mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-05-02 17:00:16 +00:00
ca5ffc4988
Tell "Advertised" ALPN list from "Negotiated" ALPN; the former is extracted from the CH, the latter from the SH. Add some entries to the known ALPN list. Fix printing of "TLS Supported Versions" field.
62 lines
27 KiB
Text
62 lines
27 KiB
Text
Guessed flow protos: 0
|
|
|
|
DPI Packets (TCP): 70 (2.06 pkts/flow)
|
|
Confidence DPI : 34 (flows)
|
|
Num dissector calls: 40 (1.18 diss/flow)
|
|
LRU cache ookla: 0/0/0 (insert/search/found)
|
|
LRU cache bittorrent: 0/0/0 (insert/search/found)
|
|
LRU cache zoom: 0/0/0 (insert/search/found)
|
|
LRU cache stun: 0/0/0 (insert/search/found)
|
|
LRU cache tls_cert: 0/0/0 (insert/search/found)
|
|
LRU cache mining: 0/0/0 (insert/search/found)
|
|
LRU cache msteams: 0/0/0 (insert/search/found)
|
|
Automa host: 34/34 (search/found)
|
|
Automa domain: 34/0 (search/found)
|
|
Automa tls cert: 0/0 (search/found)
|
|
Automa risk mask: 6/0 (search/found)
|
|
Automa common alpns: 68/68 (search/found)
|
|
Patricia risk mask: 66/0 (search/found)
|
|
Patricia risk: 0/0 (search/found)
|
|
Patricia protocols: 68/0 (search/found)
|
|
|
|
DoH_DoT 577 216583 34
|
|
|
|
JA3 Host Stats:
|
|
IP Address # JA3C
|
|
1 10.0.0.1 1
|
|
|
|
|
|
1 TCP 10.0.0.1:50614 <-> 185.95.218.42:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][14 pkts/2180 bytes <-> 16 pkts/7623 bytes][Goodput ratio: 65/89][23.45 sec][Hostname/SNI: dns.digitale-gesellschaft.ch][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.555 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2124/13 16347/44 4911/18][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 156/476 352/2958 67/708][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 20,13,23,16,0,3,0,0,0,3,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
|
|
2 TCP 10.0.0.1:43888 <-> 95.216.229.153:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1559 bytes <-> 8 pkts/6285 bytes][Goodput ratio: 65/93][30.16 sec][Hostname/SNI: fi.doh.dns.snopyta.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3770/16 30052/46 9934/20][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 156/786 346/2958 77/922][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 11,16,28,11,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,5]
|
|
3 TCP 10.0.0.1:59026 <-> 85.5.93.230:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][11 pkts/1966 bytes <-> 12 pkts/5810 bytes][Goodput ratio: 70/89][30.26 sec][Hostname/SNI: ibksturm.synology.me][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.494 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/15 115/89 36/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/85 179/484 445/1506 113/487][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 21,4,17,13,0,4,0,0,0,13,0,4,4,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
|
|
4 TCP 10.0.0.1:52028 <-> 45.76.113.31:8443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1438 bytes <-> 11 pkts/6319 bytes][Goodput ratio: 66/91][30.97 sec][Hostname/SNI: doh.seby.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4379/3404 30317/30002 10590/9405][Pkt Len c2s/s2c min/avg/max/stddev: 78/93 160/574 335/1464 75/564][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 10,15,30,10,0,5,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,10,0,0,0]
|
|
5 TCP 10.0.0.1:57058 <-> 46.227.200.54:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1445 bytes <-> 8 pkts/5948 bytes][Goodput ratio: 66/93][30.13 sec][Hostname/SNI: rdns.faelix.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.609 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4304/5014 30049/30000 10511/11174][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/744 339/2958 74/935][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 12,12,25,12,0,5,5,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5]
|
|
6 TCP 10.0.0.1:55322 <-> 185.134.196.55:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1532 bytes <-> 7 pkts/5815 bytes][Goodput ratio: 65/93][16.35 sec][Hostname/SNI: rdns.faelix.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.583 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2039/3262 16237/16242 5366/6490][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 153/831 339/2958 74/969][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,5,25,12,0,5,5,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5]
|
|
7 TCP 10.0.0.1:38186 <-> 185.43.135.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][11 pkts/1728 bytes <-> 13 pkts/5220 bytes][Goodput ratio: 66/87][10.17 sec][Hostname/SNI: odvr.nic.cz][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1263/1013 10000/10000 3302/2996][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 157/402 335/3057 70/784][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 03/Aug/2020 06:53:50 - 01/Nov/2020 06:53:50][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][ServerNames: odvr.nic.cz][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=odvr.nic.cz][Certificate SHA-1: 15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B][Firefox][Validity: 2020-08-03 06:53:50 - 2020-11-01 06:53:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 4,51,12,12,0,4,0,0,4,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4]
|
|
8 TCP 10.0.0.1:55962 <-> 51.158.147.50:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1540 bytes <-> 7 pkts/5403 bytes][Goodput ratio: 65/93][23.03 sec][Hostname/SNI: resolver-eu.lelux.fi][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.556 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2879/17 22962/28 7591/14][Pkt Len c2s/s2c min/avg/max/stddev: 78/102 154/772 344/3185 77/1040][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,11,37,11,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
|
|
9 TCP 10.0.0.1:60026 <-> 195.30.94.28:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1455 bytes <-> 6 pkts/5347 bytes][Goodput ratio: 67/94][10.04 sec][Hostname/SNI: doh.ffmuc.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.572 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 1434/37 9925/63 3467/26][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 162/891 337/2958 74/961][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,6,20,13,0,6,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6]
|
|
10 TCP 10.0.0.1:40938 <-> 172.104.93.80:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1523 bytes <-> 6 pkts/5217 bytes][Goodput ratio: 65/94][22.42 sec][Hostname/SNI: jp.tiar.app][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.548 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2778/5507 21637/21834 7129/9427][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 152/870 335/2248 74/759][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 475c9302dc42b2751db9edcac3b74891][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 18,6,18,12,0,6,0,0,12,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6]
|
|
11 TCP 10.0.0.1:46658 <-> 185.233.106.232:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/1437 bytes <-> 7 pkts/5154 bytes][Goodput ratio: 70/93][27.98 sec][Hostname/SNI: dns.dnshome.de][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.564 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4659/5583 27865/27889 10378/11153][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 180/736 389/2958 111/936][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 21,6,13,13,0,0,6,0,6,0,13,0,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6]
|
|
12 TCP 10.0.0.1:35714 <-> 209.250.241.25:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1516 bytes <-> 9 pkts/5023 bytes][Goodput ratio: 68/90][6.97 sec][Hostname/SNI: jarjar.meganerd.nl][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 992/7 6894/26 2409/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 168/558 342/2102 74/700][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 14/Jul/2020 23:47:21 - 12/Oct/2020 23:47:21][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][ServerNames: jarjar.meganerd.nl][JA3S: 2464432ec440b95b36263230c3148d11][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=jarjar.meganerd.nl][Certificate SHA-1: 17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F][Firefox][Validity: 2020-07-14 23:47:21 - 2020-10-12 23:47:21][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 5,28,23,11,0,5,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5]
|
|
13 TCP 10.0.0.1:52386 <-> 51.15.124.208:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 8 pkts/4974 bytes][Goodput ratio: 65/91][16.18 sec][Hostname/SNI: dnsnl.alekberg.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.528 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2022/11 16115/27 5327/12][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 154/622 342/2958 76/923][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 16,23,16,11,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
|
|
14 TCP 10.0.0.1:37530 <-> 167.114.220.125:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1537 bytes <-> 10 pkts/4945 bytes][Goodput ratio: 65/89][17.40 sec][Hostname/SNI: dns1.dnscrypt.ca][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.526 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2161/2161 17071/17045 5636/5626][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 154/494 340/3154 76/905][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 15,30,20,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
|
|
15 TCP 10.0.0.1:59404 <-> 185.253.154.66:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 7 pkts/4898 bytes][Goodput ratio: 65/92][22.86 sec][Hostname/SNI: dnses.alekberg.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2857/18 22768/44 7526/21][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 154/700 342/2958 76/962][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,25,18,11,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
|
|
16 TCP 10.0.0.1:43106 <-> 116.202.176.26:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1546 bytes <-> 7 pkts/4884 bytes][Goodput ratio: 65/92][30.19 sec][Hostname/SNI: doh.libredns.gr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.519 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3774/34 30000/124 9913/46][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 155/698 339/3179 74/1019][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,11,24,11,0,5,0,0,18,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
|
|
17 TCP 10.0.0.1:36012 <-> 149.56.228.45:453 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1447 bytes <-> 10 pkts/4943 bytes][Goodput ratio: 66/89][16.62 sec][Hostname/SNI: dns2.dnscrypt.ca][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2358/2063 16281/16268 5684/5369][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 161/494 340/3152 76/904][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 15,26,21,10,0,5,0,0,5,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
|
|
18 TCP 10.0.0.1:41720 <-> 116.203.179.248:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1528 bytes <-> 12 pkts/4776 bytes][Goodput ratio: 65/86][15.70 sec][Hostname/SNI: rumpelsepp.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.515 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/6 25/23 9/9][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 153/398 338/1506 75/506][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 13,28,13,13,0,4,0,4,4,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
|
|
19 TCP 10.0.0.1:38018 <-> 45.153.187.96:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1448 bytes <-> 6 pkts/4822 bytes][Goodput ratio: 66/93][15.95 sec][Hostname/SNI: dnsse.alekberg.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 2279/20 15848/48 5540/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/804 342/2958 77/1002][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,6,27,13,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6]
|
|
20 TCP 10.0.0.1:54164 <-> 193.70.85.11:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1449 bytes <-> 8 pkts/4814 bytes][Goodput ratio: 66/91][30.10 sec][Hostname/SNI: doh.bortzmeyer.fr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4295/5006 30033/30001 10508/11178][Pkt Len c2s/s2c min/avg/max/stddev: 78/89 161/602 341/2958 75/905][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,11,25,11,0,5,11,0,5,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
|
|
21 TCP 10.0.0.1:34036 <-> 217.169.20.23:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1545 bytes <-> 6 pkts/4643 bytes][Goodput ratio: 65/93][30.15 sec][Hostname/SNI: dns.aa.net.uk][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.501 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3763/7517 30000/30032 9917/12999][Pkt Len c2s/s2c min/avg/max/stddev: 78/119 154/774 337/3165 74/1081][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 12,6,31,12,0,6,6,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6]
|
|
22 TCP 10.0.0.1:53802 <-> 1.0.0.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 7 pkts/4626 bytes][Goodput ratio: 65/92][30.11 sec][Hostname/SNI: dns.cloudflare.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.501 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3762/15 30000/51 9917/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 154/661 342/2892 76/947][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 31,11,18,11,0,5,0,0,0,5,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
|
|
23 TCP 10.0.0.1:52176 <-> 136.144.215.158:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1536 bytes <-> 6 pkts/4602 bytes][Goodput ratio: 65/93][30.10 sec][Hostname/SNI: doh.powerdns.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.500 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3762/7507 30033/30000 9930/12986][Pkt Len c2s/s2c min/avg/max/stddev: 78/105 154/767 340/3170 74/1087][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 12,12,25,12,0,12,0,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6]
|
|
24 TCP 10.0.0.1:44640 <-> 185.235.81.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1457 bytes <-> 7 pkts/4670 bytes][Goodput ratio: 67/92][10.77 sec][Hostname/SNI: doh.dnslify.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1536/2150 10712/10710 3746/4280][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 162/667 339/3168 75/1035][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 18,12,18,12,0,12,0,0,6,0,0,6,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6]
|
|
25 TCP 10.0.0.1:33724 <-> 104.28.28.34:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1457 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 67/89][32.10 sec][Hostname/SNI: jp.tiarap.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4584/295 31051/1050 10810/455][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 162/510 337/2557 75/751][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 35,5,17,5,5,5,0,0,5,0,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]
|
|
26 TCP 10.0.0.1:51770 <-> 9.9.9.10:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1457 bytes <-> 8 pkts/4589 bytes][Goodput ratio: 67/91][16.57 sec][Hostname/SNI: dns10.quad9.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2360/2758 16461/16467 5757/6131][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 162/574 339/1616 75/592][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 18,11,18,11,0,11,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5]
|
|
27 TCP 10.0.0.1:43718 <-> 146.255.56.98:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1553 bytes <-> 6 pkts/4353 bytes][Goodput ratio: 65/92][30.17 sec][Hostname/SNI: doh.appliedprivacy.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.474 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3770/28 30000/76 9914/31][Pkt Len c2s/s2c min/avg/max/stddev: 78/60 155/726 346/2958 76/1013][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 18,6,25,12,0,6,6,0,0,6,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6]
|
|
28 TCP 10.0.0.1:33338 <-> 45.90.28.0:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][9 pkts/1448 bytes <-> 12 pkts/4333 bytes][Goodput ratio: 66/85][30.15 sec][Hostname/SNI: dns.nextdns.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.499 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4302/3342 30042/30000 10508/9425][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 161/361 338/1506 76/508][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,29,14,14,0,9,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0]
|
|
29 TCP 10.0.0.1:39214 <-> 104.28.0.106:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][10 pkts/1548 bytes <-> 8 pkts/4123 bytes][Goodput ratio: 65/90][30.16 sec][Hostname/SNI: doh.crypto.sx][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.454 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3768/16 30000/41 9915/17][Pkt Len c2s/s2c min/avg/max/stddev: 78/85 155/515 337/1506 75/486][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 23,5,23,5,5,5,0,0,5,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]
|
|
30 TCP 10.0.0.1:35742 <-> 209.250.241.25:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][7 pkts/1246 bytes <-> 7 pkts/4395 bytes][Goodput ratio: 70/91][8.59 sec][Hostname/SNI: jarjar.meganerd.nl][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.558 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1692/30 8406/95 3357/35][Pkt Len c2s/s2c min/avg/max/stddev: 85/92 178/628 342/2102 82/772][Risk: ** TLS Cert Expired **][Risk Score: 100][Risk Info: 14/Jul/2020 23:47:21 - 12/Oct/2020 23:47:21][TLSv1.2][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][ServerNames: jarjar.meganerd.nl][JA3S: 2464432ec440b95b36263230c3148d11][Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3][Subject: CN=jarjar.meganerd.nl][Certificate SHA-1: 17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F][Firefox][Validity: 2020-07-14 23:47:21 - 2020-10-12 23:47:21][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][PLAIN TEXT (DDDDDDffffff)][Plen Bins: 7,28,21,0,7,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7]
|
|
31 TCP 10.0.0.1:44704 <-> 185.235.81.1:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][8 pkts/1243 bytes <-> 5 pkts/4229 bytes][Goodput ratio: 65/94][30.09 sec][Hostname/SNI: doh.dnslify.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5008/14 30000/22 11177/10][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 155/846 339/3168 83/1174][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 24,7,24,7,0,7,0,7,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7]
|
|
32 TCP 10.0.0.1:51846 <-> 9.9.9.10:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][7 pkts/1155 bytes <-> 5 pkts/4098 bytes][Goodput ratio: 67/93][30.09 sec][Hostname/SNI: dns10.quad9.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.560 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/19 47/46 18/19][Pkt Len c2s/s2c min/avg/max/stddev: 78/119 165/820 339/3068 84/1136][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][PLAIN TEXT (ffffffDDDDDD)][Plen Bins: 16,0,34,8,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8]
|
|
33 TCP 10.0.0.1:53674 <-> 139.99.222.72:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][2 pkts/421 bytes <-> 2 pkts/2872 bytes][Goodput ratio: 74/96][0.26 sec][Hostname/SNI: doh-2.seby.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0]
|
|
34 TCP 10.0.0.1:53676 <-> 139.99.222.72:443 [proto: 91.196/TLS.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Network/14][2 pkts/421 bytes <-> 2 pkts/2870 bytes][Goodput ratio: 74/96][0.27 sec][Hostname/SNI: doh-2.seby.io][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TLSv1.3][JA3C: d0ee3237a14bbd89ca4d2b5356ab20ba][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0]
|