.27.139:548 [proto: 97/AFP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 97/AFP, Confidence: DPI][DPI packets: 1][cat: DataTransfer/4][12 pkts/836 bytes <-> 4 pkts/382 bytes][Goodput ratio: 5/31][1.09 sec][bytes ratio: 0.373 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 109/0 1086/0 326/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 70/96 88/116 8/21][Plen Bins: 60,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ SD-RTN 403 112365 26
|
|||
|
||||
Acceptable 403 112365 26
|
||||
|
||||
Media 403 112365 26
|
||||
|
||||
1 UDP 192.168.2.100:55322 <-> 104.166.161.75:8130 [proto: 171/SD-RTN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 171/SD-RTN, Confidence: DPI][DPI packets: 1][cat: Media/1][24 pkts/5221 bytes <-> 6 pkts/3204 bytes][Goodput ratio: 81/92][730.23 sec][Hostname/SNI: 104-166-161-75.edge.agora.io][bytes ratio: 0.239 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34770/0 730075/0 155475/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/534 218/534 986/534 191/0][PLAIN TEXT (75.edge.agora.ioPDMD)][Plen Bins: 20,0,0,20,3,0,10,20,0,0,0,0,0,3,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 192.168.2.100:46798 <-> 23.248.186.179:8130 [proto: 171/SD-RTN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 171/SD-RTN, Confidence: DPI][DPI packets: 1][cat: Media/1][11 pkts/2008 bytes <-> 4 pkts/5044 bytes][Goodput ratio: 77/97][< 1 sec][Hostname/SNI: 23-248-186-179.edge.agora.io][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 92/0 29/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/1261 183/1261 367/1261 98/0][PLAIN TEXT (179.edge.agora.ioPDMD)][Plen Bins: 20,0,0,13,13,0,0,20,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.2.100:47805 -> 199.190.44.135:8130 [proto: 171/SD-RTN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 171/SD-RTN, Confidence: DPI][DPI packets: 1][cat: Media/1][18 pkts/4968 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][904.29 sec][Hostname/SNI: 199-190-44-135.edge.agora.io][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 58186/0 927866/0 224551/0][Pkt Len c2s/s2c min/avg/max/stddev: 276/0 276/0 276/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (135.edge.agora.ioPDMD)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -26,5 +26,7 @@ AH 2 276 1
|
|||
|
||||
Safe 6 1768 2
|
||||
|
||||
VPN 6 1768 2
|
||||
|
||||
1 UDP 10.2.3.2:500 <-> 10.3.4.4:500 [proto: 79/IPSec][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 79/IPSec, Confidence: DPI][DPI packets: 1][cat: VPN/2][2 pkts/770 bytes <-> 2 pkts/722 bytes][Goodput ratio: 89/88][0.02 sec][PLAIN TEXT (DELETE)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 AH 10.2.3.2:0 <-> 10.3.4.4:0 [proto: 116/AH][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 116/AH, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/138 bytes <-> 1 pkts/138 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,5 +24,7 @@ AJP 26 4446 2
|
|||
|
||||
Acceptable 26 4446 2
|
||||
|
||||
Web 26 4446 2
|
||||
|
||||
1 TCP 172.29.9.146:38856 <-> 172.29.9.147:8009 [VLAN: 7][proto: 139/AJP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][7 pkts/1554 bytes <-> 6 pkts/669 bytes][Goodput ratio: 68/36][0.17 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 222/112 896/300 286/84][TCP Fingerprint: 2_64_14600_2e3cee914fc1/Unknown][PLAIN TEXT (HTTP/1.1)][Plen Bins: 50,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 172.29.9.146:38856 <-> 172.29.9.147:8010 [VLAN: 7][proto: 139/AJP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][7 pkts/1554 bytes <-> 6 pkts/669 bytes][Goodput ratio: 68/36][< 1 sec][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 70/70 222/112 896/300 286/84][TCP Fingerprint: 2_64_14600_2e3cee914fc1/Unknown][PLAIN TEXT (HTTP/1.1)][Plen Bins: 50,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -45,6 +45,14 @@ Safe 136 23093 12
|
|||
Acceptable 2919 1140556 147
|
||||
Tracker_Ads 19 6096 1
|
||||
|
||||
Web 1530 685327 56
|
||||
Cloud 373 141134 14
|
||||
Network 81 8859 39
|
||||
SoftwareUpdate 19 7852 1
|
||||
ConnCheck 14 1498 2
|
||||
VirtAssistant 1038 318979 47
|
||||
Advertisement 19 6096 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 172.16.42.216 8
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ AliCloud 225 22986 15
|
|||
|
||||
Acceptable 225 22986 15
|
||||
|
||||
Cloud 225 22986 15
|
||||
|
||||
1 TCP 192.168.2.100:45094 <-> 8.209.76.194:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.49 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/1 17/67 23/322 7/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 192.168.2.100:51774 <-> 8.209.77.36:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.46 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 14/64 20/318 7/114][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.2.100:57322 <-> 8.209.107.122:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.33 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 16/41 24/166 9/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ AmongUs 1 57 1
|
|||
|
||||
Fun 1 57 1
|
||||
|
||||
Game 1 57 1
|
||||
|
||||
1 UDP 10.0.0.1:64260 -> 172.105.251.170:22023 [proto: 69/AmongUs][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 69/AmongUs, Confidence: DPI][DPI packets: 1][cat: Game/8][1 pkts/57 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ AMQP 160 23514 3
|
|||
|
||||
Acceptable 160 23514 3
|
||||
|
||||
RPC 160 23514 3
|
||||
|
||||
1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 192/AMQP, Confidence: DPI][DPI packets: 1][cat: RPC/16][54 pkts/10859 bytes <-> 54 pkts/3564 bytes][Goodput ratio: 67/0][4.12 sec][bytes ratio: 0.506 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 85/85 2001/2001 341/341][Pkt Len c2s/s2c min/avg/max/stddev: 103/66 201/66 395/66 103/0][PLAIN TEXT (celeryev)][Plen Bins: 0,33,0,33,0,0,9,0,9,5,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 127.0.1.1:5672 <-> 127.0.0.1:44204 [proto: 192/AMQP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: RPC/16][13 pkts/4327 bytes <-> 9 pkts/699 bytes][Goodput ratio: 80/15][4.12 sec][bytes ratio: 0.722 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/3 407/588 2001/2001 623/729][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 333/78 514/87 211/10][PLAIN TEXT (celeryev)][Plen Bins: 38,0,0,0,0,0,0,0,0,0,0,0,0,38,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 192/AMQP, Confidence: DPI][DPI packets: 1][cat: RPC/16][15 pkts/3075 bytes <-> 15 pkts/990 bytes][Goodput ratio: 68/0][1.04 sec][bytes ratio: 0.513 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 87/87 540/540 182/182][Pkt Len c2s/s2c min/avg/max/stddev: 97/66 205/66 312/66 88/0][PLAIN TEXT (default)][Plen Bins: 33,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -47,6 +47,14 @@ Safe 115 33651 10
|
|||
Acceptable 258 73115 46
|
||||
Fun 102 25188 7
|
||||
|
||||
Web 276 77333 21
|
||||
Cloud 3 1656 1
|
||||
Network 67 9636 30
|
||||
System 4 516 3
|
||||
SoftwareUpdate 79 29045 4
|
||||
Music 3 258 1
|
||||
ConnCheck 43 13510 3
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.2.16 7
|
||||
|
|
|
|||
|
|
@ -45,6 +45,14 @@ Safe 357 93023 14
|
|||
Acceptable 209 36536 53
|
||||
Unrated 19 1054 2
|
||||
|
||||
Unspecified 19 1054 2
|
||||
VPN 3 198 1
|
||||
Web 383 97857 18
|
||||
Network 94 12819 35
|
||||
Collaborative 27 4825 1
|
||||
System 30 7167 10
|
||||
ConnCheck 29 6693 2
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.0.0.227 5
|
||||
|
|
|
|||
|
|
@ -28,6 +28,10 @@ AnyDesk 150 44008 4
|
|||
Safe 20 1717 1
|
||||
Acceptable 154 44400 6
|
||||
|
||||
Web 20 1717 1
|
||||
RemoteAccess 150 44008 4
|
||||
Network 4 392 2
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.1.178 1
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Armagetron 305 35674 50
|
|||
|
||||
Fun 305 35674 50
|
||||
|
||||
Game 305 35674 50
|
||||
|
||||
1 UDP 192.168.1.183:56325 <-> 150.136.145.224:4533 [proto: 104/Armagetron][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 104/Armagetron, Confidence: DPI][DPI packets: 1][cat: Game/8][30 pkts/2096 bytes <-> 31 pkts/5848 bytes][Goodput ratio: 40/78][1.97 sec][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 68/56 425/407 86/87][Pkt Len c2s/s2c min/avg/max/stddev: 52/60 70/189 94/338 16/114][PLAIN TEXT (393..571.112)][Plen Bins: 46,25,1,0,8,0,0,1,9,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 192.168.1.183:4534 <-> 95.111.241.79:4533 [proto: 104/Armagetron][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 104/Armagetron, Confidence: DPI][DPI packets: 1][cat: Game/8][23 pkts/1480 bytes <-> 14 pkts/1142 bytes][Goodput ratio: 35/48][2.50 sec][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 124/229 1023/1416 305/431][Pkt Len c2s/s2c min/avg/max/stddev: 52/60 64/82 86/180 12/28][PLAIN TEXT (393..571.112)][Plen Bins: 73,24,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.1.183:4534 <-> 150.136.145.224:4533 [proto: 104/Armagetron][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 104/Armagetron, Confidence: DPI][DPI packets: 1][cat: Game/8][23 pkts/1480 bytes <-> 14 pkts/1142 bytes][Goodput ratio: 35/48][3.13 sec][bytes ratio: 0.129 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 147/268 1026/1366 299/407][Pkt Len c2s/s2c min/avg/max/stddev: 52/60 64/82 86/180 12/28][PLAIN TEXT (393..571.112)][Plen Bins: 73,24,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,5 +24,7 @@ ATG 31 2976 2
|
|||
|
||||
Acceptable 31 2976 2
|
||||
|
||||
IoT-Scada 31 2976 2
|
||||
|
||||
1 TCP 192.168.0.105:3148 <-> 20.108.25.119:10001 [proto: 423/ATG][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: IoT-Scada/31][14 pkts/986 bytes <-> 8 pkts/1304 bytes][Goodput ratio: 5/59][157.76 sec][bytes ratio: -0.139 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 256/2 12561/20187 58945/59439 18236/20472][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 70/163 75/509 4/160][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (08/19/2024 02)][Plen Bins: 83,0,0,0,0,0,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 192.168.0.105:3134 -> 20.108.25.119:10001 [proto: 423/ATG][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 423/ATG, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][9 pkts/686 bytes -> 0 pkts/0 bytes][Goodput ratio: 13/0][74.58 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 979/0 9322/0 37119/0 11869/0][Pkt Len c2s/s2c min/avg/max/stddev: 71/0 76/0 80/0 3/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ AVAST 142 9433 10
|
|||
|
||||
Safe 142 9433 10
|
||||
|
||||
Network 142 9433 10
|
||||
|
||||
1 TCP 192.168.2.100:62741 <-> 5.62.53.131:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/543 bytes <-> 7 pkts/512 bytes][Goodput ratio: 18/20][569.69 sec][bytes ratio: 0.029 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63304/75961 189840/189839 89445/92978][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/73 150/140 31/28][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 67,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 192.168.2.100:64903 <-> 5.62.53.53:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/583 bytes <-> 7 pkts/432 bytes][Goodput ratio: 24/4][1385.80 sec][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 171484/205784 356850/356863 172007/168697][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/62 150/70 32/3][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 67,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.2.100:49532 <-> 5.62.54.89:80 [proto: 307/AVAST][IP: 307/AVAST][Encrypted][Confidence: DPI][FPC: 307/AVAST, Confidence: IP address][DPI packets: 4][cat: Network/14][8 pkts/544 bytes <-> 7 pkts/432 bytes][Goodput ratio: 18/4][797.30 sec][bytes ratio: 0.115 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99700/119575 199551/199551 99662/97621][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 68/62 150/70 31/3][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][Plen Bins: 83,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ AVASTSecureDNS 77 11443 39
|
|||
|
||||
Safe 77 11443 39
|
||||
|
||||
Network 77 11443 39
|
||||
|
||||
1 UDP 192.168.2.100:49152 <-> 181.214.35.149:443 [proto: 263/AVASTSecureDNS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 263/AVASTSecureDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][PLAIN TEXT (sEcUREdNS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 192.168.2.100:49704 <-> 181.214.35.149:443 [proto: 263/AVASTSecureDNS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 263/AVASTSecureDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][PLAIN TEXT (SECurEdnS)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.2.100:49737 <-> 181.214.35.149:443 [proto: 263/AVASTSecureDNS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 263/AVASTSecureDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/218 bytes][Goodput ratio: 48/80][0.12 sec][PLAIN TEXT (sEcUREdNs)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ BACnet 23 1373 10
|
|||
|
||||
Safe 23 1373 10
|
||||
|
||||
IoT-Scada 23 1373 10
|
||||
|
||||
1 UDP 204.172.177.255:47808 -> 204.172.177.159:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 334/BACnet, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][14 pkts/833 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][221.21 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1387/0 17424/0 43334/0 13696/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 60/0 67/0 5/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 64.62.197.26:36992 -> 90.147.69.221:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 334/BACnet, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 64.62.197.166:36664 -> 90.147.69.213:47808 [proto: 334/BACnet][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 334/BACnet, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/60 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ DNS 382 99374 3
|
|||
|
||||
Acceptable 382 99374 3
|
||||
|
||||
Network 382 99374 3
|
||||
|
||||
1 UDP 192.168.43.91:56354 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 6][cat: Network/14][203 pkts/51588 bytes <-> 146 pkts/43285 bytes][Goodput ratio: 83/86][92.47 sec][Hostname/SNI: c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org][0.0.0.0][DNS Id: 0x16b8][bytes ratio: 0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/15 482/284 1046/2080 456/471][Pkt Len c2s/s2c min/avg/max/stddev: 95/95 254/296 290/325 74/65][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 200][Risk Info: DGA Name Query with no Error Code / Long DNS host name / 244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs][PLAIN TEXT (8244300)][Plen Bins: 0,5,5,0,0,0,0,50,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 192.168.43.91:35966 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][10 pkts/1125 bytes <-> 9 pkts/1293 bytes][Goodput ratio: 63/71][7.51 sec][Hostname/SNI: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org][0.0.0.0][DNS Id: 0xd20d][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 78/49 782/776 1050/1358 405/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 112/144 194/229 31/33][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 200][Risk Info: DGA Name Query with no Error Code / Long DNS host name / 05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs][PLAIN TEXT (3620001636f)][Plen Bins: 0,36,47,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.43.91:46961 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][7 pkts/926 bytes <-> 7 pkts/1157 bytes][Goodput ratio: 68/75][3.49 sec][Hostname/SNI: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org][0.0.0.0][DNS Id: 0xfc7b][bytes ratio: -0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 87/56 668/645 1019/1049 428/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 132/165 290/323 66/66][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 200][Risk Info: DGA Name Query with no Error Code / Long DNS host name / a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs][PLAIN TEXT (da83510001636)][Plen Bins: 0,28,42,14,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ BeckhoffADS 50 6032 1
|
|||
|
||||
Acceptable 50 6032 1
|
||||
|
||||
IoT-Scada 50 6032 1
|
||||
|
||||
1 TCP 192.168.1.99:49201 <-> 192.168.1.8:48898 [proto: 365/BeckhoffADS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][26 pkts/2788 bytes <-> 24 pkts/3244 bytes][Goodput ratio: 49/60][26.29 sec][bytes ratio: -0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1250/1381 25613/25812 5448/5759][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 107/135 150/762 31/139][TCP Fingerprint: 2_128_65535_44bd01ba086e/Unknown][PLAIN TEXT (Device 5 )][Plen Bins: 0,76,15,4,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ TLS 33 9228 1
|
|||
|
||||
Safe 33 9228 1
|
||||
|
||||
Gambling 33 9228 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.10.2 1
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ BFCP 65 4458 3
|
|||
|
||||
Acceptable 65 4458 3
|
||||
|
||||
Video 65 4458 3
|
||||
|
||||
1 UDP 10.0.200.73:3238 <-> 10.0.102.79:36633 [proto: 32/BFCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 32/BFCP, Confidence: DPI][DPI packets: 1][cat: Video/26][15 pkts/1170 bytes <-> 18 pkts/1064 bytes][Goodput ratio: 46/29][30.22 sec][Conference Id: 1][User Id: 2][bytes ratio: 0.047 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 53/53 2043/1956 3945/5000 1050/1401][Pkt Len c2s/s2c min/avg/max/stddev: 58/54 78/59 94/94 12/12][Plen Bins: 60,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 127.0.0.1:58984 <-> 127.0.0.1:5070 [proto: 32/BFCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Video/26][10 pkts/704 bytes <-> 6 pkts/512 bytes][Goodput ratio: 5/21][123.11 sec][Conference Id: 1927653396][User Id: 2055][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 12579/31975 92304/92304 30186/42684][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 70/85 78/150 5/29][TCP Fingerprint: 2_64_65495_db1b9381215d/Unknown][Plen Bins: 83,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.3.134:57020 <-> 192.168.9.100:16500 [proto: 32/BFCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 32/BFCP, Confidence: DPI][DPI packets: 1][cat: Video/26][7 pkts/470 bytes <-> 9 pkts/538 bytes][Goodput ratio: 34/30][16.68 sec][Conference Id: 1927653397][User Id: 2056][bytes ratio: -0.067 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/0 102/2377 449/16165 174/5631][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 67/60 90/98 10/14][Plen Bins: 87,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ BFD 11 698 4
|
|||
|
||||
Acceptable 11 698 4
|
||||
|
||||
Network 11 698 4
|
||||
|
||||
1 UDP 155.1.13.1:49152 -> 155.1.13.1:3785 [VLAN: 13][proto: 401/BFD][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 401/BFD, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/232 bytes -> 0 pkts/0 bytes][Goodput ratio: 21/0][0.46 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 155.1.13.3:49152 -> 155.1.13.1:3784 [VLAN: 13][proto: 401/BFD][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 401/BFD, Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/210 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][0.07 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 155.1.13.1:49152 -> 155.1.13.3:3784 [VLAN: 13][proto: 401/BFD][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 401/BFD, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][0.00 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ BITCOIN 529 426544 6
|
|||
|
||||
Acceptable 529 426544 6
|
||||
|
||||
Crypto_Currency 529 426544 6
|
||||
|
||||
1 TCP 192.168.1.142:55348 <-> 74.89.181.229:8333 [proto: 343/BITCOIN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 343/BITCOIN, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][55 pkts/28663 bytes <-> 117 pkts/134830 bytes][Goodput ratio: 87/94][1491.26 sec][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21789/4882 100110/64236 26995/11546][Pkt Len c2s/s2c min/avg/max/stddev: 110/86 521/1152 1514/1514 578/589][PLAIN TEXT (version)][Plen Bins: 0,32,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0]
|
||||
2 TCP 192.168.1.142:55383 <-> 66.68.83.22:8333 [proto: 343/BITCOIN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 343/BITCOIN, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][65 pkts/45271 bytes <-> 96 pkts/70339 bytes][Goodput ratio: 91/91][1337.01 sec][bytes ratio: -0.217 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18993/12001 134322/105866 27575/21527][Pkt Len c2s/s2c min/avg/max/stddev: 110/86 696/733 1514/1514 637/653][PLAIN TEXT (version)][Plen Bins: 0,47,0,4,0,0,0,0,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
|
||||
3 TCP 192.168.1.142:55400 <-> 195.218.16.178:8333 [proto: 343/BITCOIN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 343/BITCOIN, Confidence: DPI][DPI packets: 1][cat: Crypto_Currency/106][47 pkts/26824 bytes <-> 72 pkts/55927 bytes][Goodput ratio: 88/92][1107.93 sec][bytes ratio: -0.352 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22661/13162 91604/95856 25520/24264][Pkt Len c2s/s2c min/avg/max/stddev: 110/86 571/777 1514/1514 606/673][PLAIN TEXT (version)][Plen Bins: 0,53,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ BitTorrent 299 305728 24
|
|||
|
||||
Acceptable 299 305728 24
|
||||
|
||||
Download 299 305728 24
|
||||
|
||||
1 TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][Goodput ratio: 59/95][5.77 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 12/0 319/30 779/919 241/95][Pkt Len c2s/s2c min/avg/max/stddev: 83/80 161/1463 242/1506 58/218][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 2,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
|
||||
2 TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/583 bytes <-> 4 pkts/975 bytes][Goodput ratio: 55/73][4.11 sec][bytes ratio: -0.252 (Download)][IAT c2s/s2c min/avg/max/stddev: 132/72 959/2027 1966/3982 760/1955][Pkt Len c2s/s2c min/avg/max/stddev: 80/73 146/244 198/648 44/235][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,12,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][Goodput ratio: 59/78][3.54 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 489/661 1178/883 1943/1105 596/222][Pkt Len c2s/s2c min/avg/max/stddev: 75/113 160/303 241/650 62/246][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 51413,53646][BT Hash: dcfcdccfb9e670ccc3dd40c78c161f2bea243126][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 14,14,28,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ BitTorrent 100 96898 1
|
|||
|
||||
Acceptable 100 96898 1
|
||||
|
||||
Download 100 96898 1
|
||||
|
||||
1 TCP 192.168.122.34:48987 <-> 178.71.206.1:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Download/7][33 pkts/2895 bytes <-> 67 pkts/94003 bytes][Goodput ratio: 38/96][0.31 sec][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/4 33/64 11/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 88/1403 525/1494 98/324][Risk: ** Known Proto on Non Std Port **** Susp Entropy **][Risk Score: 60][Risk Info: Entropy: 7.533 (Encrypted or Random?) / Expected on port 51413,53646][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][BT Hash: 0f6b9cd2b7da4de9b6c846203920e3da49cdb795][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,4,1,0,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
|
||||
|
|
|
|||
|
|
@ -24,5 +24,7 @@ BitTorrent 92 41870 2
|
|||
|
||||
Acceptable 92 41870 2
|
||||
|
||||
Download 92 41870 2
|
||||
|
||||
1 UDP 82.243.113.43:64969 <-> 192.168.1.5:40959 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][47 pkts/36653 bytes <-> 39 pkts/4836 bytes][Goodput ratio: 95/66][19.22 sec][bytes ratio: 0.767 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 223/425 4392/4641 701/934][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 780/124 1514/519 609/123][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (hash20)][Plen Bins: 52,1,2,4,0,1,1,1,0,0,5,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,6,0,0,0,6,0,0,0,8,0]
|
||||
2 UDP 127.0.0.1:49861 <-> 127.0.0.1:33333 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 4][cat: Download/7][3 pkts/195 bytes <-> 3 pkts/186 bytes][Goodput ratio: 35/32][2.70 sec][bytes ratio: 0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1205/1205 1348/1348 1492/1492 144/144][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 65/62 67/62 2/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ BJNP 10 460 10
|
|||
|
||||
Acceptable 10 460 10
|
||||
|
||||
System 10 460 10
|
||||
|
||||
1 UDP 192.168.185.141:50087 -> 192.168.1.17:8612 [proto: 204/BJNP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 204/BJNP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 192.168.185.141:50089 -> 192.168.1.1:8612 [proto: 204/BJNP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 204/BJNP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.185.141:50089 -> 192.168.1.2:8612 [proto: 204/BJNP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 204/BJNP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/46 bytes -> 0 pkts/0 bytes][Goodput ratio: 34/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ Blizzard 175 66112 8
|
|||
|
||||
Fun 206 78663 9
|
||||
|
||||
Game 206 78663 9
|
||||
|
||||
1 TCP 192.168.1.117:60378 <-> 66.40.191.253:3724 [proto: 213/Blizzard][IP: 213/Blizzard][ClearText][Confidence: DPI][FPC: 213/Blizzard, Confidence: IP address][DPI packets: 4][cat: Game/8][11 pkts/1863 bytes <-> 20 pkts/43947 bytes][Goodput ratio: 67/97][0.49 sec][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/22 104/81 31/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 169/2197 785/29254 227/6289][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 1119][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][PLAIN TEXT (XLBcTjPRO SERVER)][Plen Bins: 20,15,5,0,0,0,0,0,0,0,5,0,0,10,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,20]
|
||||
2 TCP 192.168.1.117:50015 <-> 66.40.180.215:3724 [proto: 76/WorldOfWarcraft][IP: 213/Blizzard][ClearText][Confidence: DPI][FPC: 213/Blizzard, Confidence: IP address][DPI packets: 4][cat: Game/8][13 pkts/1799 bytes <-> 18 pkts/10752 bytes][Goodput ratio: 60/90][5.71 sec][bytes ratio: -0.713 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 590/152 3386/1606 1107/407][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 138/597 982/5894 244/1339][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][PLAIN TEXT (WORLD OF WARCRAFT CONNECTION )][Plen Bins: 31,12,12,6,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,6,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,6]
|
||||
3 UDP 192.168.12.67:44282 <-> 34.22.163.26:7521 [proto: 213/Blizzard][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 213/Blizzard, Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/3237 bytes <-> 10 pkts/2057 bytes][Goodput ratio: 90/80][0.47 sec][bytes ratio: 0.223 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/55 293/316 101/107][Pkt Len c2s/s2c min/avg/max/stddev: 61/61 405/206 542/542 202/220][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic / Expected on port 1119][PLAIN TEXT (yTIdpE)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,5,0,0,0,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ HTTP 402 431124 1
|
|||
|
||||
Acceptable 402 431124 1
|
||||
|
||||
Bots 402 431124 1
|
||||
|
||||
1 TCP 40.77.167.36:64768 <-> 89.31.72.220:80 [VLAN: 77][proto: 7/HTTP][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 6][cat: Bots/124][115 pkts/7672 bytes <-> 287 pkts/423452 bytes][Goodput ratio: 4/96][5.66 sec][Hostname/SNI: atlanteditorino.it][bytes ratio: -0.964 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/3 4532/106 489/16][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 67/1475 374/1498 29/171][URL: atlanteditorino.it/quartieri/img/S.Donato_M.Vittoria1930_B.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)][Risk: ** Crawler/Bot **][Risk Score: 10][Risk Info: UA Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/b][TCP Fingerprint: 194_128_64240_f65176b9e3ec/Unknown][PLAIN TEXT (GET /quartieri/im)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ DNS 2 160 1
|
|||
|
||||
Acceptable 2 160 1
|
||||
|
||||
Network 2 160 1
|
||||
|
||||
1 UDP 10.0.2.15:59751 <-> 10.0.2.3:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/72 bytes <-> 1 pkts/88 bytes][Goodput ratio: 41/52][0.00 sec][Hostname/SNI: utorrent.com][98.143.146.7][DNS Id: 0x6ff1][PLAIN TEXT (utorrent)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ BitTorrent 14 1492 1
|
|||
|
||||
Acceptable 14 1492 1
|
||||
|
||||
Download 14 1492 1
|
||||
|
||||
1 TCP 192.168.1.128:46882 <-> 176.31.225.118:80 [proto: 7.37/HTTP.BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Download/7][12 pkts/1038 bytes <-> 2 pkts/454 bytes][Goodput ratio: 36/75][57.56 sec][Hostname/SNI: tracker.trackerfix.com][bytes ratio: 0.391 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5384/0 28927/0 8989/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 86/227 424/394 102/167][URL: tracker.trackerfix.com/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started][User-Agent: Transmission/2.94][TCP Fingerprint: 2_64_2920_615eac77f548/Unknown][PLAIN TEXT (GET /announce)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ BitTorrent 2 322 1
|
|||
|
||||
Acceptable 2 322 1
|
||||
|
||||
Download 2 322 1
|
||||
|
||||
1 UDP 192.168.0.102:6771 -> 239.192.152.143:6771 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/322 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][300.03 sec][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -25,5 +25,7 @@ ANSI_C1222 4 571 2
|
|||
|
||||
Acceptable 4 571 2
|
||||
|
||||
IoT-Scada 4 571 2
|
||||
|
||||
1 TCP 192.168.1.101:1577 <-> 192.168.100.124:1153 [proto: 397/ANSI_C1222][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 397/ANSI_C1222, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/139 bytes <-> 1 pkts/177 bytes][Goodput ratio: 52/62][< 1 sec][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 10.9.3.124:55092 -> 10.208.0.9:1153 [proto: 397/ANSI_C1222][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 397/ANSI_C1222, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/255 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][19.07 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Cachefly 6 6163 1
|
|||
|
||||
Acceptable 6 6163 1
|
||||
|
||||
Cloud 6 6163 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.10.10.1 1
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Controller_Area_Network 8 696 8
|
|||
|
||||
Safe 8 696 8
|
||||
|
||||
System 8 696 8
|
||||
|
||||
1 UDP 55.97.32.36:56551 -> 61.40.63.42:25353 [proto: 352/Controller_Area_Network][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 352/Controller_Area_Network, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 103.183.191.240:46565 -> 73.121.85.123:63575 [proto: 352/Controller_Area_Network][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 352/Controller_Area_Network, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 128.244.36.46:34952 -> 196.77.109.252:11898 [proto: 352/Controller_Area_Network][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 352/Controller_Area_Network, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -29,6 +29,8 @@ CAPWAP 379 94439 4
|
|||
|
||||
Acceptable 392 97607 10
|
||||
|
||||
Network 392 97607 10
|
||||
|
||||
1 UDP 192.168.10.9:5246 <-> 192.168.10.10:12380 [proto: 247/CAPWAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 247/CAPWAP, Confidence: DPI][DPI packets: 1][cat: Network/14][106 pkts/26144 bytes <-> 111 pkts/37530 bytes][Goodput ratio: 83/88][169.10 sec][bytes ratio: -0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1421/1619 21349/21721 3881/4475][Pkt Len c2s/s2c min/avg/max/stddev: 106/115 247/338 1499/1499 292/381][PLAIN TEXT (Cisco Systems)][Plen Bins: 0,0,30,47,2,6,0,0,2,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,1,0,0]
|
||||
2 UDP 192.168.10.10:12380 <-> 192.168.10.9:5247 [proto: 247/CAPWAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 247/CAPWAP, Confidence: DPI][DPI packets: 1][cat: Network/14][156 pkts/29830 bytes <-> 1 pkts/168 bytes][Goodput ratio: 78/75][157.99 sec][bytes ratio: 0.989 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 1036/0 4999/0 902/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/168 191/168 470/168 70/0][Plen Bins: 0,0,21,27,11,19,5,9,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: CAPWAP:18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/2090 bytes -> 0 pkts/0 bytes][Goodput ratio: 72/0][59.44 sec][Hostname/SNI: kawai-ipad3][DHCP Fingerprint: 1,3,6,15,119,252][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ GoogleServices 14 2624 3
|
|||
|
||||
Acceptable 14 2624 3
|
||||
|
||||
Web 14 2624 3
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.1.3.68 1
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Cassandra 20 1700 3
|
|||
|
||||
Acceptable 20 1700 3
|
||||
|
||||
Database 20 1700 3
|
||||
|
||||
1 TCP 198.18.0.3:37892 <-> 198.18.0.2:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Database/11][5 pkts/439 bytes <-> 3 pkts/317 bytes][Goodput ratio: 23/35][< 1 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/11 3/6 11/11 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 88/106 158/177 35/51][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (PROTOCOL)][Plen Bins: 33,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 127.0.0.1:46536 <-> 127.0.0.1:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Database/11][5 pkts/378 bytes <-> 3 pkts/267 bytes][Goodput ratio: 11/23][0.01 sec][bytes ratio: 0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 1/2 5/5 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 76/89 97/127 11/27][TCP Fingerprint: 2_64_43690_db1b9381215d/Unknown][PLAIN TEXT (COMPRESSION)][Plen Bins: 66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 198.18.0.2:37184 <-> 198.18.0.3:7000 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Database/11][3 pkts/225 bytes <-> 1 pkts/74 bytes][Goodput ratio: 8/0][< 1 sec][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ Ceph 39 13379 1
|
|||
|
||||
Acceptable 39 13379 1
|
||||
|
||||
DataTransfer 39 13379 1
|
||||
|
||||
1 TCP 10.0.3.249:35556 <-> 10.0.3.67:6789 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: DataTransfer/4][20 pkts/2479 bytes <-> 19 pkts/10900 bytes][Goodput ratio: 46/88][0.10 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 59/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/574 345/3533 77/1032][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (machine2)][Plen Bins: 20,8,12,12,16,0,0,0,8,4,0,0,0,0,4,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ CHECKMK 98 20242 1
|
|||
|
||||
Acceptable 98 20242 1
|
||||
|
||||
DataTransfer 98 20242 1
|
||||
|
||||
1 TCP 192.168.100.22:58998 <-> 192.168.100.50:6556 [proto: 138/CHECKMK][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: DataTransfer/4][49 pkts/3242 bytes <-> 49 pkts/17000 bytes][Goodput ratio: 0/81][0.04 sec][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/0 4/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/347 74/4162 1/758][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (k@Version)][Plen Bins: 73,0,4,0,0,4,0,2,2,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,6]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ TLS 127 68131 6
|
|||
|
||||
Safe 127 68131 6
|
||||
|
||||
Web 127 68131 6
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.1.178 2
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ CIP 4 296 1
|
|||
|
||||
Acceptable 4 296 1
|
||||
|
||||
IoT-Scada 4 296 1
|
||||
|
||||
1 UDP 192.168.5.62:2222 <-> 192.168.5.50:2222 [proto: 393/CIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 393/CIP, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/144 bytes <-> 2 pkts/152 bytes][Goodput ratio: 41/44][0.01 sec][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ Citrix 100 11332 1
|
|||
|
||||
Acceptable 100 11332 1
|
||||
|
||||
Network 100 11332 1
|
||||
|
||||
1 TCP 21.0.0.8:45225 <-> 22.0.0.7:1494 [proto: 132/Citrix][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Network/14][75 pkts/8236 bytes <-> 25 pkts/3096 bytes][Goodput ratio: 47/52][1.60 sec][bytes ratio: 0.454 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/58 108/222 22/81][Pkt Len c2s/s2c min/avg/max/stddev: 64/64 110/124 913/595 117/118][Risk: ** Malicious Fingerpint **][Risk Score: 100][Risk Info: Unusual TCP fingerprint (scanner detected?)][TCP Fingerprint: 2_128_32768_6bbe28597824/Unknown][PLAIN TEXT (32.EXE)][Plen Bins: 64,22,3,2,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -35,6 +35,10 @@ CloudflareWarp 37 10500 3
|
|||
Safe 5 294 2
|
||||
Acceptable 73 14433 7
|
||||
|
||||
VPN 37 10500 3
|
||||
Web 24 1858 5
|
||||
Chat 17 2369 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.8.0.1 3
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ CNP-IP 2 144 1
|
|||
|
||||
Acceptable 2 144 1
|
||||
|
||||
IoT-Scada 2 144 1
|
||||
|
||||
1 UDP 127.0.0.1:39819 -> 127.0.0.1:1628 [proto: 422/CNP-IP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 422/CNP-IP, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 41/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -28,6 +28,9 @@ MQTT 261 20211 4
|
|||
Safe 19 1614 8
|
||||
Acceptable 1061 100887 8
|
||||
|
||||
Cloud 800 80676 4
|
||||
RPC 280 21825 12
|
||||
|
||||
1 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13960 bytes <-> 100 pkts/6260 bytes][Goodput ratio: 70/33][11.19 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 113/112 150/151 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 140/63 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,13,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13947 bytes <-> 100 pkts/6247 bytes][Goodput ratio: 70/33][11.09 sec][bytes ratio: 0.381 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 111/111 154/150 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,11,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][100 pkts/13921 bytes <-> 100 pkts/6221 bytes][Goodput ratio: 70/32][10.92 sec][bytes ratio: 0.382 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/103 110/110 172/164 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 136/59 139/62 143/66 2/2][PLAIN TEXT (messageType)][Plen Bins: 50,0,15,35,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ CoD_Mobile 13 3590 3
|
|||
|
||||
Fun 13 3590 3
|
||||
|
||||
Game 13 3590 3
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.215.173.1 1
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@ collectd 81 109386 8
|
|||
|
||||
Acceptable 81 109386 8
|
||||
|
||||
System 81 109386 8
|
||||
|
||||
1 UDP 127.0.0.1:35988 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 298/collectd, Confidence: DPI][DPI packets: 1][cat: System/18][49 pkts/66012 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][406.49 sec][Hostname/SNI: devlap.fritz.box][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8783/0 10000/0 3188/0][Pkt Len c2s/s2c min/avg/max/stddev: 193/0 1347/0 1388/0 167/0][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,83,10,0,0,0,0,0]
|
||||
2 UDP 127.0.0.1:36832 -> 127.0.0.1:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 298/collectd, Confidence: DPI][DPI packets: 1][cat: System/18][17 pkts/22755 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][134.67 sec][Hostname/SNI: devlap.fritz.box][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8311/0 10000/0 3518/0][Pkt Len c2s/s2c min/avg/max/stddev: 924/0 1339/0 1384/0 104/0][PLAIN TEXT (devlap.fritz.box)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,89,0,0,0,0,0,0]
|
||||
3 UDP 192.168.178.35:39576 -> 239.192.74.66:25826 [proto: 298/collectd][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: System/18][6 pkts/8363 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][708570048.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 907/0 141714014208/0 708570000000/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 1274/0 1394/0 1434/0 54/0][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.844 (Encrypted or Random?)][PLAIN TEXT (RmBJSP)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,33,50,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -30,6 +30,9 @@ PlayStore 9 1912 1
|
|||
Safe 70 12384 7
|
||||
Acceptable 22 4730 3
|
||||
|
||||
Network 2 305 1
|
||||
ConnCheck 90 16809 9
|
||||
|
||||
1 TCP 10.1.0.60:38024 <-> 92.123.101.121:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: ConnCheck/30][9 pkts/2198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 73/0][7.08 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: 0.935 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 885/0 3618/0 1162/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 244/74 294/74 93/0][URL: conn-service-eu-04.allawnos.com/generate204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (nGET /generate204 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 10.1.0.60:49674 <-> 142.250.180.163:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 10][cat: ConnCheck/30][9 pkts/2079 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][7.05 sec][Hostname/SNI: www.google.eu][bytes ratio: 0.931 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 881/0 3584/0 1153/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 231/74 277/74 86/0][URL: www.google.eu/generate_204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 10.1.0.70:54612 <-> 142.250.180.138:80 [proto: 7.228/HTTP.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 9][cat: ConnCheck/30][8 pkts/1838 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][3.67 sec][Hostname/SNI: play.googleapis.com][bytes ratio: 0.923 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 524/0 1824/0 607/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 230/74 283/74 92/0][URL: play.googleapis.com/generate_204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -25,5 +25,7 @@ Corba 28 26656 2
|
|||
|
||||
Acceptable 28 26656 2
|
||||
|
||||
RPC 28 26656 2
|
||||
|
||||
1 TCP 127.0.1.1:42717 <-> 127.0.1.1:56899 [proto: 168/Corba][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RPC/16][11 pkts/19044 bytes <-> 7 pkts/4592 bytes][Goodput ratio: 96/90][2.27 sec][bytes ratio: 0.611 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/30 247/444 1024/1047 412/491][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1731/656 4162/4095 1891/1404][TCP Fingerprint: 2_64_32792_e8fbf9d4563a/Unknown][PLAIN TEXT (pIGIOP)][Plen Bins: 0,0,22,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66]
|
||||
2 UDP 10.95.28.46:34477 -> 10.95.28.46:15984 [proto: 168/Corba][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 168/Corba, Confidence: DPI][DPI packets: 1][cat: RPC/16][10 pkts/3020 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][0.06 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 49/0 15/0][Pkt Len c2s/s2c min/avg/max/stddev: 302/0 302/0 302/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (10.95.28.46)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ CPHA 1 96 1
|
|||
|
||||
Fun 1 96 1
|
||||
|
||||
Network 1 96 1
|
||||
|
||||
1 UDP 0.0.0.0:8116 -> 172.21.3.0:8116 [VLAN: 21][proto: 53/CPHA][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 53/CPHA, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ OCSP 12 1842 1
|
|||
|
||||
Safe 12 1842 1
|
||||
|
||||
Web 12 1842 1
|
||||
|
||||
1 TCP 192.168.12.156:38291 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][FPC: 288/Edgecast, Confidence: IP address][DPI packets: 8][cat: Web/5][7 pkts/705 bytes <-> 5 pkts/1137 bytes][Goodput ratio: 33/70][0.04 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.235 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 8/10 4/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/227 284/865 75/319][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CF7)][User-Agent: zbtls http][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (ConnectionTP/1.1)][Plen Bins: 33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ Crossfire 32 31378 3
|
|||
|
||||
Fun 32 31378 3
|
||||
|
||||
RPC 32 31378 3
|
||||
|
||||
1 TCP 192.168.1.15:49797 <-> 67.210.208.31:13008 [proto: 105/Crossfire][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: RPC/16][12 pkts/2025 bytes <-> 11 pkts/28669 bytes][Goodput ratio: 67/98][56.82 sec][bytes ratio: -0.868 (Download)][IAT c2s/s2c min/avg/max/stddev: 187/0 6273/3070 32954/14745 10456/5219][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 169/2606 499/8694 191/3734][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][PLAIN TEXT (test12345)][Plen Bins: 15,0,0,0,0,0,7,0,0,0,0,23,0,23,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23]
|
||||
2 UDP 192.168.1.15:58790 <-> 67.210.208.40:14037 [proto: 105/Crossfire][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 105/Crossfire, Confidence: DPI][DPI packets: 1][cat: RPC/16][2 pkts/154 bytes <-> 1 pkts/215 bytes][Goodput ratio: 45/80][< 1 sec][Plen Bins: 0,66,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.1.15:51836 <-> 67.210.208.38:12007 [proto: 105/Crossfire][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 105/Crossfire, Confidence: DPI][DPI packets: 1][cat: RPC/16][5 pkts/255 bytes <-> 1 pkts/60 bytes][Goodput ratio: 18/13][< 1 sec][bytes ratio: 0.619 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 1/0 4/0 2/0][Pkt Len c2s/s2c min/avg/max/stddev: 51/60 51/60 51/60 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ CryNetwork 105 14077 7
|
|||
|
||||
Fun 105 14077 7
|
||||
|
||||
Game 105 14077 7
|
||||
|
||||
1 UDP 192.168.2.100:55460 <-> 78.159.118.143:21931 [proto: 314/CryNetwork][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 314/CryNetwork, Confidence: DPI][DPI packets: 1][cat: Game/8][12 pkts/1562 bytes <-> 3 pkts/525 bytes][Goodput ratio: 68/76][0.94 sec][bytes ratio: 0.497 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 88/48 266/48 102/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/175 130/175 267/175 62/0][Plen Bins: 0,33,33,0,20,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 192.168.2.100:56970 <-> 84.16.230.222:28665 [proto: 314/CryNetwork][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 314/CryNetwork, Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/1901 bytes <-> 1 pkts/175 bytes][Goodput ratio: 69/76][0.77 sec][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 61/0 262/0 85/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/175 136/175 267/175 69/0][Plen Bins: 0,40,33,0,6,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.2.100:55645 <-> 78.159.98.94:28375 [proto: 314/CryNetwork][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 314/CryNetwork, Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/1881 bytes <-> 1 pkts/175 bytes][Goodput ratio: 69/76][0.49 sec][bytes ratio: 0.830 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/0 201/0 51/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/175 134/175 267/175 70/0][Plen Bins: 0,46,26,0,6,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -29,6 +29,11 @@ Acceptable 2 188 2
|
|||
Unsafe 1 94 1
|
||||
Dangerous 1 94 1
|
||||
|
||||
Unspecified 1 94 1
|
||||
Email 1 94 1
|
||||
Web 1 94 1
|
||||
Crypto_Currency 1 94 1
|
||||
|
||||
1 TCP [2001:db8::1]:33408 -> [2001:db8::c2fd:b817:5ca8:82dd]:16690 [proto: 468/CustomProtocolJ][IP: 468/CustomProtocolJ][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP [2001:db8::2]:33408 -> [2001:db8::cba5:51b2:8733:6d9e]:38542 [proto: 469/CustomProtocolK][IP: 469/CustomProtocolK][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Email/3][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP [2003:db8::3]:33408 -> [2001:db8::cc14:67e6:fcd:b96d]:37464 [proto: 3002/CustomProtocolL][IP: 3002/CustomProtocolL][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@ ESP 1 346 1
|
|||
Safe 1 346 1
|
||||
Acceptable 84 14188 2
|
||||
|
||||
Malware 85 14534 3
|
||||
|
||||
1 TCP [2001:db8:1::1]:64720 <-> [2001:db8:200::1]:20868 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 17][cat: Malware/100][32 pkts/3639 bytes <-> 30 pkts/6335 bytes][Goodput ratio: 24/59][5.34 sec][Hostname/SNI: SSH-1.5-1.2.26][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 13/74 184/193 1212/1436 234/283][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 114/211 250/1294 47/257][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 22][TCP Fingerprint: 2_64_8192_781448c930cc/Unknown][Server: SSH-1.5-1.2.26][Plen Bins: 69,6,0,0,11,2,0,0,2,0,0,0,0,0,2,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 172.26.219.44:58639 <-> 172.30.69.103:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Malware/100][11 pkts/2011 bytes <-> 11 pkts/2203 bytes][Goodput ratio: 63/67][0.11 sec][Hostname/SNI: SSH-2.0-OpenSSH_6.1][bytes ratio: -0.046 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/7 39/41 12/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/200 1026/770 270/223][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **** Client Contacted A Malware Host **][Risk Score: 300][Risk Info: Client contacted malware host / Found cipher arcfour128 / Found cipher arcfour128][TCP Fingerprint: 2_64_14600_2e3cee914fc1/Unknown][HASSH-C: D6593B3202A30B2AA9793A00F8647A0A][Server: SSH-1.99-OpenSSH_4.3][HASSH-S: 500033A73A293E7C36743693D0D4596B][Plen Bins: 31,15,15,0,15,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 ESP [2a01:e34:ef6f:4340:94be:5dac:c20a:d2a0]:0 -> [2001:1670:8:40a6:a08e:332b:aa69:18dc]:0 [VLAN: 121][proto: 117/ESP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 117/ESP, Confidence: DPI][DPI packets: 1][cat: Malware/100][1 pkts/346 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **** Client Contacted A Malware Host **][Risk Score: 170][Risk Info: Client contacted malware host / No server to client traffic / Entropy: 7.199 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,5 +24,7 @@ LLMNR 2 184 2
|
|||
|
||||
Acceptable 2 184 2
|
||||
|
||||
Network 2 184 2
|
||||
|
||||
1 UDP [fe80::356b:e047:3695:f741]:16765 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: ????????????][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP [fe80::7c0:e74e:87c3:5d93]:6741 -> [ff02::1:3]:5355 [proto: 154/LLMNR][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 154/LLMNR, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/92 bytes -> 0 pkts/0 bytes][Goodput ratio: 32/0][< 1 sec][Hostname/SNI: ????????????][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -32,6 +32,8 @@ CustomProtocolI 1 318 1
|
|||
Acceptable 7 4128 6
|
||||
Unrated 1 318 1
|
||||
|
||||
Unspecified 8 4446 7
|
||||
|
||||
1 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 2048/CustomProtocolE][IP: 2048/CustomProtocolE][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 2049/CustomProtocolF][IP: 2049/CustomProtocolF][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 1024/CustomProtocolD][IP: 1024/CustomProtocolD][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -26,6 +26,9 @@ CustomProtocolC 3 222 1
|
|||
|
||||
Acceptable 8 592 3
|
||||
|
||||
Unspecified 5 370 2
|
||||
Web 3 222 1
|
||||
|
||||
1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.459/TLS.CustomProtocolA][IP: 459/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 460/CustomProtocolB][IP: 460/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ Dazn 12 6675 3
|
|||
|
||||
Fun 12 6675 3
|
||||
|
||||
Streaming 12 6675 3
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 192.168.1.128 1
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ PROFINET_IO 16 6866 4
|
|||
|
||||
Acceptable 16 6866 4
|
||||
|
||||
IoT-Scada 16 6866 4
|
||||
|
||||
1 UDP 192.168.1.11:49155 -> 192.168.1.20:34964 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/3706 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][0.05 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/0 32/0 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 618/0 995/0 338/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 135][PLAIN TEXT (mrpdomain)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 192.168.1.20:49161 -> 192.168.1.11:49155 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][6 pkts/2464 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][0.07 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/0 37/0 17/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 411/0 846/0 308/0][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 135][Plen Bins: 0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.1.11:49154 -> 192.168.1.20:49162 [proto: 370.371/DCERPC.PROFINET_IO][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 370.371/DCERPC.PROFINET_IO, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/348 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 135][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -26,4 +26,6 @@ DHCP 1 342 1
|
|||
|
||||
Acceptable 1 342 1
|
||||
|
||||
Network 1 342 1
|
||||
|
||||
1 UDP 192.168.155.104:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][PLAIN TEXT (MK03862)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ Diameter 6 1980 1
|
|||
|
||||
Acceptable 6 1980 1
|
||||
|
||||
Network 6 1980 1
|
||||
|
||||
1 TCP 10.201.9.245:50957 <-> 10.201.9.11:3868 [proto: 237/Diameter][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 237/Diameter, Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/1174 bytes <-> 3 pkts/806 bytes][Goodput ratio: 86/80][0.09 sec][bytes ratio: 0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13/12 39/32 65/51 26/20][Pkt Len c2s/s2c min/avg/max/stddev: 362/226 391/269 414/290 22/30][PLAIN TEXT (1263278878147)][Plen Bins: 0,0,0,0,0,16,0,34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ DICOM 6 34720 4
|
|||
|
||||
Acceptable 6 34720 4
|
||||
|
||||
Health 6 34720 4
|
||||
|
||||
1 TCP 127.0.0.1:49541 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver testclient )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
2 TCP 127.0.0.1:52180 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver testclient )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
3 TCP 127.0.0.1:49531 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][1 pkts/739 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver testclient )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ DingTalk 16 4890 2
|
|||
|
||||
Acceptable 16 4890 2
|
||||
|
||||
Chat 16 4890 2
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.215.173.1 1
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ Discord 411 98410 34
|
|||
|
||||
Fun 411 98410 34
|
||||
|
||||
Collaborative 411 98410 34
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 10.0.2.15 1
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ Discord 40 4040 1
|
|||
|
||||
Fun 40 4040 1
|
||||
|
||||
Collaborative 40 4040 1
|
||||
|
||||
1 UDP 66.22.242.132:50001 <-> 5.36.141.228:54935 [VLAN: 1][proto: 58/Discord][IP: 58/Discord][Encrypted][Confidence: DPI][FPC: 58/Discord, Confidence: IP address][DPI packets: 3][cat: Collaborative/15][30 pkts/3110 bytes <-> 10 pkts/930 bytes][Goodput ratio: 43/37][24.00 sec][bytes ratio: 0.540 (Upload)][IAT c2s/s2c min/avg/max/stddev: 42/77 846/1740 1000/4217 343/1555][Pkt Len c2s/s2c min/avg/max/stddev: 72/68 104/93 110/118 14/25][Plen Bins: 25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ DLEP 4 467 3
|
|||
|
||||
Acceptable 4 467 3
|
||||
|
||||
Network 4 467 3
|
||||
|
||||
1 TCP 10.0.0.1:51762 <-> 10.0.0.2:854 [proto: 400/DLEP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 400/DLEP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/106 bytes <-> 1 pkts/211 bytes][Goodput ratio: 37/68][0.00 sec][PLAIN TEXT (emulated)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 10.0.0.2:44515 -> 10.0.0.1:854 [proto: 400/DLEP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 400/DLEP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/80 bytes -> 0 pkts/0 bytes][Goodput ratio: 47/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (emulated)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 10.0.0.1:57060 -> 224.0.0.117:854 [proto: 400/DLEP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 400/DLEP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][PLAIN TEXT (emulated)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -25,5 +25,7 @@ IEC62056 27 4247 2
|
|||
|
||||
Acceptable 27 4247 2
|
||||
|
||||
IoT-Scada 27 4247 2
|
||||
|
||||
1 TCP 192.168.137.20:60797 <-> 192.168.137.189:4060 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][10 pkts/2942 bytes <-> 8 pkts/520 bytes][Goodput ratio: 77/6][0.03 sec][bytes ratio: 0.700 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 13/5 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 294/65 1514/98 458/14][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 4059][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
|
||||
2 UDP 10.1.1.1:0 -> 10.2.2.2:4059 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 379/IEC62056, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][9 pkts/785 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][< 1 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 87/0 181/0 37/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (01234567)][Plen Bins: 55,22,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ QUIC 1 1230 1
|
|||
|
||||
Acceptable 1 1230 1
|
||||
|
||||
Web 1 1230 1
|
||||
|
||||
JA Host Stats:
|
||||
IP Address # JA4C
|
||||
1 193.167.0.252 1
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ DNP3 543 38754 8
|
|||
|
||||
Acceptable 543 38754 8
|
||||
|
||||
IoT-Scada 543 38754 8
|
||||
|
||||
1 TCP 10.0.0.8:2828 <-> 10.0.0.3:20000 [proto: 244/DNP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: IoT-Scada/31][60 pkts/4041 bytes <-> 78 pkts/7164 bytes][Goodput ratio: 17/38][121.83 sec][bytes ratio: -0.279 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 421/302 13044/8439 1926/1115][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 67/92 79/145 5/37][TCP Fingerprint: 2_128_65535_44bd01ba086e/Unknown][Plen Bins: 64,3,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 10.0.0.9:1080 <-> 10.0.0.3:20000 [proto: 244/DNP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: IoT-Scada/31][72 pkts/4659 bytes <-> 63 pkts/4692 bytes][Goodput ratio: 10/27][384.60 sec][bytes ratio: -0.004 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 4732/3049 75028/40127 13787/9968][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 65/74 81/147 7/16][TCP Fingerprint: 2_128_65535_44bd01ba086e/Unknown][Plen Bins: 96,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 10.0.0.8:1086 <-> 10.0.0.3:20000 [proto: 244/DNP3][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: IoT-Scada/31][57 pkts/3891 bytes <-> 36 pkts/2760 bytes][Goodput ratio: 17/28][70.37 sec][bytes ratio: 0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1467/2686 45001/45233 7093/9611][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 68/77 81/147 8/22][TCP Fingerprint: 2_128_65535_44bd01ba086e/Unknown][Plen Bins: 95,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,4 +24,6 @@ DNS 2 342 1
|
|||
|
||||
Acceptable 2 342 1
|
||||
|
||||
Network 2 342 1
|
||||
|
||||
1 UDP 192.168.2.225:45290 <-> 192.168.2.134:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/163 bytes <-> 1 pkts/179 bytes][Goodput ratio: 74/76][0.00 sec][Hostname/SNI: 4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt][0.0.0.0][DNS Id: 0xffd5][Risk: ** Susp DNS Traffic **** Susp Entropy **** Non-Printable/Invalid Chars Detected **** Minor Issues **][Risk Score: 170][Risk Info: DNS Record with zero TTL / Invalid chars detected in domain name / Entropy: 5.224 (Executable?) / Long DNS host name][PLAIN TEXT (sICN03)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ DNS 14 2170 7
|
|||
|
||||
Acceptable 14 2170 7
|
||||
|
||||
Network 14 2170 7
|
||||
|
||||
1 UDP [2001:b07:a3d:c112:b332:20d:89ab:105e]:41624 <-> [2001:4860:4860::8844]:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/106 bytes <-> 1 pkts/314 bytes][Goodput ratio: 41/80][0.01 sec][0.0.0.0][GeoLocation: mil][DNS Id: 0x9151][PLAIN TEXT (servers)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP [2a03:b0c0:2:d0::360:4001]:44924 <-> [2001:4860:4860::8888]:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/123 bytes <-> 1 pkts/256 bytes][Goodput ratio: 49/75][0.20 sec][Hostname/SNI: www.wikipedia.it][18.67.39.58][GeoLocation: ams][DNS Id: 0x2aa0][PLAIN TEXT (wikipedia)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 192.168.1.29:62500 <-> 8.8.4.4:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/234 bytes][Goodput ratio: 53/82][0.27 sec][Hostname/SNI: www.wikipedia.it][108.157.194.28][DNS Id: 0xca11][PLAIN TEXT (wikipedia)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue