mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-05 19:15:12 +00:00
5f312c0cd6
* Fix JA4 ALPN fingerprint to use first and last characters According to the JA4 specification (line 2139), the ALPN field should contain the first and last characters of the first ALPN extension value. Currently, nDPI uses the first and second characters (alpn[0] and alpn[1]), which produces incorrect fingerprints that don't match other JA4 implementations like Wireshark. For example, with ALPN 'http/1.1': - Current (incorrect): 'ht' (first + second char) - Fixed (correct): 'h1' (first + last char) This change ensures nDPI's JA4 implementation conforms to the official specification and maintains interoperability with other JA4 tools. Fixes: Incorrect JA4 ALPN fingerprint generation * Fix JA4 ALPN implementation to correctly parse first ALPN protocol The previous fix attempted to use strlen(ja->client.alpn)-1 but this was insufficient because nDPI modifies the ALPN string by: 1. Adding null terminators that truncate the last character 2. Converting semicolons to dashes, affecting multi-protocol ALPNs This complete fix: - Adds alpn_original_last field to store the true last character - Captures the last character of the FIRST ALPN protocol only (before ;/,) - Preserves the original character before nDPI's string modifications Now correctly implements JA4 spec: first + last characters of first ALPN protocol Examples: - ALPN 'h2;http/1.1' -> 'h2' (not 'h.' or 'h1') - ALPN 'http/1.1' -> 'h1' (not 'ht' or 'h.') Fixes: #2914 * Fix JA4 SNI detection to properly handle missing SNI extensions Previously, nDPI incorrectly set JA4 SNI flag to 'd' (domain present) for flows without any SNI extension. This was because the logic only checked for NDPI_NUMERIC_IP_HOST risk (set when SNI contains IP) but didn't distinguish between missing SNI and domain SNI. Now properly detects: - No SNI extension → 'i' flag - SNI with IP address → 'i' flag - SNI with domain → 'd' flag This matches the JA4 specification.
109 lines
36 KiB
Text
109 lines
36 KiB
Text
Guessed flow protos: 1
|
||
|
||
DPI Packets (TCP): 107 (7.13 pkts/flow)
|
||
DPI Packets (UDP): 55 (1.77 pkts/flow)
|
||
DPI Packets (other): 5 (1.00 pkts/flow)
|
||
Confidence Match by port : 1 (flows)
|
||
Confidence DPI : 50 (flows)
|
||
Num dissector calls: 352 (6.90 diss/flow)
|
||
LRU cache ookla: 0/0/0 (insert/search/found)
|
||
LRU cache bittorrent: 0/3/0 (insert/search/found)
|
||
LRU cache stun: 0/0/0 (insert/search/found)
|
||
LRU cache tls_cert: 0/0/0 (insert/search/found)
|
||
LRU cache mining: 0/1/0 (insert/search/found)
|
||
LRU cache msteams: 0/0/0 (insert/search/found)
|
||
LRU cache fpc_dns: 31/16/15 (insert/search/found)
|
||
Automa host: 62/53 (search/found)
|
||
Automa domain: 62/0 (search/found)
|
||
Automa tls cert: 0/0 (search/found)
|
||
Automa risk mask: 0/0 (search/found)
|
||
Automa common alpns: 27/27 (search/found)
|
||
Patricia risk mask: 0/0 (search/found)
|
||
Patricia risk mask IPv6: 0/0 (search/found)
|
||
Patricia risk: 1/0 (search/found)
|
||
Patricia risk IPv6: 5/0 (search/found)
|
||
Patricia protocols: 82/10 (search/found)
|
||
Patricia protocols IPv6: 10/0 (search/found)
|
||
|
||
DNS 38 5468 19
|
||
MDNS 17 7012 5
|
||
SSDP 2 336 2
|
||
DHCP 9 3078 2
|
||
ICMP 5 350 1
|
||
IGMP 1 54 1
|
||
ICMPV6 5 478 3
|
||
Dropbox 2 1104 1
|
||
Apple 132 53116 8
|
||
AppleiCloud 209 126365 5
|
||
AppleiTunes 62 23299 2
|
||
Spotify 2 172 1
|
||
NAT-PMP 2 120 1
|
||
|
||
Safe 132 53116 8
|
||
Acceptable 290 144365 40
|
||
Fun 64 23471 3
|
||
|
||
Web 332 178040 12
|
||
Cloud 2 1104 1
|
||
Network 77 16560 32
|
||
Streaming 62 23299 2
|
||
System 2 336 2
|
||
Music 2 172 1
|
||
ConnCheck 9 1441 1
|
||
|
||
JA Host Stats:
|
||
IP Address # JA4C
|
||
1 192.168.2.17 3
|
||
|
||
|
||
1 TCP 192.168.2.17:50581 <-> 17.248.185.87:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 9][cat: Web/5][56 pkts/68759 bytes <-> 21 pkts/9571 bytes][Goodput ratio: 95/85][2.03 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.756 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/111 655/803 103/219][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1228/456 1506/1506 541/618][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F][Safari][Validity: 2019-12-09 19:35:05 - 2021-01-07 19:45:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,90,0,0]
|
||
2 TCP 192.168.2.17:50575 <-> 17.248.185.140:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 10][cat: Web/5][13 pkts/3193 bytes <-> 12 pkts/11035 bytes][Goodput ratio: 73/93][0.81 sec][Hostname/SNI: p26-fmfmobile.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.551 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/63 154/164 68/71][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 246/920 1224/1506 340/643][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2][Safari][Validity: 2019-12-09 19:44:02 - 2021-01-07 19:54:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,7,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,48,0,0]
|
||
3 TCP 192.168.2.17:50580 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 8][cat: Web/5][25 pkts/5755 bytes <-> 20 pkts/8110 bytes][Goodput ratio: 71/84][2.03 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.170 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 86/55 651/521 172/132][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 230/406 1128/1506 292/508][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,32,8,0,8,4,0,0,0,0,0,8,0,0,0,0,8,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,12,0,0]
|
||
4 TCP 192.168.2.17:50587 <-> 92.123.77.26:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][19 pkts/4724 bytes <-> 15 pkts/7108 bytes][Goodput ratio: 73/86][0.49 sec][Hostname/SNI: play.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.201 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/17 146/147 52/42][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 249/474 1506/1506 367/538][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 5,23,11,0,0,0,0,0,11,0,0,0,5,0,0,5,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,16,0,0]
|
||
5 TCP 192.168.2.17:50588 <-> 95.101.24.53:443 [proto: 91.145/TLS.AppleiTunes][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 145/AppleiTunes, Confidence: DNS][DPI packets: 6][cat: Streaming/17][16 pkts/3753 bytes <-> 12 pkts/7714 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: sync.itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.345 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 37/56 15/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 235/643 1506/1506 366/607][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 6,18,12,0,0,0,0,0,12,0,0,0,0,0,0,6,6,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,25,0,0]
|
||
6 TCP 192.168.2.17:50576 <-> 95.101.25.53:443 [proto: 91.140/TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][15 pkts/2056 bytes <-> 12 pkts/8828 bytes][Goodput ratio: 49/91][0.38 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.622 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/22 36/80 13/32][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/736 583/1506 158/574][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,7,0,0,0,7,0,31,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,15,0,0,0,0,15,0,0]
|
||
7 TCP 192.168.2.17:50584 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 8][cat: Web/5][18 pkts/3421 bytes <-> 14 pkts/6608 bytes][Goodput ratio: 65/86][1.06 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.318 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/19 167/155 58/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 190/472 1084/1506 257/577][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,5,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
|
||
8 TCP 192.168.2.17:50586 <-> 17.248.176.75:443 [proto: 91.143/TLS.AppleiCloud][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 143/AppleiCloud, Confidence: DNS][DPI packets: 8][cat: Web/5][17 pkts/3443 bytes <-> 13 pkts/6470 bytes][Goodput ratio: 67/87][0.54 sec][Hostname/SNI: gateway.icloud.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.305 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/20 162/160 58/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/498 1084/1506 268/585][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com][JA3S: 1e60202b4001a190621caa963fb76697][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE][Safari][Validity: 2019-10-08 18:46:14 - 2020-11-06 18:56:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,43,11,0,0,0,0,0,0,0,0,0,0,0,5,0,11,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0]
|
||
9 TCP 192.168.2.17:50583 <-> 104.73.61.30:443 [proto: 91.140/TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][7 pkts/1003 bytes <-> 7 pkts/6968 bytes][Goodput ratio: 51/93][0.19 sec][Hostname/SNI: cl4.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.748 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 38/9 123/46 46/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 143/995 583/1506 180/593][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,33,0,0]
|
||
10 TCP 192.168.2.17:50579 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][12 pkts/1803 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 217/22 1961/130 583/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 150/674 583/1506 169/571][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||
11 TCP 192.168.2.17:50578 <-> 17.253.105.202:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][12 pkts/1781 bytes <-> 8 pkts/5395 bytes][Goodput ratio: 55/90][2.30 sec][Hostname/SNI: mesu.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 227/22 1825/131 537/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 148/674 583/1506 166/571][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,0,10,0,0,0,0,0,20,0,10,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
|
||
12 TCP 192.168.2.17:50582 <-> 92.122.252.82:443 [proto: 91.140/TLS.Apple][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: Web/5][6 pkts/925 bytes <-> 6 pkts/5702 bytes][Goodput ratio: 56/93][0.17 sec][Hostname/SNI: iphone-ld.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.721 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 42/25 122/123 49/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/950 583/1506 192/630][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,40,0,0]
|
||
13 TCP 192.168.2.17:50577 <-> 17.130.2.46:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][10 pkts/1721 bytes <-> 8 pkts/4801 bytes][Goodput ratio: 61/89][0.67 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.472 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 81/52 171/161 80/73][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 172/600 583/1506 165/572][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2614h2_2802a3db6c62_0e42e90cf648][ServerNames: *.ls.apple.com][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US][Certificate SHA-1: E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51][Safari][Validity: 2019-03-15 23:17:29 - 2021-04-13 23:17:29][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,11,0,0,0,11,11,0,0,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
|
||
14 TCP 192.168.2.17:50585 <-> 17.137.166.35:443 [proto: 91.140/TLS.Apple][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 8][cat: Web/5][6 pkts/1051 bytes <-> 6 pkts/4246 bytes][Goodput ratio: 61/90][1.05 sec][Hostname/SNI: gsa.apple.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.603 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 132/52 322/206 138/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 175/708 583/1506 188/647][TCP Fingerprint: 194_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d2613h1_2802a3db6c62_845d286b0d67][ServerNames: gsas.apple.com,gsa.apple.com][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=gsa.apple.com, O=Apple Inc., ST=California, C=US][Certificate SHA-1: D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6][Safari][Validity: 2019-03-07 00:55:40 - 2020-04-05 00:55:40][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
|
||
15 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][7 pkts/2394 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.15 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1022/0 7191/0 8962/0 2834/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (iPhone)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
16 UDP 169.254.225.216:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/2123 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
|
||
17 UDP 192.168.2.1:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/2094 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0]
|
||
18 UDP [fe80::c42c:3ff:fe60:6a64]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/2067 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][33.08 sec][Hostname/SNI: luca’s imac._odisk._tcp.local][luca’s imac._odisk._tcp.local][PLAIN TEXT (s iMac)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
|
||
19 TCP 192.168.2.17:49152 <-> 17.253.105.202:80 [proto: 7.140/HTTP.Apple][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: ConnCheck/30][5 pkts/473 bytes <-> 4 pkts/968 bytes][Goodput ratio: 28/72][0.33 sec][Hostname/SNI: captive.apple.com][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 82/80 171/158 82/78][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/242 197/762 51/300][URL: captive.apple.com/hotspot-detect.html][StatusCode: 200][Content-Type: text/html][Server: ATS/8.0.6][User-Agent: CaptiveNetworkSupport-390.60.1 wispr][TCP Fingerprint: 194_64_65535_d29295416479/macOS][PLAIN TEXT (GET /hotspot)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
20 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][2 pkts/1104 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][30.05 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
21 UDP 192.168.2.1:67 -> 192.168.2.17:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/684 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (iMac.local)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
22 UDP [fe80::823:3f17:8298:a29c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 4][cat: Network/14][4 pkts/512 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][3.56 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
23 UDP 192.168.2.17:63381 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/90 bytes <-> 1 pkts/264 bytes][Goodput ratio: 53/84][0.04 sec][Hostname/SNI: p26-keyvalueservice.icloud.com][17.248.185.87][DNS Id: 0x95d3][PLAIN TEXT (valueservice)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
24 ICMP 192.168.2.17:0 -> 192.168.2.1:0 [proto: 81/ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/350 bytes -> 0 pkts/0 bytes][Goodput ratio: 40/0][0.34 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
25 UDP 192.168.2.17:63143 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/84 bytes <-> 1 pkts/252 bytes][Goodput ratio: 49/83][0.04 sec][Hostname/SNI: p26-fmfmobile.icloud.com][17.248.185.140][DNS Id: 0x1e14][PLAIN TEXT (fmfmobile)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
26 UDP 192.168.2.17:52852 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/244 bytes][Goodput ratio: 46/82][0.04 sec][Hostname/SNI: gateway.icloud.com][17.248.176.75][DNS Id: 0xb10f][PLAIN TEXT (gateway)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
27 UDP 192.168.2.17:53272 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/241 bytes][Goodput ratio: 48/82][0.05 sec][Hostname/SNI: play.itunes.apple.com][92.123.77.26][DNS Id: 0x080b][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
28 UDP 192.168.2.17:65079 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/241 bytes][Goodput ratio: 48/82][0.00 sec][Hostname/SNI: play.itunes.apple.com][92.123.77.26][DNS Id: 0xd334][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
29 UDP 192.168.2.17:61862 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/83 bytes <-> 1 pkts/227 bytes][Goodput ratio: 49/81][0.04 sec][Hostname/SNI: gspe35-ssl.ls.apple.com][95.101.25.53][DNS Id: 0x8ef1][PLAIN TEXT (gspe35)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
30 UDP 192.168.2.17:49880 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/222 bytes][Goodput ratio: 48/81][0.05 sec][Hostname/SNI: init.itunes.apple.com][95.101.24.53][DNS Id: 0x7049][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
31 UDP 192.168.2.17:53317 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/224 bytes][Goodput ratio: 46/81][0.04 sec][Hostname/SNI: iphone-ld.apple.com][92.122.252.82][DNS Id: 0x898e][PLAIN TEXT (iphone)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
32 UDP 192.168.2.17:63677 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/81 bytes <-> 1 pkts/222 bytes][Goodput ratio: 48/81][0.04 sec][Hostname/SNI: sync.itunes.apple.com][95.101.24.53][DNS Id: 0x2386][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
33 UDP 192.168.2.17:53983 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/221 bytes][Goodput ratio: 47/81][0.05 sec][Hostname/SNI: bag.itunes.apple.com][95.101.24.53][DNS Id: 0x665a][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
34 UDP 192.168.2.17:63377 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/221 bytes][Goodput ratio: 47/81][0.05 sec][Hostname/SNI: bag.itunes.apple.com][95.101.24.53][DNS Id: 0x8fb1][PLAIN TEXT (itunes)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
35 UDP 192.168.2.17:51007 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/77 bytes <-> 1 pkts/221 bytes][Goodput ratio: 45/81][0.04 sec][Hostname/SNI: captive.apple.com][17.253.105.202][DNS Id: 0x6043][PLAIN TEXT (captive)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
36 UDP 192.168.2.17:55457 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/214 bytes][Goodput ratio: 43/80][0.04 sec][Hostname/SNI: mesu.apple.com][17.253.105.202][DNS Id: 0x171b][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
37 UDP 192.168.2.17:62526 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/212 bytes][Goodput ratio: 42/80][0.05 sec][Hostname/SNI: cl4.apple.com][104.73.61.30][DNS Id: 0x8dec][PLAIN TEXT (origin)][Plen Bins: 50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
38 UDP 192.168.2.17:52682 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/203 bytes][Goodput ratio: 43/79][0.04 sec][Hostname/SNI: www.icloud.com][23.45.74.46][DNS Id: 0xc1e9][PLAIN TEXT (icloud)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
39 ICMPV6 [fe80::823:3f17:8298:a29c]:0 -> [ff02::16]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/260 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][1.00 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
40 UDP 192.168.2.17:55914 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/146 bytes][Goodput ratio: 48/71][0.04 sec][Hostname/SNI: gsp85-ssl.ls.apple.com][17.130.2.46][DNS Id: 0x247f][PLAIN TEXT (akadns)][Plen Bins: 0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
41 UDP 192.168.2.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 2][cat: Network/14][2 pkts/216 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][1.02 sec][Hostname/SNI: _homekit._tcp.local][_homekit._tcp.local][PLAIN TEXT (homekit)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
42 UDP 192.168.2.17:64203 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/80 bytes <-> 1 pkts/135 bytes][Goodput ratio: 47/68][0.04 sec][Hostname/SNI: basejumper.apple.com][0.0.0.0][DNS Id: 0xbb63][PLAIN TEXT (basejumper)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
43 UDP 192.168.2.17:52031 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/127 bytes][Goodput ratio: 42/66][0.03 sec][Hostname/SNI: gsa.apple.com][17.137.166.35][DNS Id: 0x7425][PLAIN TEXT (akadns)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
44 UDP 192.168.2.17:62160 <-> 192.168.2.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/73 bytes <-> 1 pkts/127 bytes][Goodput ratio: 42/66][0.04 sec][Hostname/SNI: gsa.apple.com][17.137.166.35][DNS Id: 0xcf0a][PLAIN TEXT (akadns)][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
45 UDP 192.168.2.1:57621 -> 192.168.2.255:57621 [proto: 156/Spotify][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 156/Spotify, Confidence: DPI][DPI packets: 1][cat: Music/25][2 pkts/172 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][30.01 sec][PLAIN TEXT (SpotUdp)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
46 UDP 169.254.225.216:60538 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
47 UDP 192.168.2.1:51411 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][1 pkts/168 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][< 1 sec][Hostname/SNI: 239.255.255.250][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
48 ICMPV6 [fe80::823:3f17:8298:a29c]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/132 bytes -> 0 pkts/0 bytes][Goodput ratio: 6/0][4.21 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
49 UDP 192.168.2.1:5351 -> 224.0.0.1:5350 [proto: 312/NAT-PMP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][2 pkts/120 bytes -> 0 pkts/0 bytes][Goodput ratio: 30/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
50 ICMPV6 [::]:0 -> [ff02::1:ff98:a29c]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 28/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
||
51 IGMP 192.168.2.17:0 -> 224.0.0.22:0 [proto: 82/IGMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 82/IGMP, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/54 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|