mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-05 10:41:40 +00:00
5f312c0cd6
* Fix JA4 ALPN fingerprint to use first and last characters According to the JA4 specification (line 2139), the ALPN field should contain the first and last characters of the first ALPN extension value. Currently, nDPI uses the first and second characters (alpn[0] and alpn[1]), which produces incorrect fingerprints that don't match other JA4 implementations like Wireshark. For example, with ALPN 'http/1.1': - Current (incorrect): 'ht' (first + second char) - Fixed (correct): 'h1' (first + last char) This change ensures nDPI's JA4 implementation conforms to the official specification and maintains interoperability with other JA4 tools. Fixes: Incorrect JA4 ALPN fingerprint generation * Fix JA4 ALPN implementation to correctly parse first ALPN protocol The previous fix attempted to use strlen(ja->client.alpn)-1 but this was insufficient because nDPI modifies the ALPN string by: 1. Adding null terminators that truncate the last character 2. Converting semicolons to dashes, affecting multi-protocol ALPNs This complete fix: - Adds alpn_original_last field to store the true last character - Captures the last character of the FIRST ALPN protocol only (before ;/,) - Preserves the original character before nDPI's string modifications Now correctly implements JA4 spec: first + last characters of first ALPN protocol Examples: - ALPN 'h2;http/1.1' -> 'h2' (not 'h.' or 'h1') - ALPN 'http/1.1' -> 'h1' (not 'ht' or 'h.') Fixes: #2914 * Fix JA4 SNI detection to properly handle missing SNI extensions Previously, nDPI incorrectly set JA4 SNI flag to 'd' (domain present) for flows without any SNI extension. This was because the logic only checked for NDPI_NUMERIC_IP_HOST risk (set when SNI contains IP) but didn't distinguish between missing SNI and domain SNI. Now properly detects: - No SNI extension → 'i' flag - SNI with IP address → 'i' flag - SNI with domain → 'd' flag This matches the JA4 specification.
105 lines
55 KiB
Text
105 lines
55 KiB
Text
DPI Packets (TCP): 393 (7.15 pkts/flow)
|
|
DPI Packets (UDP): 8 (4.00 pkts/flow)
|
|
Confidence Unknown : 4 (flows)
|
|
Confidence DPI : 53 (flows)
|
|
Num dissector calls: 264 (4.63 diss/flow)
|
|
LRU cache ookla: 0/0/0 (insert/search/found)
|
|
LRU cache bittorrent: 0/12/0 (insert/search/found)
|
|
LRU cache stun: 0/0/0 (insert/search/found)
|
|
LRU cache tls_cert: 0/75/0 (insert/search/found)
|
|
LRU cache mining: 0/4/0 (insert/search/found)
|
|
LRU cache msteams: 0/0/0 (insert/search/found)
|
|
LRU cache fpc_dns: 0/55/0 (insert/search/found)
|
|
Automa host: 44/30 (search/found)
|
|
Automa domain: 44/0 (search/found)
|
|
Automa tls cert: 1/0 (search/found)
|
|
Automa risk mask: 1/0 (search/found)
|
|
Automa common alpns: 0/0 (search/found)
|
|
Patricia risk mask: 88/0 (search/found)
|
|
Patricia risk mask IPv6: 0/0 (search/found)
|
|
Patricia risk: 0/0 (search/found)
|
|
Patricia risk IPv6: 0/0 (search/found)
|
|
Patricia protocols: 69/45 (search/found)
|
|
Patricia protocols IPv6: 0/0 (search/found)
|
|
|
|
Unknown 25 1701 4
|
|
HTTP 22 3182 2
|
|
TLS 250 28977 20
|
|
SIP 22 15356 1
|
|
Google 17 6375 1
|
|
Webex 774 499515 29
|
|
|
|
Safe 250 28977 20
|
|
Acceptable 835 524428 33
|
|
Unrated 25 1701 4
|
|
|
|
Unspecified 25 1701 4
|
|
Web 272 32159 22
|
|
VoIP 796 514871 30
|
|
Advertisement 17 6375 1
|
|
|
|
JA Host Stats:
|
|
IP Address # JA4C
|
|
1 10.8.0.1 6
|
|
|
|
|
|
1 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][Goodput ratio: 68/99][2.76 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112/101 455/404 117/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172/3746 590/18020 206/4700][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_RC4_128_MD5][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,3,0,0,3,0,0,3,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,45]
|
|
2 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][Goodput ratio: 77/97][5.52 sec][Hostname/SNI: radcom.webex.com][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/138 1189/1223 220/218][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/1717 590/17734 233/3587][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_RC4_128_MD5][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA4: t12d280600_519b4837d290_570a46b37db9][ServerNames: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Firefox][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,2,4,0,0,0,2,0,4,2,0,0,0,2,4,2,24,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,22,0,0,0,0,24]
|
|
3 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][Goodput ratio: 48/97][2.62 sec][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/154 1031/979 260/240][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/2130 590/8901 135/2682][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,34]
|
|
4 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][Goodput ratio: 56/98][3.76 sec][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 383/399 1876/1875 577/571][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2863 528/14373 150/4304][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,9,9,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
|
|
5 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][21 pkts/2017 bytes <-> 22 pkts/32272 bytes][Goodput ratio: 43/96][5.83 sec][bytes ratio: -0.882 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 347/332 2165/2214 528/526][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 96/1467 528/10581 119/2498][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (sTTjbc)][Plen Bins: 0,9,4,4,0,4,9,4,0,9,9,0,0,0,4,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
|
6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][Goodput ratio: 66/97][1.48 sec][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108/139 519/469 176/158][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165/1865 590/8448 193/2711][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,0,0,0,0,0,0,9,0,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,36]
|
|
7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][Goodput ratio: 76/60][68.57 sec][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1424/790 16039/7189 2911/1473][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 229/134 590/3961 154/547][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,5,40,16,1,11,3,1,0,0,5,0,3,0,0,1,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]
|
|
8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][95.92 sec][SIP From: <sip:45191@172.16.1.75;transport=UDP>;tag=d3833767][SIP To: <sip:45191@172.16.1.75;transport=UDP>][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1008/0 4783/0 32494/0 6932/0][Pkt Len c2s/s2c min/avg/max/stddev: 698/0 698/0 698/0 0/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (REGISTER sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][Goodput ratio: 65/80][21.38 sec][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 796/452 6005/3010 1691/778][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/276 432/3961 108/830][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,13,17,13,4,4,30,0,0,0,4,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4]
|
|
10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 14][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][Goodput ratio: 55/90][41.17 sec][Hostname/SNI: api.crittercism.com][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3166/655 34507/5259 9151/1546][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124/542 590/1502 149/614][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_RC4_128_MD5 / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10d350400_1f24bcc5f17d_a875e5012fde][ServerNames: *.crittercism.com,crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA][Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com][Certificate SHA-1: 68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18][Validity: 2015-01-14 00:00:00 - 2020-01-13 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 8,8,8,0,0,0,8,8,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,8,0,0,0,0,16,0,8,0,0]
|
|
11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][Goodput ratio: 64/94][3.96 sec][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 523/352 2070/1020 730/365][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157/873 576/3993 179/1444][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
|
12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][Goodput ratio: 70/95][1.07 sec][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/51 160/195 357/356 154/126][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187/990 576/3993 192/1508][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
|
13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][Goodput ratio: 63/93][3.00 sec][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 385/312 2171/1116 743/396][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/828 528/2974 166/1099][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28]
|
|
14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][Goodput ratio: 63/93][3.01 sec][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 386/312 2179/1125 746/385][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/825 528/2633 166/1028][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,28]
|
|
15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][Goodput ratio: 66/93][0.78 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 97/110 277/276 117/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/832 528/2581 172/1033][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,28]
|
|
16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.10 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 546/396 2119/1071 812/386][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
|
17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][Goodput ratio: 68/94][3.09 sec][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 545/396 2066/1021 793/377][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180/934 528/3961 179/1447][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
|
18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][Goodput ratio: 63/92][4.04 sec][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 534/640 3074/2046 1048/713][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152/649 528/3993 166/1255][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,34,0,0,0,0,0,0,0,0,16,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16]
|
|
19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][Goodput ratio: 66/93][2.90 sec][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 433/304 2119/1065 772/366][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/723 528/2633 172/919][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,28,0,0,0,0,0,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,14]
|
|
20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][Goodput ratio: 66/87][1.15 sec][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 113/139 555/553 189/186][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/401 590/2581 167/758][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,22,0,0,11,11,11,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,11]
|
|
21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.40 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/190 512/509 170/160][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
|
|
22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.32 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 118/180 470/468 157/151][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
|
|
23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][4.59 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 305/639 1712/1786 557/738][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
|
|
24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][Goodput ratio: 67/91][3.85 sec][Hostname/SNI: ssl.google-analytics.com][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389/621 1225/1224 477/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171/604 590/3751 168/1199][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][ServerNames: *.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Firefox][Validity: 2015-09-29 19:00:07 - 2015-12-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,14,0,0,14,14,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
|
|
25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][Goodput ratio: 43/90][3.11 sec][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263/413 1025/1231 416/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/550 380/2581 101/889][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20]
|
|
26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.09 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 301/484 1105/1237 425/496][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
|
27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.08 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 299/483 1096/1238 423/498][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
|
|
28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][Goodput ratio: 66/91][0.77 sec][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 125/129 463/394 174/138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 169/574 448/2957 158/989][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com][JA3S: 714ac86d50db68420429ca897688f5f3][Issuer: C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA][Subject: C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Validity: 2014-12-18 08:27:59 - 2016-02-19 21:32:06][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,0,0,0,16,0,0,16,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
|
|
29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][Goodput ratio: 14/92][4.09 sec][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 596/745 1927/1038 776/424][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 66/705 117/2896 22/1054][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
|
|
30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][Goodput ratio: 15/94][4.08 sec][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 1018/992 2975/1922 1214/785][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 68/835 117/3961 23/1563][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
|
|
31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][Goodput ratio: 62/44][0.54 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/77 283/252 98/86][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146/97 590/396 161/102][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_RC4_128_MD5 / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 14,14,14,0,14,0,14,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][Goodput ratio: 60/50][13.16 sec][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644/1879 10453/11491 3421/3952][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 139/109 590/472 163/127][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_RC4_128_MD5 / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 28,14,0,0,14,0,14,0,0,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][59.53 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8504/9920 59268/59268 20725/22069][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_RC4_128_MD5 / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][Goodput ratio: 63/21][13.15 sec][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877/2190 12884/12885 4494/4783][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 151/68 590/183 168/41][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_RC4_128_MD5 / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 16,34,0,0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Goodput ratio: 64/60][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8230/114 40802/243 16286/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 162/137 590/551 194/185][URL: cp.pushwoosh.com/json/1.3/registerDevice][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (POST /j)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][Goodput ratio: 69/28][1.57 sec][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/390 1555/1504 621/643][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 183/76 590/183 180/48][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_RC4_128_MD5 / TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i350200_1f24bcc5f17d_33a13ba74d1c][JA3S: 6dfe5eb347aa509fc445e5628d467a2b][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,20,20,0,20,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Goodput ratio: 53/65][41.15 sec][Hostname/SNI: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 10286/13713 40778/40779 17605/19138][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 125/153 388/551 132/199][URL: cp.pushwoosh.com/json/1.3/applicationOpen][StatusCode: 200][Req Content-Type: application/json][Content-Type: application/json][Server: nginx/1.6.3][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build/KVT49L.A1412087656)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.6.3][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][PLAIN TEXT (POST /j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
38 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][Goodput ratio: 44/32][0.51 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 101/149 442/392 172/173][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102/80 281/146 81/36][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_RC4_128_MD5][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,50,25,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
39 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][Goodput ratio: 48/37][0.45 sec][Hostname/SNI: radcom.webex.com][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112/148 444/442 192/208][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/86 281/183 86/56][Risk: ** Weak TLS Cipher **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / Cipher TLS_RSA_WITH_RC4_128_MD5][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA4: t12d280600_519b4837d290_570a46b37db9][JA3S: c253ec3ad88e42f8da4032682892f9a0][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,33,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
40 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][7 pkts/501 bytes <-> 4 pkts/216 bytes][Goodput ratio: 13/0][2.03 sec][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 405/1 1009/1 490/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/54 117/54 21/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
41 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.40 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/24 1079/2662 5297/5301 2109/2638][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
42 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][12.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 2407/5982 11950/11953 4771/5971][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
43 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.42 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/39 1083/2667 5292/5295 2105/2628][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
44 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.43 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 1085/2670 5289/5293 2102/2622][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
45 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.04 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 6007/14985 29960/29963 11976/14978][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
46 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][30.03 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 6007/14984 29964/29966 11979/14982][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
47 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 11][cat: Web/5][6 pkts/427 bytes <-> 5 pkts/270 bytes][Goodput ratio: 15/0][5.41 sec][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 1080/2665 5295/5298 2107/2633][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/54 117/54 22/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
48 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][Goodput ratio: 48/0][59.48 sec][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 19827/29739 59456/59456 28022/29717][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113/54 270/54 91/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i350200_1f24bcc5f17d_33a13ba74d1c][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
49 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.00 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/51 4998/7496 14940/14942 7030/7446][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
50 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/423 bytes <-> 4 pkts/216 bytes][Goodput ratio: 44/0][15.14 sec][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 5044/7566 15081/15081 7097/7515][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/54 241/54 79/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
51 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: Web/5][4 pkts/299 bytes <-> 4 pkts/216 bytes][Goodput ratio: 21/0][2.09 sec][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 695/1040 2078/2078 978/1038][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/54 117/54 26/0][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
52 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/TLS][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 5][cat: Web/5][3 pkts/245 bytes <-> 2 pkts/108 bytes][Goodput ratio: 26/0][0.01 sec][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
53 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes][Goodput ratio: 11/0][0.06 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
|
|
|
|
Undetected flows:
|
|
1 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 0/Unknown][IP: 141/Webex][ClearText][Confidence: Unknown][FPC: 141/Webex, Confidence: IP address][DPI packets: 7][14 pkts/1071 bytes <-> 2 pkts/100 bytes][Goodput ratio: 45/16][20.24 sec][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1602/117 8966/117 2266/0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76/50 84/50 14/0][Plen Bins: 31,68,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
2 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 0/Unknown][IP: 141/Webex][ClearText][Confidence: Unknown][FPC: 141/Webex, Confidence: IP address][DPI packets: 3][2 pkts/128 bytes <-> 1 pkts/54 bytes][Goodput ratio: 0/0][1.00 sec][Risk: ** TCP Connection Issues **** Probing Attempt **][Risk Score: 100][Risk Info: TCP probing attempt / Connection refused (client)][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
3 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][< 1 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|
|
4 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 0/Unknown][IP: 265/AmazonAWS][ClearText][Confidence: Unknown][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 3][1 pkts/66 bytes <-> 2 pkts/108 bytes][Goodput ratio: 0/0][0.00 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
|