vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-06 03:45:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
nDPI/tests/result/webex.pcap.out
Luca 0ed679e795 Improves IAT calculation
2019-09-24 16:37:42 +02:00

69 lines
24 KiB
Text
Raw Blame History

HTTP 22 3182 2
TLS 106 11841 8
SIP 22 15356 1
Google 17 6375 1
Webex 1380 818407 43
Amazon 33 9742 2
JA3 Host Stats:
IP Address # JA3C
1 10.8.0.1 6
1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 150.5/243.9 2818/24042 335.8/1526.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57.4/1281.6 528/29696 36.0/3034.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 101.7/99.6 455/404 110.2/96.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172.0/3745.8 590/18020 205.7/4699.9][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 117.1/118.3 1189/1223 208.0/199.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240.4/1716.9 590/17734 233.4/3587.1][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][Server: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Organization: Cisco Systems, Inc.][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2013-10-31 00:00:00 - 2023-10-30 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5]
4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 150.5/142.0 1031/979 245.4/221.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.5/2130.4 590/8901 135.5/2681.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 340.8/336.0 1876/1875 530.3/534.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 127.6/2863.1 528/14373 150.1/4303.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 128.2/127.9 519/469 174.7/145.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 165.0/1864.5 590/8448 193.3/2710.5][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][bytes ratio: 0.305 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1218.3/718.8 16039/7189 2669.2/1369.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 228.8/134.1 590/3961 153.6/546.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1008/0 4567.2/0.0 32494/0 6643.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 698/0 698.0/0.0 698/0 0.0/0.0][PLAIN TEXT (REGISTER sip)]
9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 762.9/392.3 6005/3010 1576.3/727.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.2/276.2 432/3961 108.2/830.4][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 4192c0a946c5bd9b544b4656d9f624a4 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA]
10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][bytes ratio: -0.585 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 475.5/550.2 5258/5259 1336.7/1430.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124.0/541.7 590/1502 148.6/614.4][TLSv1][Client: api.crittercism.com][JA3C: 54ae5fcb0159e2ddf6a50e149221c7c7][Server: *.crittercism.com][JA3S: c800cea031c10ffe47e1d72c9264577a (INSECURE)][Certificate SHA-1: 68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18][Cipher: TLS_RSA_WITH_RC4_128_MD5]
11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/2 478.5/302.3 2070/1020 729.0/351.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 157.4/873.0 576/3993 178.5/1443.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/50 145.0/170.7 357/356 139.3/126.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 187.0/990.0 576/3993 192.5/1507.6][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][bytes ratio: -0.657 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 118.3/277.0 436/1116 163.9/376.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/827.6 528/2974 166.2/1098.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][bytes ratio: -0.656 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/16 117.6/277.7 429/1125 161.6/366.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/825.0 528/2633 166.2/1028.2][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 89.5/101.7 277/276 108.8/99.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/831.6 528/2581 172.4/1033.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 195.2/340.8 539/1071 218.4/373.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][bytes ratio: -0.677 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 203.4/338.8 597/1021 237.3/367.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 180.1/933.6 528/3961 178.9/1446.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][bytes ratio: -0.620 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 165.0/556.4 461/2046 183.1/691.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 152.1/648.7 528/3993 166.2/1254.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][bytes ratio: -0.630 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/5 129.3/262.3 457/1065 181.1/354.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164.4/723.0 528/2633 172.4/919.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][bytes ratio: -0.449 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127.8/114.7 555/553 183.0/173.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166.4/400.9 590/2581 167.4/757.6][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 155.3/154.0 512/509 168.3/156.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 146.6/145.9 470/468 156.7/148.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 503.7/509.0 1840/1786 725.0/695.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163.5/432.5 590/3961 167.4/1117.3][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][cat: Web/5][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 480.4/547.7 1225/1224 507.1/505.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171.1/604.4 590/3751 167.6/1199.5][TLSv1.2][Client: ssl.google-analytics.com][JA3C: 75edb912bc6f0a222ae3e3e47f5c89b1][Server: *.google-analytics.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Organization: Google Inc][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Validity: 2002-05-21 04:00:00 - 2018-08-21 04:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 163.2/346.0 803/1231 319.9/490.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99.4/549.8 380/2581 101.1/889.3][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/10 175.0/595.6 635/1237 266.2/497.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 174.0/596.0 636/1238 267.4/499.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.1/625.1 380/3993 105.9/1375.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][bytes ratio: -0.546 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/9 60.8/115.7 140/394 58.3/129.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 168.7/574.4 448/2957 157.6/988.7][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: www.webex.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Certificate SHA-1: EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/14 647.7/745.0 1927/1038 904.6/424.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65.9/705.2 117/2896 22.0/1054.1][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][bytes ratio: -0.822 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 2.5/992.3 5/1922 2.5/785.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 67.8/835.4 117/3961 23.2/1562.8][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][Server: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA]
31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 77.0/67.2 283/252 98.3/84.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 146.5/96.8 590/396 160.9/101.6][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes][bytes ratio: 0.122 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1644.0/1644.0 10453/11491 3421.2/3748.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 138.8/108.7 590/472 162.8/127.1][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8503.7/8503.4 59268/59268 20724.5/20724.6][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 150.8/68.3 590/183 167.8/40.5][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
34 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes][bytes ratio: 0.376 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/1 1877.1/1877.3 12884/12885 4493.8/4494.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 150.8/68.3 590/183 167.8/40.5][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
35 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][6 pkts/970 bytes <-> 6 pkts/821 bytes][Host: cp.pushwoosh.com][bytes ratio: 0.083 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 87.0/10286.5 244/40803 97.7/17618.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 161.7/136.8 590/551 194.2/185.2][PLAIN TEXT (POST /j)]
36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 261.5/312.4 1555/1504 578.5/596.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 182.9/75.5 590/183 180.3/48.1][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333][JA3S: 6dfe5eb347aa509fc445e5628d467a2b (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com][bytes ratio: -0.103 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5/105 122.0/13713.3 257/40779 103.7/19138.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 124.8/153.4 388/551 131.8/198.8][PLAIN TEXT (POST /j)]
38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][cat: VoIP/10][14 pkts/1071 bytes <-> 2 pkts/100 bytes][bytes ratio: 0.829 (Upload)][IAT c2s/s2c min/avg/max/stddev: 122/117 1556.4/117.0 8966/117 2183.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 47/50 76.5/50.0 84/50 14.4/0.0]
39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 100.6/125.0 442/392 171.7/155.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 102.3/79.8 281/146 81.4/36.1][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][bytes ratio: 0.238 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 112.0/148.3 444/442 191.7/207.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112.0/86.2 281/183 86.0/55.9][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5]
41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][7 pkts/501 bytes <-> 4 pkts/216 bytes][bytes ratio: 0.397 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 252.5/1.0 1002/1 432.7/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.6/54.0 117/54 20.7/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/24 11.3/2662.5 32/5301 14.6/2638.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.2/54.0 117/54 22.4/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/11 6.0/5982.0 16/11953 7.1/5971.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.2/54.0 117/54 22.4/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
44 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/39 17.0/2667.0 48/5295 22.0/2628.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.2/54.0 117/54 22.4/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
45 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/48 19.3/2670.5 55/5293 25.2/2622.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.2/54.0 117/54 22.4/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
46 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/7 4.3/14985.0 11/29963 4.8/14978.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.2/54.0 117/54 22.4/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
47 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/3 3.0/14984.5 7/29966 2.9/14981.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.2/54.0 117/54 22.4/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
48 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][6 pkts/427 bytes <-> 5 pkts/270 bytes][bytes ratio: 0.225 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/32 13.7/2665.0 39/5298 17.9/2633.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71.2/54.0 117/54 22.4/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
49 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][4 pkts/452 bytes <-> 4 pkts/216 bytes][bytes ratio: 0.353 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/22 12.5/29739.0 25/59456 12.5/29717.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 113.0/54.0 270/54 91.0/0.0][TLSv1][JA3C: dff8a0aa1c904aaea76c5bf624e88333]
50 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/51 27.5/7496.5 50/14942 22.5/7445.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.8/54.0 241/54 78.5/0.0][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6]
51 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][4 pkts/423 bytes <-> 4 pkts/216 bytes][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/50 26.0/7565.5 50/15081 24.0/7515.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105.8/54.0 241/54 78.5/0.0][TLSv1][JA3C: 64ea4359ad4b496db653a3f30f7073e6]
52 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][4 pkts/299 bytes <-> 4 pkts/216 bytes][bytes ratio: 0.161 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/3 3.0/1040.5 3/2078 0.0/1037.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 74.8/54.0 117/54 25.7/0.0][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
53 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][3 pkts/245 bytes <-> 2 pkts/108 bytes][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f]
54 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/TLS][cat: Web/5][3 pkts/209 bytes <-> 2 pkts/108 bytes]
55 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][2 pkts/128 bytes <-> 1 pkts/54 bytes]
56 TCP 10.133.206.47:54651 <-> 185.63.147.10:443 [proto: 91/TLS][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes]
57 TCP 10.133.206.47:59447 <-> 107.20.242.44:443 [proto: 91.178/TLS.Amazon][cat: Web/5][1 pkts/66 bytes <-> 2 pkts/108 bytes]
Reference in a new issue View git blame Copy permalink