mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-04-28 06:59:40 +00:00
Added NDPI_MISMATCHING_PROTOCOL_WITH_IP flow risk
Fixed host protocol matching Added NDPI_PROTOCOL_AKAMAI protocol
This commit is contained in:
Luca Deri
parent
9d22805954
commit
d69446893d
70 changed files with 839 additions and 626 deletions
|
|
@ -127,9 +127,9 @@ This risk indicates that the `SMB <https://en.wikipedia.org/wiki/Server_Message_
|
|||
|
||||
.. _Risk 021:
|
||||
|
||||
NDPI_FREE_21
|
||||
============
|
||||
Placeholder; not really used.
|
||||
NDPI_MISMATCHING_PROTOCOL_WITH_IP
|
||||
=================================
|
||||
This risk indicates that the nDPI protocol detected for this flow (e.g. Facebook), does not resolve to a numeric flow server IP address that matches the known IPs for such protocol (in the above example the IP address do not belong to Facebook/Meta).
|
||||
|
||||
.. _Risk 022:
|
||||
|
||||
|
|
|
|||
|
|
@ -496,7 +496,7 @@ typedef enum {
|
|||
NDPI_PROTOCOL_AWS_CLOUDFRONT = 464,
|
||||
NDPI_PROTOCOL_AWS_DYNAMODB = 465,
|
||||
NDPI_PROTOCOL_ESPN = 466,
|
||||
|
||||
NDPI_PROTOCOL_AKAMAI = 467,
|
||||
|
||||
#ifdef CUSTOM_NDPI_PROTOCOLS
|
||||
#include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
|
||||
|
|
|
|||
|
|
@ -106,7 +106,6 @@ typedef enum {
|
|||
2. Add the very same flow alert key to the table flow_alert_keys in scripts/lua/modules/alert_keys/flow_alert_keys.lua
|
||||
3. Add the risk to the array risk_enum_to_alert_type in src/FlowRiskAlerts.cpp
|
||||
4. Create a new file in scripts/lua/modules/alert_definitions/flow/ with the new alert risk defined
|
||||
5. Update scripts/lua/modules/alert_keys/flow_alert_keys.lua adding a new risk
|
||||
|
||||
Example: https://github.com/ntop/ntopng/commit/aecc1e3e6505a0522439dbb2b295a3703d3d0f9a
|
||||
*/
|
||||
|
|
@ -132,7 +131,7 @@ typedef enum {
|
|||
NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER,
|
||||
NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER,
|
||||
NDPI_SMB_INSECURE_VERSION, /* 20 */
|
||||
NDPI_FREE_21, /* FREE */
|
||||
NDPI_MISMATCHING_PROTOCOL_WITH_IP,
|
||||
NDPI_UNSAFE_PROTOCOL,
|
||||
NDPI_DNS_SUSPICIOUS_TRAFFIC,
|
||||
NDPI_TLS_MISSING_SNI,
|
||||
|
|
@ -1257,7 +1256,7 @@ typedef enum {
|
|||
typedef struct ndpi_proto_defaults {
|
||||
char protoName[32];
|
||||
ndpi_protocol_category_t protoCategory;
|
||||
u_int8_t isClearTextProto:1, isAppProtocol:1, isCustomProto:1, _notused:5;
|
||||
u_int8_t isClearTextProto:1, isAppProtocol:1, isCustomProto:1, performIPcheck:1, _notused:4;
|
||||
u_int16_t *subprotocols;
|
||||
u_int32_t subprotocol_count;
|
||||
u_int16_t protoId, dissector_idx;
|
||||
|
|
|
|||
|
|
@ -719,8 +719,8 @@ static ndpi_protocol_match host_match[] =
|
|||
{ "inbox.google.com", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
{ "google.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "google.com.", /* www.google.com.br */ "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "google.", /* google.com/.it/.de .. */ "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
{ "ggpht.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
|
||||
|
||||
|
|
|
|||
|
|
@ -67,6 +67,7 @@
|
|||
|
||||
#include "ndpi_content_match.c.inc"
|
||||
#include "ndpi_dga_match.c.inc"
|
||||
#include "inc_generated/ndpi_akamai_match.c.inc"
|
||||
#include "inc_generated/ndpi_azure_match.c.inc"
|
||||
#include "inc_generated/ndpi_tor_match.c.inc"
|
||||
#include "inc_generated/ndpi_tor_exit_nodes_match.c.inc"
|
||||
|
|
@ -183,7 +184,7 @@ static ndpi_risk_info ndpi_known_risks[] = {
|
|||
{ NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
|
||||
{ NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER, NDPI_RISK_MEDIUM, CLIENT_LOW_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
|
||||
{ NDPI_SMB_INSECURE_VERSION, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
|
||||
{ NDPI_FREE_21, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
|
||||
{ NDPI_MISMATCHING_PROTOCOL_WITH_IP, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
|
||||
{ NDPI_UNSAFE_PROTOCOL, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE },
|
||||
{ NDPI_DNS_SUSPICIOUS_TRAFFIC, NDPI_RISK_MEDIUM, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
|
||||
{ NDPI_TLS_MISSING_SNI, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
|
||||
|
|
@ -450,8 +451,8 @@ u_int16_t ndpi_map_ndpi_id_to_user_proto_id(struct ndpi_detection_module_struct
|
|||
NDPI_LOG_DBG2(ndpi_str, "[DEBUG] ***** %s(%u)\n", __FUNCTION__, ndpi_proto_id);
|
||||
#endif
|
||||
|
||||
if(!ndpi_str)
|
||||
return(0);
|
||||
if((!ndpi_str) || (ndpi_proto_id == NDPI_PROTOCOL_UNKNOWN))
|
||||
return(NDPI_PROTOCOL_UNKNOWN);
|
||||
|
||||
if(!ndpi_is_custom_protocol(ndpi_str, ndpi_proto_id))
|
||||
return(ndpi_proto_id);
|
||||
|
|
@ -703,10 +704,9 @@ static int ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_str
|
|||
u_int8_t is_custom_protocol) {
|
||||
int j;
|
||||
|
||||
|
||||
/* There is no real limit on protocols number/id; the hard limit being the u_int16_t
|
||||
data typer used for the ids...
|
||||
*/
|
||||
*/
|
||||
|
||||
if(protoId >= ndpi_str->proto_defaults_num_allocated) {
|
||||
int new_num;
|
||||
|
|
@ -721,8 +721,8 @@ static int ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_str
|
|||
NDPI_LOG_DBG(ndpi_str, "Realloc error\n");
|
||||
return -1;
|
||||
}
|
||||
memset(&new_ptr[ndpi_str->proto_defaults_num_allocated],
|
||||
'\0',
|
||||
|
||||
memset(&new_ptr[ndpi_str->proto_defaults_num_allocated], '\0',
|
||||
sizeof(ndpi_proto_defaults_t) * (new_num - ndpi_str->proto_defaults_num_allocated));
|
||||
ndpi_str->proto_defaults = new_ptr;
|
||||
ndpi_str->proto_defaults_num_allocated = new_num;
|
||||
|
|
@ -750,12 +750,14 @@ static int ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_str
|
|||
*/
|
||||
ndpi_str->proto_defaults[protoId].isAppProtocol = is_app_protocol;
|
||||
ndpi_str->proto_defaults[protoId].isCustomProto = is_custom_protocol;
|
||||
ndpi_str->proto_defaults[protoId].performIPcheck = 0;
|
||||
ndpi_str->proto_defaults[protoId].protoCategory = protoCategory;
|
||||
ndpi_str->proto_defaults[protoId].protoId = protoId;
|
||||
ndpi_str->proto_defaults[protoId].protoBreed = breed;
|
||||
ndpi_str->proto_defaults[protoId].qoeCategory = qoeCategory;
|
||||
ndpi_str->proto_defaults[protoId].subprotocols = NULL;
|
||||
ndpi_str->proto_defaults[protoId].subprotocol_count = 0;
|
||||
|
||||
for(j = 0; j < MAX_DEFAULT_PORTS; j++) {
|
||||
ndpi_str->proto_defaults[protoId].tcp_default_ports[j] = tcpDefPorts[j];
|
||||
ndpi_str->proto_defaults[protoId].udp_default_ports[j] = udpDefPorts[j];
|
||||
|
|
@ -2983,6 +2985,12 @@ static void init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_str
|
|||
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */,
|
||||
0);
|
||||
|
||||
ndpi_set_proto_defaults(ndpi_str, 1 , 1 , NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AKAMAI,
|
||||
"Akamai", NDPI_PROTOCOL_CATEGORY_DATABASE, NDPI_PROTOCOL_QOE_CATEGORY_UNSPECIFIED,
|
||||
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */ ,
|
||||
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */,
|
||||
0);
|
||||
|
||||
#ifdef CUSTOM_NDPI_PROTOCOLS
|
||||
#include "../../../nDPI-custom/custom_ndpi_main.c"
|
||||
#endif
|
||||
|
|
@ -3070,6 +3078,7 @@ int ac_domain_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) {
|
|||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -4230,7 +4239,7 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(struct ndpi_glob
|
|||
|
||||
*/
|
||||
load_string_based_protocols(ndpi_str);
|
||||
|
||||
|
||||
return(ndpi_str);
|
||||
}
|
||||
|
||||
|
|
@ -4286,6 +4295,9 @@ static int is_ip_list_enabled(struct ndpi_detection_module_struct *ndpi_str, int
|
|||
{
|
||||
if(ndpi_bitmask_is_set(&ndpi_str->cfg.ip_list_bitmask, protoId) == 0)
|
||||
return 0;
|
||||
|
||||
ndpi_str->proto_defaults[protoId].performIPcheck = 1;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -4341,6 +4353,10 @@ int ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str)
|
|||
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, host_protocol_list);
|
||||
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, host_protocol_list_6);
|
||||
|
||||
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_AKAMAI)) {
|
||||
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_akamai_protocol_list);
|
||||
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_akamai_protocol_list_6);
|
||||
}
|
||||
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_AMAZON_AWS)) {
|
||||
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_amazon_aws_protocol_list);
|
||||
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_amazon_aws_protocol_list_6);
|
||||
|
|
@ -6649,7 +6665,6 @@ void register_dissector(char *dissector_name, struct ndpi_detection_module_struc
|
|||
/* ******************************************************************** */
|
||||
|
||||
static int dissectors_init(struct ndpi_detection_module_struct *ndpi_str) {
|
||||
|
||||
struct call_function_struct *all_cb = NULL;
|
||||
|
||||
ndpi_str->callback_buffer = ndpi_calloc(NDPI_MAX_NUM_DISSECTORS, sizeof(struct call_function_struct));
|
||||
|
|
@ -8789,7 +8804,7 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_
|
|||
}
|
||||
}
|
||||
|
||||
return(ret);
|
||||
return(ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, ret));
|
||||
}
|
||||
|
||||
/* ********************************************************************************* */
|
||||
|
|
@ -9153,6 +9168,30 @@ static int is_unidir_traffic_exception(struct ndpi_flow_struct *flow) {
|
|||
|
||||
/* ********************************************************************************* */
|
||||
|
||||
bool ndpi_is_cnd_cloud_provider(u_int16_t proto_id) {
|
||||
switch(proto_id) {
|
||||
case NDPI_PROTOCOL_GOOGLE_CLOUD:
|
||||
case NDPI_PROTOCOL_CLOUDFLARE:
|
||||
case NDPI_PROTOCOL_AMAZON_AWS:
|
||||
case NDPI_PROTOCOL_AWS_COGNITO:
|
||||
case NDPI_PROTOCOL_AWS_API_GATEWAY:
|
||||
case NDPI_PROTOCOL_AWS_KINESIS:
|
||||
case NDPI_PROTOCOL_AWS_EC2:
|
||||
case NDPI_PROTOCOL_AWS_EMR:
|
||||
case NDPI_PROTOCOL_AWS_S3:
|
||||
case NDPI_PROTOCOL_AWS_CLOUDFRONT:
|
||||
case NDPI_PROTOCOL_AWS_DYNAMODB:
|
||||
case NDPI_PROTOCOL_TENCENT:
|
||||
case NDPI_PROTOCOL_AKAMAI:
|
||||
return(true);
|
||||
|
||||
default:
|
||||
return(false);
|
||||
}
|
||||
}
|
||||
|
||||
/* ********************************************************************************* */
|
||||
|
||||
static void internal_giveup(struct ndpi_detection_module_struct *ndpi_struct,
|
||||
struct ndpi_flow_struct *flow,
|
||||
ndpi_protocol *ret) {
|
||||
|
|
@ -9172,7 +9211,7 @@ static void internal_giveup(struct ndpi_detection_module_struct *ndpi_struct,
|
|||
or to have two more distinct logics...
|
||||
The/A critical point is that ndpi_detection_giveup() is public and it is always used by
|
||||
any programs linking to libnDPI: we must be sure to not change the external behavior
|
||||
*/
|
||||
*/
|
||||
|
||||
/* ***
|
||||
* *** We can't access ndpi_str->packet from this function!!
|
||||
|
|
@ -9192,6 +9231,148 @@ static void internal_giveup(struct ndpi_detection_module_struct *ndpi_struct,
|
|||
check_probing_attempt(ndpi_struct, flow);
|
||||
}
|
||||
|
||||
if(ndpi_struct->proto_defaults[ret->proto.app_protocol].performIPcheck
|
||||
&& (ret->proto.app_protocol != ret->protocol_by_ip)) {
|
||||
/* Handle exceptions */
|
||||
bool trigger_risk = false;
|
||||
|
||||
if((ret->proto.app_protocol != NDPI_PROTOCOL_UNKNOWN)
|
||||
&& (ret->protocol_by_ip != NDPI_PROTOCOL_UNKNOWN)) {
|
||||
/*
|
||||
Check if a known service is serverd by an IP that
|
||||
belong to the service organization
|
||||
*/
|
||||
|
||||
trigger_risk = true;
|
||||
|
||||
switch(ret->proto.app_protocol) {
|
||||
case NDPI_PROTOCOL_MSTEAMS_CALL:
|
||||
case NDPI_PROTOCOL_MSTEAMS:
|
||||
case NDPI_PROTOCOL_MS_OUTLOOK:
|
||||
case NDPI_PROTOCOL_MICROSOFT:
|
||||
case NDPI_PROTOCOL_MICROSOFT_365:
|
||||
switch(ret->protocol_by_ip) {
|
||||
case NDPI_PROTOCOL_MICROSOFT_AZURE:
|
||||
case NDPI_PROTOCOL_MS_OUTLOOK:
|
||||
case NDPI_PROTOCOL_MSTEAMS:
|
||||
trigger_risk = false;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case NDPI_PROTOCOL_AMAZON_AWS:
|
||||
switch(ret->protocol_by_ip) {
|
||||
case NDPI_PROTOCOL_AWS_COGNITO:
|
||||
case NDPI_PROTOCOL_AWS_API_GATEWAY:
|
||||
case NDPI_PROTOCOL_AWS_KINESIS:
|
||||
case NDPI_PROTOCOL_AWS_EC2:
|
||||
case NDPI_PROTOCOL_AWS_EMR:
|
||||
case NDPI_PROTOCOL_AWS_S3:
|
||||
case NDPI_PROTOCOL_AWS_CLOUDFRONT:
|
||||
case NDPI_PROTOCOL_AWS_DYNAMODB:
|
||||
trigger_risk = false;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case NDPI_PROTOCOL_FACEBOOK:
|
||||
case NDPI_PROTOCOL_FACEBOOK_MESSENGER:
|
||||
case NDPI_PROTOCOL_FACEBOOK_VOIP:
|
||||
case NDPI_PROTOCOL_FACEBOOK_REEL_STORY:
|
||||
if(ret->protocol_by_ip == NDPI_PROTOCOL_FACEBOOK)
|
||||
trigger_risk = false;
|
||||
break;
|
||||
|
||||
case NDPI_PROTOCOL_GMAIL:
|
||||
case NDPI_PROTOCOL_GOOGLE_MAPS:
|
||||
case NDPI_PROTOCOL_YOUTUBE:
|
||||
case NDPI_PROTOCOL_GOOGLE:
|
||||
case NDPI_PROTOCOL_YOUTUBE_UPLOAD:
|
||||
case NDPI_PROTOCOL_PLAYSTORE:
|
||||
switch(ret->protocol_by_ip) {
|
||||
case NDPI_PROTOCOL_GOOGLE_CLOUD:
|
||||
trigger_risk = false;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case NDPI_PROTOCOL_APPLE:
|
||||
case NDPI_PROTOCOL_APPLE_ICLOUD:
|
||||
case NDPI_PROTOCOL_APPLE_ITUNES:
|
||||
case NDPI_PROTOCOL_APPLESTORE:
|
||||
case NDPI_PROTOCOL_APPLE_PUSH:
|
||||
case NDPI_PROTOCOL_APPLE_SIRI:
|
||||
case NDPI_PROTOCOL_APPLETVPLUS:
|
||||
switch(ret->protocol_by_ip) {
|
||||
case NDPI_PROTOCOL_APPLE:
|
||||
case NDPI_PROTOCOL_AKAMAI:
|
||||
trigger_risk = false;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
trigger_risk = false;
|
||||
break;
|
||||
}
|
||||
} else if((ret->proto.app_protocol != NDPI_PROTOCOL_UNKNOWN)
|
||||
&& (ret->protocol_by_ip == NDPI_PROTOCOL_UNKNOWN)) {
|
||||
/*
|
||||
Check if a known service has an unknown IP
|
||||
Example www.apple.com is not handled by an Apple server
|
||||
*/
|
||||
switch(ret->proto.app_protocol) {
|
||||
/* Microsoft */
|
||||
case NDPI_PROTOCOL_MSTEAMS_CALL:
|
||||
case NDPI_PROTOCOL_MSTEAMS:
|
||||
case NDPI_PROTOCOL_MS_OUTLOOK:
|
||||
case NDPI_PROTOCOL_MICROSOFT:
|
||||
case NDPI_PROTOCOL_MICROSOFT_365:
|
||||
case NDPI_PROTOCOL_MICROSOFT_AZURE:
|
||||
/* Amazon */
|
||||
case NDPI_PROTOCOL_AMAZON_AWS:
|
||||
case NDPI_PROTOCOL_AWS_COGNITO:
|
||||
case NDPI_PROTOCOL_AWS_API_GATEWAY:
|
||||
case NDPI_PROTOCOL_AWS_KINESIS:
|
||||
case NDPI_PROTOCOL_AWS_EC2:
|
||||
case NDPI_PROTOCOL_AWS_EMR:
|
||||
case NDPI_PROTOCOL_AWS_S3:
|
||||
case NDPI_PROTOCOL_AWS_CLOUDFRONT:
|
||||
case NDPI_PROTOCOL_AWS_DYNAMODB:
|
||||
/* Meta */
|
||||
case NDPI_PROTOCOL_FACEBOOK:
|
||||
case NDPI_PROTOCOL_FACEBOOK_MESSENGER:
|
||||
case NDPI_PROTOCOL_FACEBOOK_VOIP:
|
||||
case NDPI_PROTOCOL_FACEBOOK_REEL_STORY:
|
||||
/* Google */
|
||||
case NDPI_PROTOCOL_GMAIL:
|
||||
case NDPI_PROTOCOL_GOOGLE_MAPS:
|
||||
case NDPI_PROTOCOL_YOUTUBE:
|
||||
case NDPI_PROTOCOL_GOOGLE:
|
||||
case NDPI_PROTOCOL_YOUTUBE_UPLOAD:
|
||||
case NDPI_PROTOCOL_PLAYSTORE:
|
||||
/* Apple */
|
||||
case NDPI_PROTOCOL_APPLE:
|
||||
case NDPI_PROTOCOL_APPLE_ICLOUD:
|
||||
case NDPI_PROTOCOL_APPLE_ITUNES:
|
||||
case NDPI_PROTOCOL_APPLESTORE:
|
||||
case NDPI_PROTOCOL_APPLE_PUSH:
|
||||
case NDPI_PROTOCOL_APPLE_SIRI:
|
||||
case NDPI_PROTOCOL_APPLETVPLUS:
|
||||
trigger_risk = true;
|
||||
break;
|
||||
|
||||
default:
|
||||
trigger_risk = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if(trigger_risk)
|
||||
ndpi_set_risk(ndpi_struct, flow, NDPI_MISMATCHING_PROTOCOL_WITH_IP,
|
||||
"nDPI protocol does not match the server IP address");
|
||||
}
|
||||
|
||||
/* TODO */
|
||||
(void)ret;
|
||||
}
|
||||
|
|
@ -10059,6 +10240,8 @@ static void check_proto_on_non_std_port_risk(struct ndpi_detection_module_struct
|
|||
}
|
||||
}
|
||||
|
||||
/* ************************************************************************************* */
|
||||
|
||||
static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detection_module_struct *ndpi_str,
|
||||
struct ndpi_flow_struct *flow,
|
||||
const unsigned char *packet_data,
|
||||
|
|
@ -11955,7 +12138,7 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_
|
|||
if((rc = ndpi_automa_match_string_subprotocol(ndpi_str, string_to_match, string_to_match_len, ret_match)) == NDPI_PROTOCOL_UNKNOWN) {
|
||||
string_to_match = (char*)ndpi_get_host_domain(ndpi_str, buf);
|
||||
string_to_match_len = strlen(string_to_match);
|
||||
|
||||
|
||||
/* In case of failure try the domain name as last resort */
|
||||
rc = ndpi_automa_match_string_subprotocol(ndpi_str, string_to_match, string_to_match_len, ret_match);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2259,8 +2259,8 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
|
|||
case NDPI_SMB_INSECURE_VERSION:
|
||||
return("SMB Insecure Vers");
|
||||
|
||||
case NDPI_FREE_21:
|
||||
return("FREE21");
|
||||
case NDPI_MISMATCHING_PROTOCOL_WITH_IP:
|
||||
return("Mismatching Protocol with server IP address");
|
||||
|
||||
case NDPI_UNSAFE_PROTOCOL:
|
||||
return("Unsafe Protocol");
|
||||
|
|
@ -2421,8 +2421,8 @@ const char* ndpi_risk2code(ndpi_risk_enum risk) {
|
|||
return STRINGIFY(NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER);
|
||||
case NDPI_SMB_INSECURE_VERSION:
|
||||
return STRINGIFY(NDPI_SMB_INSECURE_VERSION);
|
||||
case NDPI_FREE_21:
|
||||
return STRINGIFY(NDPI_FREE_21);
|
||||
case NDPI_MISMATCHING_PROTOCOL_WITH_IP:
|
||||
return STRINGIFY(NDPI_MISMATCHING_PROTOCOL_WITH_IP);
|
||||
case NDPI_UNSAFE_PROTOCOL:
|
||||
return STRINGIFY(NDPI_TLS_SUSPICIOUS_ESNI_USAGE);
|
||||
case NDPI_DNS_SUSPICIOUS_TRAFFIC:
|
||||
|
|
@ -2544,8 +2544,8 @@ ndpi_risk_enum ndpi_code2risk(const char* risk) {
|
|||
return(NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER);
|
||||
else if(strcmp(STRINGIFY(NDPI_SMB_INSECURE_VERSION), risk) == 0)
|
||||
return(NDPI_SMB_INSECURE_VERSION);
|
||||
else if(strcmp(STRINGIFY(NDPI_FREE_21), risk) == 0)
|
||||
return(NDPI_FREE_21);
|
||||
else if(strcmp(STRINGIFY(NDPI_MISMATCHING_PROTOCOL_WITH_IP), risk) == 0)
|
||||
return(NDPI_MISMATCHING_PROTOCOL_WITH_IP);
|
||||
else if(strcmp(STRINGIFY(NDPI_UNSAFE_PROTOCOL), risk) == 0)
|
||||
return(NDPI_UNSAFE_PROTOCOL);
|
||||
else if(strcmp(STRINGIFY(NDPI_DNS_SUSPICIOUS_TRAFFIC), risk) == 0)
|
||||
|
|
@ -2723,7 +2723,7 @@ const char *ndpi_risk_shortnames[NDPI_MAX_RISK] = {
|
|||
"ssh_obsolete_client",
|
||||
"ssh_obsolete_server",
|
||||
"smb_insecure_ver", /* NDPI_SMB_INSECURE_VERSION */
|
||||
"free21",
|
||||
"mismatching_hostname_with_ip",
|
||||
"unsafe_proto",
|
||||
"dns_susp",
|
||||
"tls_no_sni",
|
||||
|
|
|
|||
61
src/lib/third_party/src/ahocorasick.c
vendored
61
src/lib/third_party/src/ahocorasick.c
vendored
|
|
@ -46,7 +46,7 @@ typedef __kernel_size_t size_t;
|
|||
#include "../../../include/ndpi_replace_printf.h"
|
||||
|
||||
/* TODO: For different depth of node, number of outgoing edges differs
|
||||
considerably, It is efficient to use different chunk size for
|
||||
considerably, It is efficient to use different chunk size for
|
||||
different depths */
|
||||
|
||||
/* Private function prototype */
|
||||
|
|
@ -252,7 +252,7 @@ AC_ERROR_t ac_automata_add (AC_AUTOMATA_t * thiz, AC_PATTERN_t * patt)
|
|||
n = next;
|
||||
continue;
|
||||
}
|
||||
if(!(next = node_create_next(n, alpha)))
|
||||
if(!(next = node_create_next(n, alpha)))
|
||||
return ACERR_ERROR;
|
||||
next->id = ++thiz->id;
|
||||
thiz->all_nodes_num++;
|
||||
|
|
@ -279,7 +279,7 @@ AC_ERROR_t ac_automata_add (AC_AUTOMATA_t * thiz, AC_PATTERN_t * patt)
|
|||
|
||||
if(node_register_matchstr(n, patt, 0))
|
||||
return ACERR_ERROR;
|
||||
|
||||
|
||||
thiz->total_patterns++;
|
||||
|
||||
return ACERR_SUCCESS;
|
||||
|
|
@ -416,10 +416,36 @@ int ac_automata_exact_match(AC_PATTERNS_t *mp,int pos, AC_TEXT_t *txt) {
|
|||
break;
|
||||
}
|
||||
if(patterns->rep.at_end) {
|
||||
if(pos == txt->length)
|
||||
if(pos == txt->length)
|
||||
matched[2] = patterns, match_map |= 1 << i;
|
||||
break;
|
||||
}
|
||||
|
||||
{
|
||||
/*
|
||||
nDPI
|
||||
|
||||
Handle matches such as google. that should match
|
||||
google.it and google.com but not google.hello.com
|
||||
*/
|
||||
size_t len = strlen(patterns->astring);
|
||||
|
||||
if((len > 0) && (patterns->astring[len-1] == '.') /* google. */) {
|
||||
char *dot = strchr(&txt->astring[pos], '.');
|
||||
|
||||
if(dot != NULL) {
|
||||
/* We're happy to match google.com but not google.hello.com */
|
||||
|
||||
if(dot[1] == '0') {
|
||||
; /* google.com */
|
||||
} else {
|
||||
/* google.hello.com */
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
} /* end nDPI */
|
||||
|
||||
matched[3] = patterns, match_map |= 1 << i;
|
||||
} while(0);
|
||||
}
|
||||
|
|
@ -558,7 +584,7 @@ int ac_automata_search (AC_AUTOMATA_t * thiz,
|
|||
* Release all allocated memories to the automata
|
||||
* PARAMS:
|
||||
* AC_AUTOMATA_t * thiz: the pointer to the automata
|
||||
* free_pattern:
|
||||
* free_pattern:
|
||||
* 0 - free all struct w/o free pattern
|
||||
* 1 - free all struct and pattern
|
||||
* 2 - clean struct w/o free pattern
|
||||
|
|
@ -624,7 +650,7 @@ static void dump_node_header(AC_NODE_t * n, struct aho_dump_info *ai) {
|
|||
fprintf(ai->file," d:%d %c",n->depth, n->use ? '+':'-');
|
||||
ai->memcnt += sizeof(*n);
|
||||
if(n->matched_patterns) {
|
||||
ai->memcnt += sizeof(n->matched_patterns) +
|
||||
ai->memcnt += sizeof(n->matched_patterns) +
|
||||
n->matched_patterns->max*sizeof(n->matched_patterns->patterns[0]);
|
||||
}
|
||||
if(!n->use) { fprintf(ai->file,"\n"); return; }
|
||||
|
|
@ -830,7 +856,7 @@ static void node_release(AC_NODE_t * thiz, int free_pattern)
|
|||
if(thiz->root && (free_pattern & 0x4) == 0) return;
|
||||
|
||||
if(free_pattern & 1) node_release_pattern(thiz);
|
||||
|
||||
|
||||
if(thiz->matched_patterns) {
|
||||
acho_free(thiz->matched_patterns);
|
||||
thiz->matched_patterns = NULL;
|
||||
|
|
@ -846,7 +872,7 @@ static void node_release(AC_NODE_t * thiz, int free_pattern)
|
|||
#undef UNALIGNED /* Windows defined it but differently from what Aho expects */
|
||||
#define UNALIGNED(X) ((intptr_t)X & (__SIZEOF_LONG__ - 1))
|
||||
|
||||
#define LBLOCKSIZE __SIZEOF_LONG__
|
||||
#define LBLOCKSIZE __SIZEOF_LONG__
|
||||
|
||||
#if __SIZEOF_LONG__ == 4
|
||||
#define DETECTNULL(X) (((X) - 0x01010101UL) & ~(X) & 0x80808080UL)
|
||||
|
|
@ -975,20 +1001,20 @@ static AC_NODE_t *node_findbs_next_ac (AC_NODE_t * thiz, uint8_t alpha,int icase
|
|||
static int node_has_matchstr (AC_NODE_t * thiz, AC_PATTERN_t * newstr)
|
||||
{
|
||||
int i;
|
||||
|
||||
|
||||
if(!thiz->matched_patterns) return 0;
|
||||
|
||||
|
||||
for (i=0; i < thiz->matched_patterns->num; i++)
|
||||
{
|
||||
AC_PATTERN_t *str = &(thiz->matched_patterns->patterns[i]);
|
||||
|
||||
|
||||
if (str->length != newstr->length)
|
||||
continue;
|
||||
|
||||
|
||||
if(!memcmp(str->astring,newstr->astring,str->length))
|
||||
return 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -1061,7 +1087,7 @@ static int node_register_matchstr (AC_NODE_t * thiz, AC_PATTERN_t * str,int is_e
|
|||
if (thiz->matched_patterns->num >= thiz->matched_patterns->max) {
|
||||
AC_PATTERNS_t *new_mp = node_resize_mp(thiz->matched_patterns);
|
||||
if(!new_mp) return 1;
|
||||
thiz->matched_patterns = new_mp;
|
||||
thiz->matched_patterns = new_mp;
|
||||
}
|
||||
l = &thiz->matched_patterns->patterns[thiz->matched_patterns->num];
|
||||
l->astring = str->astring;
|
||||
|
|
@ -1124,7 +1150,7 @@ static int node_register_outgoing
|
|||
o = thiz->outgoing;
|
||||
|
||||
if(!o) return 1;
|
||||
|
||||
|
||||
if(o->degree >= o->max)
|
||||
{
|
||||
struct edge *new_o = node_resize_outgoing(thiz->outgoing,0);
|
||||
|
|
@ -1230,7 +1256,7 @@ static int node_range_edges (AC_AUTOMATA_t *thiz, AC_NODE_t * node)
|
|||
static inline void node_sort_edges (AC_NODE_t * thiz)
|
||||
{
|
||||
|
||||
acho_sort (thiz->outgoing, thiz->outgoing->degree,
|
||||
acho_sort (thiz->outgoing, thiz->outgoing->degree,
|
||||
node_edge_compare, node_edge_swap);
|
||||
}
|
||||
|
||||
|
|
@ -1299,4 +1325,3 @@ void ac_automata_get_stats(AC_AUTOMATA_t * thiz, struct ac_stats *stats)
|
|||
}
|
||||
|
||||
/* vim: set ts=4 sw=4 et : */
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ LRU cache tls_cert: 0/2/0 (insert/search/found)
|
|||
LRU cache mining: 0/1/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/6/0 (insert/search/found)
|
||||
Automa host: 4/2 (search/found)
|
||||
Automa host: 5/1 (search/found)
|
||||
Automa domain: 3/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ LRU cache stun: 30/0/0 (insert/search/found)
|
|||
LRU cache tls_cert: 0/4/0 (insert/search/found)
|
||||
LRU cache mining: 0/3/0 (insert/search/found)
|
||||
LRU cache msteams: 19/6/2 (insert/search/found)
|
||||
LRU cache fpc_dns: 16/41/28 (insert/search/found)
|
||||
Automa host: 95/75 (search/found)
|
||||
LRU cache fpc_dns: 15/41/28 (insert/search/found)
|
||||
Automa host: 97/73 (search/found)
|
||||
Automa domain: 85/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 2/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ LRU cache tls_cert: 0/2/0 (insert/search/found)
|
|||
LRU cache mining: 0/1/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/6/0 (insert/search/found)
|
||||
Automa host: 4/2 (search/found)
|
||||
Automa host: 5/1 (search/found)
|
||||
Automa domain: 3/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 1/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ LRU cache stun: 30/0/0 (insert/search/found)
|
|||
LRU cache tls_cert: 0/0/0 (insert/search/found)
|
||||
LRU cache mining: 0/3/0 (insert/search/found)
|
||||
LRU cache msteams: 19/6/6 (insert/search/found)
|
||||
LRU cache fpc_dns: 16/41/28 (insert/search/found)
|
||||
Automa host: 95/75 (search/found)
|
||||
LRU cache fpc_dns: 15/41/28 (insert/search/found)
|
||||
Automa host: 97/73 (search/found)
|
||||
Automa domain: 85/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 2/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ LRU cache tls_cert: 0/2/0 (insert/search/found)
|
|||
LRU cache mining: 0/1/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/6/0 (insert/search/found)
|
||||
Automa host: 4/2 (search/found)
|
||||
Automa host: 5/1 (search/found)
|
||||
Automa domain: 3/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ LRU cache tls_cert: 0/0/0 (insert/search/found)
|
|||
LRU cache mining: 0/3/0 (insert/search/found)
|
||||
LRU cache msteams: 17/6/6 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/41/0 (insert/search/found)
|
||||
Automa host: 68/52 (search/found)
|
||||
Automa host: 69/51 (search/found)
|
||||
Automa domain: 60/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ LRU cache tls_cert: 0/8/0 (insert/search/found)
|
|||
LRU cache mining: 0/15/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 14/37/13 (insert/search/found)
|
||||
Automa host: 246/71 (search/found)
|
||||
Automa host: 247/70 (search/found)
|
||||
Automa domain: 156/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 10/0 (search/found)
|
||||
|
|
@ -22,7 +22,7 @@ Patricia risk mask: 14/0 (search/found)
|
|||
Patricia risk mask IPv6: 6/0 (search/found)
|
||||
Patricia risk: 3/0 (search/found)
|
||||
Patricia risk IPv6: 25/0 (search/found)
|
||||
Patricia protocols: 287/57 (search/found)
|
||||
Patricia protocols: 286/58 (search/found)
|
||||
Patricia protocols IPv6: 50/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -33,7 +33,7 @@ Hash fp custom protos: 6/0 (search/found)
|
|||
|
||||
Unknown 19 5564 9
|
||||
DNS 17 1719 6
|
||||
HTTP 249 355379 34
|
||||
HTTP 253 357994 35
|
||||
MDNS 1 82 1
|
||||
NTP 1 90 1
|
||||
NetBIOS 26 2392 6
|
||||
|
|
@ -43,7 +43,7 @@ DHCP 24 8208 5
|
|||
QQ 30 6617 3
|
||||
TLS 124 28754 9
|
||||
DHCPV6 10 980 3
|
||||
Google 28 53166 3
|
||||
Google 24 50551 2
|
||||
LLMNR 91 6931 48
|
||||
PlayStore 2 1359 1
|
||||
GoogleServices 17 30330 1
|
||||
|
|
@ -132,7 +132,7 @@ JA Host Stats:
|
|||
55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: No ALPN / 192.168.115.75 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: aa7eafaa128c9b8a39bd010d912570a8][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Acceptable][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7/HTTP][Stack: HTTP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [proto: 7/HTTP][Stack: HTTP][IP: 461/AWS_EC2][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91/TLS][Stack: TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0]
|
||||
61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -157,7 +157,7 @@ JA Host Stats:
|
|||
80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][Stack: HTTP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -37,4 +37,4 @@ JA Host Stats:
|
|||
1 192.168.0.1 1
|
||||
|
||||
|
||||
1 TCP 192.168.0.1:64455 <-> 10.10.10.1:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][2 pkts/520 bytes <-> 2 pkts/1668 bytes][Goodput ratio: 43/82][< 1 sec][Hostname/SNI: www.bing.com][(Advertised) ALPNs: h2;http/1.1][TCP Fingerprint: 2_128_65535_0ac3cc2284b8/Unknown][TLSv1.2][JA4: t12d1909h2_d83cc789557e_652f19f1cfc7][Firefox][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
|
||||
1 TCP 192.168.0.1:64455 <-> 10.10.10.1:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][2 pkts/520 bytes <-> 2 pkts/1668 bytes][Goodput ratio: 43/82][< 1 sec][Hostname/SNI: www.bing.com][(Advertised) ALPNs: h2;http/1.1][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][TCP Fingerprint: 2_128_65535_0ac3cc2284b8/Unknown][TLSv1.2][JA4: t12d1909h2_d83cc789557e_652f19f1cfc7][Firefox][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 1/0 (search/found)
|
||||
Patricia risk IPv6: 5/0 (search/found)
|
||||
Patricia protocols: 88/28 (search/found)
|
||||
Patricia protocols: 87/29 (search/found)
|
||||
Patricia protocols IPv6: 10/0 (search/found)
|
||||
Hash malicious ja4: 18/0 (search/found)
|
||||
Hash malicious sha1: 5/0 (search/found)
|
||||
|
|
@ -124,7 +124,7 @@ JA Host Stats:
|
|||
56 UDP 192.168.2.16:40580 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/74 bytes <-> 1 pkts/90 bytes][Goodput ratio: 43/53][0.00 sec][Hostname/SNI: www.google.com][216.239.38.120][DNS Id: 0x843c][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 192.168.2.16:49510 -> 216.239.38.120:5228 [proto: 126/Google][Stack: Google][IP: 126/Google][Encrypted][Confidence: Match by IP][FPC: 239/GoogleServices, Confidence: DNS][DPI packets: 2][cat: Web/5][Breed: Acceptable][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
58 ICMPV6 [fe80::4e6a:f6ff:fe9f:f627]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][Stack: ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][2 pkts/140 bytes -> 0 pkts/0 bytes][Goodput ratio: 11/0][4.26 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
59 TCP 95.101.24.53:443 -> 192.168.2.17:50677 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
59 TCP 95.101.24.53:443 -> 192.168.2.17:50677 [proto: 91/TLS][Stack: TLS][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][1 pkts/90 bytes -> 0 pkts/0 bytes][Goodput ratio: 26/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
60 UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
61 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/87 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Hostname/SNI: _spotify-connect._tcp.local][_spotify-connect._tcp.local][PLAIN TEXT (spotify)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
62 ICMPV6 [::]:0 -> [ff02::1:ff9f:f627]:0 [proto: 102/ICMPV6][Stack: ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/78 bytes -> 0 pkts/0 bytes][Goodput ratio: 20/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Patricia risk mask: 10/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 3/0 (search/found)
|
||||
Patricia protocols: 125/7 (search/found)
|
||||
Patricia protocols: 122/10 (search/found)
|
||||
Patricia protocols IPv6: 6/0 (search/found)
|
||||
Hash malicious ja4: 7/0 (search/found)
|
||||
Hash malicious sha1: 4/0 (search/found)
|
||||
|
|
@ -70,11 +70,11 @@ JA Host Stats:
|
|||
4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][Breed: Safe][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: http/1.1 / SNI should always be present / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][nDPI Fingerprint: 0ab478f88458d4b7e389280db8733f0c][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i2204h1_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0]
|
||||
5 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 30/DTLS][Stack: DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 30/DTLS, Confidence: DPI][DPI packets: 4][cat: Web/5][Breed: Safe][14 pkts/2322 bytes <-> 15 pkts/3787 bytes][Goodput ratio: 75/83][0.24 sec][bytes ratio: -0.240 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 47/46 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 166/252 199/407 17/74][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLS (0100)][nDPI Fingerprint: 921dc05ee9400079c792f8162a9e9f3d][TLS (0100)][JA4: d00i010000_2cfe23c976cf_e3b0c44298fc][JA3S: cee68a158056f16c2d1b274dde4e2ec3][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,3,3,39,13,18,3,6,6,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][Stack: TLS.Slack][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 118/Slack, Confidence: DNS][DPI packets: 6][cat: Collaborative/15][Breed: Acceptable][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][nDPI Fingerprint: 34104aa1b54ff5ab855f9d5aea374abf][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1313h2_8b80da21ef18_e48c60694ef0][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
9 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][Stack: ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
10 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.151 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
12 TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.149 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0]
|
||||
13 UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
14 UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -114,7 +114,7 @@ JA Host Stats:
|
|||
48 UDP 10.0.0.227:63107 <-> 75.75.76.76:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/65 bytes <-> 1 pkts/140 bytes][Goodput ratio: 35/70][0.03 sec][Hostname/SNI: local][0.0.0.0][DNS Id: 0x1818][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (servers)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
49 UDP 10.0.0.227:64972 <-> 75.75.75.75:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/101 bytes <-> 1 pkts/101 bytes][Goodput ratio: 58/58][0.02 sec][Hostname/SNI: lb._dns-sd._udp.0.128.28.172.in-addr.arpa][0.0.0.0][DNS Id: 0x27c6][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
50 TCP 10.0.0.227:56865 <-> 10.0.0.149:8008 [proto: 161/CiscoVPN][Stack: CiscoVPN][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: VPN/2][Breed: Acceptable][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
51 TCP 10.0.0.227:56885 <-> 184.25.56.53:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][Breed: Acceptable][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
51 TCP 10.0.0.227:56885 <-> 184.25.56.53:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 3][cat: Web/5][Breed: Acceptable][2 pkts/132 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
52 UDP 10.0.0.227:61613 <-> 75.75.75.75:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/97 bytes <-> 1 pkts/97 bytes][Goodput ratio: 56/56][0.02 sec][Hostname/SNI: lb._dns-sd._udp.0.0.0.10.in-addr.arpa][0.0.0.0][DNS Id: 0xc25f][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
53 UDP 10.0.0.227:49781 <-> 75.75.75.75:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/69 bytes <-> 1 pkts/117 bytes][Goodput ratio: 39/64][0.02 sec][Hostname/SNI: apple.com][17.178.96.59][DNS Id: 0xa8df][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
54 UDP 10.0.0.227:52879 <-> 75.75.76.76:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/82 bytes <-> 1 pkts/98 bytes][Goodput ratio: 48/57][0.04 sec][Hostname/SNI: vco.pandion.viasat.com][8.37.102.91][DNS Id: 0x8c49][PLAIN TEXT (pandion)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 16/6 (search/found)
|
||||
Patricia protocols: 13/9 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
|
|
@ -46,11 +46,11 @@ JA Host Stats:
|
|||
|
||||
|
||||
1 TCP 1.37.34.211:443 <-> 10.142.92.57:49024 [VLAN: 113][proto: GTP:91.399/TLS.HuaweiCloud][Stack: TLS.HuaweiCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: ConnCheck/30][Breed: Safe][6 pkts/3926 bytes <-> 1 pkts/306 bytes][Goodput ratio: 83/64][0.59 sec][Hostname/SNI: connectivitycheck.platform.hicloud.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.855 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 117/0 207/0 96/0][Pkt Len c2s/s2c min/avg/max/stddev: 118/306 654/306 1458/306 599/0][nDPI Fingerprint: b671f73ea86ddbdb7a79bfe93c909014][TLSv1.2][JA4: t12d1009h1_a8cf61a50a39_b39be8c56a14][ServerNames: connectivitycheck.cbg-app.huawei.com,connectivitycheck.cbg-app.huawei.com.cn,connectivitycheck.cbg-app.huawei.asia,connectivitycheck.cbg-app.huawei.eu,connectivitycheck.cbg-app.huawei.ru,*.platform.dbankcloud.ru,*.platform.dbankcloud.cn,*.platform.hicloud.com,*.platform.dbankcloud.com][JA3S: afbc203706421f15554867b55caf16d6][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3][Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=connectivitycheck.cbg-app.huawei.com][Certificate SHA-1: 2B:33:9E:80:E7:3C:EC:31:78:B2:DD:DA:2D:39:7B:C5:0B:9E:B4:70][Validity: 2023-07-19 03:30:36 - 2024-08-19 03:30:35][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
|
||||
2 TCP 10.1.0.60:38024 <-> 92.123.101.121:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: ConnCheck/30][Breed: Acceptable][9 pkts/2198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 73/0][7.08 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: 0.935 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 885/0 3618/0 1162/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 244/74 294/74 93/0][URL: conn-service-eu-04.allawnos.com/generate204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (nGET /generate204 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 10.1.0.60:38024 <-> 92.123.101.121:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 10][cat: ConnCheck/30][Breed: Acceptable][9 pkts/2198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 73/0][7.08 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: 0.935 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 885/0 3618/0 1162/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 244/74 294/74 93/0][URL: conn-service-eu-04.allawnos.com/generate204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (nGET /generate204 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 10.1.0.60:49674 <-> 142.250.180.163:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 10][cat: ConnCheck/30][Breed: Acceptable][9 pkts/2079 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][7.05 sec][Hostname/SNI: www.google.eu][bytes ratio: 0.931 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 881/0 3584/0 1153/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 231/74 277/74 86/0][URL: www.google.eu/generate_204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 TCP 10.1.0.70:54612 <-> 142.250.180.138:80 [proto: 7.228/HTTP.PlayStore][Stack: HTTP.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 9][cat: ConnCheck/30][Breed: Safe][8 pkts/1838 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][3.67 sec][Hostname/SNI: play.googleapis.com][bytes ratio: 0.923 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 524/0 1824/0 607/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 230/74 283/74 92/0][URL: play.googleapis.com/generate_204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 10.1.0.60:46980 <-> 92.123.101.153:80 [proto: 7.26/HTTP.ntop][Stack: HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][6 pkts/632 bytes <-> 5 pkts/1191 bytes][Goodput ratio: 36/72][0.01 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: -0.307 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/4 5/7 2/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105/238 294/919 84/340][URL: conn-service-eu-04.allawnos.com/generate204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 TCP 10.1.0.60:38008 <-> 92.123.101.121:80 [proto: 7.26/HTTP.ntop][Stack: HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][5 pkts/566 bytes <-> 5 pkts/1191 bytes][Goodput ratio: 40/72][0.03 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: -0.356 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 21/21 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/238 294/919 90/340][URL: conn-service-eu-04.allawnos.com/generate204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 10.1.0.60:46980 <-> 92.123.101.153:80 [proto: 7.26/HTTP.ntop][Stack: HTTP.ntop][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][6 pkts/632 bytes <-> 5 pkts/1191 bytes][Goodput ratio: 36/72][0.01 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: -0.307 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/4 5/7 2/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105/238 294/919 84/340][URL: conn-service-eu-04.allawnos.com/generate204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 TCP 10.1.0.60:38008 <-> 92.123.101.121:80 [proto: 7.26/HTTP.ntop][Stack: HTTP.ntop][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][5 pkts/566 bytes <-> 5 pkts/1191 bytes][Goodput ratio: 40/72][0.03 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: -0.356 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 21/21 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/238 294/919 90/340][URL: conn-service-eu-04.allawnos.com/generate204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 TCP 10.1.0.60:49642 <-> 142.250.180.163:80 [proto: 7.26/HTTP.ntop][Stack: HTTP.Google.ntop][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][5 pkts/549 bytes <-> 5 pkts/1174 bytes][Goodput ratio: 38/71][0.02 sec][Hostname/SNI: www.google.eu][bytes ratio: -0.363 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/5 6/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/235 277/902 84/334][URL: www.google.eu/generate_204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
8 TCP 10.1.0.60:49656 <-> 142.250.180.163:80 [proto: 7.26/HTTP.ntop][Stack: HTTP.Google.ntop][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][5 pkts/549 bytes <-> 5 pkts/1174 bytes][Goodput ratio: 38/71][0.01 sec][Hostname/SNI: www.google.eu][bytes ratio: -0.363 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/4 7/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/235 277/902 84/334][URL: www.google.eu/generate_204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
9 TCP 10.1.0.60:49658 <-> 142.250.180.163:80 [proto: 7.26/HTTP.ntop][Stack: HTTP.Google.ntop][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][5 pkts/549 bytes <-> 5 pkts/1174 bytes][Goodput ratio: 38/71][0.03 sec][Hostname/SNI: www.google.eu][bytes ratio: -0.363 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 15/21 5/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 110/235 277/902 84/334][URL: www.google.eu/generate_204][StatusCode: 302][Content-Type: text/html][Server: ntopng 6.1.240606 (x86_64)][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -1,13 +1,16 @@
|
|||
DPI Packets (TCP): 3 (1.00 pkts/flow)
|
||||
Confidence Match by custom rule: 3 (flows)
|
||||
Guessed flow protos: 1
|
||||
|
||||
DPI Packets (TCP): 5 (1.67 pkts/flow)
|
||||
Confidence Match by IP : 1 (flows)
|
||||
Confidence Match by custom rule: 2 (flows)
|
||||
Num dissector calls: 0 (0.00 diss/flow)
|
||||
LRU cache ookla: 0/0/0 (insert/search/found)
|
||||
LRU cache bittorrent: 0/0/0 (insert/search/found)
|
||||
LRU cache bittorrent: 0/3/0 (insert/search/found)
|
||||
LRU cache stun: 0/0/0 (insert/search/found)
|
||||
LRU cache tls_cert: 0/0/0 (insert/search/found)
|
||||
LRU cache mining: 0/0/0 (insert/search/found)
|
||||
LRU cache mining: 0/1/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/1/0 (insert/search/found)
|
||||
Automa host: 0/0 (search/found)
|
||||
Automa domain: 0/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
|
|
@ -30,11 +33,12 @@ CustomProtocolA 3 222 1
|
|||
CustomProtocolB 2 148 1
|
||||
CustomProtocolC 3 222 1
|
||||
|
||||
Acceptable 8 592 3
|
||||
Unrated 3 222 1
|
||||
Acceptable 5 370 2
|
||||
|
||||
Unspecified 5 370 2
|
||||
Web 3 222 1
|
||||
|
||||
1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.473/TLS.CustomProtocolA][Stack: TLS.CustomProtocolA][IP: 473/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: ed4184cfab060a404adb67ebea5b2f97][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][Stack: CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 474/CustomProtocolB][Stack: CustomProtocolB][IP: 474/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.474/TLS.CustomProtocolA][Stack: TLS.CustomProtocolA][IP: 474/CustomProtocolA][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: ed4184cfab060a404adb67ebea5b2f97][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][Stack: CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by IP][FPC: 800/CustomProtocolC, Confidence: IP address][DPI packets: 3][Breed: Unrated][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 475/CustomProtocolB][Stack: CustomProtocolB][IP: 475/CustomProtocolB][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ Patricia risk mask: 2/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 268/116 (search/found)
|
||||
Patricia protocols: 267/117 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 5/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -44,7 +44,7 @@ JA Host Stats:
|
|||
1 192.168.3.23 3
|
||||
|
||||
|
||||
1 TCP 192.168.3.23:43470 <-> 2.19.126.219:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][Breed: Fun][3 pkts/723 bytes <-> 5 pkts/3995 bytes][Goodput ratio: 71/92][0.05 sec][Hostname/SNI: file.booster.gearupportal.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.694 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/0 12/8 20/24 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/799 583/1506 242/643][nDPI Fingerprint: 8633978ed965731750eef94d246432dc][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
1 TCP 192.168.3.23:43470 <-> 2.19.126.219:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Fun][3 pkts/723 bytes <-> 5 pkts/3995 bytes][Goodput ratio: 71/92][0.05 sec][Hostname/SNI: file.booster.gearupportal.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.694 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/0 12/8 20/24 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/799 583/1506 242/643][nDPI Fingerprint: 8633978ed965731750eef94d246432dc][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
2 TCP 192.168.3.23:37119 <-> 104.16.159.112:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Fun][3 pkts/723 bytes <-> 5 pkts/3468 bytes][Goodput ratio: 71/90][0.18 sec][Hostname/SNI: mobile.booster.gearupportal.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 51/0 82/42 112/163 30/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/694 583/1506 242/669][nDPI Fingerprint: abd922c18c067ca5b3f9bcbe22ae1911][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
3 TCP 192.168.3.23:45668 <-> 104.16.159.112:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Fun][3 pkts/723 bytes <-> 5 pkts/3465 bytes][Goodput ratio: 71/90][0.04 sec][Hostname/SNI: log.booster.gearupportal.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 9/5 16/19 7/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/693 583/1506 242/670][nDPI Fingerprint: abd922c18c067ca5b3f9bcbe22ae1911][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
4 TCP 192.168.3.23:42942 <-> 104.18.53.166:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Fun][3 pkts/723 bytes <-> 5 pkts/3460 bytes][Goodput ratio: 71/90][0.08 sec][Hostname/SNI: abtest.sc.gearupportal.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.654 (Download)][IAT c2s/s2c min/avg/max/stddev: 21/0 28/15 36/57 8/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/692 583/1506 242/670][nDPI Fingerprint: 8633978ed965731750eef94d246432dc][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 6/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 9/3 (search/found)
|
||||
Patricia protocols: 8/4 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 5/0 (search/found)
|
||||
Hash malicious sha1: 3/0 (search/found)
|
||||
|
|
@ -48,7 +48,7 @@ JA Host Stats:
|
|||
|
||||
|
||||
1 TCP 194.226.199.61:27453 <-> 35.241.9.150:443 [proto: 91.125/TLS.Mozilla][Stack: TLS.Mozilla][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][36 pkts/3477 bytes <-> 42 pkts/37330 bytes][Goodput ratio: 44/94][171.42 sec][Hostname/SNI: firefox.settings.services.mozilla.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.830 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4196/3653 58250/58245 14929/14067][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 97/889 375/2878 73/1070][nDPI Fingerprint: 928424e934f386bb86d141f25fe4abbf][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t12d1410h2_c866b44c5a26_b5b8faed2b99][ServerNames: firefox.settings.services.mozilla.com,main-2-cdn.prod.kinto.prod.cloudops.mozgcp.net][JA3S: 9d9ce860f1b1cbef07b019450cb368d8][Issuer: C=US, O=Let's Encrypt, CN=R3][Subject: CN=main-2-cdn.prod.kinto.prod.cloudops.mozgcp.net][Certificate SHA-1: 30:0D:22:77:6E:DA:4E:99:3E:AF:8A:D0:5C:7D:97:51:8B:E6:22:11][Firefox][Validity: 2023-04-04 08:33:24 - 2023-07-03 08:33:23][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 49,16,2,0,3,3,1,0,1,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,11]
|
||||
2 TCP 194.226.199.61:6946 <-> 2.22.40.186:443 [proto: 91.183/TLS.Pinterest][Stack: TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][41 pkts/7780 bytes <-> 47 pkts/26668 bytes][Goodput ratio: 70/90][18.13 sec][Hostname/SNI: ru.pinterest.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.548 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 404/181 3512/2129 852/406][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 190/567 1514/2974 287/678][nDPI Fingerprint: aba5d0a8f961a4ec8f557e80f37f969f][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d1516h2_8daaf6152771_9b887d9acb53][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 50,9,1,5,0,0,0,0,2,0,0,0,0,1,0,0,1,1,0,4,0,0,0,0,1,1,2,0,0,0,0,4,1,0,0,0,1,0,0,0,0,0,0,0,0,12,0,1]
|
||||
2 TCP 194.226.199.61:6946 <-> 2.22.40.186:443 [proto: 91.183/TLS.Pinterest][Stack: TLS.Pinterest][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][41 pkts/7780 bytes <-> 47 pkts/26668 bytes][Goodput ratio: 70/90][18.13 sec][Hostname/SNI: ru.pinterest.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.548 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 404/181 3512/2129 852/406][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 190/567 1514/2974 287/678][nDPI Fingerprint: aba5d0a8f961a4ec8f557e80f37f969f][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d1516h2_8daaf6152771_9b887d9acb53][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 50,9,1,5,0,0,0,0,2,0,0,0,0,1,0,0,1,1,0,4,0,0,0,0,1,1,2,0,0,0,0,4,1,0,0,0,1,0,0,0,0,0,0,0,0,12,0,1]
|
||||
3 TCP 194.226.199.21:58155 <-> 52.18.127.189:443 [proto: 91/TLS][Stack: TLS][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 13][cat: Web/5][Breed: Safe][28 pkts/6789 bytes <-> 35 pkts/8995 bytes][Goodput ratio: 78/79][130.64 sec][Hostname/SNI: bitrix.info][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.140 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5498/4834 45102/45058 12717/11564][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 242/257 1547/2974 352/535][nDPI Fingerprint: ac1867928681fc04fd12abce7c094c79][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: bfc90d56141386ee83b56cda231cccfc][Chrome][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 46,22,6,6,0,0,0,0,0,0,1,0,6,0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1]
|
||||
4 TCP 194.226.199.103:62580 <-> 217.69.139.59:443 [proto: 91/TLS][Stack: TLS][IP: 22/VK][Encrypted][Confidence: DPI][FPC: 22/VK, Confidence: IP address][DPI packets: 15][cat: Web/5][Breed: Safe][22 pkts/2692 bytes <-> 16 pkts/10450 bytes][Goodput ratio: 55/92][7.28 sec][Hostname/SNI: portal.mail.ru][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.590 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 100/27 1559/213 357/70][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 122/653 623/2897 162/957][nDPI Fingerprint: 39a72d7829fd33f03e867c5ab1f708a7][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][TLSv1.2][JA4: t13d1714h2_5b57614c22b0_37205ffde759][ServerNames: *.mail.ru,mail.ru][JA3S: 2b33c1374db4ddf06942f92373c0b54b][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru][Certificate SHA-1: 9F:A2:43:EA:AA:62:15:13:44:0D:15:75:17:47:4C:6B:E5:8E:10:1E][Firefox][Validity: 2022-10-20 09:52:31 - 2023-11-21 09:52:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 68,0,0,5,0,0,0,0,11,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5]
|
||||
5 TCP 194.226.199.9:49756 <-> 92.223.106.21:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][9 pkts/1140 bytes <-> 8 pkts/5344 bytes][Goodput ratio: 54/91][0.28 sec][Hostname/SNI: moevideo.biz][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1;SSLv3][bytes ratio: -0.648 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/6 44/20 18/8][Pkt Len c2s/s2c min/avg/max/stddev: 56/60 127/668 571/2690 159/894][nDPI Fingerprint: 8523452234b2178807578cbfc1da1749][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d1613h1_1711a4c0508c_65df7edfe3b3][ServerNames: *.moevideo.biz,moevideo.biz][JA3S: d154fcfa5bb4f0748e1dd1992c681104][Issuer: C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4][Subject: CN=*.moevideo.biz][Certificate SHA-1: FF:0C:ED:41:2C:7C:DA:BA:89:FE:7E:09:4A:2B:62:26:A0:20:AC:53][Safari][Validity: 2023-04-04 15:59:15 - 2024-05-05 15:59:14][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 51,0,8,0,0,0,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8]
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ LRU cache tls_cert: 0/0/0 (insert/search/found)
|
|||
LRU cache mining: 0/0/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/1/0 (insert/search/found)
|
||||
Automa host: 1/1 (search/found)
|
||||
Automa host: 2/0 (search/found)
|
||||
Automa domain: 1/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 1/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ Patricia risk mask IPv6: 0/0 (search/found)
|
|||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 15/0 (search/found)
|
||||
Patricia protocols: 0/0 (search/found)
|
||||
Patricia protocols IPv6: 18/12 (search/found)
|
||||
Patricia protocols IPv6: 15/15 (search/found)
|
||||
Hash malicious ja4: 6/0 (search/found)
|
||||
Hash malicious sha1: 6/0 (search/found)
|
||||
Hash TCP fingerprints: 6/0 (search/found)
|
||||
|
|
@ -54,8 +54,8 @@ JA Host Stats:
|
|||
3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 12][cat: Network/14][Breed: Safe][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 26/88][0.17 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/11 64/27 19/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/715 298/1514 67/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][nDPI Fingerprint: bb8ae7a1557f389cf490bb6cdd74d84b][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612h1_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0]
|
||||
4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 12][cat: Network/14][Breed: Safe][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][Goodput ratio: 28/88][0.12 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.652 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/9 50/23 16/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/715 298/1514 70/608][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][nDPI Fingerprint: bb8ae7a1557f389cf490bb6cdd74d84b][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612h1_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,28,0,0,0]
|
||||
5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 10][cat: Network/14][Breed: Safe][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][Goodput ratio: 28/89][0.17 sec][Hostname/SNI: www.ntop.org][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][bytes ratio: -0.647 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/9 63/25 20/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 121/805 298/2754 70/929][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.ntop.org vs shop.ntop.org,www.shop.ntop.org][nDPI Fingerprint: bb8ae7a1557f389cf490bb6cdd74d84b][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612h1_94fc43e2fc61_c9eaec7dbab4][ServerNames: shop.ntop.org,www.shop.ntop.org][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org][Certificate SHA-1: FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34][Firefox][Validity: 2015-11-15 00:00:00 - 2018-11-14 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,16]
|
||||
6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][Stack: TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: SocialNetwork/6][Breed: Fun][7 pkts/960 bytes <-> 5 pkts/4227 bytes][Goodput ratio: 36/90][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 8/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/845 310/2942 83/1078][nDPI Fingerprint: bb8ae7a1557f389cf490bb6cdd74d84b][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612h1_94fc43e2fc61_c9eaec7dbab4][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,20,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20]
|
||||
7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][Stack: TLS.Facebook][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][6 pkts/874 bytes <-> 4 pkts/4141 bytes][Goodput ratio: 40/91][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/5 43/8 16/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/1035 310/3633 86/1503][nDPI Fingerprint: bb8ae7a1557f389cf490bb6cdd74d84b][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612h1_94fc43e2fc61_c9eaec7dbab4][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,25,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
||||
6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][Stack: TLS.Facebook][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 8][cat: SocialNetwork/6][Breed: Fun][7 pkts/960 bytes <-> 5 pkts/4227 bytes][Goodput ratio: 36/90][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 8/7 3/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/845 310/2942 83/1078][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][nDPI Fingerprint: bb8ae7a1557f389cf490bb6cdd74d84b][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612h1_94fc43e2fc61_c9eaec7dbab4][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,20,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20]
|
||||
7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/TLS.Facebook][Stack: TLS.Facebook][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][6 pkts/874 bytes <-> 4 pkts/4141 bytes][Goodput ratio: 40/91][0.06 sec][Hostname/SNI: s-static.ak.facebook.com][(Advertised) ALPNs: http/1.1;spdy/3.1;h2-14;h2][(Negotiated) ALPN: http/1.1][bytes ratio: -0.651 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/5 43/8 16/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/1035 310/3633 86/1503][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][nDPI Fingerprint: bb8ae7a1557f389cf490bb6cdd74d84b][TCP Fingerprint: 2_64_28800_83b2f9a5576c/Unknown][TLSv1.2][JA4: t12d1612h1_94fc43e2fc61_c9eaec7dbab4][ServerNames: *.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net][Certificate SHA-1: E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A][Firefox][Validity: 2015-08-12 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,25,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
||||
8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][7 pkts/860 bytes <-> 7 pkts/1353 bytes][Goodput ratio: 30/55][0.12 sec][bytes ratio: -0.223 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/6 30/30 13/12][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 123/193 268/592 62/172][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,57,0,0,0,28,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
9 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/QUIC][Stack: QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 3][cat: Web/5][Breed: Acceptable][2 pkts/359 bytes <-> 1 pkts/143 bytes][Goodput ratio: 65/56][0.07 sec][Plen Bins: 0,33,33,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.04 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -63,4 +63,4 @@ JA Host Stats:
|
|||
12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:58660 <-> [2a00:1450:4006:803::2008]:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
14 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:59690 <-> [2a00:1450:4001:803::1012]:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.02 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
15 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][Breed: Safe][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
15 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/TLS][Stack: TLS][IP: 467/Akamai][Encrypted][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][1 pkts/86 bytes <-> 1 pkts/86 bytes][Goodput ratio: 0/0][0.01 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Patricia risk mask: 12/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 60/16 (search/found)
|
||||
Patricia protocols: 58/18 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 11/0 (search/found)
|
||||
Hash malicious sha1: 4/0 (search/found)
|
||||
|
|
@ -64,9 +64,9 @@ JA Host Stats:
|
|||
5 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][Stack: HTTP.Instagram][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.211/HTTP.Instagram, Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][Breed: Fun][24 pkts/1837 bytes <-> 34 pkts/48383 bytes][Goodput ratio: 14/95][0.51 sec][Hostname/SNI: photos-g.ak.instagram.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/0 321/2 76/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/186 77/1423 319/1484 51/249][URL: photos-g.ak.instagram.com/hphotos-ak-xaf1/t51.2885-15/e15/11386524_110257619317430_379513654_n.jpg][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Instagram 7.1.1 Android (19/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)][PLAIN TEXT (GET /hphotos)][Plen Bins: 0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,91,0,0,0]
|
||||
6 TCP 192.168.0.103:33936 <-> 31.13.93.52:443 [proto: 91/TLS][Stack: TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][34 pkts/5555 bytes <-> 34 pkts/40133 bytes][Goodput ratio: 60/94][10.06 sec][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 364/362 7669/7709 1462/1472][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/1180 1431/1464 318/495][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,2,0,0,0,0,0,5,0,2,0,0,0,0,0,0,2,0,0,0,2,76,0,0,0,0]
|
||||
7 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][Stack: HTTP][IP: 119/Facebook][ClearText][Confidence: Match by port][FPC: 119/Facebook, Confidence: IP address][DPI packets: 17][cat: Web/5][Breed: Acceptable][26 pkts/38064 bytes <-> 14 pkts/924 bytes][Goodput ratio: 95/0][0.02 sec][bytes ratio: 0.953 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 1/2 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 1464/66 1464/66 1464/66 0/0][PLAIN TEXT (dnlN/L)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0]
|
||||
8 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 21][cat: Web/5][Breed: Acceptable][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][Goodput ratio: 96/0][0.04 sec][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 7/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484/66 1484/66 0/0][PLAIN TEXT (inOCIM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0]
|
||||
8 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 21][cat: Web/5][Breed: Acceptable][25 pkts/37100 bytes <-> 24 pkts/1584 bytes][Goodput ratio: 96/0][0.04 sec][bytes ratio: 0.918 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 7/7 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 1484/66 1484/66 1484/66 0/0][PLAIN TEXT (inOCIM)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0]
|
||||
9 TCP 192.168.0.103:33976 <-> 77.67.29.17:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 18][cat: Web/5][Breed: Acceptable][14 pkts/924 bytes <-> 20 pkts/28115 bytes][Goodput ratio: 0/95][7.36 sec][bytes ratio: -0.936 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 735/0 7321/3 2195/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/1406 66/1484 0/309][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.832 (Encrypted or Random?)][PLAIN TEXT (dGQaNFV)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,94,0,0,0]
|
||||
10 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Web/5][Breed: Acceptable][16 pkts/22931 bytes <-> 9 pkts/594 bytes][Goodput ratio: 95/0][0.02 sec][bytes ratio: 0.950 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 5/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 671/66 1433/66 1484/66 197/0][PLAIN TEXT (DD.DOo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0]
|
||||
10 TCP 92.122.48.138:80 <-> 192.168.0.103:41562 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 16][cat: Web/5][Breed: Acceptable][16 pkts/22931 bytes <-> 9 pkts/594 bytes][Goodput ratio: 95/0][0.02 sec][bytes ratio: 0.950 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 5/4 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 671/66 1433/66 1484/66 197/0][PLAIN TEXT (DD.DOo)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0,0]
|
||||
11 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/TLS.Instagram][Stack: TLS.Instagram][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 211/Instagram, Confidence: DNS][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][10 pkts/1369 bytes <-> 9 pkts/7971 bytes][Goodput ratio: 51/92][0.19 sec][Hostname/SNI: igcdn-photos-g-a.akamaihd.net][bytes ratio: -0.707 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/23 56/88 18/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/886 375/1484 114/640][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][nDPI Fingerprint: a5bb4e838c2002745dd8bb298c2b40df][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net][JA3S: 34d6f0ad0a79e4cfdf145e640cc93f78][Issuer: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1][Subject: C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net][Certificate SHA-1: EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23][Validity: 2015-06-19 16:52:07 - 2016-06-19 16:52:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,0,0,0,10,10,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,40,0,0,0]
|
||||
12 TCP 192.168.2.17:49358 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][Stack: TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 8][cat: SocialNetwork/6][Breed: Fun][7 pkts/1506 bytes <-> 10 pkts/7394 bytes][Goodput ratio: 68/91][0.20 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/21 12/155 5/51][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 215/739 595/1454 209/621][nDPI Fingerprint: 9987515d104129d09d32045749b74655][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.3 (Fizz)][JA4: t00d0309h1_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,0,10,10,0,0,0,0,0,0,10,0,0,10,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0]
|
||||
13 TCP 192.168.2.17:49360 <-> 31.13.86.52:443 [proto: 91.211/TLS.Instagram][Stack: TLS.Instagram][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 119/Facebook, Confidence: IP address][DPI packets: 8][cat: SocialNetwork/6][Breed: Fun][6 pkts/1422 bytes <-> 10 pkts/7098 bytes][Goodput ratio: 71/91][0.03 sec][Hostname/SNI: scontent-mxp1-1.cdninstagram.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.3 (Fizz)][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/2 14/16 6/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237/710 592/1454 213/633][nDPI Fingerprint: 9987515d104129d09d32045749b74655][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.3 (Fizz)][JA4: t00d0309h1_55b375c5d22e_2d3f7b9fe3d5][JA3S: fcb2d4d0991292272fcb1e464eedfd43][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,10,0,0,0,0,0,10,0,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 1/0 (search/found)
|
||||
Patricia risk IPv6: 5/0 (search/found)
|
||||
Patricia protocols: 82/10 (search/found)
|
||||
Patricia protocols: 77/15 (search/found)
|
||||
Patricia protocols IPv6: 10/0 (search/found)
|
||||
Hash malicious ja4: 14/0 (search/found)
|
||||
Hash malicious sha1: 7/0 (search/found)
|
||||
|
|
@ -65,15 +65,15 @@ JA Host Stats:
|
|||
1 TCP 192.168.2.17:50581 <-> 17.248.185.87:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Acceptable][56 pkts/68759 bytes <-> 21 pkts/9571 bytes][Goodput ratio: 95/85][2.03 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/111 655/803 103/219][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1228/456 1506/1506 541/618][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F][Safari][Validity: 2019-12-09 19:35:05 - 2021-01-07 19:45:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,90,0,0]
|
||||
2 TCP 192.168.2.17:50575 <-> 17.248.185.140:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 10][cat: Web/5][Breed: Acceptable][13 pkts/3193 bytes <-> 12 pkts/11035 bytes][Goodput ratio: 73/93][0.81 sec][Hostname/SNI: p26-fmfmobile.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/63 154/164 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 246/920 1224/1506 340/643][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2][Safari][Validity: 2019-12-09 19:44:02 - 2021-01-07 19:54:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,48,0,0]
|
||||
3 TCP 192.168.2.17:50580 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][25 pkts/5755 bytes <-> 20 pkts/8110 bytes][Goodput ratio: 71/84][2.03 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 86/55 651/521 172/132][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 230/406 1128/1506 292/508][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,32,8,0,8,4,0,0,0,0,0,8,0,0,0,0,8,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,12,0,0]
|
||||
4 TCP 192.168.2.17:50587 <-> 92.123.77.26:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][Breed: Fun][19 pkts/4724 bytes <-> 15 pkts/7108 bytes][Goodput ratio: 73/86][0.49 sec][Hostname/SNI: play.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/17 146/147 52/42][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 249/474 1506/1506 367/538][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 5,23,11,0,0,0,0,0,11,0,0,0,5,0,0,5,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0]
|
||||
5 TCP 192.168.2.17:50588 <-> 95.101.24.53:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][Breed: Fun][16 pkts/3753 bytes <-> 12 pkts/7714 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: sync.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 37/56 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/643 1506/1506 366/607][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 6,18,12,0,0,0,0,0,12,0,0,0,0,0,0,6,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,25,0,0]
|
||||
6 TCP 192.168.2.17:50576 <-> 95.101.25.53:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][15 pkts/2056 bytes <-> 12 pkts/8828 bytes][Goodput ratio: 49/91][0.38 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.622 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/22 36/80 13/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/736 583/1506 158/574][nDPI Fingerprint: 3b04572144a728c2faccf30986f300fa][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,7,0,31,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,15,0,0,0,0,15,0,0]
|
||||
4 TCP 192.168.2.17:50587 <-> 92.123.77.26:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][Breed: Fun][19 pkts/4724 bytes <-> 15 pkts/7108 bytes][Goodput ratio: 73/86][0.49 sec][Hostname/SNI: play.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/17 146/147 52/42][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 249/474 1506/1506 367/538][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 5,23,11,0,0,0,0,0,11,0,0,0,5,0,0,5,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0]
|
||||
5 TCP 192.168.2.17:50588 <-> 95.101.24.53:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][Breed: Fun][16 pkts/3753 bytes <-> 12 pkts/7714 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: sync.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 37/56 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/643 1506/1506 366/607][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 6,18,12,0,0,0,0,0,12,0,0,0,0,0,0,6,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,25,0,0]
|
||||
6 TCP 192.168.2.17:50576 <-> 95.101.25.53:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][15 pkts/2056 bytes <-> 12 pkts/8828 bytes][Goodput ratio: 49/91][0.38 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.622 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/22 36/80 13/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/736 583/1506 158/574][nDPI Fingerprint: 3b04572144a728c2faccf30986f300fa][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,7,0,31,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,15,0,0,0,0,15,0,0]
|
||||
7 TCP 192.168.2.17:50584 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][18 pkts/3421 bytes <-> 14 pkts/6608 bytes][Goodput ratio: 65/86][1.06 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.318 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/19 167/155 58/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 190/472 1084/1506 257/577][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,5,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
|
||||
8 TCP 192.168.2.17:50586 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][17 pkts/3443 bytes <-> 13 pkts/6470 bytes][Goodput ratio: 67/87][0.54 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.305 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/20 162/160 58/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/498 1084/1506 268/585][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,0,0,5,0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
|
||||
9 TCP 192.168.2.17:50583 <-> 104.73.61.30:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][7 pkts/1003 bytes <-> 7 pkts/6968 bytes][Goodput ratio: 51/93][0.19 sec][Hostname/SNI: cl4.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.748 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/9 123/46 46/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143/995 583/1506 180/593][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,33,0,0]
|
||||
9 TCP 192.168.2.17:50583 <-> 104.73.61.30:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][7 pkts/1003 bytes <-> 7 pkts/6968 bytes][Goodput ratio: 51/93][0.19 sec][Hostname/SNI: cl4.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.748 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/9 123/46 46/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143/995 583/1506 180/593][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,33,0,0]
|
||||
10 TCP 192.168.2.17:50579 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][12 pkts/1803 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217/22 1961/130 583/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 150/674 583/1506 169/571][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
11 TCP 192.168.2.17:50578 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][12 pkts/1781 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 227/22 1825/131 537/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 148/674 583/1506 166/571][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
12 TCP 192.168.2.17:50582 <-> 92.122.252.82:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][6 pkts/925 bytes <-> 6 pkts/5702 bytes][Goodput ratio: 56/93][0.17 sec][Hostname/SNI: iphone-ld.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.721 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/25 122/123 49/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/950 583/1506 192/630][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,40,0,0]
|
||||
12 TCP 192.168.2.17:50582 <-> 92.122.252.82:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][6 pkts/925 bytes <-> 6 pkts/5702 bytes][Goodput ratio: 56/93][0.17 sec][Hostname/SNI: iphone-ld.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.721 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/25 122/123 49/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/950 583/1506 192/630][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,40,0,0]
|
||||
13 TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][nDPI Fingerprint: 3b04572144a728c2faccf30986f300fa][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
|
||||
14 TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][Hostname/SNI: gsa.apple.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][nDPI Fingerprint: 92587104b60337422ac6966cdaf76f9e][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h1_2802a3db6c62_845d286b0d67][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
|
||||
15 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2394 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.15 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1022/0 7191/0 8962/0 2834/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (iPhone)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 24/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 59/2 (search/found)
|
||||
Patricia protocols: 58/3 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 8/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -59,7 +59,7 @@ JA Host Stats:
|
|||
6 TCP 99.189.94.53:45702 -> 185.5.215.83:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: report.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (report.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 TCP 105.60.130.195:44642 -> 186.249.185.190:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
8 TCP 172.142.219.219:44644 -> 5.97.101.77:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
9 TCP 180.239.121.250:44636 -> 23.200.86.51:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
9 TCP 180.239.121.250:44636 -> 23.200.86.51:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
10 TCP 206.184.203.226:44640 -> 8.106.2.77:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
11 TCP 224.201.159.146:37898 -> 15.33.130.35:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: static.lagofast.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][Safari][PLAIN TEXT (static.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
12 TCP 236.82.25.211:45722 -> 237.191.110.161:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: report.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (report.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 21/1 (search/found)
|
||||
Patricia protocols: 20/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -39,7 +39,7 @@ VPN 89 77795 11
|
|||
4 UDP 192.168.0.102:60976 <-> 45.120.157.78:10007 [proto: 454/Mudfish][Stack: Mudfish][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][Breed: Acceptable][1 pkts/60 bytes <-> 1 pkts/43 bytes][Goodput ratio: 2/2][0.23 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 UDP 192.168.0.102:60976 <-> 58.228.231.36:10007 [proto: 454/Mudfish][Stack: Mudfish][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][Breed: Acceptable][1 pkts/60 bytes <-> 1 pkts/43 bytes][Goodput ratio: 2/2][0.28 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 UDP 192.168.0.102:60976 <-> 108.181.0.36:10007 [proto: 454/Mudfish][Stack: Mudfish][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][Breed: Acceptable][1 pkts/60 bytes <-> 1 pkts/43 bytes][Goodput ratio: 2/2][0.16 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 UDP 192.168.0.102:60976 <-> 172.233.67.67:10007 [proto: 454/Mudfish][Stack: Mudfish][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][Breed: Acceptable][1 pkts/60 bytes <-> 1 pkts/43 bytes][Goodput ratio: 2/2][0.33 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 UDP 192.168.0.102:60976 <-> 172.233.67.67:10007 [proto: 454/Mudfish][Stack: Mudfish][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 2][cat: VPN/2][Breed: Acceptable][1 pkts/60 bytes <-> 1 pkts/43 bytes][Goodput ratio: 2/2][0.33 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
8 UDP 192.168.0.102:60976 <-> 180.149.230.60:10007 [proto: 454/Mudfish][Stack: Mudfish][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][Breed: Acceptable][1 pkts/60 bytes <-> 1 pkts/43 bytes][Goodput ratio: 2/2][0.26 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
9 UDP 192.168.0.102:60976 <-> 211.253.26.155:10007 [proto: 454/Mudfish][Stack: Mudfish][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][Breed: Acceptable][1 pkts/60 bytes <-> 1 pkts/43 bytes][Goodput ratio: 2/2][0.27 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
10 UDP 192.168.0.102:60977 <-> 46.173.30.40:10007 [proto: 454/Mudfish][Stack: Mudfish][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: VPN/2][Breed: Acceptable][1 pkts/60 bytes <-> 1 pkts/43 bytes][Goodput ratio: 2/2][0.16 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 6/0 (search/found)
|
||||
Patricia protocols: 4/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 3/0 (search/found)
|
||||
Hash malicious sha1: 2/0 (search/found)
|
||||
|
|
@ -38,5 +38,5 @@ JA Host Stats:
|
|||
|
||||
|
||||
1 TCP 10.215.173.1:42040 <-> 110.93.157.96:443 [proto: 91.433/TLS.Naver][Stack: TLS.Naver][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Web/5][Breed: Safe][4 pkts/753 bytes <-> 3 pkts/4526 bytes][Goodput ratio: 69/96][0.18 sec][Hostname/SNI: kr-col-ext.nelo.navercorp.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.715 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 90/136 271/272 128/136][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 188/1509 566/4410 218/2052][nDPI Fingerprint: fa1a9cbb22f2d27b7b061da1a1c96c2a][TCP Fingerprint: 2_64_65535_b8d6cf600040/Unknown][TLSv1.2][JA4: t13d3113h1_e8f1e7e78f70_1b3407e2c936][ServerNames: *.nelo.navercorp.com,*.slog.navercorp.com,slog.navercorp.com,*.nelo2.navercorp.com,nelo2.navercorp.com,*.nelo2-col.navercorp.com,nelo2-col.navercorp.com,nelo.navercorp.com][JA3S: 263c859c5391203d774bc0599793d915][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1][Subject: C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Corp., CN=*.nelo.navercorp.com][Certificate SHA-1: C0:F0:CB:37:C1:2D:17:DC:21:40:1D:14:10:E5:3B:78:0F:37:B6:EA][Firefox][Validity: 2024-06-18 00:00:00 - 2025-07-09 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
||||
2 TCP 10.215.173.1:45578 <-> 184.50.200.195:443 [proto: 91.433/TLS.Naver][Stack: TLS.Naver][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Web/5][Breed: Safe][4 pkts/753 bytes <-> 3 pkts/3930 bytes][Goodput ratio: 69/96][0.05 sec][Hostname/SNI: dthumb-phinf.pstatic.net][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 8/14 24/27 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 188/1310 566/3814 218/1771][nDPI Fingerprint: cf9c5cc19d943802b71268dad3d82ba5][TCP Fingerprint: 2_64_65535_b8d6cf600040/Unknown][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][ServerNames: *.pstatic.net,pstatic.net][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018][Subject: C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Cloud Corp., CN=*.pstatic.net][Certificate SHA-1: 97:14:4D:E1:78:70:D4:E8:6B:CD:80:41:48:2B:5E:D3:E8:34:7D:CB][Safari][Validity: 2024-08-26 00:00:00 - 2025-08-28 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
||||
3 TCP 10.215.173.1:40026 <-> 23.52.84.208:443 [proto: 91.433/TLS.Naver][Stack: TLS.Naver][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Safe][4 pkts/753 bytes <-> 4 pkts/3080 bytes][Goodput ratio: 69/93][0.06 sec][Hostname/SNI: m.naver.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.607 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 26/25 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 188/770 566/2910 218/1236][TCP Fingerprint: 2_64_65535_b8d6cf600040/Unknown][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
||||
2 TCP 10.215.173.1:45578 <-> 184.50.200.195:443 [proto: 91.433/TLS.Naver][Stack: TLS.Naver][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 7][cat: Web/5][Breed: Safe][4 pkts/753 bytes <-> 3 pkts/3930 bytes][Goodput ratio: 69/96][0.05 sec][Hostname/SNI: dthumb-phinf.pstatic.net][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 8/14 24/27 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 188/1310 566/3814 218/1771][nDPI Fingerprint: cf9c5cc19d943802b71268dad3d82ba5][TCP Fingerprint: 2_64_65535_b8d6cf600040/Unknown][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][ServerNames: *.pstatic.net,pstatic.net][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018][Subject: C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Cloud Corp., CN=*.pstatic.net][Certificate SHA-1: 97:14:4D:E1:78:70:D4:E8:6B:CD:80:41:48:2B:5E:D3:E8:34:7D:CB][Safari][Validity: 2024-08-26 00:00:00 - 2025-08-28 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
||||
3 TCP 10.215.173.1:40026 <-> 23.52.84.208:443 [proto: 91.433/TLS.Naver][Stack: TLS.Naver][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Safe][4 pkts/753 bytes <-> 4 pkts/3080 bytes][Goodput ratio: 69/93][0.06 sec][Hostname/SNI: m.naver.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.607 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 26/25 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 188/770 566/2910 218/1236][TCP Fingerprint: 2_64_65535_b8d6cf600040/Unknown][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 82/40 (search/found)
|
||||
Patricia protocols: 75/47 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 20/0 (search/found)
|
||||
Hash malicious sha1: 16/0 (search/found)
|
||||
|
|
@ -54,12 +54,12 @@ JA Host Stats:
|
|||
|
||||
|
||||
1 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.3.140][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0]
|
||||
2 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Goodput ratio: 17/95][42.46 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 425/43 3643/161 850/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1378 312/1514 59/421][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][Content-Type: image/webp][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /af)][Plen Bins: 0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
|
||||
2 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Goodput ratio: 17/95][42.46 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 425/43 3643/161 850/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1378 312/1514 59/421][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][Content-Type: image/webp][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /af)][Plen Bins: 0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
|
||||
3 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][Hostname/SNI: 23.246.11.145][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.145][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
|
||||
4 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][Goodput ratio: 69/93][38.50 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1640/1232 30390/30443 6288/5475][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 211/964 1514/1514 376/637][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,5,5,0,2,2,5,0,0,0,0,0,0,0,2,2,0,0,0,2,0,2,0,0,0,0,0,0,0,2,5,0,0,0,0,0,0,0,0,0,0,0,2,0,0,57,0,0]
|
||||
5 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Video/26][Breed: Fun][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Goodput ratio: 20/95][1.39 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 28/35 45/81 10/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/1414 311/1514 64/366][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /8b)][Plen Bins: 0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0]
|
||||
5 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Fun][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Goodput ratio: 20/95][1.39 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 28/35 45/81 10/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/1414 311/1514 64/366][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /8b)][Plen Bins: 0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0]
|
||||
6 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.141][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (czGET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0]
|
||||
7 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Video/26][Breed: Fun][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Goodput ratio: 31/95][2.07 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166/94 1389/1416 394/300][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/1337 311/1514 81/428][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /4e)][Plen Bins: 0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
|
||||
7 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Fun][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Goodput ratio: 31/95][2.07 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166/94 1389/1416 394/300][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/1337 311/1514 81/428][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /4e)][Plen Bins: 0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
|
||||
8 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 461/AWS_EC2][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 10][cat: Video/26][Breed: Fun][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Goodput ratio: 72/94][31.31 sec][Hostname/SNI: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092/21 30728/135 9212/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 242/1136 1514/1514 405/584][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: application/x-msl+json][Server: appboot-:7001 i-0b273b4c40f4e78a3][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (POST /appboot/NFAPPL)][Plen Bins: 0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,75,0,0]
|
||||
9 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.141][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
|
||||
10 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.133][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
|
||||
|
|
@ -77,12 +77,12 @@ JA Host Stats:
|
|||
22 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.133][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
|
||||
23 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][17 pkts/2227 bytes <-> 16 pkts/20481 bytes][Goodput ratio: 46/95][2.05 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.804 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/5 143/82 730/279 218/83][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 131/1280 578/1514 162/436][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.3.140][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (oMrLRiWL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,73,0,0]
|
||||
24 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][Goodput ratio: 86/86][0.92 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/54 282/127 72/35][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 486/491 1514/1514 603/610][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d13b20842ba6aba0b08d1d9b953b074e][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,15,0,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,0,0,0,0,0,0,5,37,0,0]
|
||||
25 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Video/26][Breed: Fun][6 pkts/636 bytes <-> 13 pkts/16794 bytes][Goodput ratio: 34/95][0.87 sec][Hostname/SNI: tp.akam.nflximg.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/27 41/71 80/192 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1292 282/1514 79/521][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][Content-Type: text/plain][Server: Apache][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][Risk: ** HTTP Susp Content **][Risk Score: 100][Risk Info: Susp content 89424946][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)][Plen Bins: 0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0]
|
||||
25 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Fun][6 pkts/636 bytes <-> 13 pkts/16794 bytes][Goodput ratio: 34/95][0.87 sec][Hostname/SNI: tp.akam.nflximg.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/27 41/71 80/192 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1292 282/1514 79/521][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][Content-Type: text/plain][Server: Apache][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][Risk: ** HTTP Susp Content **][Risk Score: 100][Risk Info: Susp content 89424946][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)][Plen Bins: 0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0]
|
||||
26 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 461/AWS_EC2][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 12][cat: Video/26][Breed: Fun][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Goodput ratio: 91/87][31.72 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2877/42 31088/123 8921/33][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714/500 1514/1514 676/651][URL: api-global.netflix.com/msl/nrdjs/2.1.2][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,0,0,72,0,0]
|
||||
27 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][Goodput ratio: 79/90][1.01 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/96 322/423 89/121][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 314/697 1514/1514 477/667][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d13b20842ba6aba0b08d1d9b953b074e][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 13,13,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,6,0,0,34,0,0]
|
||||
28 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][Goodput ratio: 76/84][38.49 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2129/2946 30585/30636 7105/8237][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 274/414 1514/1514 437/546][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,21,5,0,5,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0]
|
||||
29 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Goodput ratio: 26/94][32.06 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4565/34 30963/63 10780/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/1120 311/1514 72/644][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /87)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
|
||||
30 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][6 pkts/653 bytes <-> 10 pkts/12252 bytes][Goodput ratio: 37/95][0.33 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/13 43/34 101/70 35/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 109/1225 311/1514 91/578][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /5758)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
|
||||
29 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Goodput ratio: 26/94][32.06 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4565/34 30963/63 10780/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/1120 311/1514 72/644][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /87)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
|
||||
30 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][6 pkts/653 bytes <-> 10 pkts/12252 bytes][Goodput ratio: 37/95][0.33 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/13 43/34 101/70 35/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 109/1225 311/1514 91/578][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /5758)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
|
||||
31 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][Goodput ratio: 83/80][30.85 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1923/16 30431/72 7361/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382/327 1514/1514 559/501][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,24,5,0,0,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,31,0,0]
|
||||
32 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][9 pkts/1658 bytes <-> 10 pkts/11113 bytes][Goodput ratio: 62/94][0.68 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/5 73/76 356/206 117/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 184/1111 581/1514 211/518][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.141][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,9,9,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0]
|
||||
33 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][Goodput ratio: 83/81][30.38 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2017/14 30033/55 7488/20][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399/343 1514/1514 569/514][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,18,6,0,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,31,0,0]
|
||||
|
|
@ -95,7 +95,7 @@ JA Host Stats:
|
|||
40 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][Goodput ratio: 70/86][0.32 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 24/22 72/63 26/25][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/465 1514/1514 382/579][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d13b20842ba6aba0b08d1d9b953b074e][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,25,0,8,0,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
|
||||
41 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][Goodput ratio: 74/84][30.77 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/22 143/79 43/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 253/423 1514/1514 422/512][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,9,0,0,9,0,9,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,18,0,0]
|
||||
42 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Video/26][Breed: Fun][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][Goodput ratio: 36/84][30.93 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2373/20 30602/58 8149/26][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 104/417 309/1514 78/548][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,23,15,0,0,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
|
||||
43 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 9][cat: Video/26][Breed: Fun][19 pkts/2356 bytes <-> 8 pkts/4069 bytes][Goodput ratio: 46/87][0.12 sec][Hostname/SNI: art-s.nflximg.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/7 26/21 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/509 293/1514 58/602][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Firefox][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,28,39,0,5,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
|
||||
43 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 9][cat: Video/26][Breed: Fun][19 pkts/2356 bytes <-> 8 pkts/4069 bytes][Goodput ratio: 46/87][0.12 sec][Hostname/SNI: art-s.nflximg.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/7 26/21 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/509 293/1514 58/602][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Firefox][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,28,39,0,5,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
|
||||
44 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][5 pkts/698 bytes <-> 5 pkts/5198 bytes][Goodput ratio: 51/93][0.08 sec][Hostname/SNI: 23.246.10.139][bytes ratio: -0.763 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/1 18/14 35/35 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 140/1040 422/1514 141/603][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.10.139][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0]
|
||||
45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][Goodput ratio: 76/81][0.21 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/20 92/54 34/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283/355 1450/1066 419/413][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0]
|
||||
46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Fun][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][Goodput ratio: 39/69][30.71 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3064/6120 30486/30536 9141/12208][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 108/215 309/989 83/296][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,12,12,0,12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 17/3 (search/found)
|
||||
Patricia protocols: 15/5 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -32,11 +32,11 @@ Safe 344 73647 10
|
|||
|
||||
Network 344 73647 10
|
||||
|
||||
1 TCP 192.168.1.128:49034 <-> 23.12.96.145:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][24 pkts/3999 bytes <-> 22 pkts/8476 bytes][Goodput ratio: 29/69][117.30 sec][Hostname/SNI: ocsp.entrust.net][bytes ratio: -0.359 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5094/5187 10241/10241 4906/5058][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 167/385 505/1566 128/500][URL: ocsp.entrust.net/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (BHPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
|
||||
1 TCP 192.168.1.128:49034 <-> 23.12.96.145:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][24 pkts/3999 bytes <-> 22 pkts/8476 bytes][Goodput ratio: 29/69][117.30 sec][Hostname/SNI: ocsp.entrust.net][bytes ratio: -0.359 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5094/5187 10241/10241 4906/5058][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 167/385 505/1566 128/500][URL: ocsp.entrust.net/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (BHPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
|
||||
2 TCP 192.168.1.227:49813 <-> 109.70.240.130:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][10 pkts/2245 bytes <-> 13 pkts/8626 bytes][Goodput ratio: 51/84][65.14 sec][Hostname/SNI: ocsp07.actalis.it][bytes ratio: -0.587 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 28/36 10/15][Pkt Len c2s/s2c min/avg/max/stddev: 112/112 224/664 491/1566 171/540][URL: ocsp07.actalis.it/VA/AUTH-ROOT/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D][StatusCode: 200][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Microsoft-CryptoAPI/10.0][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /VA/AUTH)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,41,8,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
|
||||
3 TCP 192.168.1.128:47904 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][FPC: 288/Edgecast, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][27 pkts/4355 bytes <-> 23 pkts/5119 bytes][Goodput ratio: 27/47][166.99 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 6194/7858 10240/10240 4838/4216][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 161/223 505/917 122/269][URL: ocsp.digicert.com/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CEA)][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 TCP 192.168.1.128:54154 <-> 142.250.184.99:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][26 pkts/3864 bytes <-> 24 pkts/4244 bytes][Goodput ratio: 20/33][193.02 sec][Hostname/SNI: ocsp.pki.goog][bytes ratio: -0.047 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/7 7460/8270 10243/10242 4397/3814][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 149/177 512/820 105/194][URL: ocsp.pki.goog/gts1o1core][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ocsp_responder][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (POST /gts)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 192.168.1.128:43728 <-> 92.122.95.235:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][19 pkts/3022 bytes <-> 17 pkts/3792 bytes][Goodput ratio: 26/47][123.97 sec][Hostname/SNI: r3.o.lencr.org][bytes ratio: -0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 6898/7491 10244/10244 4464/4342][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 159/223 504/1007 118/286][URL: r3.o.lencr.org/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (xPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 192.168.1.128:43728 <-> 92.122.95.235:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][19 pkts/3022 bytes <-> 17 pkts/3792 bytes][Goodput ratio: 26/47][123.97 sec][Hostname/SNI: r3.o.lencr.org][bytes ratio: -0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 6898/7491 10244/10244 4464/4342][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 159/223 504/1007 118/286][URL: r3.o.lencr.org/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (xPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 TCP 192.168.1.128:59922 <-> 151.101.2.133:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][18 pkts/2533 bytes <-> 17 pkts/4012 bytes][Goodput ratio: 16/50][115.14 sec][Hostname/SNI: ocsp.globalsign.com][bytes ratio: -0.226 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6576/7043 10240/10240 4898/4566][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 141/236 519/1462 92/343][URL: ocsp.globalsign.com/gsrsaovsslca2018][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (JiZPOST /gsrsaovsslca)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0]
|
||||
7 TCP 192.168.1.128:45514 <-> 109.70.240.114:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][12 pkts/1823 bytes <-> 12 pkts/3749 bytes][Goodput ratio: 22/62][65.05 sec][Hostname/SNI: ocsp09.actalis.it][bytes ratio: -0.346 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5666/5124 10241/10241 5060/5116][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 152/312 517/1566 110/448][URL: ocsp09.actalis.it/VA/AUTHOV-G3][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (POST /VA/AUTHOV)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
|
||||
8 TCP 192.168.1.128:49382 <-> 52.85.15.92:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 464/AWS_Cloudfront, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][17 pkts/2410 bytes <-> 15 pkts/2784 bytes][Goodput ratio: 16/36][115.66 sec][Hostname/SNI: ocsp.sca1b.amazontrust.com][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 7320/8368 10240/10240 4401/3916][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 142/186 514/1124 93/251][URL: ocsp.sca1b.amazontrust.com/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (dcb/7F3B)][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (KPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ LRU cache tls_cert: 0/2/0 (insert/search/found)
|
|||
LRU cache mining: 0/1/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/6/0 (insert/search/found)
|
||||
Automa host: 4/2 (search/found)
|
||||
Automa host: 5/1 (search/found)
|
||||
Automa domain: 3/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 1/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -67,108 +67,108 @@ JA Host Stats:
|
|||
6 UDP 52.187.20.175:57066 -> 108.171.138.182:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
7 UDP 52.187.20.175:61089 -> 99.42.133.245:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.13 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
8 UDP 52.187.20.175:61286 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
9 UDP 52.187.20.175:61484 -> 202.152.155.121:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: ogs.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (BWtJ6@)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
9 UDP 52.187.20.175:61484 -> 202.152.155.121:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: ogs.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (BWtJ6@)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
10 UDP 52.187.20.175:62114 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.12 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (yiCNDi1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
11 UDP 133.205.75.230:56528 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: update.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
12 UDP 147.196.90.42:61647 -> 177.86.46.206:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.93 sec][Hostname/SNI: sb-ssl.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
12 UDP 147.196.90.42:61647 -> 177.86.46.206:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.93 sec][Hostname/SNI: sb-ssl.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
13 UDP 159.117.176.124:49521 -> 128.248.24.1:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
14 UDP 159.117.176.124:49867 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (apK ctL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
15 UDP 159.117.176.124:58337 -> 208.229.157.81:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.11 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
16 UDP 159.117.176.124:61202 -> 198.74.29.79:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (AQ07rt)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
17 UDP 159.117.176.124:64134 -> 207.121.63.92:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (lKQALj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
17 UDP 159.117.176.124:64134 -> 207.121.63.92:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][2.10 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (lKQALj)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
18 UDP 168.144.64.5:50224 -> 126.3.93.89:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][4 pkts/5568 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][Hostname/SNI: www.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
19 UDP 52.187.20.175:63507 -> 121.209.126.161:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.53 sec][Hostname/SNI: clients2.googleusercontent.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
20 UDP 168.144.64.5:58351 -> 193.68.169.100:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.23 sec][Hostname/SNI: www.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
21 UDP 52.187.20.175:58123 -> 118.89.218.46:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.11 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
19 UDP 52.187.20.175:63507 -> 121.209.126.161:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.53 sec][Hostname/SNI: clients2.googleusercontent.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
20 UDP 168.144.64.5:58351 -> 193.68.169.100:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.23 sec][Hostname/SNI: www.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
21 UDP 52.187.20.175:58123 -> 118.89.218.46:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.11 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
22 UDP 168.144.64.5:51053 -> 241.138.147.133:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
23 UDP 168.144.64.5:53431 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.07 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
24 UDP 168.144.64.5:55376 -> 212.22.246.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.33 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (aUOvTUU)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
25 UDP 168.144.64.5:59827 -> 37.47.218.224:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
26 UDP 168.144.64.5:62719 -> 31.219.210.96:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: lh4.googleusercontent.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
27 UDP 168.144.64.5:64964 -> 133.202.76.105:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
23 UDP 168.144.64.5:53431 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.07 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
24 UDP 168.144.64.5:55376 -> 212.22.246.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.33 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (aUOvTUU)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
25 UDP 168.144.64.5:59827 -> 37.47.218.224:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
26 UDP 168.144.64.5:62719 -> 31.219.210.96:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: lh4.googleusercontent.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
27 UDP 168.144.64.5:64964 -> 133.202.76.105:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
28 UDP 192.168.254.11:35124 -> 168.78.153.39:443 [proto: 188/QUIC][Stack: QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.29 sec][Hostname/SNI: s-img.adskeeper.co.uk][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
29 UDP 10.117.78.100:44252 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
30 UDP 10.117.78.100:55273 -> 202.152.155.121:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients4.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
29 UDP 10.117.78.100:44252 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
30 UDP 10.117.78.100:55273 -> 202.152.155.121:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients4.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
31 UDP 159.117.176.124:51856 -> 16.205.123.234:443 [proto: 188.242/QUIC.WhatsAppFiles][Stack: QUIC.WhatsAppFiles][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.242/QUIC.WhatsAppFiles, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: media.fmct2-1.fna.whatsapp.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
32 UDP 168.144.64.5:49153 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
33 UDP 168.144.64.5:49217 -> 185.186.183.185:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
34 UDP 168.144.64.5:49324 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
35 UDP 168.144.64.5:49860 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
35 UDP 168.144.64.5:49860 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
36 UDP 168.144.64.5:49926 -> 103.179.40.184:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r5---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
37 UDP 168.144.64.5:50023 -> 76.231.104.92:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (TJdZNR)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
38 UDP 168.144.64.5:50073 -> 152.128.87.238:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-vh5ouxa-hjud.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
39 UDP 168.144.64.5:50423 -> 144.237.113.58:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
39 UDP 168.144.64.5:50423 -> 144.237.113.58:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
40 UDP 168.144.64.5:50482 -> 121.209.126.161:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: yt3.ggpht.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
41 UDP 168.144.64.5:50540 -> 99.45.60.254:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: i.ytimg.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
42 UDP 168.144.64.5:50552 -> 108.171.138.182:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
43 UDP 168.144.64.5:51248 -> 99.42.133.245:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
44 UDP 168.144.64.5:51296 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
42 UDP 168.144.64.5:50552 -> 108.171.138.182:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
43 UDP 168.144.64.5:51248 -> 99.42.133.245:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
44 UDP 168.144.64.5:51296 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
45 UDP 168.144.64.5:51456 -> 102.194.207.179:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
46 UDP 168.144.64.5:52273 -> 244.214.160.219:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
47 UDP 168.144.64.5:52387 -> 143.52.137.18:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
47 UDP 168.144.64.5:52387 -> 143.52.137.18:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
48 UDP 168.144.64.5:52396 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
49 UDP 168.144.64.5:52942 -> 93.100.151.221:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients2.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
50 UDP 168.144.64.5:53127 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (R/maht)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
49 UDP 168.144.64.5:52942 -> 93.100.151.221:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients2.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
50 UDP 168.144.64.5:53127 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (R/maht)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
51 UDP 168.144.64.5:53404 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: update.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
52 UDP 168.144.64.5:54016 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
53 UDP 168.144.64.5:54120 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
54 UDP 168.144.64.5:54449 -> 102.194.207.179:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons3.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
55 UDP 168.144.64.5:55066 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
54 UDP 168.144.64.5:54449 -> 102.194.207.179:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons3.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
55 UDP 168.144.64.5:55066 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
56 UDP 168.144.64.5:55479 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
57 UDP 168.144.64.5:55561 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
58 UDP 168.144.64.5:55572 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
58 UDP 168.144.64.5:55572 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
59 UDP 168.144.64.5:55637 -> 169.81.163.225:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-hju7enel.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
60 UDP 168.144.64.5:55844 -> 112.1.105.138:443 [proto: 188.228/QUIC.PlayStore][Stack: QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.228/QUIC.PlayStore, Confidence: DPI][DPI packets: 1][cat: SoftwareUpdate/19][Breed: Safe][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
61 UDP 168.144.64.5:56384 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
61 UDP 168.144.64.5:56384 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
62 UDP 168.144.64.5:56425 -> 125.136.204.4:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
63 UDP 168.144.64.5:56488 -> 177.86.46.206:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
64 UDP 168.144.64.5:56683 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
65 UDP 168.144.64.5:56844 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
64 UDP 168.144.64.5:56683 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
65 UDP 168.144.64.5:56844 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
66 UDP 168.144.64.5:57319 -> 7.71.118.27:443 [proto: 188.228/QUIC.PlayStore][Stack: QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.228/QUIC.PlayStore, Confidence: DPI][DPI packets: 1][cat: SoftwareUpdate/19][Breed: Safe][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
67 UDP 168.144.64.5:57398 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
67 UDP 168.144.64.5:57398 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
68 UDP 168.144.64.5:57565 -> 217.254.108.174:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r2---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
69 UDP 168.144.64.5:57735 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ade.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
69 UDP 168.144.64.5:57735 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ade.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
70 UDP 168.144.64.5:57767 -> 76.83.40.87:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r11---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
71 UDP 168.144.64.5:58414 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (rAnq62)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
72 UDP 168.144.64.5:58429 -> 38.57.8.121:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
72 UDP 168.144.64.5:58429 -> 38.57.8.121:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
73 UDP 168.144.64.5:58703 -> 93.100.151.221:443 [proto: 188.228/QUIC.PlayStore][Stack: QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.228/QUIC.PlayStore, Confidence: DPI][DPI packets: 1][cat: SoftwareUpdate/19][Breed: Safe][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
74 UDP 168.144.64.5:58832 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
75 UDP 168.144.64.5:58956 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
76 UDP 168.144.64.5:59206 -> 76.231.104.92:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ogs.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
74 UDP 168.144.64.5:58832 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
75 UDP 168.144.64.5:58956 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
76 UDP 168.144.64.5:59206 -> 76.231.104.92:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ogs.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
77 UDP 168.144.64.5:59327 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
78 UDP 168.144.64.5:59622 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
79 UDP 168.144.64.5:59680 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (xqgfA/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
80 UDP 168.144.64.5:59785 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
79 UDP 168.144.64.5:59680 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (xqgfA/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
80 UDP 168.144.64.5:59785 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
81 UDP 168.144.64.5:59965 -> 22.12.150.194:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
82 UDP 168.144.64.5:60342 -> 93.100.151.221:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
83 UDP 168.144.64.5:60551 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
83 UDP 168.144.64.5:60551 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
84 UDP 168.144.64.5:60809 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (XDlJUg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
85 UDP 168.144.64.5:60896 -> 45.228.175.189:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
87 UDP 168.144.64.5:60934 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
85 UDP 168.144.64.5:60896 -> 45.228.175.189:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
87 UDP 168.144.64.5:60934 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
88 UDP 168.144.64.5:60936 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
89 UDP 168.144.64.5:60949 -> 185.186.183.185:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
90 UDP 168.144.64.5:61209 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
91 UDP 168.144.64.5:61341 -> 16.232.218.117:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r9---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
93 UDP 168.144.64.5:62047 -> 136.125.67.96:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons4.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
94 UDP 168.144.64.5:62652 -> 158.146.215.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
94 UDP 168.144.64.5:62652 -> 158.146.215.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
95 UDP 168.144.64.5:62818 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
96 UDP 168.144.64.5:63136 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
97 UDP 168.144.64.5:63163 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: update.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
98 UDP 168.144.64.5:63736 -> 213.188.47.247:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r4---sn-vh5ouxa-hjud.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
99 UDP 168.144.64.5:63925 -> 39.227.72.32:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons2.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
100 UDP 168.144.64.5:64497 -> 102.194.207.179:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
101 UDP 168.144.64.5:64693 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
99 UDP 168.144.64.5:63925 -> 39.227.72.32:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons2.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
100 UDP 168.144.64.5:64497 -> 102.194.207.179:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
101 UDP 168.144.64.5:64693 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
102 UDP 168.144.64.5:64700 -> 16.232.218.117:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r9---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (gjom@g)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
103 UDP 168.144.64.5:64976 -> 220.80.126.73:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-hju7enel.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
104 UDP 168.144.64.5:65186 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
105 UDP 168.144.64.5:65360 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
106 UDP 168.144.64.5:65391 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
105 UDP 168.144.64.5:65360 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
106 UDP 168.144.64.5:65391 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
107 UDP 192.168.254.11:38331 -> 93.100.151.221:443 [proto: 188.46/QUIC.DataSaver][Stack: QUIC.DataSaver][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.46/QUIC.DataSaver, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: litepages.googlezip.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
108 UDP 192.168.254.11:43427 -> 98.251.203.81:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: optimizationguide-pa.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
109 UDP 192.168.254.11:45652 -> 170.196.90.126:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
110 UDP 192.168.254.11:49689 -> 87.179.155.149:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
111 UDP 192.168.254.11:51075 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
110 UDP 192.168.254.11:49689 -> 87.179.155.149:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
111 UDP 192.168.254.11:51075 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
112 UDP 192.168.254.11:54692 -> 171.182.169.23:443 [proto: 188/QUIC][Stack: QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.freearabianporn.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
113 UDP 192.168.254.11:59048 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
113 UDP 192.168.254.11:59048 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -37,4 +37,4 @@ JA Host Stats:
|
|||
1 187.227.136.152 1
|
||||
|
||||
|
||||
1 UDP 187.227.136.152:55356 <-> 211.247.147.90:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][6 pkts/3140 bytes <-> 6 pkts/6156 bytes][Goodput ratio: 92/96][0.24 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-T051][TLS Supported Versions: TLSv1.3][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 47/47 113/110 46/49][Pkt Len c2s/s2c min/avg/max/stddev: 75/68 523/1026 1392/1392 614/501][nDPI Fingerprint: b8a0b9f42fbcea25b88c0100aee80509][TLSv1.3][QUIC ver: T051][JA4: q13d0308h1_55b375c5d22e_e7bc1e4f333e][Plen Bins: 8,25,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,41,0,0,0,0,0]
|
||||
1 UDP 187.227.136.152:55356 <-> 211.247.147.90:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][6 pkts/3140 bytes <-> 6 pkts/6156 bytes][Goodput ratio: 92/96][0.24 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-T051][TLS Supported Versions: TLSv1.3][bytes ratio: -0.324 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 47/47 113/110 46/49][Pkt Len c2s/s2c min/avg/max/stddev: 75/68 523/1026 1392/1392 614/501][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address][nDPI Fingerprint: b8a0b9f42fbcea25b88c0100aee80509][TLSv1.3][QUIC ver: T051][JA4: q13d0308h1_55b375c5d22e_e7bc1e4f333e][Plen Bins: 8,25,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,41,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -62,4 +62,4 @@ ConnCheck 2 378 1
|
|||
18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][Stack: HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 7.119/HTTP.Facebook, Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][Breed: Fun][1 pkts/243 bytes <-> 1 pkts/339 bytes][Goodput ratio: 77/83][0.46 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][Stack: HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 7.119/HTTP.Facebook, Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][Breed: Fun][1 pkts/237 bytes <-> 1 pkts/339 bytes][Goodput ratio: 76/83][0.34 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build/KOT49H)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/358 bytes <-> 1 pkts/109 bytes][Goodput ratio: 84/48][0.31 sec][Hostname/SNI: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)][Plen Bins: 0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: ConnCheck/30][Breed: Acceptable][1 pkts/241 bytes <-> 1 pkts/137 bytes][Goodput ratio: 76/59][0.06 sec][Hostname/SNI: clients3.google.com][URL: clients3.google.com/generate_204][StatusCode: 204][Server: GFE/2.0][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: ConnCheck/30][Breed: Acceptable][1 pkts/241 bytes <-> 1 pkts/137 bytes][Goodput ratio: 76/59][0.06 sec][Hostname/SNI: clients3.google.com][URL: clients3.google.com/generate_204][StatusCode: 204][Server: GFE/2.0][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ JA Host Stats:
|
|||
19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46812 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][14 pkts/1769 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 33/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0]
|
||||
20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39736 <-> [2606:2800:134:1a0d:1429:742:782:b6]:443 [proto: 91.120/TLS.Twitter][Stack: TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][18 pkts/3180 bytes <-> 18 pkts/7527 bytes][Goodput ratio: 51/79][0.25 sec][Hostname/SNI: cdn.syndication.twimg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 51/41 19/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/418 609/1294 176/478][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,0,18,11,0,0,0,11,0,0,5,0,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0]
|
||||
21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48240 <-> [64:ff9b::9765:789d]:443 [proto: 91.120/TLS.Twitter][Stack: TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][13 pkts/2138 bytes <-> 14 pkts/8456 bytes][Goodput ratio: 47/86][0.13 sec][Hostname/SNI: platform.twitter.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.596 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/6 61/47 19/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 164/604 603/1134 146/486][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: platform.twitter.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com][Certificate SHA-1: 2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92][Chrome][Validity: 2020-08-13 00:00:00 - 2021-08-18 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,14,7,0,0,0,0,14,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51100 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][20 pkts/3169 bytes <-> 22 pkts/6495 bytes][Goodput ratio: 45/71][0.25 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 50/31 19/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/295 603/1474 141/415][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 20,24,15,4,0,4,4,0,0,0,0,0,4,0,0,0,4,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0]
|
||||
22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51100 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][20 pkts/3169 bytes <-> 22 pkts/6495 bytes][Goodput ratio: 45/71][0.25 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 50/31 19/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/295 603/1474 141/415][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 20,24,15,4,0,4,4,0,0,0,0,0,4,0,0,0,4,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0]
|
||||
23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47006 <-> [64:ff9b::34d3:acec]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][Breed: Safe][12 pkts/2260 bytes <-> 11 pkts/7351 bytes][Goodput ratio: 54/87][0.30 sec][Hostname/SNI: d9.flashtalking.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/31 67/134 23/42][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 188/668 663/1474 202/634][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=tag.device9.com][Certificate SHA-1: 8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3][Chrome][Validity: 2020-08-06 10:30:28 - 2021-09-17 11:41:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,30,0,0,0,0]
|
||||
24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56186 <-> [2600:9000:219c:ee00:6:44e3:f8c0:93a1]:443 [proto: 91/TLS][Stack: TLS][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 464/AWS_Cloudfront, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Safe][14 pkts/2163 bytes <-> 13 pkts/7387 bytes][Goodput ratio: 44/85][0.16 sec][Hostname/SNI: rules.quantcount.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/13 39/40 13/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 154/568 603/1294 140/540][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,0,25,0,0,0,0,8,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0]
|
||||
25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59336 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][17 pkts/2490 bytes <-> 16 pkts/7006 bytes][Goodput ratio: 41/80][0.14 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/37 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/438 603/1294 132/466][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,13,0,0,0,6,0,6,0,0,0,0,6,0,0,6,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -91,14 +91,14 @@ JA Host Stats:
|
|||
38 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56590 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.15 sec][Hostname/SNI: emoji.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 52/51 20/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
39 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56584 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][12 pkts/1614 bytes <-> 11 pkts/4891 bytes][Goodput ratio: 38/80][0.14 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/6 43/43 17/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/445 603/1134 144/447][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
40 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54862 <-> [2a00:1450:4007:806::200e]:443 [proto: 91.124/TLS.YouTube][Stack: TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Media/1][Breed: Fun][10 pkts/1946 bytes <-> 6 pkts/4348 bytes][Goodput ratio: 55/88][0.10 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.382 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/11 57/53 20/21][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 195/725 603/1294 181/573][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,25,0,0,0,12,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0]
|
||||
41 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51026 <-> [64:ff9b::acd9:12c2]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][10 pkts/1815 bytes <-> 10 pkts/4357 bytes][Goodput ratio: 52/80][0.12 sec][Hostname/SNI: securepubads.g.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 49/32 19/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 182/436 603/1474 162/546][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,22,11,0,0,0,0,11,0,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0]
|
||||
41 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51026 <-> [64:ff9b::acd9:12c2]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][10 pkts/1815 bytes <-> 10 pkts/4357 bytes][Goodput ratio: 52/80][0.12 sec][Hostname/SNI: securepubads.g.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 49/32 19/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 182/436 603/1474 162/546][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,22,11,0,0,0,0,11,0,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0]
|
||||
42 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56564 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][10 pkts/1866 bytes <-> 6 pkts/4188 bytes][Goodput ratio: 53/87][0.07 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/10 40/38 15/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 187/698 603/1134 164/469][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,12,0,0,0,0,0,12,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
43 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:52296 <-> [2a00:1450:4007:815::2016]:443 [proto: 91.124/TLS.YouTube][Stack: TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Media/1][Breed: Fun][9 pkts/1758 bytes <-> 7 pkts/4285 bytes][Goodput ratio: 55/86][0.17 sec][Hostname/SNI: i.ytimg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.418 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/13 67/67 28/27][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 195/612 603/1294 171/504][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,25,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
|
||||
44 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56560 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][9 pkts/1392 bytes <-> 8 pkts/4613 bytes][Goodput ratio: 44/85][0.17 sec][Hostname/SNI: www.reddit.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/17 70/61 29/24][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 155/577 603/1134 161/461][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
45 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40030 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91.239/TLS.GoogleServices][Stack: TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][10 pkts/1425 bytes <-> 9 pkts/4279 bytes][Goodput ratio: 41/82][0.14 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.500 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/12 66/66 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/475 603/1294 155/488][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0]
|
||||
46 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56568 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][10 pkts/1313 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 39/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/545 603/1134 157/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
47 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56572 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: SocialNetwork/6][Breed: Fun][10 pkts/1313 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 39/84][0.12 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/16 36/56 14/21][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/545 603/1134 157/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
48 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51102 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][10 pkts/1425 bytes <-> 9 pkts/4239 bytes][Goodput ratio: 41/82][0.12 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.497 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 40/37 18/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/471 603/1474 155/564][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0]
|
||||
48 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51102 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][10 pkts/1425 bytes <-> 9 pkts/4239 bytes][Goodput ratio: 41/82][0.12 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.497 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 40/37 18/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/471 603/1474 155/564][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0]
|
||||
49 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56580 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][9 pkts/1251 bytes <-> 8 pkts/4370 bytes][Goodput ratio: 41/84][0.14 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.555 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 49/49 21/22][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 139/546 603/1134 164/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
50 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56566 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][9 pkts/1239 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 42/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.557 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/545 603/1134 165/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
51 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56570 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][9 pkts/1239 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 42/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.557 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/545 603/1134 165/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 6/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 14/0 (search/found)
|
||||
Patricia protocols: 14/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -33,7 +33,7 @@ Acceptable 7 469 7
|
|||
Network 7 469 7
|
||||
|
||||
1 UDP 9.160.203.32:41059 -> 68.90.0.255:38409 [proto: 417/RipeAtlas][Stack: RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 23.57.157.60:36137 -> 152.246.227.169:4712 [proto: 417/RipeAtlas][Stack: RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 23.57.157.60:36137 -> 152.246.227.169:4712 [proto: 417/RipeAtlas][Stack: RipeAtlas][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 147.63.105.185:48224 -> 128.53.92.31:2164 [proto: 417/RipeAtlas][Stack: RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 UDP 168.139.124.224:11476 -> 19.132.223.32:36467 [proto: 417/RipeAtlas][Stack: RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 UDP 207.246.88.254:56857 -> 96.78.208.202:29195 [proto: 417/RipeAtlas][Stack: RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ Patricia risk mask: 2/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 8/0 (search/found)
|
||||
Patricia protocols: 6/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 5/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
|
|
@ -40,7 +40,7 @@ JA Host Stats:
|
|||
3 192.168.1.42 1
|
||||
|
||||
|
||||
1 TCP 192.168.1.23:50624 <-> 92.123.164.188:443 [proto: 91.449/TLS.RockstarGames][Stack: TLS.RockstarGames][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/637 bytes <-> 3 pkts/3060 bytes][Goodput ratio: 73/94][0.09 sec][Hostname/SNI: gamedownloads.rockstargames.com][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/1 24/24 42/48 18/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 212/1020 517/2934 215/1353][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d201200_2b729b4bf6f3_e24568c0d440][JA3S: 15c4d139d9f284ce5a6e4380e77c1f5c][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
2 TCP 192.168.1.23:50630 <-> 23.38.18.80:443 [proto: 91.449/TLS.RockstarGames][Stack: TLS.RockstarGames][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][< 1 sec][Hostname/SNI: s.rsg.sc][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 21/22 42/42 21/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Chrome][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
1 TCP 192.168.1.23:50624 <-> 92.123.164.188:443 [proto: 91.449/TLS.RockstarGames][Stack: TLS.RockstarGames][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/637 bytes <-> 3 pkts/3060 bytes][Goodput ratio: 73/94][0.09 sec][Hostname/SNI: gamedownloads.rockstargames.com][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/1 24/24 42/48 18/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 212/1020 517/2934 215/1353][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d201200_2b729b4bf6f3_e24568c0d440][JA3S: 15c4d139d9f284ce5a6e4380e77c1f5c][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
2 TCP 192.168.1.23:50630 <-> 23.38.18.80:443 [proto: 91.449/TLS.RockstarGames][Stack: TLS.RockstarGames][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][< 1 sec][Hostname/SNI: s.rsg.sc][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 21/22 42/42 21/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Chrome][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
3 UDP 192.168.1.42:59487 <-> 192.81.241.191:61457 [proto: 30.449/DTLS.RockstarGames][Stack: DTLS.RockstarGames][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 30/DTLS, Confidence: DPI][DPI packets: 4][cat: Game/8][Breed: Fun][4 pkts/840 bytes <-> 3 pkts/1102 bytes][Goodput ratio: 80/88][0.53 sec][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/118 137/206 294/293 121/88][Pkt Len c2s/s2c min/avg/max/stddev: 133/102 210/367 325/867 71/354][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **][Risk Score: 160][Risk Info: SNI should always be present / No ALPN / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][nDPI Fingerprint: 170bca7e36be69125842855806b9e749][DTLSv1.0][JA4: dd1i080400_051fb07a0855_133c09cafeba][JA3S: 749bd1edea60396ffaa65213b7971718][Issuer: C=US][Subject: C=US, CN=*.relay.ros.rockstargames.com][Certificate SHA-1: AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C][Firefox][Validity: 2014-09-12 21:31:19 - 2037-02-15 21:31:19][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (140912213119Z)][Plen Bins: 0,14,28,0,14,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 TCP 192.168.1.27:64057 <-> 104.255.105.53:443 [proto: 91.449/TLS.RockstarGames][Stack: TLS.RockstarGames][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/691 bytes <-> 3 pkts/323 bytes][Goodput ratio: 75/45][0.26 sec][Hostname/SNI: rgl.rockstargames.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 0.363 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/60 141/119 70/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/108 571/201 241/66][nDPI Fingerprint: 645fbd5c41652ebdf3911c1eae2e3254][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: 76c691f46143bf86e2d1bb73c6187767][Chrome][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 1/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 27/11 (search/found)
|
||||
Patricia protocols: 23/15 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 12/0 (search/found)
|
||||
Hash malicious sha1: 10/0 (search/found)
|
||||
|
|
@ -51,8 +51,8 @@ JA Host Stats:
|
|||
|
||||
1 TCP 192.168.2.17:57027 <-> 13.35.253.42:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 464/AWS_Cloudfront, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][170 pkts/206962 bytes <-> 95 pkts/9293 bytes][Goodput ratio: 95/32][0.48 sec][Hostname/SNI: cdn.signal.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.914 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/3 39/47 6/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1217/98 1506/1506 548/175][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: cdn.signal.org][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org][Certificate SHA-1: 81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:19:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
|
||||
2 TCP 192.168.2.17:57026 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 39/Signal, Confidence: DNS][DPI packets: 7][cat: Chat/9][Breed: Acceptable][22 pkts/13757 bytes <-> 16 pkts/6493 bytes][Goodput ratio: 89/84][0.57 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.359 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/20 112/114 35/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 625/406 1506/1506 629/565][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,0,4,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,37,0,0]
|
||||
3 TCP 192.168.2.17:57022 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][Breed: Fun][24 pkts/2540 bytes <-> 21 pkts/12673 bytes][Goodput ratio: 38/89][0.40 sec][Hostname/SNI: itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 124/83 35/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/603 583/1506 105/574][nDPI Fingerprint: e9c9b145c580e4fb6e300d7039f596d1][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,17,8,0,4,0,0,0,8,0,0,4,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,4,0,0,0,0,0,0,17,0,0]
|
||||
4 TCP 192.168.2.17:57018 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][Breed: Fun][25 pkts/2582 bytes <-> 20 pkts/12000 bytes][Goodput ratio: 37/89][0.24 sec][Hostname/SNI: itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 47/52 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 103/600 583/1506 103/588][nDPI Fingerprint: e9c9b145c580e4fb6e300d7039f596d1][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,18,9,0,4,0,0,0,9,0,0,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,0,0,0,0,0,0,18,0,0]
|
||||
3 TCP 192.168.2.17:57022 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Streaming/17][Breed: Fun][24 pkts/2540 bytes <-> 21 pkts/12673 bytes][Goodput ratio: 38/89][0.40 sec][Hostname/SNI: itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 124/83 35/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/603 583/1506 105/574][nDPI Fingerprint: e9c9b145c580e4fb6e300d7039f596d1][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,17,8,0,4,0,0,0,8,0,0,4,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,4,0,0,0,0,0,0,17,0,0]
|
||||
4 TCP 192.168.2.17:57018 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Streaming/17][Breed: Fun][25 pkts/2582 bytes <-> 20 pkts/12000 bytes][Goodput ratio: 37/89][0.24 sec][Hostname/SNI: itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 47/52 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 103/600 583/1506 103/588][nDPI Fingerprint: e9c9b145c580e4fb6e300d7039f596d1][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,18,9,0,4,0,0,0,9,0,0,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,0,0,0,0,0,0,18,0,0]
|
||||
5 TCP 192.168.2.17:49227 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][13 pkts/1808 bytes <-> 12 pkts/4355 bytes][Goodput ratio: 52/82][3.03 sec][Hostname/SNI: textsecure-service.whispersystems.org][bytes ratio: -0.413 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 62/293 115/2199 52/677][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 139/363 502/1506 120/471][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: f3e89f0de21d3a385415b8542a81858c][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,16,8,0,0,8,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
|
||||
6 TCP 192.168.2.17:57024 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][15 pkts/2054 bytes <-> 11 pkts/3775 bytes][Goodput ratio: 51/81][0.59 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.295 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/59 167/186 55/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/343 583/1506 134/472][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
|
||||
7 TCP 192.168.2.17:57021 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][16 pkts/2108 bytes <-> 10 pkts/3709 bytes][Goodput ratio: 50/82][13.48 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.275 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/50 13018/120 3464/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 132/371 583/1506 131/486][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
|
||||
|
|
@ -62,9 +62,9 @@ JA Host Stats:
|
|||
11 TCP 192.168.2.17:57025 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][15 pkts/2041 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 51/79][0.58 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 166/184 54/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/321 583/1506 133/473][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
|
||||
12 TCP 192.168.2.17:49226 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][13 pkts/1688 bytes <-> 11 pkts/3569 bytes][Goodput ratio: 48/79][9.90 sec][Hostname/SNI: textsecure-service.whispersystems.org][bytes ratio: -0.358 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/57 113/154 53/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/324 502/1506 120/473][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: f3e89f0de21d3a385415b8542a81858c][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,30,20,0,0,0,10,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
|
||||
13 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][15.76 sec][Hostname/SNI: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 7][cat: Web/5][Breed: Safe][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 12/13][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158/4 347/16 157/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68/78 90/105 16/15][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][Stack: TLS][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 7][cat: Web/5][Breed: Safe][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 12/13][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158/4 347/16 157/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68/78 90/105 16/15][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
15 TCP 192.168.2.17:56996 <-> 17.248.146.144:443 [proto: 91/TLS][Stack: TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][4 pkts/341 bytes <-> 4 pkts/264 bytes][Goodput ratio: 23/0][0.03 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/0 8/0 25/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/66 112/66 20/0][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][5 pkts/317 bytes <-> 3 pkts/221 bytes][Goodput ratio: 7/10][0.03 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 24/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63/74 89/89 14/11][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][Stack: TLS][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][5 pkts/317 bytes <-> 3 pkts/221 bytes][Goodput ratio: 7/10][0.03 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 24/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63/74 89/89 14/11][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
17 UDP 192.168.2.17:56263 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/97 bytes <-> 1 pkts/193 bytes][Goodput ratio: 56/78][0.03 sec][Hostname/SNI: textsecure-service.whispersystems.org][54.175.47.110][DNS Id: 0x00c1][PLAIN TEXT (textsecure)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
18 UDP 192.168.2.17:60793 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.04 sec][Hostname/SNI: e673.dsce9.akamaiedge.net][23.57.24.16][DNS Id: 0xcaf8][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
19 ICMP 192.168.2.17:0 -> 192.168.2.1:0 [proto: 81/ICMP][Stack: ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ Patricia risk mask: 2/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 6/0 (search/found)
|
||||
Patricia protocols: 92/40 (search/found)
|
||||
Patricia protocols: 82/50 (search/found)
|
||||
Patricia protocols IPv6: 7/5 (search/found)
|
||||
Hash malicious ja4: 66/1 (search/found)
|
||||
Hash malicious sha1: 16/0 (search/found)
|
||||
|
|
@ -132,17 +132,17 @@ JA Host Stats:
|
|||
5 TCP 192.168.1.183:44102 <-> 146.70.182.51:443 [proto: 91.427/TLS.SurfShark][Stack: TLS.SurfShark][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VPN/2][Breed: Acceptable][11 pkts/5817 bytes <-> 10 pkts/7012 bytes][Goodput ratio: 87/90][0.21 sec][Hostname/SNI: it-mil-v086.prod.surfshark.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/24 99/96 32/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 529/701 2022/3526 696/1053][Risk: ** Malicious Fingerprint **][Risk Score: 100][Risk Info: t13d1517h2_8daaf6152771_b0da82dd1658][nDPI Fingerprint: 3f9486b79472e2d417452cb4066685f7][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1517h2_8daaf6152771_b0da82dd1658][JA3S: fcb2d4d0991292272fcb1e464eedfd43][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,8,25,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,25]
|
||||
6 TCP 192.168.1.245:54690 <-> 160.44.196.198:443 [proto: 91.399/TLS.HuaweiCloud][Stack: TLS.HuaweiCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Cloud/13][Breed: Acceptable][8 pkts/1733 bytes <-> 7 pkts/9520 bytes][Goodput ratio: 74/96][0.18 sec][Hostname/SNI: cloud.huawei.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.692 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 22/12 40/30 15/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 217/1360 718/4434 253/1807][nDPI Fingerprint: 6fd4981632b662065dfd7e0896907b0e][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][ServerNames: cloud.huawei.asia,cloud.huawei.com.cn,cloud.huawei.com,cloud.huawei.com.au,cloud.huawei.eu,cloud.huawei.lat,cloud.huawei.ru,*.dbank.com,*.hicloud.com,*.cloud.dbankcloud.cn,*.cloud.dbankcloud.com,*.cloud.dbankcloud.ru,*.cloud.hicloud.com,*.cloud.huawei.asia,*.cloud.huawei.com,*.cloud.huawei.com.au,*.cloud.huawei.com.cn,*.cloud.huawei.eu,*.cloud.huawei.lat,*.cloud.huawei.ru,*.platform.dbankcloud.cn,*.platform.hicloud.com][JA3S: eb7ce657b6814e1bc6402d66a2309dc6][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=cloud.huawei.asia][ECH: version 0xfe0d][Certificate SHA-1: 94:8E:17:DA:5F:C7:62:E4:1E:F0:A5:AB:A0:B9:7B:DE:A5:F4:75:33][Firefox][Validity: 2023-08-11 07:21:05 - 2024-09-11 07:21:04][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,12,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
||||
7 TCP 192.168.1.245:58624 <-> 104.16.156.111:443 [proto: 91.426/TLS.NordVPN][Stack: TLS.NordVPN][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][11 pkts/2405 bytes <-> 11 pkts/8192 bytes][Goodput ratio: 69/91][0.13 sec][Hostname/SNI: s1.nordcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/5 22/22 10/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 219/745 1219/2848 330/829][nDPI Fingerprint: 3f11c7bcdc4c8f291d263ae2803ca4e1][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_7121afd63204][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 16,0,16,0,0,0,0,0,7,0,7,0,0,0,7,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,7,0,7]
|
||||
8 TCP 192.168.1.250:41878 <-> 92.122.95.99:443 [proto: 91.49/TLS.TikTok][Stack: TLS.TikTok][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][16 pkts/3550 bytes <-> 15 pkts/7010 bytes][Goodput ratio: 70/86][16.63 sec][Hostname/SNI: vcs-va.tiktokv.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1381/1506 16408/16423 4531/4717][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/467 1090/1514 286/552][nDPI Fingerprint: 8406ed33839f2d0d8e65998d19394677][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,0,7,0,0,0,0,0,24,0,0,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,15,0,0]
|
||||
8 TCP 192.168.1.250:41878 <-> 92.122.95.99:443 [proto: 91.49/TLS.TikTok][Stack: TLS.TikTok][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][16 pkts/3550 bytes <-> 15 pkts/7010 bytes][Goodput ratio: 70/86][16.63 sec][Hostname/SNI: vcs-va.tiktokv.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1381/1506 16408/16423 4531/4717][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/467 1090/1514 286/552][nDPI Fingerprint: 8406ed33839f2d0d8e65998d19394677][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 7,0,7,0,0,0,0,0,24,0,0,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,7,0,0,0,0,15,0,0]
|
||||
9 TCP 192.168.1.227:50071 <-> 52.73.71.226:443 [proto: 91.270/TLS.Fuze][Stack: TLS.Fuze][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 9][cat: VoIP/10][Breed: Acceptable][14 pkts/3035 bytes <-> 17 pkts/7520 bytes][Goodput ratio: 73/87][60.43 sec][Hostname/SNI: presence.fuze.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5482/5008 45124/45106 13235/12754][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 217/442 1019/1514 278/561][nDPI Fingerprint: 4d4d833d2a2ca1c5fad0bafa81aa3859][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.presence.fuze.com,presence.fuze.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=*.presence.fuze.com][Certificate SHA-1: B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79][Chrome][Validity: 2020-09-23 00:00:00 - 2021-10-25 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,23,5,11,0,0,0,0,5,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,5,0,0,0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
|
||||
10 TCP 192.168.1.128:48918 <-> 143.204.9.65:443 [proto: 91.71/TLS.DisneyPlus][Stack: TLS.DisneyPlus][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 464/AWS_Cloudfront, Confidence: IP address][DPI packets: 8][cat: Streaming/17][Breed: Fun][15 pkts/1802 bytes <-> 14 pkts/7915 bytes][Goodput ratio: 44/88][0.05 sec][Hostname/SNI: prod-static.disney-plus.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 17/11 5/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/565 583/1494 132/660][nDPI Fingerprint: 0900bdd5a1f76195daca900a4276b6eb][TCP Fingerprint: 2_64_64240_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,20,0,0,10,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,40,0,0,0]
|
||||
11 TCP 192.168.12.169:39248 <-> 23.12.104.83:443 [proto: 91.280/TLS.AccuWeather][Stack: TLS.AccuWeather][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Fun][16 pkts/1964 bytes <-> 14 pkts/6598 bytes][Goodput ratio: 47/86][1.75 sec][Hostname/SNI: api.accuweather.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.541 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/170 1421/1444 375/427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 123/471 583/1514 140/534][nDPI Fingerprint: 721c6f8a55f4672396264d6e8820ee4d][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 16,0,8,0,0,0,0,0,16,8,0,8,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,16,0,0]
|
||||
11 TCP 192.168.12.169:39248 <-> 23.12.104.83:443 [proto: 91.280/TLS.AccuWeather][Stack: TLS.AccuWeather][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Fun][16 pkts/1964 bytes <-> 14 pkts/6598 bytes][Goodput ratio: 47/86][1.75 sec][Hostname/SNI: api.accuweather.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.541 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/170 1421/1444 375/427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 123/471 583/1514 140/534][nDPI Fingerprint: 721c6f8a55f4672396264d6e8820ee4d][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 16,0,8,0,0,0,0,0,16,8,0,8,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,16,0,0]
|
||||
12 TCP 192.168.1.125:60828 <-> 3.165.239.54:443 [proto: 91.447/TLS.Ubiquity][Stack: TLS.Ubiquity][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 464/AWS_Cloudfront, Confidence: IP address][DPI packets: 7][cat: Network/14][Breed: Safe][8 pkts/2618 bytes <-> 10 pkts/5757 bytes][Goodput ratio: 79/88][0.06 sec][Hostname/SNI: www.ui.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.375 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/7 2/54 1/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 327/576 1961/4350 618/1268][nDPI Fingerprint: 61dca57aece72df86422af77a906753e][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1717h2_5b57614c22b0_3cbfd9057e0d][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 22,11,22,0,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22]
|
||||
13 TCP [2001:b07:a3d:c112:c044:a6d4:80d:5d55]:39970 <-> [2600:9000:25ea:1200:1:12d8:5a00:93a1]:443 [proto: 91.399/TLS.HuaweiCloud][Stack: TLS.HuaweiCloud][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 464/AWS_Cloudfront, Confidence: IP address][DPI packets: 6][cat: Cloud/13][Breed: Acceptable][8 pkts/1965 bytes <-> 4 pkts/5457 bytes][Goodput ratio: 65/94][0.01 sec][Hostname/SNI: contentcenter-dre.dbankcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/3 4/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 246/1364 764/3710 228/1482][nDPI Fingerprint: cb16f625c17eff4cf124899944c34885][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,16]
|
||||
14 TCP 192.168.1.128:56836 <-> 13.107.42.13:443 [proto: 91.221/TLS.MS_OneDrive][Stack: TLS.MS_OneDrive][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 8][cat: Cloud/13][Breed: Acceptable][3 pkts/857 bytes <-> 7 pkts/6562 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: onedrive.live.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.769 (Download)][IAT c2s/s2c min/avg/max/stddev: 22/0 28/9 33/33 6/13][Pkt Len c2s/s2c min/avg/max/stddev: 74/60 286/937 571/1514 209/673][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02][Subject: CN=onedrive.com][Certificate SHA-1: 77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D][Firefox][Validity: 2022-02-01 00:13:15 - 2023-02-01 00:13:15][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
|
||||
15 TCP 192.168.1.128:46724 <-> 199.232.82.109:443 [proto: 91.267/TLS.Vimeo][Stack: TLS.Vimeo][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Streaming/17][Breed: Fun][13 pkts/1452 bytes <-> 12 pkts/5804 bytes][Goodput ratio: 42/86][52.80 sec][Hostname/SNI: f.vimeocdn.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5278/5835 46637/46651 13906/15427][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 112/484 583/1410 138/567][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: *.vimeocdn.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020][Subject: CN=*.vimeocdn.com][Certificate SHA-1: 3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37][Chrome][Validity: 2021-05-18 18:45:52 - 2022-06-19 18:45:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,0,0]
|
||||
16 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48616 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][Stack: TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][Breed: Acceptable][5 pkts/1090 bytes <-> 4 pkts/6012 bytes][Goodput ratio: 60/94][0.04 sec][Hostname/SNI: t.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/7 18/22 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 218/1503 738/4182 260/1673][nDPI Fingerprint: cb16f625c17eff4cf124899944c34885][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66]
|
||||
17 TCP 192.168.1.128:33102 <-> 13.81.118.91:443 [proto: 91.221/TLS.MS_OneDrive][Stack: TLS.MS_OneDrive][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Cloud/13][Breed: Acceptable][3 pkts/857 bytes <-> 6 pkts/6226 bytes][Goodput ratio: 79/95][0.11 sec][Hostname/SNI: onedrive.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 37/0 40/16 42/41 2/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/1038 571/1514 209/673][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=onedrive.com][Certificate SHA-1: 50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB][Firefox][Validity: 2021-08-13 07:38:24 - 2022-08-13 07:38:24][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0]
|
||||
18 TCP 192.168.1.128:42580 <-> 2.17.141.128:443 [proto: 91.258/TLS.Activision][Stack: TLS.Activision][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Game/8][Breed: Fun][3 pkts/849 bytes <-> 6 pkts/5606 bytes][Goodput ratio: 76/93][0.06 sec][Hostname/SNI: www.activision.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.737 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 24/9 27/24 4/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/934 583/1514 218/562][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com][Certificate SHA-1: F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41][Firefox][Validity: 2021-12-07 00:00:00 - 2022-12-07 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0]
|
||||
18 TCP 192.168.1.128:42580 <-> 2.17.141.128:443 [proto: 91.258/TLS.Activision][Stack: TLS.Activision][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 7][cat: Game/8][Breed: Fun][3 pkts/849 bytes <-> 6 pkts/5606 bytes][Goodput ratio: 76/93][0.06 sec][Hostname/SNI: www.activision.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.737 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 24/9 27/24 4/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/934 583/1514 218/562][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com][Certificate SHA-1: F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41][Firefox][Validity: 2021-12-07 00:00:00 - 2022-12-07 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0]
|
||||
19 TCP 192.168.1.128:48654 <-> 13.107.42.14:443 [proto: 91.233/TLS.LinkedIn][Stack: TLS.LinkedIn][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: SocialNetwork/6][Breed: Fun][3 pkts/857 bytes <-> 6 pkts/5137 bytes][Goodput ratio: 79/93][0.09 sec][Hostname/SNI: www.linkedin.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/0 30/12 34/35 4/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/856 571/1514 209/665][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com][Certificate SHA-1: CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53][Firefox][Validity: 2022-03-01 00:00:00 - 2022-09-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,14,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
|
||||
20 TCP 192.168.1.128:43412 <-> 151.101.193.73:443 [proto: 91.246/TLS.Bloomberg][Stack: TLS.Bloomberg][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Cloud/13][Breed: Safe][3 pkts/816 bytes <-> 6 pkts/5140 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: www.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.726 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 15/6 20/20 5/8][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/857 583/1406 223/565][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com][Certificate SHA-1: 88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82][Firefox][Validity: 2022-02-22 00:00:00 - 2023-03-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0]
|
||||
21 TCP 192.168.1.128:39828 <-> 40.97.160.2:443 [proto: 91.21/TLS.Outlook][Stack: TLS.Outlook][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 21/Outlook, Confidence: IP address][DPI packets: 7][cat: Email/3][Breed: Acceptable][3 pkts/857 bytes <-> 6 pkts/5097 bytes][Goodput ratio: 79/93][0.55 sec][Hostname/SNI: outlook.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 178/0 184/74 190/189 6/90][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/850 571/1514 209/672][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com][JA3S: 71d9ce75f347e6cf54268d7114ae6925][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com][Certificate SHA-1: 4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58][Firefox][Validity: 2021-12-22 00:00:00 - 2022-12-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
|
||||
|
|
@ -150,7 +150,7 @@ JA Host Stats:
|
|||
23 TCP 192.168.1.245:55362 <-> 44.218.3.81:443 [proto: 91.411/TLS.Bluesky][Stack: TLS.Bluesky][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][4 pkts/931 bytes <-> 3 pkts/4550 bytes][Goodput ratio: 71/95][0.19 sec][Hostname/SNI: bsky.social][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/48 96/97 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 233/1517 725/4410 284/2046][nDPI Fingerprint: 6fd4981632b662065dfd7e0896907b0e][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
24 TCP 192.168.1.245:50142 <-> 3.136.49.254:443 [proto: 91.411/TLS.Bluesky][Stack: TLS.Bluesky][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][4 pkts/928 bytes <-> 3 pkts/4550 bytes][Goodput ratio: 71/95][0.24 sec][Hostname/SNI: bsky.app][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.661 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 78/60 117/119 55/60][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 232/1517 722/4410 283/2046][nDPI Fingerprint: 6fd4981632b662065dfd7e0896907b0e][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
25 TCP 192.168.1.128:57878 <-> 52.113.194.132:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 6][cat: Collaborative/15][Breed: Acceptable][3 pkts/857 bytes <-> 5 pkts/4534 bytes][Goodput ratio: 79/94][0.08 sec][Hostname/SNI: teams.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 32/16 44/36 12/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/907 571/1514 209/591][nDPI Fingerprint: f405dac8aa2f0b5ee1d6f28bd6582412][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][ServerNames: teams.office.com][JA3S: 104071bf77c5f0d7bae5f17542ba9428][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=teams.office.com][Certificate SHA-1: 27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80][Chrome][Validity: 2021-09-06 22:02:06 - 2022-09-06 22:02:06][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
|
||||
26 TCP 192.168.1.128:57336 <-> 23.1.68.189:443 [proto: 91.231/TLS.Playstation][Stack: TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/849 bytes <-> 5 pkts/4459 bytes][Goodput ratio: 76/92][0.07 sec][Hostname/SNI: www.playstation.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/0 24/12 24/23 0/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/892 583/1514 218/598][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: playstation.com,webforms.playstation.com,www.playstation.com][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com][Certificate SHA-1: 19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A][Firefox][Validity: 2021-11-19 00:00:00 - 2022-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
|
||||
26 TCP 192.168.1.128:57336 <-> 23.1.68.189:443 [proto: 91.231/TLS.Playstation][Stack: TLS.Playstation][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/849 bytes <-> 5 pkts/4459 bytes][Goodput ratio: 76/92][0.07 sec][Hostname/SNI: www.playstation.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.680 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/0 24/12 24/23 0/12][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/892 583/1514 218/598][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: playstation.com,webforms.playstation.com,www.playstation.com][JA3S: 19e4a55cecd087d9ebf88da03db13a0f][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com][Certificate SHA-1: 19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A][Firefox][Validity: 2021-11-19 00:00:00 - 2022-11-18 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
|
||||
27 TCP 192.168.1.128:45014 <-> 129.226.107.210:443 [proto: 91.202/TLS.IFLIX][Stack: TLS.IFLIX][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 285/Tencent, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Fun][3 pkts/792 bytes <-> 5 pkts/4228 bytes][Goodput ratio: 77/93][0.97 sec][Hostname/SNI: www.iflix.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.684 (Download)][IAT c2s/s2c min/avg/max/stddev: 324/0 325/162 326/326 1/163][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 264/846 571/1486 219/582][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3][Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com][Certificate SHA-1: 6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0][Firefox][Validity: 2022-01-18 00:00:00 - 2023-01-17 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0]
|
||||
28 TCP [2001:b07:a3d:c112:9a00:ba78:86b1:e177]:48594 <-> [2001:67c:4e8:f004::9]:443 [proto: 91.185/TLS.Telegram][Stack: TLS.Telegram][IP: 185/Telegram][Encrypted][Confidence: DPI][FPC: 185/Telegram, Confidence: IP address][DPI packets: 6][cat: Chat/9][Breed: Acceptable][3 pkts/930 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.04 sec][Hostname/SNI: web.telegram.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 17/18 8/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 750/3710 311/1706][nDPI Fingerprint: cb16f625c17eff4cf124899944c34885][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
29 TCP [2001:b07:a3d:c112:6ea5:ab52:9230:ba5]:35968 <-> [2a04:4e42:c00::347]:443 [proto: 91.412/TLS.Mastodon][Stack: TLS.Mastodon][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][3 pkts/929 bytes <-> 3 pkts/3890 bytes][Goodput ratio: 71/93][0.01 sec][Hostname/SNI: mastodon.social][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.614 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 2/2 2/4 0/2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 310/1297 749/3710 311/1706][nDPI Fingerprint: cb16f625c17eff4cf124899944c34885][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
|
|
@ -162,17 +162,17 @@ JA Host Stats:
|
|||
35 UDP 192.168.1.128:38642 <-> 216.58.212.142:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.03 sec][Hostname/SNI: hangouts.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][nDPI Fingerprint: 6b367fa615a4a426be02f014c0684ab7][TLSv1.3][QUIC ver: V-1][JA4: q13d0315h3_55b375c5d22e_9974e4f6be5b][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
|
||||
36 UDP 192.168.1.17:59392 -> 3.164.68.49:443 [proto: 188.450/QUIC.Kick][Stack: QUIC.Kick][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 2][cat: Video/26][Breed: Fun][3 pkts/2684 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][0.02 sec][Hostname/SNI: clips.kick.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 17c5c727938d4e42097b66453fdc0bcb][TLSv1.3][QUIC ver: V-1][JA4: q13d0314h3_55b375c5d22e_61e396c58b1f][ECH: version 0xfe0d][Firefox][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0]
|
||||
37 TCP 192.168.88.171:55280 <-> 124.237.225.21:443 [proto: 91.54/TLS.iQIYI][Stack: TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Streaming/17][Breed: Fun][3 pkts/691 bytes <-> 4 pkts/1680 bytes][Goodput ratio: 75/86][< 1 sec][Hostname/SNI: msg.qy.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.417 (Download)][IAT c2s/s2c min/avg/max/stddev: 295/2 296/198 297/297 1/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/420 571/1494 241/620][nDPI Fingerprint: dd5bd88edac30c493f5345d60d8c0f4e][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d3113h2_e8f1e7e78f70_1b3407e2c936][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
38 TCP 192.168.88.171:55468 <-> 184.86.2.194:443 [proto: 91.54/TLS.iQIYI][Stack: TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][Breed: Fun][3 pkts/742 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 76/89][0.05 sec][Hostname/SNI: stc.iqiyipic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.372 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/12 23/23 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 247/540 622/1494 265/675][nDPI Fingerprint: 73f3b8005a04de7aab82c07ea1680df4][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d1516h2_8daaf6152771_02713d6af862][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
38 TCP 192.168.88.171:55468 <-> 184.86.2.194:443 [proto: 91.54/TLS.iQIYI][Stack: TLS.iQIYI][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Streaming/17][Breed: Fun][3 pkts/742 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 76/89][0.05 sec][Hostname/SNI: stc.iqiyipic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.372 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/12 23/23 12/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 247/540 622/1494 265/675][nDPI Fingerprint: 73f3b8005a04de7aab82c07ea1680df4][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d1516h2_8daaf6152771_02713d6af862][JA3S: 15af977ce25de452b96affa2addb1036][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
39 TCP 192.168.88.231:33920 <-> 185.5.161.203:443 [proto: 91.389/TLS.ElectronicArts][Stack: TLS.ElectronicArts][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][0.08 sec][Hostname/SNI: origin-a.akamaihd.net][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/19 16/24 26/28 10/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 41926a47f6ed09d10df69418d212ae20][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d571100_131602cb7446_24695f2957a7][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
|
||||
40 TCP 192.168.88.171:49217 <-> 54.208.106.218:443 [proto: 91.59/TLS.AdobeConnect][Stack: TLS.AdobeConnect][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Acceptable][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][0.28 sec][Hostname/SNI: meet27083742.adobeconnect.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 69/70 138/139 69/70][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][nDPI Fingerprint: ac1867928681fc04fd12abce7c094c79][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d1516h2_8daaf6152771_e5627efa2ab1][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
41 TCP 192.168.88.171:55272 <-> 116.211.202.129:443 [proto: 91.54/TLS.iQIYI][Stack: TLS.iQIYI][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Streaming/17][Breed: Fun][3 pkts/691 bytes <-> 3 pkts/1620 bytes][Goodput ratio: 75/89][0.59 sec][Hostname/SNI: opportunarch.iqiyi.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/150 288/299 144/150][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 230/540 571/1494 241/675][nDPI Fingerprint: dd5bd88edac30c493f5345d60d8c0f4e][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d3113h2_e8f1e7e78f70_1b3407e2c936][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
42 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][Stack: TLS.eBay][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Shopping/27][Breed: Safe][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
42 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][Stack: TLS.eBay][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 4][cat: Shopping/27][Breed: Safe][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
43 TCP 192.168.1.128:42884 <-> 185.125.190.21:443 [proto: 91.169/TLS.Canonical][Stack: TLS.Canonical][IP: 169/Canonical][Encrypted][Confidence: DPI][FPC: 169/Canonical, Confidence: IP address][DPI packets: 4][cat: Cloud/13][Breed: Acceptable][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.06 sec][Hostname/SNI: assets.ubuntu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
44 TCP 192.168.1.128:45898 <-> 15.160.39.187:443 [proto: 91.254/TLS.AppleSiri][Stack: TLS.AppleSiri][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 4][cat: VirtAssistant/32][Breed: Acceptable][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: guzzoni.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
45 TCP 192.168.1.128:46264 <-> 23.51.246.65:443 [proto: 91.231/TLS.Playstation][Stack: TLS.Playstation][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: static.playstation.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
46 TCP 192.168.1.128:48140 <-> 23.1.66.79:443 [proto: 91.180/TLS.CNN][Stack: TLS.CNN][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Web/5][Breed: Safe][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: cdn.cnn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
47 TCP 192.168.1.128:48902 <-> 2.17.140.63:443 [proto: 91.47/TLS.Xbox][Stack: TLS.Xbox][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Game/8][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: account.xbox.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
48 TCP 192.168.1.128:51432 <-> 95.101.195.214:443 [proto: 91.137/TLS.Hulu][Stack: TLS.Hulu][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Streaming/17][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.05 sec][Hostname/SNI: hulu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
45 TCP 192.168.1.128:46264 <-> 23.51.246.65:443 [proto: 91.231/TLS.Playstation][Stack: TLS.Playstation][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 4][cat: Game/8][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: static.playstation.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
46 TCP 192.168.1.128:48140 <-> 23.1.66.79:443 [proto: 91.180/TLS.CNN][Stack: TLS.CNN][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 4][cat: Web/5][Breed: Safe][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: cdn.cnn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
47 TCP 192.168.1.128:48902 <-> 2.17.140.63:443 [proto: 91.47/TLS.Xbox][Stack: TLS.Xbox][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 4][cat: Game/8][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: account.xbox.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
48 TCP 192.168.1.128:51432 <-> 95.101.195.214:443 [proto: 91.137/TLS.Hulu][Stack: TLS.Hulu][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 4][cat: Streaming/17][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.05 sec][Hostname/SNI: hulu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
49 TCP 192.168.1.17:55956 <-> 188.114.99.224:443 [proto: 91.450/TLS.Kick][Stack: TLS.Kick][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 5][cat: Video/26][Breed: Fun][4 pkts/2165 bytes <-> 1 pkts/74 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: kick.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1717h2_5b57614c22b0_3cbfd9057e0d][ECH: version 0xfe0d][Firefox][PLAIN TEXT (kick.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
|
||||
50 TCP 192.168.1.128:33664 <-> 108.138.185.106:443 [proto: 91.240/TLS.AmazonVideo][Stack: TLS.AmazonVideo][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 464/AWS_Cloudfront, Confidence: IP address][DPI packets: 4][cat: Video/26][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: www.primevideo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
|
||||
51 TCP 192.168.1.128:39934 <-> 104.23.98.190:443 [proto: 91.232/TLS.Pastebin][Stack: TLS.Pastebin][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Download/7][Breed: Potentially_Dangerous][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: pastebin.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unsafe Protocol **][Risk Score: 10][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 7/3 (search/found)
|
||||
Patricia protocols: 6/4 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
|
|
@ -46,6 +46,6 @@ JA Host Stats:
|
|||
|
||||
1 TCP 192.168.12.67:47694 <-> 20.15.0.9:443 [proto: 91.435/TLS.Temu][Stack: TLS.Temu][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Shopping/27][Breed: Acceptable][10 pkts/1963 bytes <-> 10 pkts/5360 bytes][Goodput ratio: 71/90][0.54 sec][Hostname/SNI: gtm.temu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.464 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 61/49 282/342 86/112][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 196/536 571/1514 206/532][nDPI Fingerprint: 2710617e30b027cde91a3d354fd623a5][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA4: t13d1712h2_5b57614c22b0_3f5d972527c0][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,0,0,0,25,0,0,0,0,0,0,16,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
|
||||
2 TCP 192.168.12.67:43446 <-> 59.82.122.224:443 [proto: 91.436/TLS.Taobao][Stack: TLS.Taobao][IP: 274/Alibaba][Encrypted][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Shopping/27][Breed: Acceptable][9 pkts/2792 bytes <-> 6 pkts/4293 bytes][Goodput ratio: 82/92][0.78 sec][Hostname/SNI: umdc.taobao.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.212 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 111/64 269/253 125/109][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 310/716 1078/1514 359/618][nDPI Fingerprint: 721c6f8a55f4672396264d6e8820ee4d][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.2][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][ServerNames: *.alibabachengdun.com,*.alibabachengdun.net,umdc.aliapp.org,*.ynuf.aliapp.org,sgynuf.alibaba.com,pum.m.alibaba.com,ynuf.aliapp.org,mum.hzchengdun.com,mum.m.alibaba.com,umdc.alibaba-inc.com,umidiot.aliapp.org,us-mum.alibabachengdun.com,sg-pum.alibabachengdun.com,sg-pum.alibabachengdun.net,umdc.taobao.com,umdc.tmall.com,alibabachengdun.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3][Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alibabachengdun.com][Certificate SHA-1: A4:84:85:BF:7A:3D:54:C0:EE:F2:8B:39:E7:ED:56:FB:74:6B:5E:61][Safari][Validity: 2024-09-11 08:46:01 - 2025-09-04 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
|
||||
3 TCP 192.168.12.67:46892 <-> 2.23.155.106:443 [proto: 91.434/TLS.Shein][Stack: TLS.Shein][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Shopping/27][Breed: Acceptable][7 pkts/1067 bytes <-> 6 pkts/4013 bytes][Goodput ratio: 56/90][0.09 sec][Hostname/SNI: img.shein.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/5 58/19 21/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 152/669 583/1514 178/648][nDPI Fingerprint: 876baf153824c9e6ceec219dfe9697e6][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
|
||||
3 TCP 192.168.12.67:46892 <-> 2.23.155.106:443 [proto: 91.434/TLS.Shein][Stack: TLS.Shein][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Shopping/27][Breed: Acceptable][7 pkts/1067 bytes <-> 6 pkts/4013 bytes][Goodput ratio: 56/90][0.09 sec][Hostname/SNI: img.shein.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/5 58/19 21/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 152/669 583/1514 178/648][nDPI Fingerprint: 876baf153824c9e6ceec219dfe9697e6][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.3][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
|
||||
4 TCP 192.168.0.100:52124 <-> 213.180.193.9:80 [proto: 7.440/HTTP.YandexAlice][Stack: HTTP.YandexAlice][IP: 25/Yandex][ClearText][Confidence: DPI][FPC: 25/Yandex, Confidence: IP address][DPI packets: 6][cat: ConnCheck/30][Breed: Acceptable][6 pkts/532 bytes <-> 4 pkts/350 bytes][Goodput ratio: 24/22][0.02 sec][Hostname/SNI: scbh.yandex.net][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 7/8 3/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/88 194/144 47/33][URL: scbh.yandex.net/generate_204][StatusCode: 204][User-Agent: yandexmini_2/0.270.1.48.2683694502.20241115.199][TCP Fingerprint: 2_64_29200_d853e95bd80f/Linux][PLAIN TEXT (HEAD /generate)][Plen Bins: 0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 192.168.12.67:39974 <-> 151.101.1.233:443 [proto: 91.439/TLS.ParamountPlus][Stack: TLS.ParamountPlus][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Streaming/17][Breed: Fun][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.01 sec][Hostname/SNI: vod-gcs-cedexis.cbsaavideo.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TCP Fingerprint: 2_64_65535_685ad951a756/Android][TLSv1.2][JA4: t13d1513h1_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (cedexis.c)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Patricia risk mask: 2/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 1/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 6/0 (search/found)
|
||||
Patricia protocols: 4/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -33,6 +33,6 @@ Acceptable 20 10948 3
|
|||
Collaborative 1 1506 1
|
||||
RPC 19 9442 2
|
||||
|
||||
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 253/SOAP][Stack: SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RPC/16][Breed: Acceptable][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 253/SOAP][Stack: SOAP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 5][cat: RPC/16][Breed: Acceptable][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 253/SOAP][Stack: SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: RPC/16][Breed: Acceptable][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.253/HTTP.SOAP][Stack: HTTP.Microsoft365.SOAP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.253/HTTP.SOAP, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][Breed: Acceptable][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
|
||||
3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.253/HTTP.SOAP][Stack: HTTP.Microsoft365.SOAP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 7.253/HTTP.SOAP, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][Breed: Acceptable][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 4/0 (search/found)
|
||||
Patricia protocols: 3/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -32,5 +32,5 @@ Acceptable 2 490 2
|
|||
|
||||
RPC 2 490 2
|
||||
|
||||
1 UDP 23.220.116.175:427 -> 192.168.199.71:57782 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/404 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (Stella4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
1 UDP 23.220.116.175:427 -> 192.168.199.71:57782 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/404 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (Stella4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP 250.83.105.78:51708 -> 172.30.246.115:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (service)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 575/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 1240/31 (search/found)
|
||||
Patricia protocols: 1240/33 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -513,8 +513,8 @@ RPC 629 57125 620
|
|||
479 UDP 166.209.36.168:54765 -> 90.141.37.56:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
480 UDP 166.235.162.1:50338 -> 165.114.202.61:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
481 UDP 172.206.191.39:55684 -> 165.144.84.62:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 276/Azure][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
482 UDP 172.237.152.209:51708 -> 165.144.84.62:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
483 UDP 172.237.152.209:53093 -> 90.147.171.51:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
482 UDP 172.237.152.209:51708 -> 165.144.84.62:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
483 UDP 172.237.152.209:53093 -> 90.147.171.51:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
484 UDP 173.19.223.218:54527 -> 85.111.52.57:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
485 UDP 173.49.159.50:54834 -> 74.111.203.55:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
486 UDP 173.241.63.36:50984 -> 85.111.52.57:427 [proto: 347/Service_Location_Protocol][Stack: Service_Location_Protocol][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 347/Service_Location_Protocol, Confidence: DPI][DPI packets: 1][cat: RPC/16][Breed: Acceptable][1 pkts/71 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 11/3 (search/found)
|
||||
Patricia protocols: 8/6 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -41,10 +41,10 @@ JA Host Stats:
|
|||
2 162.254.198.46 1
|
||||
|
||||
|
||||
1 TCP 192.168.88.231:57749 <-> 23.52.29.119:443 [proto: 91.74/TLS.Steam][Stack: TLS.Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][5 pkts/1378 bytes <-> 5 pkts/1865 bytes][Goodput ratio: 75/82][< 1 sec][Hostname/SNI: api.steampowered.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.150 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 18/18 24/39 7/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 276/373 589/1494 253/562][nDPI Fingerprint: 291043470149ec517a9b8a845d2a888f][TCP Fingerprint: 2_64_65535_d227986fac6c/Unknown][TLSv1.3][JA4: t13d3213h2_85d9c3ed342d_e802cdec6a7f][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (67viP.eampowered.com)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
1 TCP 192.168.88.231:57749 <-> 23.52.29.119:443 [proto: 91.74/TLS.Steam][Stack: TLS.Steam][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Game/8][Breed: Fun][5 pkts/1378 bytes <-> 5 pkts/1865 bytes][Goodput ratio: 75/82][< 1 sec][Hostname/SNI: api.steampowered.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.150 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 8/0 18/18 24/39 7/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 276/373 589/1494 253/562][nDPI Fingerprint: 291043470149ec517a9b8a845d2a888f][TCP Fingerprint: 2_64_65535_d227986fac6c/Unknown][TLSv1.3][JA4: t13d3213h2_85d9c3ed342d_e802cdec6a7f][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (67viP.eampowered.com)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
2 TCP 192.168.88.231:54243 <-> 188.114.98.224:443 [proto: 91.386/TLS.Dota2][Stack: TLS.Dota2][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: Game/8][Breed: Fun][5 pkts/1378 bytes <-> 5 pkts/1167 bytes][Goodput ratio: 75/71][< 1 sec][Hostname/SNI: www.dota2.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 13/47 43/68 98/94 32/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 276/233 589/796 253/284][nDPI Fingerprint: 9fbe53b42f62cb64430b317e9fef532a][TCP Fingerprint: 2_64_65535_d227986fac6c/Unknown][TLSv1.3][JA4: t13d3213h1_85d9c3ed342d_e802cdec6a7f][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.88.231:42070 <-> 95.100.141.15:443 [proto: 91.74/TLS.Steam][Stack: TLS.Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][< 1 sec][Hostname/SNI: store.steampowered.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/12 24/24 12/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][nDPI Fingerprint: 1e04b7f32738fea98952c4f43da37ec2][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
|
||||
3 TCP 192.168.88.231:42070 <-> 95.100.141.15:443 [proto: 91.74/TLS.Steam][Stack: TLS.Steam][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Game/8][Breed: Fun][3 pkts/723 bytes <-> 3 pkts/1634 bytes][Goodput ratio: 71/87][< 1 sec][Hostname/SNI: store.steampowered.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.387 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 12/12 24/24 12/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/545 583/1494 242/671][nDPI Fingerprint: 1e04b7f32738fea98952c4f43da37ec2][TCP Fingerprint: 2_64_32120_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
|
||||
4 TCP 162.254.198.46:27038 <-> 192.168.88.231:50983 [proto: 91.74/TLS.Steam][Stack: TLS.Steam][IP: 74/Steam][Encrypted][Confidence: DPI][FPC: 74/Steam, Confidence: IP address][DPI packets: 4][cat: Game/8][Breed: Fun][2 pkts/1560 bytes <-> 2 pkts/625 bytes][Goodput ratio: 92/83][< 1 sec][Hostname/SNI: ext3-sto1.steamserver.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: 1a5a29cd4e57051c82d42e3ac1896358][TLSv1.3][JA4: t13d3213h2_85d9c3ed342d_e802cdec6a7f][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
5 TCP 192.168.88.231:59739 <-> 2.20.254.25:80 [proto: 7.74/HTTP.Steam][Stack: HTTP.Steam][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][6 pkts/629 bytes <-> 4 pkts/559 bytes][Goodput ratio: 36/51][< 1 sec][Hostname/SNI: test.steampowered.com][bytes ratio: 0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6002/2 30001/3 12000/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105/140 291/353 83/123][URL: test.steampowered.com/204][StatusCode: 204][Content-Type: text/plain][Server: AkamaiNetStorage][User-Agent: Valve/Steam HTTP Client 1.0][TCP Fingerprint: 2_64_65535_d227986fac6c/Unknown][PLAIN TEXT (GET /204 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 192.168.88.231:59739 <-> 2.20.254.25:80 [proto: 7.74/HTTP.Steam][Stack: HTTP.Steam][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Game/8][Breed: Fun][6 pkts/629 bytes <-> 4 pkts/559 bytes][Goodput ratio: 36/51][< 1 sec][Hostname/SNI: test.steampowered.com][bytes ratio: 0.059 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6002/2 30001/3 12000/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 105/140 291/353 83/123][URL: test.steampowered.com/204][StatusCode: 204][Content-Type: text/plain][Server: AkamaiNetStorage][User-Agent: Valve/Steam HTTP Client 1.0][TCP Fingerprint: 2_64_65535_d227986fac6c/Unknown][PLAIN TEXT (GET /204 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 UDP 192.168.88.231:27036 -> 192.168.88.255:27036 [proto: 74/Steam][Stack: Steam][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 74/Steam, Confidence: DPI][DPI packets: 1][cat: Game/8][Breed: Fun][6 pkts/924 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][22.02 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4403/0 15014/0 5613/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 154/0 226/0 72/0][PLAIN TEXT (localhost)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 UDP 192.168.88.231:46604 -> 155.133.252.86:27045 [proto: 235/SteamDatagramRelay][Stack: SteamDatagramRelay][IP: 74/Steam][ClearText][Confidence: DPI][FPC: 235/SteamDatagramRelay, Confidence: DPI][DPI packets: 1][cat: Game/8][Breed: Fun][2 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (sdping)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ LRU cache stun: 30/0/0 (insert/search/found)
|
|||
LRU cache tls_cert: 0/0/0 (insert/search/found)
|
||||
LRU cache mining: 0/3/0 (insert/search/found)
|
||||
LRU cache msteams: 19/6/6 (insert/search/found)
|
||||
LRU cache fpc_dns: 16/41/28 (insert/search/found)
|
||||
Automa host: 95/75 (search/found)
|
||||
LRU cache fpc_dns: 15/41/28 (insert/search/found)
|
||||
Automa host: 97/73 (search/found)
|
||||
Automa domain: 85/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 2/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -37,4 +37,4 @@ JA Host Stats:
|
|||
1 10.0.0.1 1
|
||||
|
||||
|
||||
1 TCP 10.0.0.1:31337 <-> 213.199.149.251:443 [proto: 91.276/TLS.Azure][Stack: TLS.Azure][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 6][cat: Cloud/13][Breed: Acceptable][1 pkts/181 bytes <-> 5 pkts/7024 bytes][Goodput ratio: 70/96][< 1 sec][Hostname/SNI: ads1.msads.net][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 181/968 181/1405 181/1514 0/218][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** TLS Cert Expired **][Risk Score: 300][Risk Info: 21/Oct/2011 16:42:03 - 20/Oct/2013 16:42:03 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA / TLSv1][nDPI Fingerprint: 067434be7db44506279b4ead6d6338c9][TLSv1][JA4: t10d120500_d94e65cdb899_c35b4a14be45][ServerNames: *.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: CN=Microsoft Secure Server Authority][Subject: C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net][Certificate SHA-1: FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B][Validity: 2011-10-21 16:42:03 - 2013-10-20 16:42:03][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0]
|
||||
1 TCP 10.0.0.1:31337 <-> 213.199.149.251:443 [proto: 91.276/TLS.Azure][Stack: TLS.Azure][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 6][cat: Cloud/13][Breed: Acceptable][1 pkts/181 bytes <-> 5 pkts/7024 bytes][Goodput ratio: 70/96][< 1 sec][Hostname/SNI: ads1.msads.net][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 181/968 181/1405 181/1514 0/218][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** TLS Cert Expired **** Mismatching Protocol with server IP address **][Risk Score: 400][Risk Info: nDPI protocol does not match the server IP address / 21/Oct/2011 16:42:03 - 20/Oct/2013 16:42:03 / Cipher TLS_RSA_WITH_AES_128][nDPI Fingerprint: 067434be7db44506279b4ead6d6338c9][TLSv1][JA4: t10d120500_d94e65cdb899_c35b4a14be45][ServerNames: *.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: CN=Microsoft Secure Server Authority][Subject: C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net][Certificate SHA-1: FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B][Validity: 2011-10-21 16:42:03 - 2013-10-20 16:42:03][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0]
|
||||
|
|
|
|||
|
|
@ -40,5 +40,5 @@ JA Host Stats:
|
|||
1 192.168.1.192 1
|
||||
|
||||
|
||||
1 TCP 192.168.1.192:63158 <-> 192.168.1.20:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Advertisement/101][Breed: Tracker_Ads][6 pkts/607 bytes <-> 5 pkts/345 bytes][Goodput ratio: 33/2][0.00 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/69 265/74 73/4][Risk: ** Obsolete TLS (v1.1 or older) **** TLS Fatal Alert **][Risk Score: 110][Risk Info: Found fatal TLS alert / TLSv1][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
1 TCP 192.168.1.192:63158 <-> 192.168.1.20:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Advertisement/101][Breed: Tracker_Ads][6 pkts/607 bytes <-> 5 pkts/345 bytes][Goodput ratio: 33/2][0.00 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/69 265/74 73/4][Risk: ** Obsolete TLS (v1.1 or older) **** Mismatching Protocol with server IP address **** TLS Fatal Alert **][Risk Score: 210][Risk Info: Found fatal TLS alert / nDPI protocol does not match the server IP address / TLSv1][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 192.168.2.100:37780 -> 160.44.202.202:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][7 pkts/533 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][3.67 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 612/0 1878/0 656/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 76/0 85/0 14/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Patricia risk mask: 4/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 1/0 (search/found)
|
||||
Patricia protocols: 41/27 (search/found)
|
||||
Patricia protocols: 39/29 (search/found)
|
||||
Patricia protocols IPv6: 2/0 (search/found)
|
||||
Hash malicious ja4: 8/0 (search/found)
|
||||
Hash malicious sha1: 8/0 (search/found)
|
||||
|
|
@ -65,8 +65,8 @@ JA Host Stats:
|
|||
8 TCP 192.168.1.121:53917 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/17 50/50 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
9 TCP 192.168.1.121:53918 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/17 51/51 23/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
10 TCP 192.168.1.121:53919 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/16 48/48 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
|
||||
11 TCP 192.168.1.121:53913 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 6][cat: Download/7][Breed: Acceptable][6 pkts/621 bytes <-> 5 pkts/2517 bytes][Goodput ratio: 34/87][0.04 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 20/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/503 279/1502 79/576][URL: www.microsoft.com/pkiops/certs/MicSecSerCA2011_2011-10-18.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pkiops/certs/MicSecSerCA)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
|
||||
12 TCP 192.168.1.121:53912 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][Breed: Acceptable][6 pkts/619 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 34/85][0.05 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 21/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/456 277/1502 78/558][URL: www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pki/certs/MicRooCerAut)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
|
||||
11 TCP 192.168.1.121:53913 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 6][cat: Download/7][Breed: Acceptable][6 pkts/621 bytes <-> 5 pkts/2517 bytes][Goodput ratio: 34/87][0.04 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 20/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/503 279/1502 79/576][URL: www.microsoft.com/pkiops/certs/MicSecSerCA2011_2011-10-18.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pkiops/certs/MicSecSerCA)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
|
||||
12 TCP 192.168.1.121:53912 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Download/7][Breed: Acceptable][6 pkts/619 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 34/85][0.05 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 21/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/456 277/1502 78/558][URL: www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pki/certs/MicRooCerAut)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
|
||||
13 UDP 192.168.1.121:52251 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][8 pkts/767 bytes <-> 8 pkts/1085 bytes][Goodput ratio: 56/69][1.01 sec][Hostname/SNI: 60.21.149.52.in-addr.arpa][0.0.0.0][DNS Id: 0xaa4b][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 165/2 988/5 368/2][Pkt Len c2s/s2c min/avg/max/stddev: 80/86 96/136 132/196 21/42][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (msnhst)][Plen Bins: 0,57,18,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
14 UDP 192.168.1.121:51998 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][3 pkts/255 bytes <-> 3 pkts/449 bytes][Goodput ratio: 50/72][1.02 sec][Hostname/SNI: 235.33.22.2.in-addr.arpa][0.0.0.0][DNS Id: 0xa2d1][DNS Ptr: a2-22-33-235.deploy.static.akamaitechnologies.com][bytes ratio: -0.276 (Download)][IAT c2s/s2c min/avg/max/stddev: 999/996 500/498 999/996 500/498][Pkt Len c2s/s2c min/avg/max/stddev: 84/131 85/150 86/171 1/16][PLAIN TEXT (deploy)][Plen Bins: 0,51,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
15 UDP 192.168.1.121:5353 -> 192.168.1.139:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 2/0 (search/found)
|
||||
Patricia protocols: 1/1 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 1/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
|
|
@ -37,4 +37,4 @@ JA Host Stats:
|
|||
1 192.168.2.126 1
|
||||
|
||||
|
||||
1 TCP 192.168.2.126:60174 <-> 104.111.215.93:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][86 pkts/8534 bytes <-> 96 pkts/109067 bytes][Goodput ratio: 33/94][71.34 sec][Hostname/SNI: www.repubblica.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1046/930 45462/45488 6189/5865][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 99/1136 902/1514 118/525][nDPI Fingerprint: 8d616b4e84d8201ec571d8eefc711d93][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][ServerNames: www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018][Subject: C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it][Certificate SHA-1: 0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1][Chrome][Validity: 2019-03-07 00:00:00 - 2020-05-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,4,3,1,1,0,2,3,0,0,1,0,1,0,0,1,0,0,0,6,0,0,0,1,0,1,0,0,1,0,0,13,0,0,0,0,2,0,0,1,1,0,0,0,54,0,0]
|
||||
1 TCP 192.168.2.126:60174 <-> 104.111.215.93:443 [proto: 91/TLS][Stack: TLS][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Safe][86 pkts/8534 bytes <-> 96 pkts/109067 bytes][Goodput ratio: 33/94][71.34 sec][Hostname/SNI: www.repubblica.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.855 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1046/930 45462/45488 6189/5865][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 99/1136 902/1514 118/525][nDPI Fingerprint: 8d616b4e84d8201ec571d8eefc711d93][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][ServerNames: www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018][Subject: C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it][Certificate SHA-1: 0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1][Chrome][Validity: 2019-03-07 00:00:00 - 2020-05-05 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,4,3,1,1,0,2,3,0,0,1,0,1,0,0,1,0,0,0,6,0,0,0,1,0,1,0,0,1,0,0,13,0,0,0,0,2,0,0,1,1,0,0,0,54,0,0]
|
||||
|
|
|
|||
|
|
@ -37,4 +37,4 @@ JA Host Stats:
|
|||
1 10.10.10.1 1
|
||||
|
||||
|
||||
1 TCP 10.10.10.1:443 <-> 192.168.0.1:59927 [proto: 91.463/TLS.AWS_S3][Stack: TLS.AWS_S3][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Cloud/13][Breed: Acceptable][9 pkts/5961 bytes <-> 1 pkts/571 bytes][Goodput ratio: 91/90][29.38 sec][Hostname/SNI: bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3672/0 15063/0 5728/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/571 662/571 1414/571 649/0][nDPI Fingerprint: 185917c2c68e40fcefbc020baabaecc4][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com][JA3S: 704239182a9091e4453fdbfe0fd17586][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=*.s3-eu-west-1.amazonaws.com][Certificate SHA-1: 5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76][Chrome][Validity: 2021-03-26 00:00:00 - 2022-03-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (Starfield Technologies)][Plen Bins: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,51,0,0,0,0,0]
|
||||
1 TCP 10.10.10.1:443 <-> 192.168.0.1:59927 [proto: 91.463/TLS.AWS_S3][Stack: TLS.AWS_S3][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Cloud/13][Breed: Acceptable][9 pkts/5961 bytes <-> 1 pkts/571 bytes][Goodput ratio: 91/90][29.38 sec][Hostname/SNI: bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3672/0 15063/0 5728/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/571 662/571 1414/571 649/0][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][nDPI Fingerprint: 185917c2c68e40fcefbc020baabaecc4][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com][JA3S: 704239182a9091e4453fdbfe0fd17586][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=*.s3-eu-west-1.amazonaws.com][Certificate SHA-1: 5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76][Chrome][Validity: 2021-03-26 00:00:00 - 2022-03-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (Starfield Technologies)][Plen Bins: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,51,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ Patricia risk mask: 88/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 69/45 (search/found)
|
||||
Patricia protocols: 68/46 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 49/0 (search/found)
|
||||
Hash malicious sha1: 28/0 (search/found)
|
||||
|
|
@ -77,7 +77,7 @@ JA Host Stats:
|
|||
25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][Breed: Acceptable][9 pkts/895 bytes <-> 8 pkts/4398 bytes][Goodput ratio: 43/90][3.11 sec][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263/413 1025/1231 416/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/550 380/2581 101/889][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20]
|
||||
26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.09 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 301/484 1105/1237 425/496][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
||||
27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.08 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 299/483 1096/1238 423/498][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
||||
28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
|
||||
28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
|
||||
29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][Breed: Acceptable][7 pkts/461 bytes <-> 6 pkts/4231 bytes][Goodput ratio: 14/92][4.09 sec][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596/745 1927/1038 776/424][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/705 117/2896 22/1054][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
||||
30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][6 pkts/407 bytes <-> 5 pkts/4177 bytes][Goodput ratio: 15/94][4.08 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018/992 2975/1922 1214/785][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/835 117/3961 23/1563][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_RC4_128_MD5 / TLSv1][nDPI Fingerprint: 2c04759858ac6f3d3b0a717deec501cb][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 1/0 (search/found)
|
||||
Patricia risk IPv6: 8/0 (search/found)
|
||||
Patricia protocols: 171/19 (search/found)
|
||||
Patricia protocols: 163/27 (search/found)
|
||||
Patricia protocols IPv6: 16/0 (search/found)
|
||||
Hash malicious ja4: 28/0 (search/found)
|
||||
Hash malicious sha1: 28/0 (search/found)
|
||||
|
|
@ -111,17 +111,17 @@ JA Host Stats:
|
|||
45 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][22.72 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 351/910 5597/910 20327/910 8509/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
46 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 4 pkts/280 bytes][Goodput ratio: 0/0][55.41 sec][bytes ratio: 0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 312/33511 13774/33511 33196/33511 13762/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/70 74/74 3/4][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
47 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/73 bytes <-> 1 pkts/537 bytes][Goodput ratio: 42/92][0.03 sec][Hostname/SNI: res.wx.qq.com][203.205.158.34][DNS Id: 0x30dd][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 259/0 12546/0 83360/0 26898/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 252/0 12622/0 82310/0 26534/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
50 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][104.85 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 13106/0 85920/0 27703/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
51 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.60 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 251/0 12574/0 82446/0 26589/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][104.22 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 239/0 13028/0 84664/0 27320/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][99.19 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 255/0 12398/0 82310/0 26558/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (PLTbOhOof)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
48 TCP 192.168.1.103:34981 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 259/0 12546/0 83360/0 26898/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
49 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.98 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 252/0 12622/0 82310/0 26534/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
50 TCP 192.168.1.103:34999 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][104.85 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 13106/0 85920/0 27703/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
51 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][100.60 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 251/0 12574/0 82446/0 26589/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
52 TCP 192.168.1.103:39207 -> 95.101.34.34:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][104.22 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 239/0 13028/0 84664/0 27320/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
53 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][9 pkts/594 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][99.19 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 255/0 12398/0 82310/0 26558/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (PLTbOhOof)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
54 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Safe][4 pkts/264 bytes <-> 4 pkts/319 bytes][Goodput ratio: 0/17][14.77 sec][bytes ratio: -0.094 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/39 4910/7364 14730/14688 6944/7324][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/80 66/121 0/24][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
55 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 3 pkts/214 bytes][Goodput ratio: 0/0][11.84 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 325/0 2960/0 9935/0 4045/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/71 74/74 3/4][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91/TLS][Stack: TLS][IP: 285/Tencent][Encrypted][Confidence: Match by port][FPC: 197/WeChat, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][5 pkts/338 bytes <-> 3 pkts/214 bytes][Goodput ratio: 0/0][11.56 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 2890/0 9679/0 3944/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/71 74/74 3/4][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Acceptable][8 pkts/528 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][90.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 232/0 12972/0 83248/0 28714/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Acceptable][8 pkts/528 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][94.52 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 13502/0 85920/0 29594/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 192.168.1.103:39195 -> 95.101.34.34:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][8 pkts/528 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][90.80 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 232/0 12972/0 83248/0 28714/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
58 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][8 pkts/528 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][94.52 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 267/0 13502/0 85920/0 29594/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 66/0 66/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
59 TCP 192.168.1.103:43851 <-> 203.205.158.34:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 48/QQ, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Safe][5 pkts/290 bytes <-> 4 pkts/234 bytes][Goodput ratio: 0/0][47.04 sec][bytes ratio: 0.107 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 301/1307 11760/23331 45054/45355 19226/22024][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 58/58 74/66 8/5][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
60 TCP 192.168.1.103:47627 <-> 216.58.205.78:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 7][cat: Web/5][Breed: Safe][3 pkts/198 bytes <-> 4 pkts/319 bytes][Goodput ratio: 0/17][14.77 sec][bytes ratio: -0.234 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/40 7363/7364 14726/14687 7363/7324][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/80 66/121 0/24][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
61 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][Breed: Safe][4 pkts/216 bytes <-> 4 pkts/253 bytes][Goodput ratio: 0/12][20.65 sec][bytes ratio: -0.079 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 39/652 6763/10145 19992/19638 9355/9493][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 54/63 54/85 0/13][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 1/0 (search/found)
|
||||
Patricia risk IPv6: 2/0 (search/found)
|
||||
Patricia protocols: 73/37 (search/found)
|
||||
Patricia protocols: 72/38 (search/found)
|
||||
Patricia protocols IPv6: 4/0 (search/found)
|
||||
Hash malicious ja4: 3/0 (search/found)
|
||||
Hash malicious sha1: 1/0 (search/found)
|
||||
|
|
@ -94,7 +94,7 @@ JA Host Stats:
|
|||
27 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.45/STUN.WhatsAppCall][Stack: STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][Breed: Acceptable][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][14.33 sec][Mapped IP/Port: 79.35.21.197:38779][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
28 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.45/STUN.WhatsAppCall][Stack: STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][Breed: Acceptable][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][14.33 sec][Mapped IP/Port: 79.35.21.197:38779][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
29 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.45/STUN.WhatsAppCall][Stack: STUN.WhatsAppCall][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 78.45/STUN.WhatsAppCall, Confidence: DPI][DPI packets: 5][cat: VoIP/10][Breed: Acceptable][3 pkts/504 bytes <-> 2 pkts/172 bytes][Goodput ratio: 75/51][14.33 sec][Mapped IP/Port: 79.35.21.197:38779][Plen Bins: 0,40,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
30 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Web/5][Breed: Safe][3 pkts/174 bytes <-> 2 pkts/217 bytes][Goodput ratio: 0/39][0.03 sec][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
30 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/TLS][Stack: TLS][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][3 pkts/174 bytes <-> 2 pkts/217 bytes][Goodput ratio: 0/39][0.03 sec][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
31 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][Breed: Acceptable][3 pkts/198 bytes <-> 2 pkts/132 bytes][Goodput ratio: 0/0][0.20 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
32 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/79 bytes <-> 1 pkts/251 bytes][Goodput ratio: 46/83][0.07 sec][Hostname/SNI: query.ess.apple.com][17.178.104.12][DNS Id: 0x34f8][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
33 UDP 192.168.2.4:52190 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/76 bytes <-> 1 pkts/204 bytes][Goodput ratio: 44/79][0.03 sec][Hostname/SNI: e13.whatsapp.net][158.85.233.52][DNS Id: 0xdfa3][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ LRU cache tls_cert: 0/2/0 (insert/search/found)
|
|||
LRU cache mining: 0/1/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/6/0 (insert/search/found)
|
||||
Automa host: 4/2 (search/found)
|
||||
Automa host: 5/1 (search/found)
|
||||
Automa domain: 3/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 0/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ Patricia risk mask: 2/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 1/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 6/0 (search/found)
|
||||
Patricia protocols: 4/2 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 0/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -37,6 +37,6 @@ Acceptable 20 10948 3
|
|||
Web 19 9442 2
|
||||
Collaborative 1 1506 1
|
||||
|
||||
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Web/5][Breed: Acceptable][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
1 TCP 192.168.2.100:50100 <-> 23.2.213.165:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: Match by port][FPC: 467/Akamai, Confidence: IP address][DPI packets: 14][cat: Web/5][Breed: Acceptable][7 pkts/4746 bytes <-> 7 pkts/752 bytes][Goodput ratio: 92/39][5.01 sec][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 989/1236 2486/2486 1098/1096][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 678/107 1506/362 717/104][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
|
||||
2 TCP 185.32.192.30:80 <-> 85.154.114.113:56028 [VLAN: 808][proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][Breed: Acceptable][3 pkts/2487 bytes <-> 2 pkts/1457 bytes][Goodput ratio: 92/92][0.34 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.075 (Executable?)][PLAIN TEXT (xml version)][Plen Bins: 0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.219/HTTP.Microsoft365][Stack: HTTP.Microsoft365][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.219/HTTP.Microsoft365, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][Breed: Acceptable][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
|
||||
3 TCP 192.168.2.100:50100 -> 23.2.213.165:4176 [proto: 7.219/HTTP.Microsoft365][Stack: HTTP.Microsoft365][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 7.219/HTTP.Microsoft365, Confidence: DPI][DPI packets: 1][cat: Collaborative/15][Breed: Acceptable][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Hostname/SNI: go.microsoft.com][URL: go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409][Req Content-Type: text/xml][User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT][Risk: ** Known Proto on Non Std Port **** Mismatching Protocol with server IP address **** Unidirectional Traffic **][Risk Score: 160][Risk Info: No server to client traffic / nDPI protocol does not match the server IP address / Expected on port 80][PLAIN TEXT (POST /fwlink/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ Patricia risk mask: 0/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 1/0 (search/found)
|
||||
Patricia risk IPv6: 5/0 (search/found)
|
||||
Patricia protocols: 82/10 (search/found)
|
||||
Patricia protocols: 77/15 (search/found)
|
||||
Patricia protocols IPv6: 10/0 (search/found)
|
||||
Hash malicious ja4: 14/0 (search/found)
|
||||
Hash malicious sha1: 7/0 (search/found)
|
||||
|
|
@ -65,15 +65,15 @@ JA Host Stats:
|
|||
1 TCP 192.168.2.17:50581 <-> 17.248.185.87:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Acceptable][56 pkts/68759 bytes <-> 21 pkts/9571 bytes][Goodput ratio: 95/85][2.03 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/111 655/803 103/219][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1228/456 1506/1506 541/618][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F][Safari][Validity: 2019-12-09 19:35:05 - 2021-01-07 19:45:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,90,0,0]
|
||||
2 TCP 192.168.2.17:50575 <-> 17.248.185.140:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 10][cat: Web/5][Breed: Acceptable][13 pkts/3193 bytes <-> 12 pkts/11035 bytes][Goodput ratio: 73/93][0.81 sec][Hostname/SNI: p26-fmfmobile.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/63 154/164 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 246/920 1224/1506 340/643][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2][Safari][Validity: 2019-12-09 19:44:02 - 2021-01-07 19:54:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,48,0,0]
|
||||
3 TCP 192.168.2.17:50580 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][25 pkts/5755 bytes <-> 20 pkts/8110 bytes][Goodput ratio: 71/84][2.03 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 86/55 651/521 172/132][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 230/406 1128/1506 292/508][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,32,8,0,8,4,0,0,0,0,0,8,0,0,0,0,8,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,12,0,0]
|
||||
4 TCP 192.168.2.17:50587 <-> 92.123.77.26:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][Breed: Fun][19 pkts/4724 bytes <-> 15 pkts/7108 bytes][Goodput ratio: 73/86][0.49 sec][Hostname/SNI: play.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/17 146/147 52/42][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 249/474 1506/1506 367/538][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 5,23,11,0,0,0,0,0,11,0,0,0,5,0,0,5,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0]
|
||||
5 TCP 192.168.2.17:50588 <-> 95.101.24.53:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][Breed: Fun][16 pkts/3753 bytes <-> 12 pkts/7714 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: sync.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 37/56 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/643 1506/1506 366/607][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 6,18,12,0,0,0,0,0,12,0,0,0,0,0,0,6,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,25,0,0]
|
||||
6 TCP 192.168.2.17:50576 <-> 95.101.25.53:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][15 pkts/2056 bytes <-> 12 pkts/8828 bytes][Goodput ratio: 49/91][0.38 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.622 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/22 36/80 13/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/736 583/1506 158/574][nDPI Fingerprint: 3b04572144a728c2faccf30986f300fa][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,7,0,31,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,15,0,0,0,0,15,0,0]
|
||||
4 TCP 192.168.2.17:50587 <-> 92.123.77.26:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][Breed: Fun][19 pkts/4724 bytes <-> 15 pkts/7108 bytes][Goodput ratio: 73/86][0.49 sec][Hostname/SNI: play.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/17 146/147 52/42][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 249/474 1506/1506 367/538][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 5,23,11,0,0,0,0,0,11,0,0,0,5,0,0,5,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0]
|
||||
5 TCP 192.168.2.17:50588 <-> 95.101.24.53:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][Breed: Fun][16 pkts/3753 bytes <-> 12 pkts/7714 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: sync.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 37/56 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/643 1506/1506 366/607][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 6,18,12,0,0,0,0,0,12,0,0,0,0,0,0,6,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,25,0,0]
|
||||
6 TCP 192.168.2.17:50576 <-> 95.101.25.53:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][15 pkts/2056 bytes <-> 12 pkts/8828 bytes][Goodput ratio: 49/91][0.38 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.622 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/22 36/80 13/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/736 583/1506 158/574][nDPI Fingerprint: 3b04572144a728c2faccf30986f300fa][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,7,0,31,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,15,0,0,0,0,15,0,0]
|
||||
7 TCP 192.168.2.17:50584 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][18 pkts/3421 bytes <-> 14 pkts/6608 bytes][Goodput ratio: 65/86][1.06 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.318 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/19 167/155 58/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 190/472 1084/1506 257/577][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,5,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
|
||||
8 TCP 192.168.2.17:50586 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][Stack: TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][17 pkts/3443 bytes <-> 13 pkts/6470 bytes][Goodput ratio: 67/87][0.54 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.305 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/20 162/160 58/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/498 1084/1506 268/585][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,0,0,5,0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
|
||||
9 TCP 192.168.2.17:50583 <-> 104.73.61.30:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][7 pkts/1003 bytes <-> 7 pkts/6968 bytes][Goodput ratio: 51/93][0.19 sec][Hostname/SNI: cl4.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.748 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/9 123/46 46/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143/995 583/1506 180/593][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,33,0,0]
|
||||
9 TCP 192.168.2.17:50583 <-> 104.73.61.30:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][7 pkts/1003 bytes <-> 7 pkts/6968 bytes][Goodput ratio: 51/93][0.19 sec][Hostname/SNI: cl4.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.748 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/9 123/46 46/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143/995 583/1506 180/593][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,33,0,0]
|
||||
10 TCP 192.168.2.17:50579 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][12 pkts/1803 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217/22 1961/130 583/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 150/674 583/1506 169/571][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
11 TCP 192.168.2.17:50578 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][12 pkts/1781 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 227/22 1825/131 537/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 148/674 583/1506 166/571][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
12 TCP 192.168.2.17:50582 <-> 92.122.252.82:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][6 pkts/925 bytes <-> 6 pkts/5702 bytes][Goodput ratio: 56/93][0.17 sec][Hostname/SNI: iphone-ld.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.721 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/25 122/123 49/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/950 583/1506 192/630][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,40,0,0]
|
||||
12 TCP 192.168.2.17:50582 <-> 92.122.252.82:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Safe][6 pkts/925 bytes <-> 6 pkts/5702 bytes][Goodput ratio: 56/93][0.17 sec][Hostname/SNI: iphone-ld.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.721 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/25 122/123 49/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/950 583/1506 192/630][nDPI Fingerprint: 68e7d5c63a724abe5e4fd82326712acd][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,40,0,0]
|
||||
13 TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][nDPI Fingerprint: 3b04572144a728c2faccf30986f300fa][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
|
||||
14 TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][Stack: TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][Hostname/SNI: gsa.apple.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][nDPI Fingerprint: 92587104b60337422ac6966cdaf76f9e][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h1_2802a3db6c62_845d286b0d67][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
|
||||
15 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][7 pkts/2394 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.15 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1022/0 7191/0 8962/0 2834/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (iPhone)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -39,4 +39,4 @@ Network 17 3553 4
|
|||
1 TCP [2001:b07:a3d:c112:b831:a73f:7974:e604]:49774 <-> [2001:b07:a3d:c112::1]:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Acceptable][6 pkts/490 bytes <-> 5 pkts/2156 bytes][Goodput ratio: 7/82][0.01 sec][Hostname/SNI: opentracker.io][45.9.60.30][DNS Id: 0x3d73][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/2 6/5 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 82/431 108/1294 13/481][TCP Fingerprint: 2_64_65535_108f896b6121/Unknown][PLAIN TEXT (opentracker)][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0]
|
||||
2 UDP [fe80::a00:27ff:feb3:e62e]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/371 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][< 1 sec][Hostname/SNI: e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][e.2.6.e.3.b.e.f.f.f.7.2.0.0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa][PLAIN TEXT (Android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5.142/DNS.WhatsApp][Stack: DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.142/DNS.WhatsApp, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5.126/DNS.Google][Stack: DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.example.com][0.0.0.0][DNS Id: 0xbc1f][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5.126/DNS.Google][Stack: DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.example.com][0.0.0.0][DNS Id: 0xbc1f][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -32,4 +32,4 @@ Acceptable 80 10969 1
|
|||
|
||||
Network 80 10969 1
|
||||
|
||||
1 UDP 192.168.1.204:50234 <-> 192.168.1.253:53 [proto: 5.126/DNS.Google][Stack: DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][40 pkts/3152 bytes <-> 40 pkts/7817 bytes][Goodput ratio: 47/78][403.67 sec][Hostname/SNI: www.google.com][142.251.209.36][DNS Id: 0x1655][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/9 11635/11637 110617/110608 23370/23370][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 79/195 94/356 9/104][PLAIN TEXT (google)][Plen Bins: 27,36,6,8,0,1,5,2,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
1 UDP 192.168.1.204:50234 <-> 192.168.1.253:53 [proto: 5.126/DNS.Google][Stack: DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][40 pkts/3152 bytes <-> 40 pkts/7817 bytes][Goodput ratio: 47/78][403.67 sec][Hostname/SNI: www.google.com][142.251.209.36][DNS Id: 0x1655][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/9 11635/11637 110617/110608 23370/23370][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 79/195 94/356 9/104][Risk: ** Mismatching Protocol with server IP address **][Risk Score: 100][Risk Info: nDPI protocol does not match the server IP address][PLAIN TEXT (google)][Plen Bins: 27,36,6,8,0,1,5,2,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ LRU cache tls_cert: 0/8/0 (insert/search/found)
|
|||
LRU cache mining: 0/15/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 14/37/13 (insert/search/found)
|
||||
Automa host: 246/71 (search/found)
|
||||
Automa host: 247/70 (search/found)
|
||||
Automa domain: 156/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 10/0 (search/found)
|
||||
|
|
@ -22,7 +22,7 @@ Patricia risk mask: 14/0 (search/found)
|
|||
Patricia risk mask IPv6: 6/0 (search/found)
|
||||
Patricia risk: 3/0 (search/found)
|
||||
Patricia risk IPv6: 25/0 (search/found)
|
||||
Patricia protocols: 287/57 (search/found)
|
||||
Patricia protocols: 286/58 (search/found)
|
||||
Patricia protocols IPv6: 50/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -33,7 +33,7 @@ Hash fp custom protos: 6/0 (search/found)
|
|||
|
||||
Unknown 19 5564 9
|
||||
DNS 17 1719 6
|
||||
HTTP 249 355379 34
|
||||
HTTP 253 357994 35
|
||||
MDNS 1 82 1
|
||||
NTP 1 90 1
|
||||
NetBIOS 26 2392 6
|
||||
|
|
@ -43,7 +43,7 @@ DHCP 24 8208 5
|
|||
QQ 30 6617 3
|
||||
TLS 124 28754 9
|
||||
DHCPV6 10 980 3
|
||||
Google 28 53166 3
|
||||
Google 24 50551 2
|
||||
LLMNR 91 6931 48
|
||||
PlayStore 2 1359 1
|
||||
GoogleServices 17 30330 1
|
||||
|
|
@ -161,7 +161,7 @@ JA Host Stats:
|
|||
55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [flowId: 106][proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: No ALPN / 192.168.115.75 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: aa7eafaa128c9b8a39bd010d912570a8][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [flowId: 14][proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [flowId: 195][proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Acceptable][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [flowId: 152][proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [flowId: 152][proto: 7/HTTP][Stack: HTTP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [flowId: 174][proto: 7/HTTP][Stack: HTTP][IP: 461/AWS_EC2][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [flowId: 112][proto: 91/TLS][Stack: TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0]
|
||||
61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [flowId: 1][proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -186,7 +186,7 @@ JA Host Stats:
|
|||
80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [flowId: 53][proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [flowId: 5][proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [flowId: 43][proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [flowId: 171][proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [flowId: 171][proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [flowId: 144][proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [flowId: 178][proto: 7/HTTP][Stack: HTTP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [flowId: 37][proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ LRU cache tls_cert: 0/0/0 (insert/search/found)
|
|||
LRU cache mining: 0/0/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/1/0 (insert/search/found)
|
||||
Automa host: 1/1 (search/found)
|
||||
Automa host: 2/0 (search/found)
|
||||
Automa domain: 1/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 1/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ LRU cache tls_cert: 0/8/0 (insert/search/found)
|
|||
LRU cache mining: 0/15/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 14/37/13 (insert/search/found)
|
||||
Automa host: 246/71 (search/found)
|
||||
Automa host: 247/70 (search/found)
|
||||
Automa domain: 156/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 10/0 (search/found)
|
||||
|
|
@ -26,7 +26,7 @@ Patricia risk mask: 14/0 (search/found)
|
|||
Patricia risk mask IPv6: 6/0 (search/found)
|
||||
Patricia risk: 3/0 (search/found)
|
||||
Patricia risk IPv6: 25/0 (search/found)
|
||||
Patricia protocols: 287/57 (search/found)
|
||||
Patricia protocols: 286/58 (search/found)
|
||||
Patricia protocols IPv6: 50/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -37,7 +37,7 @@ Hash fp custom protos: 6/0 (search/found)
|
|||
|
||||
Unknown 19 5564 9 144 28664 20 (*)
|
||||
DNS 17 1719 6 17 1719 6
|
||||
HTTP 249 355379 34 157 333410 26 (*)
|
||||
HTTP 253 357994 35 161 336025 27 (*)
|
||||
MDNS 1 82 1 1 82 1
|
||||
NTP 1 90 1 1 90 1
|
||||
NetBIOS 26 2392 6 26 2392 6
|
||||
|
|
@ -47,7 +47,7 @@ DHCP 24 8208 5 24 8208 5
|
|||
QQ 30 6617 3 30 6617 3
|
||||
TLS 124 28754 9 19 6840 2 (*)
|
||||
DHCPV6 10 980 3 10 980 3
|
||||
Google 28 53166 3 31 53342 4 (*)
|
||||
Google 24 50551 2 27 50727 3 (*)
|
||||
LLMNR 91 6931 48 91 6931 48
|
||||
PlayStore 2 1359 1 2 1359 1
|
||||
GoogleServices 17 30330 1 17 30330 1
|
||||
|
|
@ -137,7 +137,7 @@ JA Host Stats:
|
|||
55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: No ALPN / 192.168.115.75 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: aa7eafaa128c9b8a39bd010d912570a8][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Acceptable][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7/HTTP][Stack: HTTP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [proto: 7/HTTP][Stack: HTTP][IP: 461/AWS_EC2][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91/TLS][Stack: TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0]
|
||||
61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -162,7 +162,7 @@ JA Host Stats:
|
|||
80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][Stack: HTTP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ LRU cache tls_cert: 0/0/0 (insert/search/found)
|
|||
LRU cache mining: 0/3/0 (insert/search/found)
|
||||
LRU cache msteams: 19/6/6 (insert/search/found)
|
||||
LRU cache fpc_dns: 0/0/0 (insert/search/found)
|
||||
Automa host: 95/75 (search/found)
|
||||
Automa host: 97/73 (search/found)
|
||||
Automa domain: 85/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 2/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ LRU cache tls_cert: 0/8/0 (insert/search/found)
|
|||
LRU cache mining: 0/15/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 14/37/13 (insert/search/found)
|
||||
Automa host: 246/71 (search/found)
|
||||
Automa host: 247/70 (search/found)
|
||||
Automa domain: 156/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 10/0 (search/found)
|
||||
|
|
@ -23,7 +23,7 @@ Patricia risk mask: 14/0 (search/found)
|
|||
Patricia risk mask IPv6: 6/0 (search/found)
|
||||
Patricia risk: 3/0 (search/found)
|
||||
Patricia risk IPv6: 25/0 (search/found)
|
||||
Patricia protocols: 287/57 (search/found)
|
||||
Patricia protocols: 286/58 (search/found)
|
||||
Patricia protocols IPv6: 50/0 (search/found)
|
||||
Hash malicious ja4: 4/0 (search/found)
|
||||
Hash malicious sha1: 0/0 (search/found)
|
||||
|
|
@ -34,7 +34,7 @@ Hash fp custom protos: 6/0 (search/found)
|
|||
|
||||
Unknown 19 5564 9
|
||||
DNS 17 1719 6
|
||||
HTTP 246 355203 33
|
||||
HTTP 250 357818 34
|
||||
MDNS 1 82 1
|
||||
NTP 1 90 1
|
||||
NetBIOS 26 2392 6
|
||||
|
|
@ -44,7 +44,7 @@ DHCP 24 8208 5
|
|||
QQ 30 6617 3
|
||||
TLS 101 21320 8
|
||||
DHCPV6 10 980 3
|
||||
Google 31 53342 4
|
||||
Google 27 50727 3
|
||||
LLMNR 91 6931 48
|
||||
PlayStore 2 1359 1
|
||||
GoogleServices 17 30330 1
|
||||
|
|
@ -133,7 +133,7 @@ JA Host Stats:
|
|||
55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: No ALPN / 192.168.115.75 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: aa7eafaa128c9b8a39bd010d912570a8][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Acceptable][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7/HTTP][Stack: HTTP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [proto: 7/HTTP][Stack: HTTP][IP: 461/AWS_EC2][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91/TLS][Stack: TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0]
|
||||
61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
@ -158,7 +158,7 @@ JA Host Stats:
|
|||
80 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2965/0 5631/0 15155/0 3855/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
81 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1611 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.02 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 7126/0 24065/0 7503/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
82 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][9 pkts/1575 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5632/0 18024/0 4843/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
83 TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][Stack: HTTP][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
84 TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
85 TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][Stack: HTTP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
86 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Acceptable][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Patricia risk mask: 88/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 69/45 (search/found)
|
||||
Patricia protocols: 68/46 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 49/0 (search/found)
|
||||
Hash malicious sha1: 28/0 (search/found)
|
||||
|
|
@ -77,7 +77,7 @@ JA Host Stats:
|
|||
25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][Breed: Acceptable][9 pkts/895 bytes <-> 8 pkts/4398 bytes][Goodput ratio: 43/90][3.11 sec][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263/413 1025/1231 416/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/550 380/2581 101/889][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20]
|
||||
26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.09 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 301/484 1105/1237 425/496][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
||||
27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.08 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 299/483 1096/1238 423/498][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
||||
28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
|
||||
28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
|
||||
29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][Breed: Acceptable][7 pkts/461 bytes <-> 6 pkts/4231 bytes][Goodput ratio: 14/92][4.09 sec][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596/745 1927/1038 776/424][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/705 117/2896 22/1054][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
||||
30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][6 pkts/407 bytes <-> 5 pkts/4177 bytes][Goodput ratio: 15/94][4.08 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018/992 2975/1922 1214/785][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/835 117/3961 23/1563][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_RC4_128_MD5 / TLSv1][nDPI Fingerprint: 2c04759858ac6f3d3b0a717deec501cb][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ Patricia risk mask: 14/0 (search/found)
|
|||
Patricia risk mask IPv6: 0/0 (search/found)
|
||||
Patricia risk: 0/0 (search/found)
|
||||
Patricia risk IPv6: 0/0 (search/found)
|
||||
Patricia protocols: 82/40 (search/found)
|
||||
Patricia protocols: 75/47 (search/found)
|
||||
Patricia protocols IPv6: 0/0 (search/found)
|
||||
Hash malicious ja4: 20/0 (search/found)
|
||||
Hash malicious sha1: 16/0 (search/found)
|
||||
|
|
@ -54,12 +54,12 @@ JA Host Stats:
|
|||
|
||||
|
||||
1 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.3.140][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0]
|
||||
2 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Goodput ratio: 17/95][42.46 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 425/43 3643/161 850/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1378 312/1514 59/421][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][Content-Type: image/webp][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-2.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /af)][Plen Bins: 0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
|
||||
2 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Goodput ratio: 17/95][42.46 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 425/43 3643/161 850/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1378 312/1514 59/421][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][Content-Type: image/webp][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-2.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /af)][Plen Bins: 0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
|
||||
3 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][Hostname/SNI: 23.246.11.145][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.145][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
|
||||
4 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][Goodput ratio: 69/93][38.50 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1640/1232 30390/30443 6288/5475][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 211/964 1514/1514 376/637][Risk: ** TLS (probably) Not Carrying HTTPS **** Unresolved hostname **][Risk Score: 60][Risk Info: api-global.netflix.com / No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,5,5,0,2,2,5,0,0,0,0,0,0,0,2,2,0,0,0,2,0,2,0,0,0,0,0,0,0,2,5,0,0,0,0,0,0,0,0,0,0,0,2,0,0,57,0,0]
|
||||
5 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Video/26][Breed: Fun][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Goodput ratio: 20/95][1.39 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 28/35 45/81 10/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/1414 311/1514 64/366][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-1.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /8b)][Plen Bins: 0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0]
|
||||
5 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Fun][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Goodput ratio: 20/95][1.39 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 28/35 45/81 10/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/1414 311/1514 64/366][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-1.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /8b)][Plen Bins: 0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0]
|
||||
6 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.141][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (czGET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0]
|
||||
7 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Video/26][Breed: Fun][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Goodput ratio: 31/95][2.07 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166/94 1389/1416 394/300][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/1337 311/1514 81/428][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-1.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /4e)][Plen Bins: 0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
|
||||
7 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Fun][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Goodput ratio: 31/95][2.07 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166/94 1389/1416 394/300][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/1337 311/1514 81/428][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-1.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /4e)][Plen Bins: 0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
|
||||
8 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 461/AWS_EC2][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 10][cat: Video/26][Breed: Fun][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Goodput ratio: 72/94][31.31 sec][Hostname/SNI: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092/21 30728/135 9212/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 242/1136 1514/1514 405/584][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: application/x-msl+json][Server: appboot-:7001 i-0b273b4c40f4e78a3][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (POST /appboot/NFAPPL)][Plen Bins: 0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,75,0,0]
|
||||
9 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.141][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
|
||||
10 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.133][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
|
||||
|
|
@ -77,12 +77,12 @@ JA Host Stats:
|
|||
22 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.133][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
|
||||
23 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][17 pkts/2227 bytes <-> 16 pkts/20481 bytes][Goodput ratio: 46/95][2.05 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.804 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/5 143/82 730/279 218/83][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 131/1280 578/1514 162/436][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.3.140][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (oMrLRiWL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,73,0,0]
|
||||
24 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][Goodput ratio: 86/86][0.92 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/54 282/127 72/35][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 486/491 1514/1514 603/610][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d13b20842ba6aba0b08d1d9b953b074e][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,15,0,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,0,0,0,0,0,0,5,37,0,0]
|
||||
25 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Video/26][Breed: Fun][6 pkts/636 bytes <-> 13 pkts/16794 bytes][Goodput ratio: 34/95][0.87 sec][Hostname/SNI: tp.akam.nflximg.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/27 41/71 80/192 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1292 282/1514 79/521][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][Content-Type: text/plain][Server: Apache][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][Risk: ** HTTP Susp Content **** Unresolved hostname **][Risk Score: 150][Risk Info: tp.akam.nflximg.com / Susp content 89424946][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)][Plen Bins: 0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0]
|
||||
25 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Fun][6 pkts/636 bytes <-> 13 pkts/16794 bytes][Goodput ratio: 34/95][0.87 sec][Hostname/SNI: tp.akam.nflximg.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/27 41/71 80/192 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1292 282/1514 79/521][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][Content-Type: text/plain][Server: Apache][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][Risk: ** HTTP Susp Content **** Unresolved hostname **][Risk Score: 150][Risk Info: tp.akam.nflximg.com / Susp content 89424946][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)][Plen Bins: 0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0]
|
||||
26 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 461/AWS_EC2][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 12][cat: Video/26][Breed: Fun][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Goodput ratio: 91/87][31.72 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2877/42 31088/123 8921/33][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714/500 1514/1514 676/651][URL: api-global.netflix.com/msl/nrdjs/2.1.2][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: api-global.netflix.com][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,0,0,72,0,0]
|
||||
27 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][18 pkts/5661 bytes <-> 13 pkts/9059 bytes][Goodput ratio: 79/90][1.01 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: -0.231 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/96 322/423 89/121][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 314/697 1514/1514 477/667][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d13b20842ba6aba0b08d1d9b953b074e][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 13,13,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,6,0,0,0,0,6,0,0,34,0,0]
|
||||
28 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][22 pkts/6028 bytes <-> 18 pkts/7459 bytes][Goodput ratio: 76/84][38.49 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.106 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2129/2946 30585/30636 7105/8237][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 274/414 1514/1514 437/546][Risk: ** TLS (probably) Not Carrying HTTPS **** Unresolved hostname **][Risk Score: 60][Risk Info: api-global.netflix.com / No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,21,5,0,5,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0]
|
||||
29 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Goodput ratio: 26/94][32.06 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4565/34 30963/63 10780/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/1120 311/1514 72/644][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-2.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /87)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
|
||||
30 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][6 pkts/653 bytes <-> 10 pkts/12252 bytes][Goodput ratio: 37/95][0.33 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/13 43/34 101/70 35/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 109/1225 311/1514 91/578][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-2.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /5758)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
|
||||
29 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Goodput ratio: 26/94][32.06 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4565/34 30963/63 10780/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/1120 311/1514 72/644][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-2.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /87)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
|
||||
30 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][Stack: HTTP.NetFlix][IP: 467/Akamai][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][6 pkts/653 bytes <-> 10 pkts/12252 bytes][Goodput ratio: 37/95][0.33 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/13 43/34 101/70 35/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 109/1225 311/1514 91/578][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-2.nflximg.net][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /5758)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
|
||||
31 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][Goodput ratio: 83/80][30.85 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1923/16 30431/72 7361/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382/327 1514/1514 559/501][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: ichnaea.netflix.com][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,24,5,0,0,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,31,0,0]
|
||||
32 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][9 pkts/1658 bytes <-> 10 pkts/11113 bytes][Goodput ratio: 62/94][0.68 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/5 73/76 356/206 117/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 184/1111 581/1514 211/518][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.11.141][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,9,9,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0]
|
||||
33 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][Goodput ratio: 83/81][30.38 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2017/14 30033/55 7488/20][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399/343 1514/1514 569/514][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: ichnaea.netflix.com][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,18,6,0,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,31,0,0]
|
||||
|
|
@ -95,7 +95,7 @@ JA Host Stats:
|
|||
40 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 7][cat: Video/26][Breed: Fun][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][Goodput ratio: 70/86][0.32 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 24/22 72/63 26/25][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/465 1514/1514 382/579][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d13b20842ba6aba0b08d1d9b953b074e][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,25,0,8,0,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
|
||||
41 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][Goodput ratio: 74/84][30.77 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/22 143/79 43/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 253/423 1514/1514 422/512][Risk: ** TLS (probably) Not Carrying HTTPS **** Unresolved hostname **][Risk Score: 60][Risk Info: api-global.netflix.com / No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,9,0,0,9,0,9,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,18,0,0]
|
||||
42 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Video/26][Breed: Fun][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][Goodput ratio: 36/84][30.93 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2373/20 30602/58 8149/26][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 104/417 309/1514 78/548][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: api-global.netflix.com][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,23,15,0,0,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
|
||||
43 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 9][cat: Video/26][Breed: Fun][19 pkts/2356 bytes <-> 8 pkts/4069 bytes][Goodput ratio: 46/87][0.12 sec][Hostname/SNI: art-s.nflximg.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/7 26/21 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/509 293/1514 58/602][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-s.nflximg.net][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Firefox][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,28,39,0,5,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
|
||||
43 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 9][cat: Video/26][Breed: Fun][19 pkts/2356 bytes <-> 8 pkts/4069 bytes][Goodput ratio: 46/87][0.12 sec][Hostname/SNI: art-s.nflximg.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/7 26/21 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/509 293/1514 58/602][Risk: ** Unresolved hostname **][Risk Score: 50][Risk Info: art-s.nflximg.net][nDPI Fingerprint: 4622f42680948581d3f684ed1e8246dd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Firefox][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,28,39,0,5,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
|
||||
44 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7/HTTP][Stack: HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][FPC: 133/NetFlix, Confidence: IP address][DPI packets: 5][cat: Download/7][Breed: Acceptable][5 pkts/698 bytes <-> 5 pkts/5198 bytes][Goodput ratio: 51/93][0.08 sec][Hostname/SNI: 23.246.10.139][bytes ratio: -0.763 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/1 18/14 35/35 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 140/1040 422/1514 141/603][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary File/Data Transfer (Attempt) **][Risk Score: 60][Risk Info: Found binary mime octet-stream / Found host 23.246.10.139][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0]
|
||||
45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 133/NetFlix, Confidence: DNS][DPI packets: 6][cat: Video/26][Breed: Fun][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][Goodput ratio: 76/81][0.21 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/20 92/54 34/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283/355 1450/1066 419/413][Risk: ** TLS (probably) Not Carrying HTTPS **** Unresolved hostname **][Risk Score: 60][Risk Info: api-global.netflix.com / No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0]
|
||||
46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][Stack: TLS.NetFlix][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 6][cat: Video/26][Breed: Fun][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][Goodput ratio: 39/69][30.71 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3064/6120 30486/30536 9141/12208][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 108/215 309/989 83/296][Risk: ** TLS (probably) Not Carrying HTTPS **** Unresolved hostname **][Risk Score: 60][Risk Info: api-global.netflix.com / No ALPN][nDPI Fingerprint: 15361284fb021f89cd17f0128d681563][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,12,12,0,12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -276,468 +276,468 @@ IoT-Scada 4 232 4
|
|||
Crypto_Currency 2 116 2
|
||||
|
||||
1 TCP 172.16.0.8:36050 <-> 64.13.134.52:22 [proto: 92/SSH][Stack: SSH][IP: 0/Unknown][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.68 sec][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 620/domain][Stack: domain][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
2 TCP 172.16.0.8:36050 <-> 64.13.134.52:53 [proto: 621/domain][Stack: domain][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.09 sec][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
3 TCP 172.16.0.8:36050 <-> 64.13.134.52:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes <-> 4 pkts/240 bytes][Goodput ratio: 0/0][21.27 sec][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
4 TCP 172.16.0.8:36050 <-> 64.13.134.52:25 [proto: 3/SMTP][Stack: SMTP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Email/3][Breed: Acceptable][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 172.16.0.8:36050 <-> 64.13.134.52:70 [proto: 675/gopher][Stack: gopher][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 TCP 172.16.0.8:36050 <-> 64.13.134.52:113 [proto: 519/auth][Stack: auth][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 TCP 172.16.0.8:36061 <-> 64.13.134.52:113 [proto: 519/auth][Stack: auth][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
8 TCP 172.16.0.8:36050 -> 64.13.134.52:1 [proto: 1063/tcpmux][Stack: tcpmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
9 TCP 172.16.0.8:36050 -> 64.13.134.52:3 [proto: 567/compressnet][Stack: compressnet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
10 TCP 172.16.0.8:36050 -> 64.13.134.52:7 [proto: 631/echo][Stack: echo][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
11 TCP 172.16.0.8:36050 -> 64.13.134.52:9 [proto: 612/discard][Stack: discard][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
12 TCP 172.16.0.8:36050 -> 64.13.134.52:13 [proto: 594/daytime][Stack: daytime][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
13 TCP 172.16.0.8:36050 -> 64.13.134.52:17 [proto: 939/qotd][Stack: qotd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
14 TCP 172.16.0.8:36050 -> 64.13.134.52:19 [proto: 550/chargen][Stack: chargen][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
15 TCP 172.16.0.8:36050 -> 64.13.134.52:20 [proto: 661/ftp][Stack: ftp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
5 TCP 172.16.0.8:36050 <-> 64.13.134.52:70 [proto: 676/gopher][Stack: gopher][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
6 TCP 172.16.0.8:36050 <-> 64.13.134.52:113 [proto: 520/auth][Stack: auth][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
7 TCP 172.16.0.8:36061 <-> 64.13.134.52:113 [proto: 520/auth][Stack: auth][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes <-> 1 pkts/60 bytes][Goodput ratio: 0/0][0.06 sec][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
8 TCP 172.16.0.8:36050 -> 64.13.134.52:1 [proto: 1064/tcpmux][Stack: tcpmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
9 TCP 172.16.0.8:36050 -> 64.13.134.52:3 [proto: 568/compressnet][Stack: compressnet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
10 TCP 172.16.0.8:36050 -> 64.13.134.52:7 [proto: 632/echo][Stack: echo][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
11 TCP 172.16.0.8:36050 -> 64.13.134.52:9 [proto: 613/discard][Stack: discard][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
12 TCP 172.16.0.8:36050 -> 64.13.134.52:13 [proto: 595/daytime][Stack: daytime][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
13 TCP 172.16.0.8:36050 -> 64.13.134.52:17 [proto: 940/qotd][Stack: qotd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
14 TCP 172.16.0.8:36050 -> 64.13.134.52:19 [proto: 551/chargen][Stack: chargen][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
15 TCP 172.16.0.8:36050 -> 64.13.134.52:20 [proto: 662/ftp][Stack: ftp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
16 TCP 172.16.0.8:36050 -> 64.13.134.52:21 [proto: 1/FTP_CONTROL][Stack: FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
17 TCP 172.16.0.8:36050 -> 64.13.134.52:23 [proto: 77/Telnet][Stack: Telnet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
18 TCP 172.16.0.8:36050 -> 64.13.134.52:33 [proto: 625/dsp][Stack: dsp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
19 TCP 172.16.0.8:36050 -> 64.13.134.52:37 [proto: 1074/time][Stack: time][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
20 TCP 172.16.0.8:36050 -> 64.13.134.52:42 [proto: 1127/wins][Stack: wins][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
21 TCP 172.16.0.8:36050 -> 64.13.134.52:43 [proto: 853/nicname][Stack: nicname][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
22 TCP 172.16.0.8:36050 -> 64.13.134.52:49 [proto: 1059/tacacs][Stack: tacacs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
23 TCP 172.16.0.8:36050 -> 64.13.134.52:79 [proto: 657/finger][Stack: finger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
24 TCP 172.16.0.8:36050 -> 64.13.134.52:82 [proto: 1134/xfer][Stack: xfer][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
25 TCP 172.16.0.8:36050 -> 64.13.134.52:83 [proto: 800/mit-ml][Stack: mit-ml][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
26 TCP 172.16.0.8:36050 -> 64.13.134.52:84 [proto: 582/ctf][Stack: ctf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
27 TCP 172.16.0.8:36050 -> 64.13.134.52:85 [proto: 800/mit-ml][Stack: mit-ml][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
18 TCP 172.16.0.8:36050 -> 64.13.134.52:33 [proto: 626/dsp][Stack: dsp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
19 TCP 172.16.0.8:36050 -> 64.13.134.52:37 [proto: 1075/time][Stack: time][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
20 TCP 172.16.0.8:36050 -> 64.13.134.52:42 [proto: 1128/wins][Stack: wins][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
21 TCP 172.16.0.8:36050 -> 64.13.134.52:43 [proto: 854/nicname][Stack: nicname][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
22 TCP 172.16.0.8:36050 -> 64.13.134.52:49 [proto: 1060/tacacs][Stack: tacacs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
23 TCP 172.16.0.8:36050 -> 64.13.134.52:79 [proto: 658/finger][Stack: finger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
24 TCP 172.16.0.8:36050 -> 64.13.134.52:82 [proto: 1135/xfer][Stack: xfer][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
25 TCP 172.16.0.8:36050 -> 64.13.134.52:83 [proto: 801/mit-ml][Stack: mit-ml][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
26 TCP 172.16.0.8:36050 -> 64.13.134.52:84 [proto: 583/ctf][Stack: ctf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
27 TCP 172.16.0.8:36050 -> 64.13.134.52:85 [proto: 801/mit-ml][Stack: mit-ml][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
28 TCP 172.16.0.8:36050 -> 64.13.134.52:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
29 TCP 172.16.0.8:36050 -> 64.13.134.52:89 [proto: 1045/su-mit-tg][Stack: su-mit-tg][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
30 TCP 172.16.0.8:36050 -> 64.13.134.52:90 [proto: 619/dnsix][Stack: dnsix][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
31 TCP 172.16.0.8:36050 -> 64.13.134.52:99 [proto: 792/metagram][Stack: metagram][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
32 TCP 172.16.0.8:36050 -> 64.13.134.52:106 [proto: 468/3com-tsmux][Stack: 3com-tsmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
33 TCP 172.16.0.8:36050 -> 64.13.134.52:109 [proto: 916/pop2][Stack: pop2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
29 TCP 172.16.0.8:36050 -> 64.13.134.52:89 [proto: 1046/su-mit-tg][Stack: su-mit-tg][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
30 TCP 172.16.0.8:36050 -> 64.13.134.52:90 [proto: 620/dnsix][Stack: dnsix][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
31 TCP 172.16.0.8:36050 -> 64.13.134.52:99 [proto: 793/metagram][Stack: metagram][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
32 TCP 172.16.0.8:36050 -> 64.13.134.52:106 [proto: 469/3com-tsmux][Stack: 3com-tsmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
33 TCP 172.16.0.8:36050 -> 64.13.134.52:109 [proto: 917/pop2][Stack: pop2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
34 TCP 172.16.0.8:36050 -> 64.13.134.52:110 [proto: 2/POP3][Stack: POP3][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Email/3][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
35 TCP 172.16.0.8:36050 -> 64.13.134.52:111 [proto: 1047/sunrpc][Stack: sunrpc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
36 TCP 172.16.0.8:36050 -> 64.13.134.52:119 [proto: 862/nntp][Stack: nntp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
37 TCP 172.16.0.8:36050 -> 64.13.134.52:125 [proto: 766/locus][Stack: locus][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
38 TCP 172.16.0.8:36050 -> 64.13.134.52:135 [proto: 641/epmap][Stack: epmap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
35 TCP 172.16.0.8:36050 -> 64.13.134.52:111 [proto: 1048/sunrpc][Stack: sunrpc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
36 TCP 172.16.0.8:36050 -> 64.13.134.52:119 [proto: 863/nntp][Stack: nntp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
37 TCP 172.16.0.8:36050 -> 64.13.134.52:125 [proto: 767/locus][Stack: locus][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
38 TCP 172.16.0.8:36050 -> 64.13.134.52:135 [proto: 642/epmap][Stack: epmap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
39 TCP 172.16.0.8:36050 -> 64.13.134.52:139 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
40 TCP 172.16.0.8:36050 -> 64.13.134.52:143 [proto: 4/IMAP][Stack: IMAP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Email/3][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
41 TCP 172.16.0.8:36050 -> 64.13.134.52:144 [proto: 1090/uma][Stack: uma][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
42 TCP 172.16.0.8:36050 -> 64.13.134.52:146 [proto: 739/iso-tp][Stack: iso-tp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
41 TCP 172.16.0.8:36050 -> 64.13.134.52:144 [proto: 1091/uma][Stack: uma][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
42 TCP 172.16.0.8:36050 -> 64.13.134.52:146 [proto: 740/iso-tp][Stack: iso-tp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
43 TCP 172.16.0.8:36050 -> 64.13.134.52:161 [proto: 14/SNMP][Stack: SNMP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
44 TCP 172.16.0.8:36050 -> 64.13.134.52:163 [proto: 562/cmip][Stack: cmip][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
44 TCP 172.16.0.8:36050 -> 64.13.134.52:163 [proto: 563/cmip][Stack: cmip][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
45 TCP 172.16.0.8:36050 -> 64.13.134.52:179 [proto: 13/BGP][Stack: BGP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
46 TCP 172.16.0.8:36050 -> 64.13.134.52:199 [proto: 1016/smux][Stack: smux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
47 TCP 172.16.0.8:36050 -> 64.13.134.52:211 [proto: 469/914c_g][Stack: 914c_g][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
48 TCP 172.16.0.8:36050 -> 64.13.134.52:212 [proto: 487/anet][Stack: anet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
49 TCP 172.16.0.8:36050 -> 64.13.134.52:222 [proto: 972/rsh-spx][Stack: rsh-spx][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
50 TCP 172.16.0.8:36050 -> 64.13.134.52:256 [proto: 946/rap][Stack: rap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
51 TCP 172.16.0.8:36050 -> 64.13.134.52:259 [proto: 646/esro][Stack: esro][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
52 TCP 172.16.0.8:36050 -> 64.13.134.52:264 [proto: 527/bgmp][Stack: bgmp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
53 TCP 172.16.0.8:36050 -> 64.13.134.52:280 [proto: 693/http-mgm][Stack: http-mgm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
54 TCP 172.16.0.8:36050 -> 64.13.134.52:301 [proto: 918/port301][Stack: port301][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
55 TCP 172.16.0.8:36050 -> 64.13.134.52:311 [proto: 511/asip][Stack: asip][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 172.16.0.8:36050 -> 64.13.134.52:366 [proto: 879/odmr][Stack: odmr][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
46 TCP 172.16.0.8:36050 -> 64.13.134.52:199 [proto: 1017/smux][Stack: smux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
47 TCP 172.16.0.8:36050 -> 64.13.134.52:211 [proto: 470/914c_g][Stack: 914c_g][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
48 TCP 172.16.0.8:36050 -> 64.13.134.52:212 [proto: 488/anet][Stack: anet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
49 TCP 172.16.0.8:36050 -> 64.13.134.52:222 [proto: 973/rsh-spx][Stack: rsh-spx][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
50 TCP 172.16.0.8:36050 -> 64.13.134.52:256 [proto: 947/rap][Stack: rap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
51 TCP 172.16.0.8:36050 -> 64.13.134.52:259 [proto: 647/esro][Stack: esro][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
52 TCP 172.16.0.8:36050 -> 64.13.134.52:264 [proto: 528/bgmp][Stack: bgmp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
53 TCP 172.16.0.8:36050 -> 64.13.134.52:280 [proto: 694/http-mgm][Stack: http-mgm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
54 TCP 172.16.0.8:36050 -> 64.13.134.52:301 [proto: 919/port301][Stack: port301][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
55 TCP 172.16.0.8:36050 -> 64.13.134.52:311 [proto: 512/asip][Stack: asip][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 172.16.0.8:36050 -> 64.13.134.52:366 [proto: 880/odmr][Stack: odmr][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 172.16.0.8:36050 -> 64.13.134.52:389 [proto: 112/LDAP][Stack: LDAP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
58 TCP 172.16.0.8:36050 -> 64.13.134.52:406 [proto: 716/imsp][Stack: imsp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
59 TCP 172.16.0.8:36050 -> 64.13.134.52:407 [proto: 1073/timbuktu][Stack: timbuktu][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
60 TCP 172.16.0.8:36050 -> 64.13.134.52:416 [proto: 1004/silverplatter][Stack: silverplatter][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
61 TCP 172.16.0.8:36050 -> 64.13.134.52:417 [proto: 884/onmux][Stack: onmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
62 TCP 172.16.0.8:36050 -> 64.13.134.52:425 [proto: 706/icad-elL][Stack: icad-elL][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
63 TCP 172.16.0.8:36050 -> 64.13.134.52:427 [proto: 1053/svrloc][Stack: svrloc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
64 TCP 172.16.0.8:36050 -> 64.13.134.52:443 [proto: 695/https][Stack: https][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
65 TCP 172.16.0.8:36050 -> 64.13.134.52:444 [proto: 1020/snpp][Stack: snpp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
66 TCP 172.16.0.8:36050 -> 64.13.134.52:445 [proto: 797/microsoft-ds][Stack: microsoft-ds][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
67 TCP 172.16.0.8:36050 -> 64.13.134.52:458 [proto: 498/appleqtc][Stack: appleqtc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
68 TCP 172.16.0.8:36050 -> 64.13.134.52:464 [proto: 754/kpasswd][Stack: kpasswd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
69 TCP 172.16.0.8:36050 -> 64.13.134.52:465 [proto: 1095/urd_igmpv3lite][Stack: urd_igmpv3lite][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
70 TCP 172.16.0.8:36050 -> 64.13.134.52:481 [proto: 907/ph][Stack: ph][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
71 TCP 172.16.0.8:36050 -> 64.13.134.52:497 [proto: 590/dantz][Stack: dantz][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
72 TCP 172.16.0.8:36050 -> 64.13.134.52:500 [proto: 735/isakmp][Stack: isakmp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
73 TCP 172.16.0.8:36050 -> 64.13.134.52:512 [proto: 650/exec_comsat][Stack: exec_comsat][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
74 TCP 172.16.0.8:36050 -> 64.13.134.52:513 [proto: 767/login_who][Stack: login_who][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
75 TCP 172.16.0.8:36050 -> 64.13.134.52:514 [proto: 999/shell_syslog][Stack: shell_syslog][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
76 TCP 172.16.0.8:36050 -> 64.13.134.52:515 [proto: 920/printer][Stack: printer][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
77 TCP 172.16.0.8:36050 -> 64.13.134.52:524 [proto: 832/ncp][Stack: ncp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
78 TCP 172.16.0.8:36050 -> 64.13.134.52:541 [proto: 1099/uucp][Stack: uucp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
79 TCP 172.16.0.8:36050 -> 64.13.134.52:543 [proto: 752/klogin][Stack: klogin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
80 TCP 172.16.0.8:36050 -> 64.13.134.52:544 [proto: 756/kshell][Stack: kshell][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
81 TCP 172.16.0.8:36050 -> 64.13.134.52:545 [proto: 498/appleqtc][Stack: appleqtc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
58 TCP 172.16.0.8:36050 -> 64.13.134.52:406 [proto: 717/imsp][Stack: imsp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
59 TCP 172.16.0.8:36050 -> 64.13.134.52:407 [proto: 1074/timbuktu][Stack: timbuktu][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
60 TCP 172.16.0.8:36050 -> 64.13.134.52:416 [proto: 1005/silverplatter][Stack: silverplatter][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
61 TCP 172.16.0.8:36050 -> 64.13.134.52:417 [proto: 885/onmux][Stack: onmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
62 TCP 172.16.0.8:36050 -> 64.13.134.52:425 [proto: 707/icad-elL][Stack: icad-elL][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
63 TCP 172.16.0.8:36050 -> 64.13.134.52:427 [proto: 1054/svrloc][Stack: svrloc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
64 TCP 172.16.0.8:36050 -> 64.13.134.52:443 [proto: 696/https][Stack: https][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
65 TCP 172.16.0.8:36050 -> 64.13.134.52:444 [proto: 1021/snpp][Stack: snpp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
66 TCP 172.16.0.8:36050 -> 64.13.134.52:445 [proto: 798/microsoft-ds][Stack: microsoft-ds][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
67 TCP 172.16.0.8:36050 -> 64.13.134.52:458 [proto: 499/appleqtc][Stack: appleqtc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
68 TCP 172.16.0.8:36050 -> 64.13.134.52:464 [proto: 755/kpasswd][Stack: kpasswd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
69 TCP 172.16.0.8:36050 -> 64.13.134.52:465 [proto: 1096/urd_igmpv3lite][Stack: urd_igmpv3lite][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
70 TCP 172.16.0.8:36050 -> 64.13.134.52:481 [proto: 908/ph][Stack: ph][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
71 TCP 172.16.0.8:36050 -> 64.13.134.52:497 [proto: 591/dantz][Stack: dantz][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
72 TCP 172.16.0.8:36050 -> 64.13.134.52:500 [proto: 736/isakmp][Stack: isakmp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
73 TCP 172.16.0.8:36050 -> 64.13.134.52:512 [proto: 651/exec_comsat][Stack: exec_comsat][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
74 TCP 172.16.0.8:36050 -> 64.13.134.52:513 [proto: 768/login_who][Stack: login_who][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
75 TCP 172.16.0.8:36050 -> 64.13.134.52:514 [proto: 1000/shell_syslog][Stack: shell_syslog][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
76 TCP 172.16.0.8:36050 -> 64.13.134.52:515 [proto: 921/printer][Stack: printer][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
77 TCP 172.16.0.8:36050 -> 64.13.134.52:524 [proto: 833/ncp][Stack: ncp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
78 TCP 172.16.0.8:36050 -> 64.13.134.52:541 [proto: 1100/uucp][Stack: uucp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
79 TCP 172.16.0.8:36050 -> 64.13.134.52:543 [proto: 753/klogin][Stack: klogin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
80 TCP 172.16.0.8:36050 -> 64.13.134.52:544 [proto: 757/kshell][Stack: kshell][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
81 TCP 172.16.0.8:36050 -> 64.13.134.52:545 [proto: 499/appleqtc][Stack: appleqtc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
82 TCP 172.16.0.8:36050 -> 64.13.134.52:548 [proto: 97/AFP][Stack: AFP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
83 TCP 172.16.0.8:36050 -> 64.13.134.52:554 [proto: 50/RTSP][Stack: RTSP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
84 TCP 172.16.0.8:36050 -> 64.13.134.52:555 [proto: 623/dsf][Stack: dsf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
85 TCP 172.16.0.8:36050 -> 64.13.134.52:563 [proto: 863/nntps][Stack: nntps][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
86 TCP 172.16.0.8:36050 -> 64.13.134.52:587 [proto: 1042/submission][Stack: submission][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
87 TCP 172.16.0.8:36050 -> 64.13.134.52:593 [proto: 694/http-rpc-epmap][Stack: http-rpc-epmap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
88 TCP 172.16.0.8:36050 -> 64.13.134.52:616 [proto: 985/sco][Stack: sco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
89 TCP 172.16.0.8:36050 -> 64.13.134.52:617 [proto: 985/sco][Stack: sco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
90 TCP 172.16.0.8:36050 -> 64.13.134.52:625 [proto: 599/dec_dlm][Stack: dec_dlm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
84 TCP 172.16.0.8:36050 -> 64.13.134.52:555 [proto: 624/dsf][Stack: dsf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
85 TCP 172.16.0.8:36050 -> 64.13.134.52:563 [proto: 864/nntps][Stack: nntps][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
86 TCP 172.16.0.8:36050 -> 64.13.134.52:587 [proto: 1043/submission][Stack: submission][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
87 TCP 172.16.0.8:36050 -> 64.13.134.52:593 [proto: 695/http-rpc-epmap][Stack: http-rpc-epmap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
88 TCP 172.16.0.8:36050 -> 64.13.134.52:616 [proto: 986/sco][Stack: sco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
89 TCP 172.16.0.8:36050 -> 64.13.134.52:617 [proto: 986/sco][Stack: sco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
90 TCP 172.16.0.8:36050 -> 64.13.134.52:625 [proto: 600/dec_dlm][Stack: dec_dlm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
91 TCP 172.16.0.8:36050 -> 64.13.134.52:631 [proto: 6/IPP][Stack: IPP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
92 TCP 172.16.0.8:36050 -> 64.13.134.52:636 [proto: 761/ldaps][Stack: ldaps][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
92 TCP 172.16.0.8:36050 -> 64.13.134.52:636 [proto: 762/ldaps][Stack: ldaps][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
93 TCP 172.16.0.8:36050 -> 64.13.134.52:646 [proto: 409/LDP][Stack: LDP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
94 TCP 172.16.0.8:36050 -> 64.13.134.52:648 [proto: 971/rrp][Stack: rrp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
95 TCP 172.16.0.8:36050 -> 64.13.134.52:666 [proto: 786/mdqs][Stack: mdqs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
96 TCP 172.16.0.8:36050 -> 64.13.134.52:667 [proto: 613/disclose][Stack: disclose][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
97 TCP 172.16.0.8:36050 -> 64.13.134.52:668 [proto: 787/mecomm][Stack: mecomm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
98 TCP 172.16.0.8:36050 -> 64.13.134.52:683 [proto: 572/corba-iiop][Stack: corba-iiop][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
99 TCP 172.16.0.8:36050 -> 64.13.134.52:687 [proto: 512/asipwismar][Stack: asipwismar][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
100 TCP 172.16.0.8:36050 -> 64.13.134.52:691 [proto: 813/msexch-routing][Stack: msexch-routing][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
101 TCP 172.16.0.8:36050 -> 64.13.134.52:700 [proto: 642/epp][Stack: epp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
102 TCP 172.16.0.8:36050 -> 64.13.134.52:705 [proto: 482/agentx][Stack: agentx][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
103 TCP 172.16.0.8:36050 -> 64.13.134.52:711 [proto: 555/cisco-tdp][Stack: cisco-tdp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
104 TCP 172.16.0.8:36050 -> 64.13.134.52:714 [proto: 733/iris][Stack: iris][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
94 TCP 172.16.0.8:36050 -> 64.13.134.52:648 [proto: 972/rrp][Stack: rrp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
95 TCP 172.16.0.8:36050 -> 64.13.134.52:666 [proto: 787/mdqs][Stack: mdqs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
96 TCP 172.16.0.8:36050 -> 64.13.134.52:667 [proto: 614/disclose][Stack: disclose][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
97 TCP 172.16.0.8:36050 -> 64.13.134.52:668 [proto: 788/mecomm][Stack: mecomm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
98 TCP 172.16.0.8:36050 -> 64.13.134.52:683 [proto: 573/corba-iiop][Stack: corba-iiop][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
99 TCP 172.16.0.8:36050 -> 64.13.134.52:687 [proto: 513/asipwismar][Stack: asipwismar][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
100 TCP 172.16.0.8:36050 -> 64.13.134.52:691 [proto: 814/msexch-routing][Stack: msexch-routing][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
101 TCP 172.16.0.8:36050 -> 64.13.134.52:700 [proto: 643/epp][Stack: epp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
102 TCP 172.16.0.8:36050 -> 64.13.134.52:705 [proto: 483/agentx][Stack: agentx][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
103 TCP 172.16.0.8:36050 -> 64.13.134.52:711 [proto: 556/cisco-tdp][Stack: cisco-tdp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
104 TCP 172.16.0.8:36050 -> 64.13.134.52:714 [proto: 734/iris][Stack: iris][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
105 TCP 172.16.0.8:36050 -> 64.13.134.52:749 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
106 TCP 172.16.0.8:36050 -> 64.13.134.52:765 [proto: 1120/webster][Stack: webster][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
107 TCP 172.16.0.8:36050 -> 64.13.134.52:777 [proto: 824/multiling-http][Stack: multiling-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
108 TCP 172.16.0.8:36050 -> 64.13.134.52:800 [proto: 784/mdbs_daemon][Stack: mdbs_daemon][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
109 TCP 172.16.0.8:36050 -> 64.13.134.52:801 [proto: 607/device][Stack: device][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
106 TCP 172.16.0.8:36050 -> 64.13.134.52:765 [proto: 1121/webster][Stack: webster][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
107 TCP 172.16.0.8:36050 -> 64.13.134.52:777 [proto: 825/multiling-http][Stack: multiling-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
108 TCP 172.16.0.8:36050 -> 64.13.134.52:800 [proto: 785/mdbs_daemon][Stack: mdbs_daemon][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
109 TCP 172.16.0.8:36050 -> 64.13.134.52:801 [proto: 608/device][Stack: device][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
110 TCP 172.16.0.8:36050 -> 64.13.134.52:873 [proto: 166/RSYNC][Stack: RSYNC][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
111 TCP 172.16.0.8:36050 -> 64.13.134.52:888 [proto: 473/accessbuilder][Stack: accessbuilder][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
112 TCP 172.16.0.8:36050 -> 64.13.134.52:900 [proto: 882/omginitialrefs][Stack: omginitialrefs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
113 TCP 172.16.0.8:36050 -> 64.13.134.52:901 [proto: 1011/smpnameres][Stack: smpnameres][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
114 TCP 172.16.0.8:36050 -> 64.13.134.52:902 [proto: 709/ideafarm][Stack: ideafarm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
115 TCP 172.16.0.8:36050 -> 64.13.134.52:903 [proto: 709/ideafarm][Stack: ideafarm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
116 TCP 172.16.0.8:36050 -> 64.13.134.52:911 [proto: 1132/xact-backup][Stack: xact-backup][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
117 TCP 172.16.0.8:36050 -> 64.13.134.52:912 [proto: 495/apex][Stack: apex][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
111 TCP 172.16.0.8:36050 -> 64.13.134.52:888 [proto: 474/accessbuilder][Stack: accessbuilder][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
112 TCP 172.16.0.8:36050 -> 64.13.134.52:900 [proto: 883/omginitialrefs][Stack: omginitialrefs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
113 TCP 172.16.0.8:36050 -> 64.13.134.52:901 [proto: 1012/smpnameres][Stack: smpnameres][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
114 TCP 172.16.0.8:36050 -> 64.13.134.52:902 [proto: 710/ideafarm][Stack: ideafarm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
115 TCP 172.16.0.8:36050 -> 64.13.134.52:903 [proto: 710/ideafarm][Stack: ideafarm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
116 TCP 172.16.0.8:36050 -> 64.13.134.52:911 [proto: 1133/xact-backup][Stack: xact-backup][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
117 TCP 172.16.0.8:36050 -> 64.13.134.52:912 [proto: 496/apex][Stack: apex][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
118 TCP 172.16.0.8:36050 -> 64.13.134.52:990 [proto: 311/FTPS][Stack: FTPS][IP: 0/Unknown][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: dc35321a2b21259e06875b77f1765678][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
119 TCP 172.16.0.8:36050 -> 64.13.134.52:992 [proto: 1068/telnets][Stack: telnets][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
119 TCP 172.16.0.8:36050 -> 64.13.134.52:992 [proto: 1069/telnets][Stack: telnets][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
120 TCP 172.16.0.8:36050 -> 64.13.134.52:993 [proto: 51/IMAPS][Stack: IMAPS][IP: 0/Unknown][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Email/3][Breed: Safe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: dc35321a2b21259e06875b77f1765678][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
121 TCP 172.16.0.8:36050 -> 64.13.134.52:995 [proto: 917/pop3s][Stack: pop3s][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
122 TCP 172.16.0.8:36050 -> 64.13.134.52:999 [proto: 666/garcon_applix][Stack: garcon_applix][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
123 TCP 172.16.0.8:36050 -> 64.13.134.52:1000 [proto: 542/cadlock2][Stack: cadlock2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
124 TCP 172.16.0.8:36050 -> 64.13.134.52:1010 [proto: 1050/surf][Stack: surf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
125 TCP 172.16.0.8:36050 -> 64.13.134.52:1021 [proto: 651/exp1][Stack: exp1][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
126 TCP 172.16.0.8:36050 -> 64.13.134.52:1022 [proto: 652/exp2][Stack: exp2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
127 TCP 172.16.0.8:36050 -> 64.13.134.52:1023 [proto: 546/carboncopy][Stack: carboncopy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
128 TCP 172.16.0.8:36050 -> 64.13.134.52:1034 [proto: 478/activesync][Stack: activesync][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
129 TCP 172.16.0.8:36050 -> 64.13.134.52:1037 [proto: 485/ams][Stack: ams][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
130 TCP 172.16.0.8:36050 -> 64.13.134.52:1042 [proto: 481/afrog][Stack: afrog][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
131 TCP 172.16.0.8:36050 -> 64.13.134.52:1055 [proto: 491/ansyslmd][Stack: ansyslmd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
132 TCP 172.16.0.8:36050 -> 64.13.134.52:1078 [proto: 522/avocent-proxy][Stack: avocent-proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
133 TCP 172.16.0.8:36050 -> 64.13.134.52:1079 [proto: 513/asprovatalk][Stack: asprovatalk][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
121 TCP 172.16.0.8:36050 -> 64.13.134.52:995 [proto: 918/pop3s][Stack: pop3s][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
122 TCP 172.16.0.8:36050 -> 64.13.134.52:999 [proto: 667/garcon_applix][Stack: garcon_applix][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
123 TCP 172.16.0.8:36050 -> 64.13.134.52:1000 [proto: 543/cadlock2][Stack: cadlock2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
124 TCP 172.16.0.8:36050 -> 64.13.134.52:1010 [proto: 1051/surf][Stack: surf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
125 TCP 172.16.0.8:36050 -> 64.13.134.52:1021 [proto: 652/exp1][Stack: exp1][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
126 TCP 172.16.0.8:36050 -> 64.13.134.52:1022 [proto: 653/exp2][Stack: exp2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
127 TCP 172.16.0.8:36050 -> 64.13.134.52:1023 [proto: 547/carboncopy][Stack: carboncopy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
128 TCP 172.16.0.8:36050 -> 64.13.134.52:1034 [proto: 479/activesync][Stack: activesync][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
129 TCP 172.16.0.8:36050 -> 64.13.134.52:1037 [proto: 486/ams][Stack: ams][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
130 TCP 172.16.0.8:36050 -> 64.13.134.52:1042 [proto: 482/afrog][Stack: afrog][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
131 TCP 172.16.0.8:36050 -> 64.13.134.52:1055 [proto: 492/ansyslmd][Stack: ansyslmd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
132 TCP 172.16.0.8:36050 -> 64.13.134.52:1078 [proto: 523/avocent-proxy][Stack: avocent-proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
133 TCP 172.16.0.8:36050 -> 64.13.134.52:1079 [proto: 514/asprovatalk][Stack: asprovatalk][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
134 TCP 172.16.0.8:36050 -> 64.13.134.52:1080 [proto: 172/SOCKS][Stack: SOCKS][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
135 TCP 172.16.0.8:36050 -> 64.13.134.52:1082 [proto: 486/amt-esd-prot][Stack: amt-esd-prot][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
136 TCP 172.16.0.8:36050 -> 64.13.134.52:1083 [proto: 490/ansoft-lm][Stack: ansoft-lm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
137 TCP 172.16.0.8:36050 -> 64.13.134.52:1084 [proto: 490/ansoft-lm][Stack: ansoft-lm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
138 TCP 172.16.0.8:36050 -> 64.13.134.52:1085 [proto: 1119/webobjects][Stack: webobjects][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
139 TCP 172.16.0.8:36050 -> 64.13.134.52:1098 [proto: 964/rmi][Stack: rmi][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
140 TCP 172.16.0.8:36050 -> 64.13.134.52:1099 [proto: 964/rmi][Stack: rmi][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
141 TCP 172.16.0.8:36050 -> 64.13.134.52:1102 [proto: 479/adobeserver][Stack: adobeserver][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
142 TCP 172.16.0.8:36050 -> 64.13.134.52:1110 [proto: 852/nfsd][Stack: nfsd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
143 TCP 172.16.0.8:36050 -> 64.13.134.52:1117 [proto: 504/ardus][Stack: ardus][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
135 TCP 172.16.0.8:36050 -> 64.13.134.52:1082 [proto: 487/amt-esd-prot][Stack: amt-esd-prot][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
136 TCP 172.16.0.8:36050 -> 64.13.134.52:1083 [proto: 491/ansoft-lm][Stack: ansoft-lm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
137 TCP 172.16.0.8:36050 -> 64.13.134.52:1084 [proto: 491/ansoft-lm][Stack: ansoft-lm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
138 TCP 172.16.0.8:36050 -> 64.13.134.52:1085 [proto: 1120/webobjects][Stack: webobjects][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
139 TCP 172.16.0.8:36050 -> 64.13.134.52:1098 [proto: 965/rmi][Stack: rmi][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
140 TCP 172.16.0.8:36050 -> 64.13.134.52:1099 [proto: 965/rmi][Stack: rmi][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
141 TCP 172.16.0.8:36050 -> 64.13.134.52:1102 [proto: 480/adobeserver][Stack: adobeserver][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
142 TCP 172.16.0.8:36050 -> 64.13.134.52:1110 [proto: 853/nfsd][Stack: nfsd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
143 TCP 172.16.0.8:36050 -> 64.13.134.52:1117 [proto: 505/ardus][Stack: ardus][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
144 TCP 172.16.0.8:36050 -> 64.13.134.52:1119 [proto: 213/Blizzard][Stack: Blizzard][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Game/8][Breed: Fun][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
145 TCP 172.16.0.8:36050 -> 64.13.134.52:1122 [proto: 520/availant-mgr][Stack: availant-mgr][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
146 TCP 172.16.0.8:36050 -> 64.13.134.52:1352 [proto: 768/lotusnote][Stack: lotusnote][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
147 TCP 172.16.0.8:36050 -> 64.13.134.52:1433 [proto: 822/ms-sql][Stack: ms-sql][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
145 TCP 172.16.0.8:36050 -> 64.13.134.52:1122 [proto: 521/availant-mgr][Stack: availant-mgr][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
146 TCP 172.16.0.8:36050 -> 64.13.134.52:1352 [proto: 769/lotusnote][Stack: lotusnote][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
147 TCP 172.16.0.8:36050 -> 64.13.134.52:1433 [proto: 823/ms-sql][Stack: ms-sql][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
148 TCP 172.16.0.8:36050 -> 64.13.134.52:1434 [proto: 114/MsSQL-TDS][Stack: MsSQL-TDS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
149 TCP 172.16.0.8:36050 -> 64.13.134.52:1494 [proto: 557/citrix_ica][Stack: citrix_ica][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
150 TCP 172.16.0.8:36050 -> 64.13.134.52:1503 [proto: 842/netmeeting][Stack: netmeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
149 TCP 172.16.0.8:36050 -> 64.13.134.52:1494 [proto: 558/citrix_ica][Stack: citrix_ica][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
150 TCP 172.16.0.8:36050 -> 64.13.134.52:1503 [proto: 843/netmeeting][Stack: netmeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
151 TCP 172.16.0.8:36050 -> 64.13.134.52:1521 [proto: 167/Oracle][Stack: Oracle][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
152 TCP 172.16.0.8:36050 -> 64.13.134.52:1524 [proto: 892/oracle_1522-1546][Stack: oracle_1522-1546][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
153 TCP 172.16.0.8:36050 -> 64.13.134.52:1533 [proto: 892/oracle_1522-1546][Stack: oracle_1522-1546][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
154 TCP 172.16.0.8:36050 -> 64.13.134.52:1666 [proto: 904/perforce][Stack: perforce][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
152 TCP 172.16.0.8:36050 -> 64.13.134.52:1524 [proto: 893/oracle_1522-1546][Stack: oracle_1522-1546][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
153 TCP 172.16.0.8:36050 -> 64.13.134.52:1533 [proto: 893/oracle_1522-1546][Stack: oracle_1522-1546][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
154 TCP 172.16.0.8:36050 -> 64.13.134.52:1666 [proto: 905/perforce][Stack: perforce][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
155 TCP 172.16.0.8:36050 -> 64.13.134.52:1719 [proto: 158/H323][Stack: H323][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
156 TCP 172.16.0.8:36050 -> 64.13.134.52:1720 [proto: 842/netmeeting][Stack: netmeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
156 TCP 172.16.0.8:36050 -> 64.13.134.52:1720 [proto: 843/netmeeting][Stack: netmeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
157 TCP 172.16.0.8:36050 -> 64.13.134.52:1723 [proto: 115/PPTP][Stack: PPTP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
158 TCP 172.16.0.8:36050 -> 64.13.134.52:1755 [proto: 810/MSNetShow][Stack: MSNetShow][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
159 TCP 172.16.0.8:36050 -> 64.13.134.52:1801 [proto: 816/msmq][Stack: msmq][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
158 TCP 172.16.0.8:36050 -> 64.13.134.52:1755 [proto: 811/MSNetShow][Stack: MSNetShow][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
159 TCP 172.16.0.8:36050 -> 64.13.134.52:1801 [proto: 817/msmq][Stack: msmq][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
160 TCP 172.16.0.8:36050 -> 64.13.134.52:1812 [proto: 146/Radius][Stack: Radius][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
161 TCP 172.16.0.8:36050 -> 64.13.134.52:1863 [proto: 817/MSN][Stack: MSN][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
161 TCP 172.16.0.8:36050 -> 64.13.134.52:1863 [proto: 818/MSN][Stack: MSN][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
162 TCP 172.16.0.8:36050 -> 64.13.134.52:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
163 TCP 172.16.0.8:36050 -> 64.13.134.52:1935 [proto: 174/RTMP][Stack: RTMP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Media/1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
164 TCP 172.16.0.8:36050 -> 64.13.134.52:2000 [proto: 164/CiscoSkinny][Stack: CiscoSkinny][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
165 TCP 172.16.0.8:36050 -> 64.13.134.52:2002 [proto: 383/Roughtime][Stack: Roughtime][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
166 TCP 172.16.0.8:36050 -> 64.13.134.52:2049 [proto: 11/NFS][Stack: NFS][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
167 TCP 172.16.0.8:36050 -> 64.13.134.52:2190 [proto: 308/TiVoConnect][Stack: TiVoConnect][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Fun][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
168 TCP 172.16.0.8:36050 -> 64.13.134.52:2196 [proto: 497/apple-push][Stack: apple-push][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
169 TCP 172.16.0.8:36050 -> 64.13.134.52:2401 [proto: 586/cvspserver][Stack: cvspserver][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
168 TCP 172.16.0.8:36050 -> 64.13.134.52:2196 [proto: 498/apple-push][Stack: apple-push][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
169 TCP 172.16.0.8:36050 -> 64.13.134.52:2401 [proto: 587/cvspserver][Stack: cvspserver][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
170 TCP 172.16.0.8:36050 -> 64.13.134.52:2604 [proto: 184/OSPF][Stack: OSPF][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Safe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
171 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][Stack: BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
172 TCP 172.16.0.8:36050 -> 64.13.134.52:2701 [proto: 1013/sms][Stack: sms][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
173 TCP 172.16.0.8:36050 -> 64.13.134.52:2702 [proto: 1013/sms][Stack: sms][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
174 TCP 172.16.0.8:36050 -> 64.13.134.52:3001 [proto: 834/NessusSecScan][Stack: NessusSecScan][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
175 TCP 172.16.0.8:36050 -> 64.13.134.52:3031 [proto: 643/eppc][Stack: eppc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
176 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 1030/squid-proxy][Stack: squid-proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
177 TCP 172.16.0.8:36050 -> 64.13.134.52:3268 [proto: 814/msft-gc][Stack: msft-gc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
178 TCP 172.16.0.8:36050 -> 64.13.134.52:3269 [proto: 814/msft-gc][Stack: msft-gc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
179 TCP 172.16.0.8:36050 -> 64.13.134.52:3283 [proto: 837/net-assistant][Stack: net-assistant][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
172 TCP 172.16.0.8:36050 -> 64.13.134.52:2701 [proto: 1014/sms][Stack: sms][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
173 TCP 172.16.0.8:36050 -> 64.13.134.52:2702 [proto: 1014/sms][Stack: sms][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
174 TCP 172.16.0.8:36050 -> 64.13.134.52:3001 [proto: 835/NessusSecScan][Stack: NessusSecScan][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
175 TCP 172.16.0.8:36050 -> 64.13.134.52:3031 [proto: 644/eppc][Stack: eppc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
176 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 1031/squid-proxy][Stack: squid-proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
177 TCP 172.16.0.8:36050 -> 64.13.134.52:3268 [proto: 815/msft-gc][Stack: msft-gc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
178 TCP 172.16.0.8:36050 -> 64.13.134.52:3269 [proto: 815/msft-gc][Stack: msft-gc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
179 TCP 172.16.0.8:36050 -> 64.13.134.52:3283 [proto: 838/net-assistant][Stack: net-assistant][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
180 TCP 172.16.0.8:36050 -> 64.13.134.52:3300 [proto: 381/Ceph][Stack: Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
181 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][Stack: MySQL][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
182 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 951/remotedesktop][Stack: remotedesktop][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
183 TCP 172.16.0.8:36050 -> 64.13.134.52:3659 [proto: 499/apple-sasl][Stack: apple-sasl][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
184 TCP 172.16.0.8:36050 -> 64.13.134.52:3689 [proto: 743/iTunes][Stack: iTunes][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
185 TCP 172.16.0.8:36050 -> 64.13.134.52:3690 [proto: 1052/svn][Stack: svn][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
186 TCP 172.16.0.8:36050 -> 64.13.134.52:4000 [proto: 708/icq][Stack: icq][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
187 TCP 172.16.0.8:36050 -> 64.13.134.52:4111 [proto: 1136/xgrid][Stack: xgrid][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
182 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 952/remotedesktop][Stack: remotedesktop][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
183 TCP 172.16.0.8:36050 -> 64.13.134.52:3659 [proto: 500/apple-sasl][Stack: apple-sasl][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
184 TCP 172.16.0.8:36050 -> 64.13.134.52:3689 [proto: 744/iTunes][Stack: iTunes][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
185 TCP 172.16.0.8:36050 -> 64.13.134.52:3690 [proto: 1053/svn][Stack: svn][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
186 TCP 172.16.0.8:36050 -> 64.13.134.52:4000 [proto: 709/icq][Stack: icq][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
187 TCP 172.16.0.8:36050 -> 64.13.134.52:4111 [proto: 1137/xgrid][Stack: xgrid][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
188 TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][Stack: Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
189 TCP 172.16.0.8:36050 -> 64.13.134.52:4662 [proto: 36/eDonkey][Stack: eDonkey][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
190 TCP 172.16.0.8:36050 -> 64.13.134.52:4899 [proto: 391/Radmin][Stack: Radmin][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
191 TCP 172.16.0.8:36050 -> 64.13.134.52:5001 [proto: 243/TargusDataspeed][Stack: TargusDataspeed][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
192 TCP 172.16.0.8:36050 -> 64.13.134.52:5003 [proto: 660/fmpro-internal][Stack: fmpro-internal][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
192 TCP 172.16.0.8:36050 -> 64.13.134.52:5003 [proto: 661/fmpro-internal][Stack: fmpro-internal][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
193 TCP 172.16.0.8:36050 -> 64.13.134.52:5004 [proto: 87/RTP][Stack: RTP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Media/1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
194 TCP 172.16.0.8:36050 -> 64.13.134.52:5009 [proto: 1125/winfs][Stack: winfs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
195 TCP 172.16.0.8:36050 -> 64.13.134.52:5050 [proto: 1144/YahooMessenger][Stack: YahooMessenger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
194 TCP 172.16.0.8:36050 -> 64.13.134.52:5009 [proto: 1126/winfs][Stack: winfs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
195 TCP 172.16.0.8:36050 -> 64.13.134.52:5050 [proto: 1145/YahooMessenger][Stack: YahooMessenger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
196 TCP 172.16.0.8:36050 -> 64.13.134.52:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
197 TCP 172.16.0.8:36050 -> 64.13.134.52:5061 [proto: 1006/sip_secure][Stack: sip_secure][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
198 TCP 172.16.0.8:36050 -> 64.13.134.52:5100 [proto: 1023/socalia][Stack: socalia][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
199 TCP 172.16.0.8:36050 -> 64.13.134.52:5190 [proto: 493/aol][Stack: aol][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
200 TCP 172.16.0.8:36050 -> 64.13.134.52:5222 [proto: 1138/xmpp_jabber][Stack: xmpp_jabber][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
201 TCP 172.16.0.8:36050 -> 64.13.134.52:5269 [proto: 1138/xmpp_jabber][Stack: xmpp_jabber][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
197 TCP 172.16.0.8:36050 -> 64.13.134.52:5061 [proto: 1007/sip_secure][Stack: sip_secure][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
198 TCP 172.16.0.8:36050 -> 64.13.134.52:5100 [proto: 1024/socalia][Stack: socalia][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
199 TCP 172.16.0.8:36050 -> 64.13.134.52:5190 [proto: 494/aol][Stack: aol][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
200 TCP 172.16.0.8:36050 -> 64.13.134.52:5222 [proto: 1139/xmpp_jabber][Stack: xmpp_jabber][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
201 TCP 172.16.0.8:36050 -> 64.13.134.52:5269 [proto: 1139/xmpp_jabber][Stack: xmpp_jabber][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
202 TCP 172.16.0.8:36050 -> 64.13.134.52:5432 [proto: 19/PostgreSQL][Stack: PostgreSQL][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
203 TCP 172.16.0.8:36050 -> 64.13.134.52:5555 [proto: 925/Prolin][Stack: Prolin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
204 TCP 172.16.0.8:36050 -> 64.13.134.52:5631 [proto: 900/pcanywhere][Stack: pcanywhere][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
205 TCP 172.16.0.8:36050 -> 64.13.134.52:5678 [proto: 969/rrac][Stack: rrac][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
203 TCP 172.16.0.8:36050 -> 64.13.134.52:5555 [proto: 926/Prolin][Stack: Prolin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
204 TCP 172.16.0.8:36050 -> 64.13.134.52:5631 [proto: 901/pcanywhere][Stack: pcanywhere][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
205 TCP 172.16.0.8:36050 -> 64.13.134.52:5678 [proto: 970/rrac][Stack: rrac][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
206 TCP 172.16.0.8:36050 -> 64.13.134.52:5800 [proto: 89/VNC][Stack: VNC][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
207 TCP 172.16.0.8:36050 -> 64.13.134.52:5900 [proto: 89/VNC][Stack: VNC][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
208 TCP 172.16.0.8:36050 -> 64.13.134.52:5901 [proto: 89/VNC][Stack: VNC][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
209 TCP 172.16.0.8:36050 -> 64.13.134.52:5988 [proto: 1118/wbem-http][Stack: wbem-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
210 TCP 172.16.0.8:36050 -> 64.13.134.52:6000 [proto: 1131/XWindow][Stack: XWindow][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
209 TCP 172.16.0.8:36050 -> 64.13.134.52:5988 [proto: 1119/wbem-http][Stack: wbem-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
210 TCP 172.16.0.8:36050 -> 64.13.134.52:6000 [proto: 1132/XWindow][Stack: XWindow][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
211 TCP 172.16.0.8:36050 -> 64.13.134.52:6112 [proto: 109/GuildWars2][Stack: GuildWars2][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Game/8][Breed: Fun][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
212 TCP 172.16.0.8:36050 -> 64.13.134.52:6346 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
213 TCP 172.16.0.8:36050 -> 64.13.134.52:6667 [proto: 65/IRC][Stack: IRC][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Chat/9][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
214 TCP 172.16.0.8:36050 -> 64.13.134.52:6789 [proto: 381/Ceph][Stack: Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
215 TCP 172.16.0.8:36050 -> 64.13.134.52:6881 [proto: 37/BitTorrent][Stack: BitTorrent][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
216 TCP 172.16.0.8:36050 -> 64.13.134.52:6901 [proto: 818/msnmessenger][Stack: msnmessenger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
216 TCP 172.16.0.8:36050 -> 64.13.134.52:6901 [proto: 819/msnmessenger][Stack: msnmessenger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
217 TCP 172.16.0.8:36050 -> 64.13.134.52:7000 [proto: 264/Cassandra][Stack: Cassandra][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
218 TCP 172.16.0.8:36050 -> 64.13.134.52:7070 [proto: 503/arcp][Stack: arcp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
218 TCP 172.16.0.8:36050 -> 64.13.134.52:7070 [proto: 504/arcp][Stack: arcp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
219 TCP 172.16.0.8:36050 -> 64.13.134.52:8000 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
220 TCP 172.16.0.8:36050 -> 64.13.134.52:8007 [proto: 745/jserv][Stack: jserv][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
221 TCP 172.16.0.8:36050 -> 64.13.134.52:8008 [proto: 696/http-s_alt][Stack: http-s_alt][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
222 TCP 172.16.0.8:36050 -> 64.13.134.52:8009 [proto: 1005/simco][Stack: simco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
220 TCP 172.16.0.8:36050 -> 64.13.134.52:8007 [proto: 746/jserv][Stack: jserv][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
221 TCP 172.16.0.8:36050 -> 64.13.134.52:8008 [proto: 697/http-s_alt][Stack: http-s_alt][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
222 TCP 172.16.0.8:36050 -> 64.13.134.52:8009 [proto: 1006/simco][Stack: simco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
223 TCP 172.16.0.8:36050 -> 64.13.134.52:8010 [proto: 139/AJP][Stack: AJP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
224 TCP 172.16.0.8:36050 -> 64.13.134.52:8080 [proto: 131/HTTP_Proxy][Stack: HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
225 TCP 172.16.0.8:36050 -> 64.13.134.52:8088 [proto: 945/radan-http][Stack: radan-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
226 TCP 172.16.0.8:36050 -> 64.13.134.52:8181 [proto: 729/IPSwitch_IMail][Stack: IPSwitch_IMail][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
227 TCP 172.16.0.8:36050 -> 64.13.134.52:8200 [proto: 676/GoToMeeting][Stack: GoToMeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
225 TCP 172.16.0.8:36050 -> 64.13.134.52:8088 [proto: 946/radan-http][Stack: radan-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
226 TCP 172.16.0.8:36050 -> 64.13.134.52:8181 [proto: 730/IPSwitch_IMail][Stack: IPSwitch_IMail][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
227 TCP 172.16.0.8:36050 -> 64.13.134.52:8200 [proto: 677/GoToMeeting][Stack: GoToMeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
228 TCP 172.16.0.8:36050 -> 64.13.134.52:8333 [proto: 343/BITCOIN][Stack: BITCOIN][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Crypto_Currency/106][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
229 TCP 172.16.0.8:36050 -> 64.13.134.52:8383 [proto: 729/IPSwitch_IMail][Stack: IPSwitch_IMail][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
230 TCP 172.16.0.8:36050 -> 64.13.134.52:8443 [proto: 902/pcsync-https][Stack: pcsync-https][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
231 TCP 172.16.0.8:36050 -> 64.13.134.52:8800 [proto: 1048/sunwebadmin][Stack: sunwebadmin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
232 TCP 172.16.0.8:36050 -> 64.13.134.52:9080 [proto: 703/IBM_WebSphere-App][Stack: IBM_WebSphere-App][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
233 TCP 172.16.0.8:36050 -> 64.13.134.52:9100 [proto: 921/printer_pdl][Stack: printer_pdl][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
229 TCP 172.16.0.8:36050 -> 64.13.134.52:8383 [proto: 730/IPSwitch_IMail][Stack: IPSwitch_IMail][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
230 TCP 172.16.0.8:36050 -> 64.13.134.52:8443 [proto: 903/pcsync-https][Stack: pcsync-https][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
231 TCP 172.16.0.8:36050 -> 64.13.134.52:8800 [proto: 1049/sunwebadmin][Stack: sunwebadmin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
232 TCP 172.16.0.8:36050 -> 64.13.134.52:9080 [proto: 704/IBM_WebSphere-App][Stack: IBM_WebSphere-App][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
233 TCP 172.16.0.8:36050 -> 64.13.134.52:9100 [proto: 922/printer_pdl][Stack: printer_pdl][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
234 TCP 172.16.0.8:36050 -> 64.13.134.52:9418 [proto: 226/Git][Stack: Git][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Collaborative/15][Breed: Safe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
235 TCP 172.16.0.8:36050 -> 64.13.134.52:9999 [proto: 332/TPLINK_SHP][Stack: TPLINK_SHP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: IoT-Scada/31][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
236 TCP 172.16.0.8:36050 -> 64.13.134.52:10000 [proto: 161/CiscoVPN][Stack: CiscoVPN][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
237 TCP 172.16.0.8:36050 -> 64.13.134.52:20000 [proto: 244/DNP3][Stack: DNP3][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: IoT-Scada/31][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
238 TCP 172.16.0.8:36051 -> 64.13.134.52:1 [proto: 1063/tcpmux][Stack: tcpmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
239 TCP 172.16.0.8:36051 -> 64.13.134.52:3 [proto: 567/compressnet][Stack: compressnet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
240 TCP 172.16.0.8:36051 -> 64.13.134.52:7 [proto: 631/echo][Stack: echo][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
241 TCP 172.16.0.8:36051 -> 64.13.134.52:9 [proto: 612/discard][Stack: discard][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
242 TCP 172.16.0.8:36051 -> 64.13.134.52:13 [proto: 594/daytime][Stack: daytime][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
243 TCP 172.16.0.8:36051 -> 64.13.134.52:17 [proto: 939/qotd][Stack: qotd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
244 TCP 172.16.0.8:36051 -> 64.13.134.52:19 [proto: 550/chargen][Stack: chargen][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
245 TCP 172.16.0.8:36051 -> 64.13.134.52:20 [proto: 661/ftp][Stack: ftp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
238 TCP 172.16.0.8:36051 -> 64.13.134.52:1 [proto: 1064/tcpmux][Stack: tcpmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
239 TCP 172.16.0.8:36051 -> 64.13.134.52:3 [proto: 568/compressnet][Stack: compressnet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
240 TCP 172.16.0.8:36051 -> 64.13.134.52:7 [proto: 632/echo][Stack: echo][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
241 TCP 172.16.0.8:36051 -> 64.13.134.52:9 [proto: 613/discard][Stack: discard][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
242 TCP 172.16.0.8:36051 -> 64.13.134.52:13 [proto: 595/daytime][Stack: daytime][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
243 TCP 172.16.0.8:36051 -> 64.13.134.52:17 [proto: 940/qotd][Stack: qotd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
244 TCP 172.16.0.8:36051 -> 64.13.134.52:19 [proto: 551/chargen][Stack: chargen][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
245 TCP 172.16.0.8:36051 -> 64.13.134.52:20 [proto: 662/ftp][Stack: ftp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
246 TCP 172.16.0.8:36051 -> 64.13.134.52:21 [proto: 1/FTP_CONTROL][Stack: FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
247 TCP 172.16.0.8:36051 -> 64.13.134.52:23 [proto: 77/Telnet][Stack: Telnet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
248 TCP 172.16.0.8:36051 -> 64.13.134.52:33 [proto: 625/dsp][Stack: dsp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
249 TCP 172.16.0.8:36051 -> 64.13.134.52:37 [proto: 1074/time][Stack: time][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
250 TCP 172.16.0.8:36051 -> 64.13.134.52:42 [proto: 1127/wins][Stack: wins][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
251 TCP 172.16.0.8:36051 -> 64.13.134.52:43 [proto: 853/nicname][Stack: nicname][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
252 TCP 172.16.0.8:36051 -> 64.13.134.52:49 [proto: 1059/tacacs][Stack: tacacs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
253 TCP 172.16.0.8:36051 -> 64.13.134.52:79 [proto: 657/finger][Stack: finger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
254 TCP 172.16.0.8:36051 -> 64.13.134.52:82 [proto: 1134/xfer][Stack: xfer][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
255 TCP 172.16.0.8:36051 -> 64.13.134.52:83 [proto: 800/mit-ml][Stack: mit-ml][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
256 TCP 172.16.0.8:36051 -> 64.13.134.52:84 [proto: 582/ctf][Stack: ctf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
257 TCP 172.16.0.8:36051 -> 64.13.134.52:85 [proto: 800/mit-ml][Stack: mit-ml][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
248 TCP 172.16.0.8:36051 -> 64.13.134.52:33 [proto: 626/dsp][Stack: dsp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
249 TCP 172.16.0.8:36051 -> 64.13.134.52:37 [proto: 1075/time][Stack: time][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
250 TCP 172.16.0.8:36051 -> 64.13.134.52:42 [proto: 1128/wins][Stack: wins][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
251 TCP 172.16.0.8:36051 -> 64.13.134.52:43 [proto: 854/nicname][Stack: nicname][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
252 TCP 172.16.0.8:36051 -> 64.13.134.52:49 [proto: 1060/tacacs][Stack: tacacs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
253 TCP 172.16.0.8:36051 -> 64.13.134.52:79 [proto: 658/finger][Stack: finger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
254 TCP 172.16.0.8:36051 -> 64.13.134.52:82 [proto: 1135/xfer][Stack: xfer][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
255 TCP 172.16.0.8:36051 -> 64.13.134.52:83 [proto: 801/mit-ml][Stack: mit-ml][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
256 TCP 172.16.0.8:36051 -> 64.13.134.52:84 [proto: 583/ctf][Stack: ctf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
257 TCP 172.16.0.8:36051 -> 64.13.134.52:85 [proto: 801/mit-ml][Stack: mit-ml][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
258 TCP 172.16.0.8:36051 -> 64.13.134.52:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
259 TCP 172.16.0.8:36051 -> 64.13.134.52:89 [proto: 1045/su-mit-tg][Stack: su-mit-tg][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
260 TCP 172.16.0.8:36051 -> 64.13.134.52:90 [proto: 619/dnsix][Stack: dnsix][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
261 TCP 172.16.0.8:36051 -> 64.13.134.52:99 [proto: 792/metagram][Stack: metagram][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
262 TCP 172.16.0.8:36051 -> 64.13.134.52:106 [proto: 468/3com-tsmux][Stack: 3com-tsmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
263 TCP 172.16.0.8:36051 -> 64.13.134.52:109 [proto: 916/pop2][Stack: pop2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
259 TCP 172.16.0.8:36051 -> 64.13.134.52:89 [proto: 1046/su-mit-tg][Stack: su-mit-tg][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
260 TCP 172.16.0.8:36051 -> 64.13.134.52:90 [proto: 620/dnsix][Stack: dnsix][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
261 TCP 172.16.0.8:36051 -> 64.13.134.52:99 [proto: 793/metagram][Stack: metagram][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
262 TCP 172.16.0.8:36051 -> 64.13.134.52:106 [proto: 469/3com-tsmux][Stack: 3com-tsmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
263 TCP 172.16.0.8:36051 -> 64.13.134.52:109 [proto: 917/pop2][Stack: pop2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
264 TCP 172.16.0.8:36051 -> 64.13.134.52:110 [proto: 2/POP3][Stack: POP3][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Email/3][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
265 TCP 172.16.0.8:36051 -> 64.13.134.52:111 [proto: 1047/sunrpc][Stack: sunrpc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
266 TCP 172.16.0.8:36051 -> 64.13.134.52:119 [proto: 862/nntp][Stack: nntp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
267 TCP 172.16.0.8:36051 -> 64.13.134.52:125 [proto: 766/locus][Stack: locus][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
268 TCP 172.16.0.8:36051 -> 64.13.134.52:135 [proto: 641/epmap][Stack: epmap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
265 TCP 172.16.0.8:36051 -> 64.13.134.52:111 [proto: 1048/sunrpc][Stack: sunrpc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
266 TCP 172.16.0.8:36051 -> 64.13.134.52:119 [proto: 863/nntp][Stack: nntp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
267 TCP 172.16.0.8:36051 -> 64.13.134.52:125 [proto: 767/locus][Stack: locus][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
268 TCP 172.16.0.8:36051 -> 64.13.134.52:135 [proto: 642/epmap][Stack: epmap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
269 TCP 172.16.0.8:36051 -> 64.13.134.52:139 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
270 TCP 172.16.0.8:36051 -> 64.13.134.52:143 [proto: 4/IMAP][Stack: IMAP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Email/3][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
271 TCP 172.16.0.8:36051 -> 64.13.134.52:144 [proto: 1090/uma][Stack: uma][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
272 TCP 172.16.0.8:36051 -> 64.13.134.52:146 [proto: 739/iso-tp][Stack: iso-tp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
271 TCP 172.16.0.8:36051 -> 64.13.134.52:144 [proto: 1091/uma][Stack: uma][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
272 TCP 172.16.0.8:36051 -> 64.13.134.52:146 [proto: 740/iso-tp][Stack: iso-tp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
273 TCP 172.16.0.8:36051 -> 64.13.134.52:161 [proto: 14/SNMP][Stack: SNMP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
274 TCP 172.16.0.8:36051 -> 64.13.134.52:163 [proto: 562/cmip][Stack: cmip][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
274 TCP 172.16.0.8:36051 -> 64.13.134.52:163 [proto: 563/cmip][Stack: cmip][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
275 TCP 172.16.0.8:36051 -> 64.13.134.52:179 [proto: 13/BGP][Stack: BGP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
276 TCP 172.16.0.8:36051 -> 64.13.134.52:199 [proto: 1016/smux][Stack: smux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
277 TCP 172.16.0.8:36051 -> 64.13.134.52:211 [proto: 469/914c_g][Stack: 914c_g][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
278 TCP 172.16.0.8:36051 -> 64.13.134.52:212 [proto: 487/anet][Stack: anet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
279 TCP 172.16.0.8:36051 -> 64.13.134.52:222 [proto: 972/rsh-spx][Stack: rsh-spx][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
280 TCP 172.16.0.8:36051 -> 64.13.134.52:256 [proto: 946/rap][Stack: rap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
281 TCP 172.16.0.8:36051 -> 64.13.134.52:259 [proto: 646/esro][Stack: esro][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
282 TCP 172.16.0.8:36051 -> 64.13.134.52:264 [proto: 527/bgmp][Stack: bgmp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
283 TCP 172.16.0.8:36051 -> 64.13.134.52:280 [proto: 693/http-mgm][Stack: http-mgm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
284 TCP 172.16.0.8:36051 -> 64.13.134.52:301 [proto: 918/port301][Stack: port301][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
285 TCP 172.16.0.8:36051 -> 64.13.134.52:311 [proto: 511/asip][Stack: asip][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
286 TCP 172.16.0.8:36051 -> 64.13.134.52:366 [proto: 879/odmr][Stack: odmr][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
276 TCP 172.16.0.8:36051 -> 64.13.134.52:199 [proto: 1017/smux][Stack: smux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
277 TCP 172.16.0.8:36051 -> 64.13.134.52:211 [proto: 470/914c_g][Stack: 914c_g][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
278 TCP 172.16.0.8:36051 -> 64.13.134.52:212 [proto: 488/anet][Stack: anet][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
279 TCP 172.16.0.8:36051 -> 64.13.134.52:222 [proto: 973/rsh-spx][Stack: rsh-spx][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
280 TCP 172.16.0.8:36051 -> 64.13.134.52:256 [proto: 947/rap][Stack: rap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
281 TCP 172.16.0.8:36051 -> 64.13.134.52:259 [proto: 647/esro][Stack: esro][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
282 TCP 172.16.0.8:36051 -> 64.13.134.52:264 [proto: 528/bgmp][Stack: bgmp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
283 TCP 172.16.0.8:36051 -> 64.13.134.52:280 [proto: 694/http-mgm][Stack: http-mgm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
284 TCP 172.16.0.8:36051 -> 64.13.134.52:301 [proto: 919/port301][Stack: port301][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
285 TCP 172.16.0.8:36051 -> 64.13.134.52:311 [proto: 512/asip][Stack: asip][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
286 TCP 172.16.0.8:36051 -> 64.13.134.52:366 [proto: 880/odmr][Stack: odmr][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
287 TCP 172.16.0.8:36051 -> 64.13.134.52:389 [proto: 112/LDAP][Stack: LDAP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
288 TCP 172.16.0.8:36051 -> 64.13.134.52:406 [proto: 716/imsp][Stack: imsp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
289 TCP 172.16.0.8:36051 -> 64.13.134.52:407 [proto: 1073/timbuktu][Stack: timbuktu][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
290 TCP 172.16.0.8:36051 -> 64.13.134.52:416 [proto: 1004/silverplatter][Stack: silverplatter][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
291 TCP 172.16.0.8:36051 -> 64.13.134.52:417 [proto: 884/onmux][Stack: onmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
292 TCP 172.16.0.8:36051 -> 64.13.134.52:425 [proto: 706/icad-elL][Stack: icad-elL][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
293 TCP 172.16.0.8:36051 -> 64.13.134.52:427 [proto: 1053/svrloc][Stack: svrloc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
294 TCP 172.16.0.8:36051 -> 64.13.134.52:443 [proto: 695/https][Stack: https][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
295 TCP 172.16.0.8:36051 -> 64.13.134.52:444 [proto: 1020/snpp][Stack: snpp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
296 TCP 172.16.0.8:36051 -> 64.13.134.52:445 [proto: 797/microsoft-ds][Stack: microsoft-ds][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
297 TCP 172.16.0.8:36051 -> 64.13.134.52:458 [proto: 498/appleqtc][Stack: appleqtc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
298 TCP 172.16.0.8:36051 -> 64.13.134.52:464 [proto: 754/kpasswd][Stack: kpasswd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
299 TCP 172.16.0.8:36051 -> 64.13.134.52:465 [proto: 1095/urd_igmpv3lite][Stack: urd_igmpv3lite][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
300 TCP 172.16.0.8:36051 -> 64.13.134.52:481 [proto: 907/ph][Stack: ph][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
301 TCP 172.16.0.8:36051 -> 64.13.134.52:497 [proto: 590/dantz][Stack: dantz][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
302 TCP 172.16.0.8:36051 -> 64.13.134.52:500 [proto: 735/isakmp][Stack: isakmp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
303 TCP 172.16.0.8:36051 -> 64.13.134.52:512 [proto: 650/exec_comsat][Stack: exec_comsat][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
304 TCP 172.16.0.8:36051 -> 64.13.134.52:513 [proto: 767/login_who][Stack: login_who][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
305 TCP 172.16.0.8:36051 -> 64.13.134.52:514 [proto: 999/shell_syslog][Stack: shell_syslog][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
306 TCP 172.16.0.8:36051 -> 64.13.134.52:515 [proto: 920/printer][Stack: printer][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
307 TCP 172.16.0.8:36051 -> 64.13.134.52:524 [proto: 832/ncp][Stack: ncp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
308 TCP 172.16.0.8:36051 -> 64.13.134.52:541 [proto: 1099/uucp][Stack: uucp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
309 TCP 172.16.0.8:36051 -> 64.13.134.52:543 [proto: 752/klogin][Stack: klogin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
310 TCP 172.16.0.8:36051 -> 64.13.134.52:544 [proto: 756/kshell][Stack: kshell][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
311 TCP 172.16.0.8:36051 -> 64.13.134.52:545 [proto: 498/appleqtc][Stack: appleqtc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
288 TCP 172.16.0.8:36051 -> 64.13.134.52:406 [proto: 717/imsp][Stack: imsp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
289 TCP 172.16.0.8:36051 -> 64.13.134.52:407 [proto: 1074/timbuktu][Stack: timbuktu][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
290 TCP 172.16.0.8:36051 -> 64.13.134.52:416 [proto: 1005/silverplatter][Stack: silverplatter][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
291 TCP 172.16.0.8:36051 -> 64.13.134.52:417 [proto: 885/onmux][Stack: onmux][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
292 TCP 172.16.0.8:36051 -> 64.13.134.52:425 [proto: 707/icad-elL][Stack: icad-elL][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
293 TCP 172.16.0.8:36051 -> 64.13.134.52:427 [proto: 1054/svrloc][Stack: svrloc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
294 TCP 172.16.0.8:36051 -> 64.13.134.52:443 [proto: 696/https][Stack: https][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
295 TCP 172.16.0.8:36051 -> 64.13.134.52:444 [proto: 1021/snpp][Stack: snpp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
296 TCP 172.16.0.8:36051 -> 64.13.134.52:445 [proto: 798/microsoft-ds][Stack: microsoft-ds][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
297 TCP 172.16.0.8:36051 -> 64.13.134.52:458 [proto: 499/appleqtc][Stack: appleqtc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
298 TCP 172.16.0.8:36051 -> 64.13.134.52:464 [proto: 755/kpasswd][Stack: kpasswd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
299 TCP 172.16.0.8:36051 -> 64.13.134.52:465 [proto: 1096/urd_igmpv3lite][Stack: urd_igmpv3lite][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
300 TCP 172.16.0.8:36051 -> 64.13.134.52:481 [proto: 908/ph][Stack: ph][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
301 TCP 172.16.0.8:36051 -> 64.13.134.52:497 [proto: 591/dantz][Stack: dantz][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
302 TCP 172.16.0.8:36051 -> 64.13.134.52:500 [proto: 736/isakmp][Stack: isakmp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
303 TCP 172.16.0.8:36051 -> 64.13.134.52:512 [proto: 651/exec_comsat][Stack: exec_comsat][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
304 TCP 172.16.0.8:36051 -> 64.13.134.52:513 [proto: 768/login_who][Stack: login_who][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
305 TCP 172.16.0.8:36051 -> 64.13.134.52:514 [proto: 1000/shell_syslog][Stack: shell_syslog][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
306 TCP 172.16.0.8:36051 -> 64.13.134.52:515 [proto: 921/printer][Stack: printer][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
307 TCP 172.16.0.8:36051 -> 64.13.134.52:524 [proto: 833/ncp][Stack: ncp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
308 TCP 172.16.0.8:36051 -> 64.13.134.52:541 [proto: 1100/uucp][Stack: uucp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
309 TCP 172.16.0.8:36051 -> 64.13.134.52:543 [proto: 753/klogin][Stack: klogin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
310 TCP 172.16.0.8:36051 -> 64.13.134.52:544 [proto: 757/kshell][Stack: kshell][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
311 TCP 172.16.0.8:36051 -> 64.13.134.52:545 [proto: 499/appleqtc][Stack: appleqtc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
312 TCP 172.16.0.8:36051 -> 64.13.134.52:548 [proto: 97/AFP][Stack: AFP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
313 TCP 172.16.0.8:36051 -> 64.13.134.52:554 [proto: 50/RTSP][Stack: RTSP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
314 TCP 172.16.0.8:36051 -> 64.13.134.52:555 [proto: 623/dsf][Stack: dsf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
315 TCP 172.16.0.8:36051 -> 64.13.134.52:563 [proto: 863/nntps][Stack: nntps][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
316 TCP 172.16.0.8:36051 -> 64.13.134.52:587 [proto: 1042/submission][Stack: submission][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
317 TCP 172.16.0.8:36051 -> 64.13.134.52:593 [proto: 694/http-rpc-epmap][Stack: http-rpc-epmap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
318 TCP 172.16.0.8:36051 -> 64.13.134.52:616 [proto: 985/sco][Stack: sco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
319 TCP 172.16.0.8:36051 -> 64.13.134.52:617 [proto: 985/sco][Stack: sco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
320 TCP 172.16.0.8:36051 -> 64.13.134.52:625 [proto: 599/dec_dlm][Stack: dec_dlm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
314 TCP 172.16.0.8:36051 -> 64.13.134.52:555 [proto: 624/dsf][Stack: dsf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
315 TCP 172.16.0.8:36051 -> 64.13.134.52:563 [proto: 864/nntps][Stack: nntps][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
316 TCP 172.16.0.8:36051 -> 64.13.134.52:587 [proto: 1043/submission][Stack: submission][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
317 TCP 172.16.0.8:36051 -> 64.13.134.52:593 [proto: 695/http-rpc-epmap][Stack: http-rpc-epmap][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
318 TCP 172.16.0.8:36051 -> 64.13.134.52:616 [proto: 986/sco][Stack: sco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
319 TCP 172.16.0.8:36051 -> 64.13.134.52:617 [proto: 986/sco][Stack: sco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
320 TCP 172.16.0.8:36051 -> 64.13.134.52:625 [proto: 600/dec_dlm][Stack: dec_dlm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
321 TCP 172.16.0.8:36051 -> 64.13.134.52:631 [proto: 6/IPP][Stack: IPP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
322 TCP 172.16.0.8:36051 -> 64.13.134.52:636 [proto: 761/ldaps][Stack: ldaps][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
322 TCP 172.16.0.8:36051 -> 64.13.134.52:636 [proto: 762/ldaps][Stack: ldaps][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
323 TCP 172.16.0.8:36051 -> 64.13.134.52:646 [proto: 409/LDP][Stack: LDP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
324 TCP 172.16.0.8:36051 -> 64.13.134.52:648 [proto: 971/rrp][Stack: rrp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
325 TCP 172.16.0.8:36051 -> 64.13.134.52:666 [proto: 786/mdqs][Stack: mdqs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
326 TCP 172.16.0.8:36051 -> 64.13.134.52:667 [proto: 613/disclose][Stack: disclose][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
327 TCP 172.16.0.8:36051 -> 64.13.134.52:668 [proto: 787/mecomm][Stack: mecomm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
328 TCP 172.16.0.8:36051 -> 64.13.134.52:683 [proto: 572/corba-iiop][Stack: corba-iiop][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
329 TCP 172.16.0.8:36051 -> 64.13.134.52:687 [proto: 512/asipwismar][Stack: asipwismar][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
330 TCP 172.16.0.8:36051 -> 64.13.134.52:691 [proto: 813/msexch-routing][Stack: msexch-routing][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
331 TCP 172.16.0.8:36051 -> 64.13.134.52:700 [proto: 642/epp][Stack: epp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
332 TCP 172.16.0.8:36051 -> 64.13.134.52:705 [proto: 482/agentx][Stack: agentx][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
333 TCP 172.16.0.8:36051 -> 64.13.134.52:711 [proto: 555/cisco-tdp][Stack: cisco-tdp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
334 TCP 172.16.0.8:36051 -> 64.13.134.52:714 [proto: 733/iris][Stack: iris][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
324 TCP 172.16.0.8:36051 -> 64.13.134.52:648 [proto: 972/rrp][Stack: rrp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
325 TCP 172.16.0.8:36051 -> 64.13.134.52:666 [proto: 787/mdqs][Stack: mdqs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
326 TCP 172.16.0.8:36051 -> 64.13.134.52:667 [proto: 614/disclose][Stack: disclose][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
327 TCP 172.16.0.8:36051 -> 64.13.134.52:668 [proto: 788/mecomm][Stack: mecomm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
328 TCP 172.16.0.8:36051 -> 64.13.134.52:683 [proto: 573/corba-iiop][Stack: corba-iiop][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
329 TCP 172.16.0.8:36051 -> 64.13.134.52:687 [proto: 513/asipwismar][Stack: asipwismar][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
330 TCP 172.16.0.8:36051 -> 64.13.134.52:691 [proto: 814/msexch-routing][Stack: msexch-routing][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
331 TCP 172.16.0.8:36051 -> 64.13.134.52:700 [proto: 643/epp][Stack: epp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
332 TCP 172.16.0.8:36051 -> 64.13.134.52:705 [proto: 483/agentx][Stack: agentx][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
333 TCP 172.16.0.8:36051 -> 64.13.134.52:711 [proto: 556/cisco-tdp][Stack: cisco-tdp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
334 TCP 172.16.0.8:36051 -> 64.13.134.52:714 [proto: 734/iris][Stack: iris][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
335 TCP 172.16.0.8:36051 -> 64.13.134.52:749 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
336 TCP 172.16.0.8:36051 -> 64.13.134.52:765 [proto: 1120/webster][Stack: webster][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
337 TCP 172.16.0.8:36051 -> 64.13.134.52:777 [proto: 824/multiling-http][Stack: multiling-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
338 TCP 172.16.0.8:36051 -> 64.13.134.52:800 [proto: 784/mdbs_daemon][Stack: mdbs_daemon][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
339 TCP 172.16.0.8:36051 -> 64.13.134.52:801 [proto: 607/device][Stack: device][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
336 TCP 172.16.0.8:36051 -> 64.13.134.52:765 [proto: 1121/webster][Stack: webster][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
337 TCP 172.16.0.8:36051 -> 64.13.134.52:777 [proto: 825/multiling-http][Stack: multiling-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
338 TCP 172.16.0.8:36051 -> 64.13.134.52:800 [proto: 785/mdbs_daemon][Stack: mdbs_daemon][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
339 TCP 172.16.0.8:36051 -> 64.13.134.52:801 [proto: 608/device][Stack: device][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
340 TCP 172.16.0.8:36051 -> 64.13.134.52:873 [proto: 166/RSYNC][Stack: RSYNC][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
341 TCP 172.16.0.8:36051 -> 64.13.134.52:888 [proto: 473/accessbuilder][Stack: accessbuilder][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
342 TCP 172.16.0.8:36051 -> 64.13.134.52:900 [proto: 882/omginitialrefs][Stack: omginitialrefs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
343 TCP 172.16.0.8:36051 -> 64.13.134.52:901 [proto: 1011/smpnameres][Stack: smpnameres][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
344 TCP 172.16.0.8:36051 -> 64.13.134.52:902 [proto: 709/ideafarm][Stack: ideafarm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
345 TCP 172.16.0.8:36051 -> 64.13.134.52:903 [proto: 709/ideafarm][Stack: ideafarm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
346 TCP 172.16.0.8:36051 -> 64.13.134.52:911 [proto: 1132/xact-backup][Stack: xact-backup][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
347 TCP 172.16.0.8:36051 -> 64.13.134.52:912 [proto: 495/apex][Stack: apex][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
341 TCP 172.16.0.8:36051 -> 64.13.134.52:888 [proto: 474/accessbuilder][Stack: accessbuilder][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
342 TCP 172.16.0.8:36051 -> 64.13.134.52:900 [proto: 883/omginitialrefs][Stack: omginitialrefs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
343 TCP 172.16.0.8:36051 -> 64.13.134.52:901 [proto: 1012/smpnameres][Stack: smpnameres][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
344 TCP 172.16.0.8:36051 -> 64.13.134.52:902 [proto: 710/ideafarm][Stack: ideafarm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
345 TCP 172.16.0.8:36051 -> 64.13.134.52:903 [proto: 710/ideafarm][Stack: ideafarm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
346 TCP 172.16.0.8:36051 -> 64.13.134.52:911 [proto: 1133/xact-backup][Stack: xact-backup][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
347 TCP 172.16.0.8:36051 -> 64.13.134.52:912 [proto: 496/apex][Stack: apex][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
348 TCP 172.16.0.8:36051 -> 64.13.134.52:990 [proto: 311/FTPS][Stack: FTPS][IP: 0/Unknown][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8a78112b25c216ad058df2e9ca4ef668][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
349 TCP 172.16.0.8:36051 -> 64.13.134.52:992 [proto: 1068/telnets][Stack: telnets][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
349 TCP 172.16.0.8:36051 -> 64.13.134.52:992 [proto: 1069/telnets][Stack: telnets][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
350 TCP 172.16.0.8:36051 -> 64.13.134.52:993 [proto: 51/IMAPS][Stack: IMAPS][IP: 0/Unknown][Encrypted][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Email/3][Breed: Safe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: dc35321a2b21259e06875b77f1765678][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
351 TCP 172.16.0.8:36051 -> 64.13.134.52:995 [proto: 917/pop3s][Stack: pop3s][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
352 TCP 172.16.0.8:36051 -> 64.13.134.52:999 [proto: 666/garcon_applix][Stack: garcon_applix][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
353 TCP 172.16.0.8:36051 -> 64.13.134.52:1000 [proto: 542/cadlock2][Stack: cadlock2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
354 TCP 172.16.0.8:36051 -> 64.13.134.52:1010 [proto: 1050/surf][Stack: surf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
355 TCP 172.16.0.8:36051 -> 64.13.134.52:1021 [proto: 651/exp1][Stack: exp1][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
356 TCP 172.16.0.8:36051 -> 64.13.134.52:1022 [proto: 652/exp2][Stack: exp2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
357 TCP 172.16.0.8:36051 -> 64.13.134.52:1023 [proto: 546/carboncopy][Stack: carboncopy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
358 TCP 172.16.0.8:36051 -> 64.13.134.52:1034 [proto: 478/activesync][Stack: activesync][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
359 TCP 172.16.0.8:36051 -> 64.13.134.52:1037 [proto: 485/ams][Stack: ams][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
360 TCP 172.16.0.8:36051 -> 64.13.134.52:1042 [proto: 481/afrog][Stack: afrog][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
361 TCP 172.16.0.8:36051 -> 64.13.134.52:1055 [proto: 491/ansyslmd][Stack: ansyslmd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
362 TCP 172.16.0.8:36051 -> 64.13.134.52:1078 [proto: 522/avocent-proxy][Stack: avocent-proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
363 TCP 172.16.0.8:36051 -> 64.13.134.52:1079 [proto: 513/asprovatalk][Stack: asprovatalk][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
351 TCP 172.16.0.8:36051 -> 64.13.134.52:995 [proto: 918/pop3s][Stack: pop3s][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
352 TCP 172.16.0.8:36051 -> 64.13.134.52:999 [proto: 667/garcon_applix][Stack: garcon_applix][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
353 TCP 172.16.0.8:36051 -> 64.13.134.52:1000 [proto: 543/cadlock2][Stack: cadlock2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
354 TCP 172.16.0.8:36051 -> 64.13.134.52:1010 [proto: 1051/surf][Stack: surf][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
355 TCP 172.16.0.8:36051 -> 64.13.134.52:1021 [proto: 652/exp1][Stack: exp1][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
356 TCP 172.16.0.8:36051 -> 64.13.134.52:1022 [proto: 653/exp2][Stack: exp2][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
357 TCP 172.16.0.8:36051 -> 64.13.134.52:1023 [proto: 547/carboncopy][Stack: carboncopy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
358 TCP 172.16.0.8:36051 -> 64.13.134.52:1034 [proto: 479/activesync][Stack: activesync][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
359 TCP 172.16.0.8:36051 -> 64.13.134.52:1037 [proto: 486/ams][Stack: ams][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
360 TCP 172.16.0.8:36051 -> 64.13.134.52:1042 [proto: 482/afrog][Stack: afrog][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
361 TCP 172.16.0.8:36051 -> 64.13.134.52:1055 [proto: 492/ansyslmd][Stack: ansyslmd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
362 TCP 172.16.0.8:36051 -> 64.13.134.52:1078 [proto: 523/avocent-proxy][Stack: avocent-proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
363 TCP 172.16.0.8:36051 -> 64.13.134.52:1079 [proto: 514/asprovatalk][Stack: asprovatalk][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
364 TCP 172.16.0.8:36051 -> 64.13.134.52:1080 [proto: 172/SOCKS][Stack: SOCKS][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
365 TCP 172.16.0.8:36051 -> 64.13.134.52:1082 [proto: 486/amt-esd-prot][Stack: amt-esd-prot][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
366 TCP 172.16.0.8:36051 -> 64.13.134.52:1083 [proto: 490/ansoft-lm][Stack: ansoft-lm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
367 TCP 172.16.0.8:36051 -> 64.13.134.52:1084 [proto: 490/ansoft-lm][Stack: ansoft-lm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
368 TCP 172.16.0.8:36051 -> 64.13.134.52:1085 [proto: 1119/webobjects][Stack: webobjects][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
369 TCP 172.16.0.8:36051 -> 64.13.134.52:1098 [proto: 964/rmi][Stack: rmi][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
370 TCP 172.16.0.8:36051 -> 64.13.134.52:1099 [proto: 964/rmi][Stack: rmi][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
371 TCP 172.16.0.8:36051 -> 64.13.134.52:1102 [proto: 479/adobeserver][Stack: adobeserver][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
372 TCP 172.16.0.8:36051 -> 64.13.134.52:1110 [proto: 852/nfsd][Stack: nfsd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
373 TCP 172.16.0.8:36051 -> 64.13.134.52:1117 [proto: 504/ardus][Stack: ardus][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
365 TCP 172.16.0.8:36051 -> 64.13.134.52:1082 [proto: 487/amt-esd-prot][Stack: amt-esd-prot][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
366 TCP 172.16.0.8:36051 -> 64.13.134.52:1083 [proto: 491/ansoft-lm][Stack: ansoft-lm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
367 TCP 172.16.0.8:36051 -> 64.13.134.52:1084 [proto: 491/ansoft-lm][Stack: ansoft-lm][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
368 TCP 172.16.0.8:36051 -> 64.13.134.52:1085 [proto: 1120/webobjects][Stack: webobjects][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
369 TCP 172.16.0.8:36051 -> 64.13.134.52:1098 [proto: 965/rmi][Stack: rmi][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
370 TCP 172.16.0.8:36051 -> 64.13.134.52:1099 [proto: 965/rmi][Stack: rmi][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
371 TCP 172.16.0.8:36051 -> 64.13.134.52:1102 [proto: 480/adobeserver][Stack: adobeserver][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
372 TCP 172.16.0.8:36051 -> 64.13.134.52:1110 [proto: 853/nfsd][Stack: nfsd][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
373 TCP 172.16.0.8:36051 -> 64.13.134.52:1117 [proto: 505/ardus][Stack: ardus][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
374 TCP 172.16.0.8:36051 -> 64.13.134.52:1119 [proto: 213/Blizzard][Stack: Blizzard][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Game/8][Breed: Fun][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
375 TCP 172.16.0.8:36051 -> 64.13.134.52:1122 [proto: 520/availant-mgr][Stack: availant-mgr][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
376 TCP 172.16.0.8:36051 -> 64.13.134.52:1352 [proto: 768/lotusnote][Stack: lotusnote][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
377 TCP 172.16.0.8:36051 -> 64.13.134.52:1433 [proto: 822/ms-sql][Stack: ms-sql][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
375 TCP 172.16.0.8:36051 -> 64.13.134.52:1122 [proto: 521/availant-mgr][Stack: availant-mgr][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
376 TCP 172.16.0.8:36051 -> 64.13.134.52:1352 [proto: 769/lotusnote][Stack: lotusnote][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
377 TCP 172.16.0.8:36051 -> 64.13.134.52:1433 [proto: 823/ms-sql][Stack: ms-sql][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
378 TCP 172.16.0.8:36051 -> 64.13.134.52:1434 [proto: 114/MsSQL-TDS][Stack: MsSQL-TDS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
379 TCP 172.16.0.8:36051 -> 64.13.134.52:1494 [proto: 557/citrix_ica][Stack: citrix_ica][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
380 TCP 172.16.0.8:36051 -> 64.13.134.52:1503 [proto: 842/netmeeting][Stack: netmeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
379 TCP 172.16.0.8:36051 -> 64.13.134.52:1494 [proto: 558/citrix_ica][Stack: citrix_ica][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
380 TCP 172.16.0.8:36051 -> 64.13.134.52:1503 [proto: 843/netmeeting][Stack: netmeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
381 TCP 172.16.0.8:36051 -> 64.13.134.52:1521 [proto: 167/Oracle][Stack: Oracle][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
382 TCP 172.16.0.8:36051 -> 64.13.134.52:1524 [proto: 892/oracle_1522-1546][Stack: oracle_1522-1546][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
383 TCP 172.16.0.8:36051 -> 64.13.134.52:1533 [proto: 892/oracle_1522-1546][Stack: oracle_1522-1546][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
384 TCP 172.16.0.8:36051 -> 64.13.134.52:1666 [proto: 904/perforce][Stack: perforce][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
382 TCP 172.16.0.8:36051 -> 64.13.134.52:1524 [proto: 893/oracle_1522-1546][Stack: oracle_1522-1546][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
383 TCP 172.16.0.8:36051 -> 64.13.134.52:1533 [proto: 893/oracle_1522-1546][Stack: oracle_1522-1546][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
384 TCP 172.16.0.8:36051 -> 64.13.134.52:1666 [proto: 905/perforce][Stack: perforce][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
385 TCP 172.16.0.8:36051 -> 64.13.134.52:1719 [proto: 158/H323][Stack: H323][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
386 TCP 172.16.0.8:36051 -> 64.13.134.52:1720 [proto: 842/netmeeting][Stack: netmeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
386 TCP 172.16.0.8:36051 -> 64.13.134.52:1720 [proto: 843/netmeeting][Stack: netmeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
387 TCP 172.16.0.8:36051 -> 64.13.134.52:1723 [proto: 115/PPTP][Stack: PPTP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
388 TCP 172.16.0.8:36051 -> 64.13.134.52:1755 [proto: 810/MSNetShow][Stack: MSNetShow][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
389 TCP 172.16.0.8:36051 -> 64.13.134.52:1801 [proto: 816/msmq][Stack: msmq][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
388 TCP 172.16.0.8:36051 -> 64.13.134.52:1755 [proto: 811/MSNetShow][Stack: MSNetShow][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
389 TCP 172.16.0.8:36051 -> 64.13.134.52:1801 [proto: 817/msmq][Stack: msmq][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
390 TCP 172.16.0.8:36051 -> 64.13.134.52:1812 [proto: 146/Radius][Stack: Radius][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
391 TCP 172.16.0.8:36051 -> 64.13.134.52:1863 [proto: 817/MSN][Stack: MSN][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
391 TCP 172.16.0.8:36051 -> 64.13.134.52:1863 [proto: 818/MSN][Stack: MSN][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
392 TCP 172.16.0.8:36051 -> 64.13.134.52:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
393 TCP 172.16.0.8:36051 -> 64.13.134.52:1935 [proto: 174/RTMP][Stack: RTMP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Media/1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
394 TCP 172.16.0.8:36051 -> 64.13.134.52:2000 [proto: 164/CiscoSkinny][Stack: CiscoSkinny][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
395 TCP 172.16.0.8:36051 -> 64.13.134.52:2002 [proto: 383/Roughtime][Stack: Roughtime][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
396 TCP 172.16.0.8:36051 -> 64.13.134.52:2049 [proto: 11/NFS][Stack: NFS][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
397 TCP 172.16.0.8:36051 -> 64.13.134.52:2190 [proto: 308/TiVoConnect][Stack: TiVoConnect][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Fun][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
398 TCP 172.16.0.8:36051 -> 64.13.134.52:2196 [proto: 497/apple-push][Stack: apple-push][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
399 TCP 172.16.0.8:36051 -> 64.13.134.52:2401 [proto: 586/cvspserver][Stack: cvspserver][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
398 TCP 172.16.0.8:36051 -> 64.13.134.52:2196 [proto: 498/apple-push][Stack: apple-push][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
399 TCP 172.16.0.8:36051 -> 64.13.134.52:2401 [proto: 587/cvspserver][Stack: cvspserver][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
400 TCP 172.16.0.8:36051 -> 64.13.134.52:2604 [proto: 184/OSPF][Stack: OSPF][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Safe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
401 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][Stack: BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
402 TCP 172.16.0.8:36051 -> 64.13.134.52:2701 [proto: 1013/sms][Stack: sms][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
403 TCP 172.16.0.8:36051 -> 64.13.134.52:2702 [proto: 1013/sms][Stack: sms][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
404 TCP 172.16.0.8:36051 -> 64.13.134.52:3001 [proto: 834/NessusSecScan][Stack: NessusSecScan][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
405 TCP 172.16.0.8:36051 -> 64.13.134.52:3031 [proto: 643/eppc][Stack: eppc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
406 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 1030/squid-proxy][Stack: squid-proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
407 TCP 172.16.0.8:36051 -> 64.13.134.52:3268 [proto: 814/msft-gc][Stack: msft-gc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
408 TCP 172.16.0.8:36051 -> 64.13.134.52:3269 [proto: 814/msft-gc][Stack: msft-gc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
409 TCP 172.16.0.8:36051 -> 64.13.134.52:3283 [proto: 837/net-assistant][Stack: net-assistant][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
402 TCP 172.16.0.8:36051 -> 64.13.134.52:2701 [proto: 1014/sms][Stack: sms][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
403 TCP 172.16.0.8:36051 -> 64.13.134.52:2702 [proto: 1014/sms][Stack: sms][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
404 TCP 172.16.0.8:36051 -> 64.13.134.52:3001 [proto: 835/NessusSecScan][Stack: NessusSecScan][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
405 TCP 172.16.0.8:36051 -> 64.13.134.52:3031 [proto: 644/eppc][Stack: eppc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
406 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 1031/squid-proxy][Stack: squid-proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
407 TCP 172.16.0.8:36051 -> 64.13.134.52:3268 [proto: 815/msft-gc][Stack: msft-gc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
408 TCP 172.16.0.8:36051 -> 64.13.134.52:3269 [proto: 815/msft-gc][Stack: msft-gc][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
409 TCP 172.16.0.8:36051 -> 64.13.134.52:3283 [proto: 838/net-assistant][Stack: net-assistant][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
410 TCP 172.16.0.8:36051 -> 64.13.134.52:3300 [proto: 381/Ceph][Stack: Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
411 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][Stack: MySQL][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
412 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 951/remotedesktop][Stack: remotedesktop][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
413 TCP 172.16.0.8:36051 -> 64.13.134.52:3659 [proto: 499/apple-sasl][Stack: apple-sasl][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
414 TCP 172.16.0.8:36051 -> 64.13.134.52:3689 [proto: 743/iTunes][Stack: iTunes][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
415 TCP 172.16.0.8:36051 -> 64.13.134.52:3690 [proto: 1052/svn][Stack: svn][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
416 TCP 172.16.0.8:36051 -> 64.13.134.52:4000 [proto: 708/icq][Stack: icq][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
417 TCP 172.16.0.8:36051 -> 64.13.134.52:4111 [proto: 1136/xgrid][Stack: xgrid][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
412 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 952/remotedesktop][Stack: remotedesktop][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
413 TCP 172.16.0.8:36051 -> 64.13.134.52:3659 [proto: 500/apple-sasl][Stack: apple-sasl][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
414 TCP 172.16.0.8:36051 -> 64.13.134.52:3689 [proto: 744/iTunes][Stack: iTunes][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
415 TCP 172.16.0.8:36051 -> 64.13.134.52:3690 [proto: 1053/svn][Stack: svn][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
416 TCP 172.16.0.8:36051 -> 64.13.134.52:4000 [proto: 709/icq][Stack: icq][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
417 TCP 172.16.0.8:36051 -> 64.13.134.52:4111 [proto: 1137/xgrid][Stack: xgrid][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
418 TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][Stack: Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
419 TCP 172.16.0.8:36051 -> 64.13.134.52:4662 [proto: 36/eDonkey][Stack: eDonkey][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
420 TCP 172.16.0.8:36051 -> 64.13.134.52:4899 [proto: 391/Radmin][Stack: Radmin][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
421 TCP 172.16.0.8:36051 -> 64.13.134.52:5001 [proto: 243/TargusDataspeed][Stack: TargusDataspeed][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
422 TCP 172.16.0.8:36051 -> 64.13.134.52:5003 [proto: 660/fmpro-internal][Stack: fmpro-internal][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
422 TCP 172.16.0.8:36051 -> 64.13.134.52:5003 [proto: 661/fmpro-internal][Stack: fmpro-internal][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
423 TCP 172.16.0.8:36051 -> 64.13.134.52:5004 [proto: 87/RTP][Stack: RTP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Media/1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
424 TCP 172.16.0.8:36051 -> 64.13.134.52:5009 [proto: 1125/winfs][Stack: winfs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
425 TCP 172.16.0.8:36051 -> 64.13.134.52:5050 [proto: 1144/YahooMessenger][Stack: YahooMessenger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
424 TCP 172.16.0.8:36051 -> 64.13.134.52:5009 [proto: 1126/winfs][Stack: winfs][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
425 TCP 172.16.0.8:36051 -> 64.13.134.52:5050 [proto: 1145/YahooMessenger][Stack: YahooMessenger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
426 TCP 172.16.0.8:36051 -> 64.13.134.52:5060 [proto: 100/SIP][Stack: SIP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
427 TCP 172.16.0.8:36051 -> 64.13.134.52:5061 [proto: 1006/sip_secure][Stack: sip_secure][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
428 TCP 172.16.0.8:36051 -> 64.13.134.52:5100 [proto: 1023/socalia][Stack: socalia][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
429 TCP 172.16.0.8:36051 -> 64.13.134.52:5190 [proto: 493/aol][Stack: aol][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
430 TCP 172.16.0.8:36051 -> 64.13.134.52:5222 [proto: 1138/xmpp_jabber][Stack: xmpp_jabber][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
431 TCP 172.16.0.8:36051 -> 64.13.134.52:5269 [proto: 1138/xmpp_jabber][Stack: xmpp_jabber][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
427 TCP 172.16.0.8:36051 -> 64.13.134.52:5061 [proto: 1007/sip_secure][Stack: sip_secure][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
428 TCP 172.16.0.8:36051 -> 64.13.134.52:5100 [proto: 1024/socalia][Stack: socalia][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
429 TCP 172.16.0.8:36051 -> 64.13.134.52:5190 [proto: 494/aol][Stack: aol][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
430 TCP 172.16.0.8:36051 -> 64.13.134.52:5222 [proto: 1139/xmpp_jabber][Stack: xmpp_jabber][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
431 TCP 172.16.0.8:36051 -> 64.13.134.52:5269 [proto: 1139/xmpp_jabber][Stack: xmpp_jabber][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
432 TCP 172.16.0.8:36051 -> 64.13.134.52:5432 [proto: 19/PostgreSQL][Stack: PostgreSQL][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
433 TCP 172.16.0.8:36051 -> 64.13.134.52:5555 [proto: 925/Prolin][Stack: Prolin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
434 TCP 172.16.0.8:36051 -> 64.13.134.52:5631 [proto: 900/pcanywhere][Stack: pcanywhere][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
435 TCP 172.16.0.8:36051 -> 64.13.134.52:5678 [proto: 969/rrac][Stack: rrac][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
433 TCP 172.16.0.8:36051 -> 64.13.134.52:5555 [proto: 926/Prolin][Stack: Prolin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
434 TCP 172.16.0.8:36051 -> 64.13.134.52:5631 [proto: 901/pcanywhere][Stack: pcanywhere][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
435 TCP 172.16.0.8:36051 -> 64.13.134.52:5678 [proto: 970/rrac][Stack: rrac][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
436 TCP 172.16.0.8:36051 -> 64.13.134.52:5800 [proto: 89/VNC][Stack: VNC][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
437 TCP 172.16.0.8:36051 -> 64.13.134.52:5900 [proto: 89/VNC][Stack: VNC][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
438 TCP 172.16.0.8:36051 -> 64.13.134.52:5901 [proto: 89/VNC][Stack: VNC][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: RemoteAccess/12][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
439 TCP 172.16.0.8:36051 -> 64.13.134.52:5988 [proto: 1118/wbem-http][Stack: wbem-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
440 TCP 172.16.0.8:36051 -> 64.13.134.52:6000 [proto: 1131/XWindow][Stack: XWindow][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
439 TCP 172.16.0.8:36051 -> 64.13.134.52:5988 [proto: 1119/wbem-http][Stack: wbem-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
440 TCP 172.16.0.8:36051 -> 64.13.134.52:6000 [proto: 1132/XWindow][Stack: XWindow][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
441 TCP 172.16.0.8:36051 -> 64.13.134.52:6112 [proto: 109/GuildWars2][Stack: GuildWars2][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Game/8][Breed: Fun][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
442 TCP 172.16.0.8:36051 -> 64.13.134.52:6346 [proto: 35/Gnutella][Stack: Gnutella][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Potentially_Dangerous][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
443 TCP 172.16.0.8:36051 -> 64.13.134.52:6667 [proto: 65/IRC][Stack: IRC][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Chat/9][Breed: Unsafe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
444 TCP 172.16.0.8:36051 -> 64.13.134.52:6789 [proto: 381/Ceph][Stack: Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: DataTransfer/4][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
445 TCP 172.16.0.8:36051 -> 64.13.134.52:6881 [proto: 37/BitTorrent][Stack: BitTorrent][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Download/7][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
446 TCP 172.16.0.8:36051 -> 64.13.134.52:6901 [proto: 818/msnmessenger][Stack: msnmessenger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
446 TCP 172.16.0.8:36051 -> 64.13.134.52:6901 [proto: 819/msnmessenger][Stack: msnmessenger][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
447 TCP 172.16.0.8:36051 -> 64.13.134.52:7000 [proto: 264/Cassandra][Stack: Cassandra][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Database/11][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
448 TCP 172.16.0.8:36051 -> 64.13.134.52:7070 [proto: 503/arcp][Stack: arcp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
448 TCP 172.16.0.8:36051 -> 64.13.134.52:7070 [proto: 504/arcp][Stack: arcp][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
449 TCP 172.16.0.8:36051 -> 64.13.134.52:8000 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
450 TCP 172.16.0.8:36051 -> 64.13.134.52:8007 [proto: 745/jserv][Stack: jserv][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
451 TCP 172.16.0.8:36051 -> 64.13.134.52:8008 [proto: 696/http-s_alt][Stack: http-s_alt][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
452 TCP 172.16.0.8:36051 -> 64.13.134.52:8009 [proto: 1005/simco][Stack: simco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
450 TCP 172.16.0.8:36051 -> 64.13.134.52:8007 [proto: 746/jserv][Stack: jserv][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
451 TCP 172.16.0.8:36051 -> 64.13.134.52:8008 [proto: 697/http-s_alt][Stack: http-s_alt][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
452 TCP 172.16.0.8:36051 -> 64.13.134.52:8009 [proto: 1006/simco][Stack: simco][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
453 TCP 172.16.0.8:36051 -> 64.13.134.52:8010 [proto: 139/AJP][Stack: AJP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
454 TCP 172.16.0.8:36051 -> 64.13.134.52:8080 [proto: 131/HTTP_Proxy][Stack: HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
455 TCP 172.16.0.8:36051 -> 64.13.134.52:8088 [proto: 945/radan-http][Stack: radan-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
456 TCP 172.16.0.8:36051 -> 64.13.134.52:8181 [proto: 729/IPSwitch_IMail][Stack: IPSwitch_IMail][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
457 TCP 172.16.0.8:36051 -> 64.13.134.52:8200 [proto: 676/GoToMeeting][Stack: GoToMeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
455 TCP 172.16.0.8:36051 -> 64.13.134.52:8088 [proto: 946/radan-http][Stack: radan-http][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
456 TCP 172.16.0.8:36051 -> 64.13.134.52:8181 [proto: 730/IPSwitch_IMail][Stack: IPSwitch_IMail][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
457 TCP 172.16.0.8:36051 -> 64.13.134.52:8200 [proto: 677/GoToMeeting][Stack: GoToMeeting][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_1024_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
458 TCP 172.16.0.8:36051 -> 64.13.134.52:8333 [proto: 343/BITCOIN][Stack: BITCOIN][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Crypto_Currency/106][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
459 TCP 172.16.0.8:36051 -> 64.13.134.52:8383 [proto: 729/IPSwitch_IMail][Stack: IPSwitch_IMail][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
460 TCP 172.16.0.8:36051 -> 64.13.134.52:8443 [proto: 902/pcsync-https][Stack: pcsync-https][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
461 TCP 172.16.0.8:36051 -> 64.13.134.52:8800 [proto: 1048/sunwebadmin][Stack: sunwebadmin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
462 TCP 172.16.0.8:36051 -> 64.13.134.52:9080 [proto: 703/IBM_WebSphere-App][Stack: IBM_WebSphere-App][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
463 TCP 172.16.0.8:36051 -> 64.13.134.52:9100 [proto: 921/printer_pdl][Stack: printer_pdl][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
459 TCP 172.16.0.8:36051 -> 64.13.134.52:8383 [proto: 730/IPSwitch_IMail][Stack: IPSwitch_IMail][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
460 TCP 172.16.0.8:36051 -> 64.13.134.52:8443 [proto: 903/pcsync-https][Stack: pcsync-https][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
461 TCP 172.16.0.8:36051 -> 64.13.134.52:8800 [proto: 1049/sunwebadmin][Stack: sunwebadmin][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
462 TCP 172.16.0.8:36051 -> 64.13.134.52:9080 [proto: 704/IBM_WebSphere-App][Stack: IBM_WebSphere-App][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
463 TCP 172.16.0.8:36051 -> 64.13.134.52:9100 [proto: 922/printer_pdl][Stack: printer_pdl][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
464 TCP 172.16.0.8:36051 -> 64.13.134.52:9418 [proto: 226/Git][Stack: Git][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Collaborative/15][Breed: Safe][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_3072_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
465 TCP 172.16.0.8:36051 -> 64.13.134.52:9999 [proto: 332/TPLINK_SHP][Stack: TPLINK_SHP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: IoT-Scada/31][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_4096_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
466 TCP 172.16.0.8:36051 -> 64.13.134.52:10000 [proto: 161/CiscoVPN][Stack: CiscoVPN][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_2048_6bbe28597824/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ LRU cache tls_cert: 0/8/0 (insert/search/found)
|
|||
LRU cache mining: 0/15/0 (insert/search/found)
|
||||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||||
LRU cache fpc_dns: 14/37/13 (insert/search/found)
|
||||
Automa host: 246/71 (search/found)
|
||||
Automa host: 247/70 (search/found)
|
||||
Automa domain: 156/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 10/0 (search/found)
|
||||
|
|
@ -33,7 +33,7 @@ Hash fp custom protos: 6/0 (search/found)
|
|||
|
||||
Unknown 19 5564 9
|
||||
DNS 17 1719 6
|
||||
HTTP 249 355379 34
|
||||
HTTP 253 357994 35
|
||||
MDNS 1 82 1
|
||||
NTP 1 90 1
|
||||
NetBIOS 26 2392 6
|
||||
|
|
@ -43,7 +43,7 @@ DHCP 24 8208 5
|
|||
QQ 30 6617 3
|
||||
TLS 124 28754 9
|
||||
DHCPV6 10 980 3
|
||||
Google 28 53166 3
|
||||
Google 24 50551 2
|
||||
LLMNR 91 6931 48
|
||||
PlayStore 2 1359 1
|
||||
GoogleServices 17 30330 1
|
||||
|
|
@ -132,7 +132,7 @@ JA Host Stats:
|
|||
55 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: No ALPN / 192.168.115.75 / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: aa7eafaa128c9b8a39bd010d912570a8][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i370500_07a749158664_d075105c1994][JA3S: 573a9f3f80037fb40d481e2054def5bb][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
56 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0]
|
||||
57 TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Acceptable][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
58 TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
|
||||
59 TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
||||
60 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0]
|
||||
61 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][14 pkts/2450 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][56.94 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4488/0 17921/0 4136/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ LRU cache stun: 32/0/0 (insert/search/found)
|
|||
LRU cache tls_cert: 0/0/0 (insert/search/found)
|
||||
LRU cache mining: 0/3/0 (insert/search/found)
|
||||
LRU cache msteams: 19/6/6 (insert/search/found)
|
||||
LRU cache fpc_dns: 16/41/28 (insert/search/found)
|
||||
Automa host: 95/75 (search/found)
|
||||
LRU cache fpc_dns: 15/41/28 (insert/search/found)
|
||||
Automa host: 97/73 (search/found)
|
||||
Automa domain: 85/0 (search/found)
|
||||
Automa tls cert: 0/0 (search/found)
|
||||
Automa risk mask: 2/0 (search/found)
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ cd "$(dirname "${0}")" || exit 1
|
|||
|
||||
RETVAL=0
|
||||
|
||||
./akamai_ip_addresses_download.sh
|
||||
RETVAL=$(( RETVAL + $? ))
|
||||
./aws_ip_addresses_download.sh
|
||||
RETVAL=$(( RETVAL + $? ))
|
||||
./azure_ip_addresses_download.sh
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ flow_risks[17] = ProtoField.bool("ndpi.flow_risk.malformed_packet", "Malformed p
|
|||
flow_risks[18] = ProtoField.bool("ndpi.flow_risk.ssh_obsolete_client", "SSH Obsolete Client Version/Cipher", num_bits_flow_risks, nil, bit(18), "nDPI Flow Risk: SSH Obsolete Client Version/Cipher")
|
||||
flow_risks[19] = ProtoField.bool("ndpi.flow_risk.ssh_obsolete_server", "SSH Obsolete Server Version/Cipher", num_bits_flow_risks, nil, bit(19), "nDPI Flow Risk: SSH Obsolete Server Version/Cipher")
|
||||
flow_risks[20] = ProtoField.bool("ndpi.flow_risk.smb_insecure_version", "SMB Insecure Version", num_bits_flow_risks, nil, bit(20), "nDPI Flow Risk: SMB Insecure Version")
|
||||
flow_risks[21] = ProtoField.bool("ndpi.flow_risk.unresolved_hostname", "Unresolved Hostname", num_bits_flow_risks, nil, bit(21), "nDPI Flow Risk: Unresolved Hostname")
|
||||
flow_risks[21] = ProtoField.bool("ndpi.flow_risk.mismatching_protocol_with_ip", "Mismatching protocol with IP", num_bits_flow_risks, nil, bit(21), "nDPI Flow Risk: Mismatching protocol with server IP address")
|
||||
flow_risks[22] = ProtoField.bool("ndpi.flow_risk.unsafe_protocol", "Unsafe Protocol", num_bits_flow_risks, nil, bit(22), "nDPI Flow Risk: Unsafe Protocol")
|
||||
flow_risks[23] = ProtoField.bool("ndpi.flow_risk.suspicious_dns_traffic", "Suspicious DNS traffic", num_bits_flow_risks, nil, bit(23), "nDPI Flow Risk: Suspicious DNS traffic")
|
||||
flow_risks[24] = ProtoField.bool("ndpi.flow_risk.sni_tls_extension_missing", "SNI TLS extension was missing", num_bits_flow_risks, nil, bit(24), "nDPI Flow Risk: SNI TLS extension was missing")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue