vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-28 23:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
nDPI/tests/cfgs/default/result/kerberos.pcap.out
Toni 246462592e
Add additional msgpack protocol validations (Fix #3060, false-positives) (#3061) 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2025-12-11 14:18:00 +01:00

84 lines
19 KiB
Text
Raw Blame History

Guessed flow protos: 23
DPI Packets (TCP): 77 (2.14 pkts/flow)
Confidence Unknown : 2 (flows)
Confidence Match by port : 23 (flows)
Confidence DPI : 11 (flows)
Num dissector calls: 4610 (128.06 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/75/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/25/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 0/25/0 (insert/search/found)
Automa host: 0/0 (search/found)
Automa domain: 0/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 46/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 72/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
Hash malicious ja4: 0/0 (search/found)
Hash malicious sha1: 0/0 (search/found)
Hash TCP fingerprints: 0/0 (search/found)
Hash public domain suffix: 0/0 (search/found)
Hash ja4 custom protos: 0/0 (search/found)
Hash fp custom protos: 0/0 (search/found)
Hash url custom protos: 0/0 (search/found)
Unknown 9 3031 2
SMBv23 6 1914 3
Kerberos 48 19194 24
LDAP 14 4152 7
Unrated 9 3031 2
Acceptable 68 25260 34
Unspecified 9 3031 2
Network 48 19194 24
System 20 6066 10
1 TCP 172.16.8.201:49171 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/1486 bytes <-> 1 pkts/1506 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0]
2 TCP 172.16.8.201:49160 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0]
3 TCP 172.16.8.201:49176 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/1485 bytes <-> 1 pkts/1498 bytes][Goodput ratio: 96/96][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0]
4 TCP 172.16.8.201:49173 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/1118 bytes <-> 1 pkts/190 bytes][Goodput ratio: 95/71][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.775 (Encrypted or Random?)][PLAIN TEXT (HAPPYCRAFT.ORG)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 172.16.8.201:49194 <-> 172.16.8.8:445 [proto: 41/SMBv23][Stack: SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/410 bytes <-> 1 pkts/314 bytes][Goodput ratio: 87/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.333 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 172.16.8.201:49193 <-> 172.16.8.8:389 [proto: 112/LDAP][Stack: LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/384 bytes <-> 1 pkts/264 bytes][Goodput ratio: 86/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.338 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 172.16.8.201:49191 <-> 172.16.8.8:389 [proto: 112/LDAP][Stack: LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/368 bytes <-> 1 pkts/264 bytes][Goodput ratio: 85/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.290 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 172.16.8.201:49157 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/293 bytes <-> 1 pkts/332 bytes][Goodput ratio: 81/83][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 172.16.8.201:49166 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/293 bytes <-> 1 pkts/332 bytes][Goodput ratio: 81/83][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 172.16.8.201:49181 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/293 bytes <-> 1 pkts/332 bytes][Goodput ratio: 81/83][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (JOHNSON)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 172.16.8.201:49156 <-> 172.16.8.8:445 [proto: 41/SMBv23][Stack: SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.068 (Compressed Executable?)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 172.16.8.201:49174 <-> 172.16.8.8:445 [proto: 41/SMBv23][Stack: SMBv23][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/281 bytes <-> 1 pkts/314 bytes][Goodput ratio: 80/83][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.145 (Compressed Executable?)][Plen Bins: 0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 172.16.8.201:49188 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/369 bytes <-> 1 pkts/216 bytes][Goodput ratio: 85/75][< 1 sec][happycraft\theresa.johnson][PLAIN TEXT (theresa.johnson)][Plen Bins: 0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP 172.16.8.201:49161 <-> 172.16.8.8:389 [proto: 112/LDAP][Stack: LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.210 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 TCP 172.16.8.201:49179 <-> 172.16.8.8:389 [proto: 112/LDAP][Stack: LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.156 (Compressed Executable?)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 TCP 172.16.8.201:49180 <-> 172.16.8.8:389 [proto: 112/LDAP][Stack: LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/320 bytes <-> 1 pkts/264 bytes][Goodput ratio: 83/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.273 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 TCP 172.16.8.201:49187 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/289 bytes <-> 1 pkts/294 bytes][Goodput ratio: 81/81][0.00 sec][happycraft\theresa.johnson][PLAIN TEXT (theresa.johnson)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 TCP 172.16.8.201:49169 <-> 172.16.8.8:389 [proto: 112/LDAP][Stack: LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.177 (Encrypted Executable?)][PLAIN TEXT (PSTUsM)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
19 TCP 172.16.8.201:49172 <-> 172.16.8.8:389 [proto: 112/LDAP][Stack: LDAP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: System/18][Breed: Acceptable][1 pkts/296 bytes <-> 1 pkts/264 bytes][Goodput ratio: 81/79][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.175 (Encrypted Executable?)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 TCP 172.16.8.201:49158 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/373 bytes <-> 1 pkts/166 bytes][Goodput ratio: 85/67][0.00 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 TCP 172.16.8.201:49167 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/373 bytes <-> 1 pkts/166 bytes][Goodput ratio: 85/67][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (johnson)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 TCP 172.16.8.201:49182 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 111/Kerberos, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/373 bytes <-> 1 pkts/166 bytes][Goodput ratio: 85/67][< 1 sec][happycraft.org\johnson-pc][PLAIN TEXT (JOHNSON)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
23 TCP 172.16.8.201:49190 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/271 bytes <-> 1 pkts/244 bytes][Goodput ratio: 80/78][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.826 (Compressed Executable?)][PLAIN TEXT (happycraft.org)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 TCP 172.16.8.201:49192 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.715 (Compressed Executable?)][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 TCP 172.16.8.201:49195 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/255 bytes <-> 1 pkts/233 bytes][Goodput ratio: 79/76][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.700 (Compressed Executable?)][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
26 TCP 172.16.8.201:49162 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.691 (Compressed Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
27 TCP 172.16.8.201:49168 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/207 bytes <-> 1 pkts/180 bytes][Goodput ratio: 74/70][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.757 (Compressed Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
28 TCP 172.16.8.201:49159 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.553 (Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 TCP 172.16.8.201:49175 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.578 (Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 TCP 172.16.8.201:49186 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/191 bytes <-> 1 pkts/169 bytes][Goodput ratio: 71/68][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.623 (Executable?)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
31 TCP 172.16.8.201:49170 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/167 bytes <-> 1 pkts/122 bytes][Goodput ratio: 67/55][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.464 (Executable?)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
32 TCP 172.16.8.201:49183 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/134 bytes <-> 1 pkts/94 bytes][Goodput ratio: 59/42][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.172 (Executable?)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 TCP 172.16.8.201:49189 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/95 bytes <-> 1 pkts/120 bytes][Goodput ratio: 43/55][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.863 (Executable?)][PLAIN TEXT (370913024805Z)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 TCP 172.16.8.201:49196 <-> 172.16.8.8:88 [proto: 111/Kerberos][Stack: Kerberos][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/89 bytes <-> 1 pkts/102 bytes][Goodput ratio: 39/47][< 1 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 5.361 (Executable?)][PLAIN TEXT (20370913024805Z)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Undetected flows:
1 TCP 172.16.8.201:49165 <-> 172.16.8.8:49155 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][Breed: Unrated][4 pkts/1382 bytes <-> 2 pkts/624 bytes][Goodput ratio: 84/83][21.49 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/21492 7164/21492 21491/21492 10131/0][Pkt Len c2s/s2c min/avg/max/stddev: 274/286 346/312 429/338 72/26][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.413 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,33,16,16,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 172.16.8.201:49185 <-> 172.16.8.8:49155 [proto: 0/Unknown][Stack: Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][Breed: Unrated][2 pkts/687 bytes <-> 1 pkts/338 bytes][Goodput ratio: 84/84][0.00 sec][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 7.441 (Encrypted or Random?)][Plen Bins: 0,0,0,0,0,0,33,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Reference in a new issue View git blame Copy permalink