vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-28 15:09:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
nDPI/tests/cfgs/default/result/signal.pcap.out
Ivan Nardi faca0a6565 ndpiReader: improve statistics
2025-10-22 20:34:29 +02:00

71 lines
21 KiB
Text
Raw Blame History

DPI Packets (TCP): 92 (6.13 pkts/flow)
DPI Packets (UDP): 5 (1.67 pkts/flow)
DPI Packets (other): 1 (1.00 pkts/flow)
Confidence DPI : 19 (flows)
Num dissector calls: 19 (1.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache fpc_dns: 4/12/1 (insert/search/found)
Automa host: 18/14 (search/found)
Automa domain: 16/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 20/20 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 1/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 23/15 (search/found)
Patricia protocols IPv6: 0/0 (search/found)
Hash malicious ja4: 12/0 (search/found)
Hash malicious sha1: 10/0 (search/found)
Hash TCP fingerprints: 12/2 (search/found)
Hash public domain suffix: 0/0 (search/found)
Hash ja4 custom protos: 12/0 (search/found)
Hash fp custom protos: 12/0 (search/found)
Hash url custom protos: 0/0 (search/found)
DNS 4 476 2
DHCP 4 1368 1
Signal 510 282037 10
ICMP 1 70 1
TLS 28 2022 3
AppleiTunes 90 29795 2
Safe 28 2022 3
Acceptable 519 283951 14
Fun 90 29795 2
Web 28 2022 3
Chat 510 282037 10
Network 9 1914 4
Streaming 90 29795 2
JA Host Stats:
IP Address # JA4C
1 192.168.2.17 3
1 TCP 192.168.2.17:57027 <-> 13.35.253.42:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 464/AWS_Cloudfront][Encrypted][Confidence: DPI][FPC: 464/AWS_Cloudfront, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][170 pkts/206962 bytes <-> 95 pkts/9293 bytes][Goodput ratio: 95/32][0.48 sec][Hostname/SNI: cdn.signal.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.914 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/3 39/47 6/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1217/98 1506/1506 548/175][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: cdn.signal.org][JA3S: c4b2785a87896e19d37eee932070cb22][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org][Certificate SHA-1: 81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:19:50][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 1,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
2 TCP 192.168.2.17:57026 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 39/Signal, Confidence: DNS][DPI packets: 7][cat: Chat/9][Breed: Acceptable][22 pkts/13757 bytes <-> 16 pkts/6493 bytes][Goodput ratio: 89/84][0.57 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.359 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/20 112/114 35/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 625/406 1506/1506 629/565][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,8,4,0,0,0,4,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,37,0,0]
3 TCP 192.168.2.17:57022 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Streaming/17][Breed: Fun][24 pkts/2540 bytes <-> 21 pkts/12673 bytes][Goodput ratio: 38/89][0.40 sec][Hostname/SNI: itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.666 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 124/83 35/28][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 106/603 583/1506 105/574][nDPI Fingerprint: e9c9b145c580e4fb6e300d7039f596d1][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,17,8,0,4,0,0,0,8,0,0,4,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,4,0,0,0,0,0,0,17,0,0]
4 TCP 192.168.2.17:57018 <-> 23.57.24.16:443 [proto: 91.145/TLS.AppleiTunes][Stack: TLS.AppleiTunes][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 467/Akamai, Confidence: IP address][DPI packets: 6][cat: Streaming/17][Breed: Fun][25 pkts/2582 bytes <-> 20 pkts/12000 bytes][Goodput ratio: 37/89][0.24 sec][Hostname/SNI: itunes.apple.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/10 47/52 16/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 103/600 583/1506 103/588][nDPI Fingerprint: e9c9b145c580e4fb6e300d7039f596d1][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.3][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 13,18,9,0,4,0,0,0,9,0,0,4,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,4,0,0,0,0,0,0,18,0,0]
5 TCP 192.168.2.17:49227 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][13 pkts/1808 bytes <-> 12 pkts/4355 bytes][Goodput ratio: 52/82][3.03 sec][Hostname/SNI: textsecure-service.whispersystems.org][bytes ratio: -0.413 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 62/293 115/2199 52/677][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 139/363 502/1506 120/471][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: f3e89f0de21d3a385415b8542a81858c][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,16,8,0,0,8,8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]
6 TCP 192.168.2.17:57024 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][15 pkts/2054 bytes <-> 11 pkts/3775 bytes][Goodput ratio: 51/81][0.59 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.295 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/59 167/186 55/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/343 583/1506 134/472][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
7 TCP 192.168.2.17:57021 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][16 pkts/2108 bytes <-> 10 pkts/3709 bytes][Goodput ratio: 50/82][13.48 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.275 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/50 13018/120 3464/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 132/371 583/1506 131/486][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,0,0,0,7,0,0,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
8 TCP 192.168.2.17:57020 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][16 pkts/2103 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 50/79][13.49 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.258 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1019/44 13011/122 3462/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/324 583/1506 130/472][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
9 TCP 192.168.2.17:57019 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][16 pkts/2095 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 50/79][13.49 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.255 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1020/43 13026/120 3466/55][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 131/321 583/1506 130/473][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
10 TCP 192.168.2.17:57023 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][15 pkts/2049 bytes <-> 11 pkts/3562 bytes][Goodput ratio: 51/79][0.58 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 168/181 54/76][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/324 583/1506 133/472][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,7,7,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
11 TCP 192.168.2.17:57025 <-> 35.169.3.40:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][15 pkts/2041 bytes <-> 11 pkts/3527 bytes][Goodput ratio: 51/79][0.58 sec][Hostname/SNI: textsecure-service.whispersystems.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/58 166/184 54/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 136/321 583/1506 133/473][nDPI Fingerprint: 413f63a62e56d616ac4d132726bef083][TCP Fingerprint: 2_64_65535_d0a7eb742982/Unknown][TLSv1.2][JA4: t13d1713h2_0633f72d41ca_845d286b0d67][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 1089ea6f0461a29006cc96dfe7a11d80][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Safari][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,50,7,14,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]
12 TCP 192.168.2.17:49226 <-> 34.225.240.173:443 [proto: 91.39/TLS.Signal][Stack: TLS.Signal][IP: 461/AWS_EC2][Encrypted][Confidence: DPI][FPC: 461/AWS_EC2, Confidence: IP address][DPI packets: 7][cat: Chat/9][Breed: Acceptable][13 pkts/1688 bytes <-> 11 pkts/3569 bytes][Goodput ratio: 48/79][9.90 sec][Hostname/SNI: textsecure-service.whispersystems.org][bytes ratio: -0.358 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/57 113/154 53/66][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/324 502/1506 120/473][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: f3e89f0de21d3a385415b8542a81858c][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: textsecure-service.whispersystems.org,service.signal.org][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure][Subject: C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org][Certificate SHA-1: 5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B][Firefox][Validity: 2019-02-15 17:38:17 - 2029-03-12 18:20:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,30,20,0,0,0,10,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
13 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][15.76 sec][Hostname/SNI: lucas-imac][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP 23.57.24.16:443 <-> 192.168.2.17:57016 [proto: 91/TLS][Stack: TLS][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 7][cat: Web/5][Breed: Safe][6 pkts/408 bytes <-> 6 pkts/471 bytes][Goodput ratio: 12/13][0.65 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/16 158/4 347/16 157/7][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 68/78 90/105 16/15][Plen Bins: 75,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 TCP 192.168.2.17:56996 <-> 17.248.146.144:443 [proto: 91/TLS][Stack: TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][4 pkts/341 bytes <-> 4 pkts/264 bytes][Goodput ratio: 23/0][0.03 sec][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 25/0 8/0 25/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/66 112/66 20/0][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][Stack: TLS][IP: 467/Akamai][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][5 pkts/317 bytes <-> 3 pkts/221 bytes][Goodput ratio: 7/10][0.03 sec][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 24/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63/74 89/89 14/11][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 UDP 192.168.2.17:56263 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/97 bytes <-> 1 pkts/193 bytes][Goodput ratio: 56/78][0.03 sec][Hostname/SNI: textsecure-service.whispersystems.org][54.175.47.110][DNS Id: 0x00c1][PLAIN TEXT (textsecure)][Plen Bins: 0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 UDP 192.168.2.17:60793 <-> 192.168.2.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/85 bytes <-> 1 pkts/101 bytes][Goodput ratio: 50/58][0.04 sec][Hostname/SNI: e673.dsce9.akamaiedge.net][23.57.24.16][DNS Id: 0xcaf8][PLAIN TEXT (akamaiedge)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
19 ICMP 192.168.2.17:0 -> 192.168.2.1:0 [proto: 81/ICMP][Stack: ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Reference in a new issue View git blame Copy permalink